Randomly skewing secret values as a countermeasure to compromise
First Claim
1. A method of authenticating a first cryptographic device by second cryptographic device, the method comprising the steps of:
- storing in the second cryptographic device an alternative version of a secret value associated with the first cryptographic device in place of the secret value itself as a countermeasure to compromise of the secret value;
in conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, determining in the second cryptographic device the secret value based at least in part on the alternative version of the secret value; and
authenticating the first cryptographic device utilizing the determined secret value in the second cryptographic device;
wherein the first cryptographic device comprises a time-synchronous authentication token and the second cryptographic device comprises an authentication server;
wherein the secret value comprises a randomized clock drift vector of the time-synchronous authentication token;
wherein the randomized clock drift vector is randomized by selection of said clock drift vector from a range between a minimum clock drift vector and a maximum clock drift vector; and
wherein the alternative version of the secret value comprising the randomized clock drift vector comprises information specifying the minimum clock drift vector and the maximum clock drift vector.
9 Assignments
0 Petitions
Accused Products
Abstract
A first cryptographic device is authenticated by a second cryptographic device. The second cryptographic device stores an alternative version of a secret value associated with the first cryptographic device as a countermeasure to compromise of the secret value. In conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, the second cryptographic device determines the secret value based at least in part on the alternative version of the secret value, and utilizes the determined secret value to authenticate the first cryptographic device. The alternative version of the secret value may comprise a randomly-skewed version of the secret value. For example, the secret value may comprise a key or other parameter of the first cryptographic device and the alternative version of the secret value may comprise a randomly-skewed version of the key or other parameter.
-
Citations
22 Claims
-
1. A method of authenticating a first cryptographic device by second cryptographic device, the method comprising the steps of:
-
storing in the second cryptographic device an alternative version of a secret value associated with the first cryptographic device in place of the secret value itself as a countermeasure to compromise of the secret value; in conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, determining in the second cryptographic device the secret value based at least in part on the alternative version of the secret value; and authenticating the first cryptographic device utilizing the determined secret value in the second cryptographic device; wherein the first cryptographic device comprises a time-synchronous authentication token and the second cryptographic device comprises an authentication server; wherein the secret value comprises a randomized clock drift vector of the time-synchronous authentication token; wherein the randomized clock drift vector is randomized by selection of said clock drift vector from a range between a minimum clock drift vector and a maximum clock drift vector; and
wherein the alternative version of the secret value comprising the randomized clock drift vector comprises information specifying the minimum clock drift vector and the maximum clock drift vector. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of authenticating a first cryptographic device by second cryptographic device, the method comprising the steps of:
-
storing in the second cryptographic device an alternative version of a secret value associated with the first cryptographic device in place of the secret value itself as a countermeasure to compromise of the secret value; in conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, determining in the second cryptographic device the secret value based at least in part on the alternative version of the secret value; and authenticating the first cryptographic device utilizing the determined secret value in the second cryptographic device; wherein the first cryptographic device comprises a time-synchronous authentication token and the second cryptographic device comprises an authentication server; and wherein the secret value comprises both a randomized initialization time and a randomized clock drift vector of the time-synchronous authentication token, and wherein the authentication server determines corresponding random skew values for the randomized initialization time and the randomized clock drift vector by obtaining at least two interpolation points of a linear function given generally as follows;
SIT+t·
(SCD)where SIT denotes the random skew value associated with the randomized initialization time, SCD denotes the random skew value associated with the randomized clock drift vector, and t denotes a current time.
-
-
13. A computer program product comprising a non-transitory processor-readable storage medium having embodied therein one or more software programs for authenticating a first cryptographic device, wherein the one or more software programs when executed by a processor of a second cryptographic device cause the processor:
-
to store in the second cryptographic device an alternative version of a secret value associated with the first cryptographic device in place of the secret value itself as a countermeasure to compromise of the secret value; in conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, to determine in the second cryptographic device the secret value based at least in part on the alternative version of the secret value; and to authenticate the first cryptographic device utilizing the determined secret value in the second cryptographic device; wherein the first cryptographic device comprises a time-synchronous authentication token and the second cryptographic device comprises an authentication server; wherein the secret value comprises a randomized clock drift vector of the time-synchronous authentication token; wherein the randomized clock drift vector is randomized by selection of said clock drift vector from a range between a minimum clock drift vector and a maximum clock drift vector; and
wherein the alternative version of the secret value comprising the randomized clock drift vector comprises information specifying the minimum clock drift vector and the maximum clock drift vector.
-
-
14. An apparatus for use in authenticating a first cryptographic device, comprising:
-
a second cryptographic device comprising a processor coupled to a memory; the second cryptographic device configured to authenticate the first cryptographic device under control of said processor; wherein the second cryptographic device is further configured to store in said memory an alternative version of a secret value associated with the first cryptographic device in place of the secret value itself as a countermeasure to compromise of the secret value; and wherein in conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, the second cryptographic device determines the secret value based at least in part on the alternative version of the secret value and utilizes the determined secret value to authenticate the first cryptographic device; wherein the first cryptographic device comprises a time-synchronous authentication token and the second cryptographic device comprises an authentication server; wherein the secret value comprises a randomized clock drift vector of the time-synchronous authentication token; wherein the randomized clock drift vector is randomized by selection of said clock drift vector from a range between a minimum clock drift vector and a maximum clock drift vector; and
wherein the alternative version of the secret value comprising the randomized clock drift vector comprises information specifying the minimum clock drift vector and the maximum clock drift vector. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. An apparatus comprising:
-
a first cryptographic device comprising a processor coupled to a memory; the first cryptographic device having an associated secret value and configured to authenticate to a second cryptographic device; wherein the second cryptographic device is configured to store an alternative version of the secret value associated with the first cryptographic device in place of the secret value itself as a countermeasure to compromise of the secret value; wherein in conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, the second cryptographic device determines the secret value based at least in part on the alternative version of the secret value and utilizes the determined secret value to authenticate the first cryptographic device; wherein the first cryptographic device comprises a time-synchronous authentication token and the second cryptographic device comprises an authentication server; wherein the secret value comprises a randomized clock drift vector of the time-synchronous authentication token; wherein the randomized clock drift vector is randomized by selection of said clock drift vector from a range between a minimum clock drift vector and a maximum clock drift vector; and
wherein the alternative version of the secret value comprising the randomized clock drift vector comprises information specifying the minimum clock drift vector and the maximum clock drift vector. - View Dependent Claims (21, 22)
-
Specification