Apparatus and method for establishing a cryptographic link between elements of a system

US 5,787,172 A
Filed: 02/24/1994
Issued: 07/28/1998
Est. Priority Date: 02/24/1994
Status: Expired due to Term

First Claim

Patent Images

1. A method of establishing a cryptographic link between a registration station (rs) and an operational unit (ou) of a cryptographic system, said system comprising said rs, said ou, a master key station (mks) and a personalization station (ps), said method comprising the steps of:

(a) initializing said mks and said ps by a method comprising the steps of;

providing said mks with an encryption/decryption key pair consisting of an mks public signature key and an mks private signature key;

providing said ps with an encryption/decryption key pair consisting of a ps public signature key and a ps private signature key;

providing said ps public signature key to said mks;

providing said mks public signature key to said ps;

creating a ps certificate in said mks by a method comprising the steps of;

creating a message containing said ps public signature key and an authorization for said ps to personalize said ou; and

signing said message with said mks private signature key to create said ps certificate; and

communicating said ps certificate from said mks to said ps;

(b) personalizing said rs by a method comprising the steps of;

communicating a first copy of said ps certificate to said rs;

generating, in said ps, an encryption/decryption key pair for said rs consisting of an rs public signature key and an rs private signature key;

securely communicating said rs private signature key from said ps to said rs;

deleting said rs private signature key from said ps;

creating an rs certificate in said ps by a method comprising the steps of;

creating a message containing said rs public signature key; and

signing said message with said ps private signature key to create said rs certificate; and

communicating said rs certificate from said ps to said rs;

(c) personalizing said ou by a method comprising the steps of;

communicating a second copy of said ps certificate to said ou;

providing said mks public signature key to said ou;

verifying in said ou that said second copy of said ps certificate was signed by said mks by applying said mks public signature key;

verifying in said ou that said second copy of said ps certificate authorizes said ps to personalize said ou;

generating an encryption/decryption key pair in said ps for said ou, said encryption/decryption key pair comprising an ou public encryption key and an ou private decryption key;

securely communicating said ou private decryption key from said ps to said ou;

deleting said ou private decryption key from said ps;

creating in said ps an ou certificate for said ou by a method comprising the steps of;

creating a message containing said ou public encryption key; and

signing said message with said ps private signature key to create said ou certificate for said ou; and

communicating said ou certificate from said ps to said ou; and

(d) registering said ou with said rs by a method comprising the steps of;

communicating said ou certificate to said rs;

communicating said second copy of said ps certificate to said rs;

providing said mks public signature key to said rs;

verifying in said rs that said second copy of said ps certificate was signed by said mks by applying said mks public signature key;

verifying in said rs that said ou certificate was signed by said ps by applying said ps public signature key, said ps public signature key having been obtained from said second copy of said ps certificate;

communicating said rs certificate to said ou;

communicating said first copy of said ps certificate to said ou;

verifying in said ou that said first copy of said ps certificate was signed by said mks by applying said mks public signature key;

verifying in said ou that said rs certificate was signed by said ps by applying said ps public signature key, said ps public signature key having been obtained from said first copy of said ps certificate;

generating in said rs a cryptographic data element for said ou;

encrypting said private encryption key in said ou public encryption key, said rs having obtained said ou public encryption key from said ou certificate;

communicating said cryptographic data element, encrypted in said ou public encryption key, from said rs to said ou; and

decrypting in said ou said private encryption key by applying said ou private decryption key.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure cryptographic network is established among operational units in a system. A public key cryptosystem is initially used to establish secure communication links. Then, each secure communication link will be provided with a unique private encryption key from a private key cryptosystem. Every operational unit in the system will comprise a secure chip integrated circuit. These secure chips will comprise a programmable processor and a read-only memory. A plurality of personalization stations are used to provide each secure chip with a public/private encryption or signature key pair. The secure chips will execute a program from the read-only memory on the secure chips to verify that the public/private key pair has been received from an authorized source. Each secure chip will also be provided with a chain of authentication certificates originating from a trusted authority. The public signature key of the trusted authority will be programmed into the read-only memory of the secure chip, for reliable access to this information. When establishing a secure communication link between two operational units, each of the operational units will authenticate the other operational unit by verifying the content and source of each of the authentication certificates in the respective chains.

523 Citations

35 Claims

1. A method of establishing a cryptographic link between a registration station (rs) and an operational unit (ou) of a cryptographic system, said system comprising said rs, said ou, a master key station (mks) and a personalization station (ps), said method comprising the steps of:
- (a) initializing said mks and said ps by a method comprising the steps of;
  
  providing said mks with an encryption/decryption key pair consisting of an mks public signature key and an mks private signature key;
  
  providing said ps with an encryption/decryption key pair consisting of a ps public signature key and a ps private signature key;
  
  providing said ps public signature key to said mks;
  
  providing said mks public signature key to said ps;
  
  creating a ps certificate in said mks by a method comprising the steps of;
  
  creating a message containing said ps public signature key and an authorization for said ps to personalize said ou; and
  
  signing said message with said mks private signature key to create said ps certificate; and
  
  communicating said ps certificate from said mks to said ps;
  
  (b) personalizing said rs by a method comprising the steps of;
  
  communicating a first copy of said ps certificate to said rs;
  
  generating, in said ps, an encryption/decryption key pair for said rs consisting of an rs public signature key and an rs private signature key;
  
  securely communicating said rs private signature key from said ps to said rs;
  
  deleting said rs private signature key from said ps;
  
  creating an rs certificate in said ps by a method comprising the steps of;
  
  creating a message containing said rs public signature key; and
  
  signing said message with said ps private signature key to create said rs certificate; and
  
  communicating said rs certificate from said ps to said rs;
  
  (c) personalizing said ou by a method comprising the steps of;
  
  communicating a second copy of said ps certificate to said ou;
  
  providing said mks public signature key to said ou;
  
  verifying in said ou that said second copy of said ps certificate was signed by said mks by applying said mks public signature key;
  
  verifying in said ou that said second copy of said ps certificate authorizes said ps to personalize said ou;
  
  generating an encryption/decryption key pair in said ps for said ou, said encryption/decryption key pair comprising an ou public encryption key and an ou private decryption key;
  
  securely communicating said ou private decryption key from said ps to said ou;
  
  deleting said ou private decryption key from said ps;
  
  creating in said ps an ou certificate for said ou by a method comprising the steps of;
  
  creating a message containing said ou public encryption key; and
  
  signing said message with said ps private signature key to create said ou certificate for said ou; and
  
  communicating said ou certificate from said ps to said ou; and
  
  (d) registering said ou with said rs by a method comprising the steps of;
  
  communicating said ou certificate to said rs;
  
  communicating said second copy of said ps certificate to said rs;
  
  providing said mks public signature key to said rs;
  
  verifying in said rs that said second copy of said ps certificate was signed by said mks by applying said mks public signature key;
  
  verifying in said rs that said ou certificate was signed by said ps by applying said ps public signature key, said ps public signature key having been obtained from said second copy of said ps certificate;
  
  communicating said rs certificate to said ou;
  
  communicating said first copy of said ps certificate to said ou;
  
  verifying in said ou that said first copy of said ps certificate was signed by said mks by applying said mks public signature key;
  
  verifying in said ou that said rs certificate was signed by said ps by applying said ps public signature key, said ps public signature key having been obtained from said first copy of said ps certificate;
  
  generating in said rs a cryptographic data element for said ou;
  
  encrypting said private encryption key in said ou public encryption key, said rs having obtained said ou public encryption key from said ou certificate;
  
  communicating said cryptographic data element, encrypted in said ou public encryption key, from said rs to said ou; and
  
  decrypting in said ou said private encryption key by applying said ou private decryption key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said cryptographic system comprises a communication system.
  - 3. The method of claim 2, wherein said communication system comprises a subscriber television system.
  - 4. The method of claim 1, wherein said rs and said ou each comprise a secure chip, said secure chip comprising a programmable processor and a read-only memory, said read-only memory containing said mks public signature key.
  - 5. The method of claim 4, wherein said steps of verifying in said ou that said second copy of said ps certificate was signed by said mks and of verifying in said ou that said second copy of said ps certificate authorizes said ps to personalize said ou are accomplished by said programmable processor of said secure chip executing a program in said read-only memory of said secure chip.
  - 6. The method of claim 4, wherein said message created during said method of creating said ps certificate additionally contains an effective date and an expiration date for said ps certificate, wherein said read-only memory of said secure chip additionally contains a manufacturing date code, and wherein said method for personalizing said ou additionally comprises the step of:
    - verifying in said ou that said manufacturing date code in said read-only memory of said secure chip is between said effective date and said expiration date for said ps certificate.

7. A method of using a first unit and a fourth unit to establish a cryptographic link between a second unit and a third unit of a cryptographic system, said second unit and said third unit being connected by a communication link, said method comprising the steps of:
- generating a public key pair comprising a first public key and a corresponding first private key, said first public key being stored in said first, second, and third units;
  
  generating in said fourth unit a second public key pair comprising a second public key and a second private key;
  
  generating a certificate in said fourth unit comprising a statement of authorization designating said first unit as authorized to generate a third public key pair;
  
  digitally signing said certificate in said fourth unit using said first private key;
  
  securely communicating said digitally signed certificate to said first unit utilizing said second public key pair;
  
  generating in said first unit said third public key pair consisting of a third public key and a third private key;
  
  securely communicating said third private key and said digitally signed certificate from said first unit to said second unit;
  
  applying said first public signature key to said certificate to verify that said certificate was signed by said fourth unit;
  
  reading said message in said certificate to determine whether said first unit has been authorized to provide said public key pair; and
  
  ,deleting said third private key from said first unit;
  
  communicating said third public key to said third unit; and
  
  communicating private messages from said third unit to said second unit using said third public key pair.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method of claim 7, wherein said cryptographic system comprises a communication system.
  - 9. The method of claim 8, wherein said communication system comprises a subscriber television system.
  - 10. The method of claim 7, wherein said second unit comprises a secure chip, said secure chip comprising a programmable processor and a read only memory, said read only memory containing said first public signature key.
  - 11. The method of claim 10, wherein said certificate additionally contains an effective date and an expiration date for said certificate, wherein said read-only memory of said secure chip additionally contains a manufacturing date code, and wherein said reading step additionally comprises the step of:
    - verifying that said manufacturing date code in said read-only memory of said secure chip is between said effective date and said expiration date for said certificate.
  - 12. The method of claim 11, wherein said reading step is implemented in a program in said read-only memory of said secure chip and wherein said program in said read-only memory is executed by said programmable processor in said secure chip.
  - 13. The method of claim 7, wherein said third public key pair is a digital signature key pair.
  - 14. The method of claim 7, wherein one of said private messages comprises a cryptographic data element.

15. A first unit of a public key cryptosystem, said public key cryptosystem comprising said first unit, a second unit, a third unit and a trusted authority, said trusted authority authorizing said third unit to provide said first unit with a public key and a corresponding private key, said third unit generating said public key and said private key for said first unit, said first unit comprising a communication circuit for establishing a cryptographic link with said second unit by providing said second unit with said public key from said third unit, said communication circuit comprising a secure circuit, said secure circuit containing a program for determining whether said third unit has been authorized by said trusted authority to provide said public key and said private key, said communication circuit receiving said private key from said third unit only after said secure circuit has executed said program to determine that said third unit has been authorized by said trusted authority to provide said public key and said private key.
- View Dependent Claims (16, 17)
- - 16. The first unit of claim 15, wherein said secure circuit comprises a secure integrated circuit, wherein said secure integrated circuit comprises a programmable processor and a read-only memory, wherein said read-only memory contains said program, and wherein said program is executed by said programmable processor.
  - 17. The first unit of claim 15, wherein said first unit functions primarily as a communication unit.

18. A method of authentication in a public key cryptosystem, said public key cryptosystem comprising a trusted authority, a first unit and a second unit, said trusted authority having a first public signature key and a corresponding first private signature key, said method being executed by said first unit to authenticate said second unit, said second unit having a second public signature key and a corresponding second private signature key, said method comprising the steps of:
- storing said first public signature key in a permanent storage location inside said first unit by manufacturing a read only memory using a mask containing said first public signature key of said trusted authority and installing said read only memory in said first unit;
  
  obtaining a chain of one or more authentication certificates linking said second unit to said trusted authority, each of said authentication certificates being generated by an authority to authenticate a subject of the certificate, each authority having a public signature key and a corresponding private signature key, each subject having a public signature key and a corresponding private signature key, each of said authentication certificates containing the public signature key of the respective subject of the certificate and being signed by the respective authority of the certificate using the private signature key of the authority, a first authentication certificate of said chain being generated by said trusted authority, each subsequent authentication certificate of said chain, if any, being generated by the subject of the previous authentication certificate, a last authentication certificate of said chain authenticating said second unit;
  
  checking said first authentication certificate of said chain of authentication certificates by a method comprising the steps of;
  
  verifying that said first authentication certificate has been signed by said trusted authority by applying said first public signature key obtained from said permanent storage location inside said first unit; and
  
  verifying that said first authentication certificate contains the public signature key of the subject of the first authentication certificate; and
  
  checking each subsequent authentication certificate, if any, of said chain of authentication certificates by a method comprising the steps of;
  
  obtaining the public signature key of the authority of the subsequent authentication certificate from the previous authentication certificate;
  
  verifying that the subsequent authentication certificate has been signed by the authority of said subsequent authentication certificate by applying said public signature key of said authority of said subsequent authentication certificate; and
  
  verifying that the subsequent authentication certificate contains the public signature key of the subject of the subsequent authentication certificate.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 18, wherein said public key cryptosystem comprises a communication system.
  - 20. The method of claim 19, wherein said communication system comprises a subscriber television system.
  - 21. The method of claim 18, wherein each of said authentication certificates additionally contains a data value indicating a function that the subject of the certificate will be authorized to perform and an effective date and an expiration date for the certificate.providing said second public key of said second unit to said first unit from a certificate in said second chain of authentication certificates;
    - andproviding said first public key of said first unit to said second unit from a certificate in said first chain of authentication certificates.

22. A method of establishing a cryptographic link between a first unit and a second unit of a cryptographic system, said cryptographic system comprising said first unit, said second unit and a trusted authority, said trusted authority having a public signature key and a corresponding private signature key, said method comprising the steps of:
- providing said first unit with a first public key pair consisting of a first public key and a first private key, where said first public key is suitable for encrypting messages and said first private key is suitable for decrypting messages;
  
  providing said second unit with a second public key pair consisting of a second public key and a second private key;
  
  providing said second unit with a first chain of authentication certificates linking said first unit to said trusted authority, said first chain of authentication certificates authenticating said first public key of said first unit;
  
  providing said first unit with a second chain of authentication certificates linking said second unit to said trusted authority, said second chain of authentication certificates authenticating said second public key of said second unit;
  
  authenticating said first unit, in said second unit, by applying an appropriate public signature key to each of the certificates in said first chain of certificates, in part by retrieving said public signature key of said trusted authority from a permanently programmed location in a read-only memory in said second unit that has been fabricated with a mask containing said public signature key;
  
  authenticating said second unit, in said first unit, by applying an appropriate public signature key to each of the certificates in said second chain of certificates, in part by retrieving said public signature key of said trusted authority from a permanently programmed location in a read-only memory in said first unit that has been fabricated with a mask containing said public signature key;
  
  providing said second public key of said second unit to said first unit from a certificate in said second chain of authentication certificates; and
  
  providing said first public key of said first unit to said second unit from a certificate in said first chain of authentication certificates.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The method of claim 22, wherein said cryptographic system comprises a communication system.
  - 24. The method of claim 23, wherein said communication system comprises a subscriber television system.
  - 25. The method of claim 22, wherein said second private key of said second unit is suitable for creating digital signatures and said second public key of said second unit is suitable for verifying digital signatures.
  - 26. The method of claim 22, wherein said second unit comprises a secure integrated circuit containing a programmable processor.
  - 27. The method of claim 26, wherein the authentication of said first unit is accomplished by said processor in said secure integrated circuit of said second unit by executing a program contained in said read-only memory of said secure integrated circuit of said second unit.
  - 28. The method of claim 22, wherein said system additionally comprises a third unit, wherein said third unit provides said first unit with said first public key pair, and wherein said third unit provides said second unit with said second public key pair.
  - 29. The method of claim 22, wherein each of said certificates in said first chain of authentication certificates and each of said certificates in said second chain of authentication certificates comprises:
    - a data value indicating a function that a subject of the certificate will be authorized to perform;
      
      an effective date for the certificate;
      
      an expiration date for the certificate; and
      
      an initial key package.

30. A method of establishing a cryptographic link between a first unit and a second unit in a cryptographic system, said second unit being remotely located from said first unit, said second unit being connected to said first unit by a communication link, said second unit having a public key pair consisting of a public key and a private key, said method comprising the steps of:
- providing said public key of said second unit to said first unit;
  
  generating, in said first unit, a first cryptographic data element for use with said second unit;
  
  encrypting, in said first unit, said first cryptographic data element using said public key of said second unit;
  
  communicating said first cryptographic data element, encrypted in said public key, from said first unit to said second unit;
  
  communicating an authorization message from said first unit to said second unit;
  
  verifying in said second unit that said first unit has been authorized by a trusted authority to generate cryptographic data elements;
  
  decrypting, in said second unit, said first cryptographic data element by applying said private key; and
  
  communicating private messages between said first unit and said second unit using said first cryptographic data element.
- View Dependent Claims (31, 32, 33, 34)
- - 31. The method of claim 30, wherein said cryptographic system comprises a communication system.
  - 32. The method of claim 31, wherein said communication system comprises a subscriber television system.
  - 33. The method of claim 30, wherein the use of said first cryptographic data element for the communication of private messages between said first unit and said second unit establishes a secure cryptographic link.
  - 34. The method of claim 30, wherein said trusted authority has a first public signature key and a corresponding first private signature key, wherein said first unit has a second public signature key and a corresponding second private signature key, and wherein said method of establishing a cryptographic link between said first unit and said second unit additionally comprises the steps of:
    - providing said first unit with a first chain of authentication certificates originating with said trusted authority, said first chain of authentication certificates authenticating said public key of said second unit;
      
      providing said second unit with a second chain of authentication certificates originating with said trusted authority, said second chain of authentication certificates authenticating said second public signature key of said first unit;
      
      authenticating said second unit, using said first unit, by applying an appropriate public signature key to each of the certificates in said first chain of certificates, beginning with said first public signature key of said trusted authority; and
      
      authenticating said first unit, using said second unit, by applying an appropriate public signature key to each of the certificates in said second chain of certificates, beginning with said first public signature key of said trusted authority.

35. A cryptographic system comprising a first unit, a second unit, a third unit, and a fourth unit, said first and second units communicating securely by utilizing at least one cryptographic data element, said cryptographic data element being generated by said third unit, said third unit communicating said cryptographic data element to said first and second units, and also communicating to said second unit an authorization certificate received from said fourth unit, such that said second unit verifies that said third unit has been authorized by said fourth unit to generate said cryptographic data element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Comcast Cable Communications LLC (Comcast Corporation)
Original Assignee
The Merdan Group, Inc.
Inventors
Arnold, Terry Sutton
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/201,399
Time in Patent Office

1,615 Days
Field of Search

380/30, 380/23, 380/20, 380/25, 380/24, 380/21
US Class Current

713/175
CPC Class Codes

H04L 9/083   involving central third par...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Apparatus and method for establishing a cryptographic link between elements of a system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

523 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for establishing a cryptographic link between elements of a system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

523 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links