Randomly skewing secret values as a countermeasure to compromise

US 9,525,551 B1
Filed: 09/29/2011
Issued: 12/20/2016
Est. Priority Date: 09/29/2011
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a first cryptographic device by second cryptographic device, the method comprising the steps of:

storing in the second cryptographic device an alternative version of a secret value associated with the first cryptographic device in place of the secret value itself as a countermeasure to compromise of the secret value;

in conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, determining in the second cryptographic device the secret value based at least in part on the alternative version of the secret value; and

authenticating the first cryptographic device utilizing the determined secret value in the second cryptographic device;

wherein the first cryptographic device comprises a time-synchronous authentication token and the second cryptographic device comprises an authentication server;

wherein the secret value comprises a randomized clock drift vector of the time-synchronous authentication token;

wherein the randomized clock drift vector is randomized by selection of said clock drift vector from a range between a minimum clock drift vector and a maximum clock drift vector; and

wherein the alternative version of the secret value comprising the randomized clock drift vector comprises information specifying the minimum clock drift vector and the maximum clock drift vector.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A first cryptographic device is authenticated by a second cryptographic device. The second cryptographic device stores an alternative version of a secret value associated with the first cryptographic device as a countermeasure to compromise of the secret value. In conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, the second cryptographic device determines the secret value based at least in part on the alternative version of the secret value, and utilizes the determined secret value to authenticate the first cryptographic device. The alternative version of the secret value may comprise a randomly-skewed version of the secret value. For example, the secret value may comprise a key or other parameter of the first cryptographic device and the alternative version of the secret value may comprise a randomly-skewed version of the key or other parameter.

Citations

22 Claims

1. A method of authenticating a first cryptographic device by second cryptographic device, the method comprising the steps of:
- storing in the second cryptographic device an alternative version of a secret value associated with the first cryptographic device in place of the secret value itself as a countermeasure to compromise of the secret value;
  
  in conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, determining in the second cryptographic device the secret value based at least in part on the alternative version of the secret value; and
  
  authenticating the first cryptographic device utilizing the determined secret value in the second cryptographic device;
  
  wherein the first cryptographic device comprises a time-synchronous authentication token and the second cryptographic device comprises an authentication server;
  
  wherein the secret value comprises a randomized clock drift vector of the time-synchronous authentication token;
  
  wherein the randomized clock drift vector is randomized by selection of said clock drift vector from a range between a minimum clock drift vector and a maximum clock drift vector; and
  
  wherein the alternative version of the secret value comprising the randomized clock drift vector comprises information specifying the minimum clock drift vector and the maximum clock drift vector.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein the alternative version of the secret value comprises a randomly-skewed version of the secret value.
  - 3. The method of claim 2 wherein the secret value comprises a key of the first cryptographic device and the alternative version of the secret value comprises a randomly-skewed version of the key.
  - 4. The method of claim 2 wherein the secret value comprises a passcode length in digits and the alternative version of the secret value comprises a randomly-skewed version of the passcode length in digits.
  - 5. The method of claim 2 wherein the secret value comprises a serial number of the first cryptographic device and the alternative version of the secret value comprises a randomly-skewed version of the serial number.
  - 6. The method of claim 1 wherein the secret value comprises a randomized parameter of the first cryptographic device and the alternative version of the secret value comprises information characterizing a range of values from which said randomized parameter was selected.
  - 7. The method of claim 6 wherein the randomized parameter of the first cryptographic device comprises a randomized key of the first cryptographic device.
  - 8. The method of claim 1 wherein the step of determining the secret value comprises determining the randomized clock drift vector by matching a presented passcode to a list of potential passcodes within a time window determined as a function of the minimum and maximum clock drift vectors.
  - 9. The method of claim 1 wherein the secret value comprises a randomized initialization time of the time-synchronous authentication token.
  - 10. The method of claim 1 wherein storing the alternative version of the secret value rather than the secret value itself as a countermeasure to compromise of the secret value comprises storing the alternate version of the secret value in a record file of the second cryptographic device rather than the secret value itself.
  - 11. The method of claim 10 wherein the record file continues to store the alternative version of the secret value rather than the secret value itself even after the secret value is determined in conjunction with the protocol.

12. A method of authenticating a first cryptographic device by second cryptographic device, the method comprising the steps of:
- storing in the second cryptographic device an alternative version of a secret value associated with the first cryptographic device in place of the secret value itself as a countermeasure to compromise of the secret value;
  
  in conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, determining in the second cryptographic device the secret value based at least in part on the alternative version of the secret value; and
  
  authenticating the first cryptographic device utilizing the determined secret value in the second cryptographic device;
  
  wherein the first cryptographic device comprises a time-synchronous authentication token and the second cryptographic device comprises an authentication server; and
  
  wherein the secret value comprises both a randomized initialization time and a randomized clock drift vector of the time-synchronous authentication token, and wherein the authentication server determines corresponding random skew values for the randomized initialization time and the randomized clock drift vector by obtaining at least two interpolation points of a linear function given generally as follows;
  
  S_IT+t·
  
  (S_CD)where S_ITdenotes the random skew value associated with the randomized initialization time, S_CDdenotes the random skew value associated with the randomized clock drift vector, and t denotes a current time.

13. A computer program product comprising a non-transitory processor-readable storage medium having embodied therein one or more software programs for authenticating a first cryptographic device, wherein the one or more software programs when executed by a processor of a second cryptographic device cause the processor:
- to store in the second cryptographic device an alternative version of a secret value associated with the first cryptographic device in place of the secret value itself as a countermeasure to compromise of the secret value;
  
  in conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, to determine in the second cryptographic device the secret value based at least in part on the alternative version of the secret value; and
  
  to authenticate the first cryptographic device utilizing the determined secret value in the second cryptographic device;
  
  wherein the first cryptographic device comprises a time-synchronous authentication token and the second cryptographic device comprises an authentication server;
  
  wherein the secret value comprises a randomized clock drift vector of the time-synchronous authentication token;
  
  wherein the randomized clock drift vector is randomized by selection of said clock drift vector from a range between a minimum clock drift vector and a maximum clock drift vector; and
  
  wherein the alternative version of the secret value comprising the randomized clock drift vector comprises information specifying the minimum clock drift vector and the maximum clock drift vector.

14. An apparatus for use in authenticating a first cryptographic device, comprising:
- a second cryptographic device comprising a processor coupled to a memory;
  
  the second cryptographic device configured to authenticate the first cryptographic device under control of said processor;
  
  wherein the second cryptographic device is further configured to store in said memory an alternative version of a secret value associated with the first cryptographic device in place of the secret value itself as a countermeasure to compromise of the secret value; and
  
  wherein in conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, the second cryptographic device determines the secret value based at least in part on the alternative version of the secret value and utilizes the determined secret value to authenticate the first cryptographic device;
  
  wherein the first cryptographic device comprises a time-synchronous authentication token and the second cryptographic device comprises an authentication server;
  
  wherein the secret value comprises a randomized clock drift vector of the time-synchronous authentication token;
  
  wherein the randomized clock drift vector is randomized by selection of said clock drift vector from a range between a minimum clock drift vector and a maximum clock drift vector; and
  
  wherein the alternative version of the secret value comprising the randomized clock drift vector comprises information specifying the minimum clock drift vector and the maximum clock drift vector.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The apparatus of claim 14 wherein a record file of the authentication server stores the alternative version of the secret value rather than the secret value itself even after the secret value is determined in conjunction with the protocol.
  - 16. The apparatus of claim 14 wherein the secret value comprises a key of the first cryptographic device and the alternative version of the secret value comprises a randomly-skewed version of the key.
  - 17. The apparatus of claim 14 wherein the secret value comprises a randomized parameter of the first cryptographic device and the alternative version of the secret value comprises information characterizing a range of values from which said randomized parameter was selected.
  - 18. The apparatus of claim 14 wherein determining the secret value comprises determining the randomized clock drift vector by matching a presented passcode to a list of potential passcodes within a time window determined as a function of the minimum and maximum clock drift vectors.
  - 19. The apparatus of claim 14 wherein the secret value comprises both a randomized initialization time and the randomized clock drift vector of the time-synchronous authentication token, and wherein the authentication server determines corresponding random skew values for the randomized initialization time and the randomized clock drift vector by obtaining at least two interpolation points of a linear function given generally as follows:
    - S_IT+t·
      
      (S_CD)where S_ITdenotes the random skew value associated with the randomized initialization time, S_CDdenotes the random skew value associated with the randomized clock drift vector, and t denotes a current time.

20. An apparatus comprising:
- a first cryptographic device comprising a processor coupled to a memory;
  
  the first cryptographic device having an associated secret value and configured to authenticate to a second cryptographic device;
  
  wherein the second cryptographic device is configured to store an alternative version of the secret value associated with the first cryptographic device in place of the secret value itself as a countermeasure to compromise of the secret value;
  
  wherein in conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, the second cryptographic device determines the secret value based at least in part on the alternative version of the secret value and utilizes the determined secret value to authenticate the first cryptographic device;
  
  wherein the first cryptographic device comprises a time-synchronous authentication token and the second cryptographic device comprises an authentication server;
  
  wherein the secret value comprises a randomized clock drift vector of the time-synchronous authentication token;
  
  wherein the randomized clock drift vector is randomized by selection of said clock drift vector from a range between a minimum clock drift vector and a maximum clock drift vector; and
  
  wherein the alternative version of the secret value comprising the randomized clock drift vector comprises information specifying the minimum clock drift vector and the maximum clock drift vector.
- View Dependent Claims (21, 22)
- - 21. The apparatus of claim 20 wherein determining the secret value comprises determining the randomized clock drift vector by matching a presented passcode to a list of potential passcodes within a time window determined as a function of the minimum and maximum clock drift vectors.
  - 22. The apparatus of claim 20 wherein the secret value comprises both a randomized initialization time and the randomized clock drift vector of the time-synchronous authentication token, and wherein the authentication server determines corresponding random skew values for the randomized initialization time and the randomized clock drift vector by obtaining at least two interpolation points of a linear function given generally as follows:
    - S_IT+t·
      
      (S_CD)where S_ITdenotes the random skew value associated with the randomized initialization time, S_CDdenotes the random skew value associated with the randomized clock drift vector, and t denotes a current time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Inventors
Shen, Emily, Ackerman, Karl, van Dijk, Marten Erik, Juels, Ari
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Tsang, Henry

Application Number

US13/248,127
Time in Patent Office

1,909 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

H04L 9/088   Usage controlling of secret...

H04L 9/3228   One-time or temporary data,...

Randomly skewing secret values as a countermeasure to compromise

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Randomly skewing secret values as a countermeasure to compromise

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links