Apparatus and method for establishing a cryptographic link between elements of a system
First Claim
1. A method of establishing a cryptographic link between a registration station (rs) and an operational unit (ou) of a cryptographic system, said system comprising said rs, said ou, a master key station (mks) and a personalization station (ps), said method comprising the steps of:
- (a) initializing said mks and said ps by a method comprising the steps of;
providing said mks with an encryption/decryption key pair consisting of an mks public signature key and an mks private signature key;
providing said ps with an encryption/decryption key pair consisting of a ps public signature key and a ps private signature key;
providing said ps public signature key to said mks;
providing said mks public signature key to said ps;
creating a ps certificate in said mks by a method comprising the steps of;
creating a message containing said ps public signature key and an authorization for said ps to personalize said ou; and
signing said message with said mks private signature key to create said ps certificate; and
communicating said ps certificate from said mks to said ps;
(b) personalizing said rs by a method comprising the steps of;
communicating a first copy of said ps certificate to said rs;
generating, in said ps, an encryption/decryption key pair for said rs consisting of an rs public signature key and an rs private signature key;
securely communicating said rs private signature key from said ps to said rs;
deleting said rs private signature key from said ps;
creating an rs certificate in said ps by a method comprising the steps of;
creating a message containing said rs public signature key; and
signing said message with said ps private signature key to create said rs certificate; and
communicating said rs certificate from said ps to said rs;
(c) personalizing said ou by a method comprising the steps of;
communicating a second copy of said ps certificate to said ou;
providing said mks public signature key to said ou;
verifying in said ou that said second copy of said ps certificate was signed by said mks by applying said mks public signature key;
verifying in said ou that said second copy of said ps certificate authorizes said ps to personalize said ou;
generating an encryption/decryption key pair in said ps for said ou, said encryption/decryption key pair comprising an ou public encryption key and an ou private decryption key;
securely communicating said ou private decryption key from said ps to said ou;
deleting said ou private decryption key from said ps;
creating in said ps an ou certificate for said ou by a method comprising the steps of;
creating a message containing said ou public encryption key; and
signing said message with said ps private signature key to create said ou certificate for said ou; and
communicating said ou certificate from said ps to said ou; and
(d) registering said ou with said rs by a method comprising the steps of;
communicating said ou certificate to said rs;
communicating said second copy of said ps certificate to said rs;
providing said mks public signature key to said rs;
verifying in said rs that said second copy of said ps certificate was signed by said mks by applying said mks public signature key;
verifying in said rs that said ou certificate was signed by said ps by applying said ps public signature key, said ps public signature key having been obtained from said second copy of said ps certificate;
communicating said rs certificate to said ou;
communicating said first copy of said ps certificate to said ou;
verifying in said ou that said first copy of said ps certificate was signed by said mks by applying said mks public signature key;
verifying in said ou that said rs certificate was signed by said ps by applying said ps public signature key, said ps public signature key having been obtained from said first copy of said ps certificate;
generating in said rs a cryptographic data element for said ou;
encrypting said private encryption key in said ou public encryption key, said rs having obtained said ou public encryption key from said ou certificate;
communicating said cryptographic data element, encrypted in said ou public encryption key, from said rs to said ou; and
decrypting in said ou said private encryption key by applying said ou private decryption key.
4 Assignments
0 Petitions
Accused Products
Abstract
A secure cryptographic network is established among operational units in a system. A public key cryptosystem is initially used to establish secure communication links. Then, each secure communication link will be provided with a unique private encryption key from a private key cryptosystem. Every operational unit in the system will comprise a secure chip integrated circuit. These secure chips will comprise a programmable processor and a read-only memory. A plurality of personalization stations are used to provide each secure chip with a public/private encryption or signature key pair. The secure chips will execute a program from the read-only memory on the secure chips to verify that the public/private key pair has been received from an authorized source. Each secure chip will also be provided with a chain of authentication certificates originating from a trusted authority. The public signature key of the trusted authority will be programmed into the read-only memory of the secure chip, for reliable access to this information. When establishing a secure communication link between two operational units, each of the operational units will authenticate the other operational unit by verifying the content and source of each of the authentication certificates in the respective chains.
523 Citations
35 Claims
-
1. A method of establishing a cryptographic link between a registration station (rs) and an operational unit (ou) of a cryptographic system, said system comprising said rs, said ou, a master key station (mks) and a personalization station (ps), said method comprising the steps of:
-
(a) initializing said mks and said ps by a method comprising the steps of; providing said mks with an encryption/decryption key pair consisting of an mks public signature key and an mks private signature key; providing said ps with an encryption/decryption key pair consisting of a ps public signature key and a ps private signature key; providing said ps public signature key to said mks; providing said mks public signature key to said ps; creating a ps certificate in said mks by a method comprising the steps of; creating a message containing said ps public signature key and an authorization for said ps to personalize said ou; and signing said message with said mks private signature key to create said ps certificate; and communicating said ps certificate from said mks to said ps; (b) personalizing said rs by a method comprising the steps of; communicating a first copy of said ps certificate to said rs; generating, in said ps, an encryption/decryption key pair for said rs consisting of an rs public signature key and an rs private signature key; securely communicating said rs private signature key from said ps to said rs; deleting said rs private signature key from said ps; creating an rs certificate in said ps by a method comprising the steps of; creating a message containing said rs public signature key; and signing said message with said ps private signature key to create said rs certificate; and communicating said rs certificate from said ps to said rs; (c) personalizing said ou by a method comprising the steps of; communicating a second copy of said ps certificate to said ou; providing said mks public signature key to said ou; verifying in said ou that said second copy of said ps certificate was signed by said mks by applying said mks public signature key; verifying in said ou that said second copy of said ps certificate authorizes said ps to personalize said ou; generating an encryption/decryption key pair in said ps for said ou, said encryption/decryption key pair comprising an ou public encryption key and an ou private decryption key; securely communicating said ou private decryption key from said ps to said ou; deleting said ou private decryption key from said ps; creating in said ps an ou certificate for said ou by a method comprising the steps of; creating a message containing said ou public encryption key; and signing said message with said ps private signature key to create said ou certificate for said ou; and communicating said ou certificate from said ps to said ou; and (d) registering said ou with said rs by a method comprising the steps of; communicating said ou certificate to said rs; communicating said second copy of said ps certificate to said rs; providing said mks public signature key to said rs; verifying in said rs that said second copy of said ps certificate was signed by said mks by applying said mks public signature key; verifying in said rs that said ou certificate was signed by said ps by applying said ps public signature key, said ps public signature key having been obtained from said second copy of said ps certificate; communicating said rs certificate to said ou; communicating said first copy of said ps certificate to said ou; verifying in said ou that said first copy of said ps certificate was signed by said mks by applying said mks public signature key; verifying in said ou that said rs certificate was signed by said ps by applying said ps public signature key, said ps public signature key having been obtained from said first copy of said ps certificate; generating in said rs a cryptographic data element for said ou; encrypting said private encryption key in said ou public encryption key, said rs having obtained said ou public encryption key from said ou certificate; communicating said cryptographic data element, encrypted in said ou public encryption key, from said rs to said ou; and decrypting in said ou said private encryption key by applying said ou private decryption key. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of using a first unit and a fourth unit to establish a cryptographic link between a second unit and a third unit of a cryptographic system, said second unit and said third unit being connected by a communication link, said method comprising the steps of:
-
generating a public key pair comprising a first public key and a corresponding first private key, said first public key being stored in said first, second, and third units; generating in said fourth unit a second public key pair comprising a second public key and a second private key; generating a certificate in said fourth unit comprising a statement of authorization designating said first unit as authorized to generate a third public key pair; digitally signing said certificate in said fourth unit using said first private key; securely communicating said digitally signed certificate to said first unit utilizing said second public key pair; generating in said first unit said third public key pair consisting of a third public key and a third private key; securely communicating said third private key and said digitally signed certificate from said first unit to said second unit; applying said first public signature key to said certificate to verify that said certificate was signed by said fourth unit; reading said message in said certificate to determine whether said first unit has been authorized to provide said public key pair; and
,deleting said third private key from said first unit; communicating said third public key to said third unit; and communicating private messages from said third unit to said second unit using said third public key pair. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
- 15. A first unit of a public key cryptosystem, said public key cryptosystem comprising said first unit, a second unit, a third unit and a trusted authority, said trusted authority authorizing said third unit to provide said first unit with a public key and a corresponding private key, said third unit generating said public key and said private key for said first unit, said first unit comprising a communication circuit for establishing a cryptographic link with said second unit by providing said second unit with said public key from said third unit, said communication circuit comprising a secure circuit, said secure circuit containing a program for determining whether said third unit has been authorized by said trusted authority to provide said public key and said private key, said communication circuit receiving said private key from said third unit only after said secure circuit has executed said program to determine that said third unit has been authorized by said trusted authority to provide said public key and said private key.
-
18. A method of authentication in a public key cryptosystem, said public key cryptosystem comprising a trusted authority, a first unit and a second unit, said trusted authority having a first public signature key and a corresponding first private signature key, said method being executed by said first unit to authenticate said second unit, said second unit having a second public signature key and a corresponding second private signature key, said method comprising the steps of:
-
storing said first public signature key in a permanent storage location inside said first unit by manufacturing a read only memory using a mask containing said first public signature key of said trusted authority and installing said read only memory in said first unit; obtaining a chain of one or more authentication certificates linking said second unit to said trusted authority, each of said authentication certificates being generated by an authority to authenticate a subject of the certificate, each authority having a public signature key and a corresponding private signature key, each subject having a public signature key and a corresponding private signature key, each of said authentication certificates containing the public signature key of the respective subject of the certificate and being signed by the respective authority of the certificate using the private signature key of the authority, a first authentication certificate of said chain being generated by said trusted authority, each subsequent authentication certificate of said chain, if any, being generated by the subject of the previous authentication certificate, a last authentication certificate of said chain authenticating said second unit; checking said first authentication certificate of said chain of authentication certificates by a method comprising the steps of; verifying that said first authentication certificate has been signed by said trusted authority by applying said first public signature key obtained from said permanent storage location inside said first unit; and verifying that said first authentication certificate contains the public signature key of the subject of the first authentication certificate; and checking each subsequent authentication certificate, if any, of said chain of authentication certificates by a method comprising the steps of; obtaining the public signature key of the authority of the subsequent authentication certificate from the previous authentication certificate; verifying that the subsequent authentication certificate has been signed by the authority of said subsequent authentication certificate by applying said public signature key of said authority of said subsequent authentication certificate; and verifying that the subsequent authentication certificate contains the public signature key of the subject of the subsequent authentication certificate. - View Dependent Claims (19, 20, 21)
-
-
22. A method of establishing a cryptographic link between a first unit and a second unit of a cryptographic system, said cryptographic system comprising said first unit, said second unit and a trusted authority, said trusted authority having a public signature key and a corresponding private signature key, said method comprising the steps of:
-
providing said first unit with a first public key pair consisting of a first public key and a first private key, where said first public key is suitable for encrypting messages and said first private key is suitable for decrypting messages; providing said second unit with a second public key pair consisting of a second public key and a second private key; providing said second unit with a first chain of authentication certificates linking said first unit to said trusted authority, said first chain of authentication certificates authenticating said first public key of said first unit; providing said first unit with a second chain of authentication certificates linking said second unit to said trusted authority, said second chain of authentication certificates authenticating said second public key of said second unit; authenticating said first unit, in said second unit, by applying an appropriate public signature key to each of the certificates in said first chain of certificates, in part by retrieving said public signature key of said trusted authority from a permanently programmed location in a read-only memory in said second unit that has been fabricated with a mask containing said public signature key; authenticating said second unit, in said first unit, by applying an appropriate public signature key to each of the certificates in said second chain of certificates, in part by retrieving said public signature key of said trusted authority from a permanently programmed location in a read-only memory in said first unit that has been fabricated with a mask containing said public signature key; providing said second public key of said second unit to said first unit from a certificate in said second chain of authentication certificates; and providing said first public key of said first unit to said second unit from a certificate in said first chain of authentication certificates. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
-
30. A method of establishing a cryptographic link between a first unit and a second unit in a cryptographic system, said second unit being remotely located from said first unit, said second unit being connected to said first unit by a communication link, said second unit having a public key pair consisting of a public key and a private key, said method comprising the steps of:
-
providing said public key of said second unit to said first unit; generating, in said first unit, a first cryptographic data element for use with said second unit; encrypting, in said first unit, said first cryptographic data element using said public key of said second unit; communicating said first cryptographic data element, encrypted in said public key, from said first unit to said second unit; communicating an authorization message from said first unit to said second unit; verifying in said second unit that said first unit has been authorized by a trusted authority to generate cryptographic data elements; decrypting, in said second unit, said first cryptographic data element by applying said private key; and communicating private messages between said first unit and said second unit using said first cryptographic data element. - View Dependent Claims (31, 32, 33, 34)
-
-
35. A cryptographic system comprising a first unit, a second unit, a third unit, and a fourth unit, said first and second units communicating securely by utilizing at least one cryptographic data element, said cryptographic data element being generated by said third unit, said third unit communicating said cryptographic data element to said first and second units, and also communicating to said second unit an authorization certificate received from said fourth unit, such that said second unit verifies that said third unit has been authorized by said fourth unit to generate said cryptographic data element.
Specification