WO2000045241A2 - Self-generation of certificates using a secure microprocessor in a device for transferring digital information - Google Patents
Self-generation of certificates using a secure microprocessor in a device for transferring digital information Download PDFInfo
- Publication number
- WO2000045241A2 WO2000045241A2 PCT/US2000/002317 US0002317W WO0045241A2 WO 2000045241 A2 WO2000045241 A2 WO 2000045241A2 US 0002317 W US0002317 W US 0002317W WO 0045241 A2 WO0045241 A2 WO 0045241A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- certificates
- certificate
- self
- public key
- key
- Prior art date
Links
- 238000000034 method Methods 0.000 claims abstract description 11
- 238000004519 manufacturing process Methods 0.000 abstract description 6
- 238000004891 communication Methods 0.000 abstract description 4
- 238000013459 approach Methods 0.000 abstract description 3
- 238000012545 processing Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000000135 prohibitive effect Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1101—Session protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/102—Gateways
- H04L65/1043—Gateway controllers, e.g. media gateway control protocol [MGCP] controllers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
- G06F2207/7219—Countermeasures against side channel or fault attacks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
- G06F2211/008—Public Key, Asymmetric Key, Asymmetric Encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2129—Authenticate client device independently of the user
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02E—REDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
- Y02E50/00—Technologies for the production of fuel of non-fossil origin
- Y02E50/10—Biofuels, e.g. bio-diesel
Definitions
- This invention relates in general to secure data transfers in digital systems and more specifically to a device in such a digital system that has the ability to self-issue certificates in a secure manner.
- Public key systems have become a very popular means for providing security in digital systems.
- Public Key Systems have two different keys, one for encryption, or signing, and one for decryption, or verifying. This separation of keys has great security value in that the sign/decrypt function can be securely isolated from verify/encrypt functions, as is appropriate for the typical use of these keys.
- Public key systems are also known as asymmetric systems, or cryptosystems, as opposed to non-public key systems that are known as symmetric, or secret key, systems.
- a sender obtains the receiver's public key.
- the sender uses the public key to encrypt a message.
- the encrypted message is then sent to the receiver. Since only the receiver has the corresponding private key of the public/private key pair, only the intended receiver can decrypt and view the encrypted message.
- a certificate is typically the information that is included along with a signed message, where the certificate includes the public key required to verify the signature on the message.
- the certificate is signed with the certifying authority's private key and can be verified by a recipient of the certificate by using the certifying authority's public key.
- the same problem of obtaining the known certifying authority's correct public key in the first place still exists.
- a sequence of certified public keys can be obtained from sources of progressively higher trust, where each preceding certificate's public key comes from a successively more trustworthy source. At some point, the user of a certificate's public key must be able to trust, or be assured that, the original public key for the chain of certificates does, indeed, come from the proper source and is valid.
- the act of user authentication usually includes the verification of the user's certificate.
- the certificate includes the identity of the sender, the identity of the certificate issuer, the sender's public key, the time period for which the certificate is valid, etc.
- PKI Public Key Infrastructure
- IP Internet Protocol
- Shorter keys are often useful because their security functions (i.e., encoding/encrypting or decoding/decrypting) require less time than longer keys. However, the level of security provided is less than with longer keys so the shorter keys and certificates need to be replaced more often. If the initial keys and certificates are installed by the unit (e.g. cable telephony adapter) manufacturer while the replacement keys and certificates are transferred from the network service provider, a "dual trust" hierarchy is created that is not as robust as a single trust approach.
- the unit e.g. cable telephony adapter
- the present invention allows consumer communications device such as an IP telephony adapter to self-generate public key pairs and certificates. This eliminates the need for such keys and certificates to be sent to the devices from an outside source so a single-trust approach can be maintained.
- public key pairs may be generated by a server and delivered to the consumer device in an encrypted and signed message. The certificate for the delivered public key would still be generated inside the consumer device.
- a manufacturer-signed consumer device certificate for a large public key is installed into a device at the time of manufacture.
- the device only issues itself certificates (for a newly generated shorter key pair) based on a signed request from an external outside server.
- the device's self-issued certificates incorporate information obtained from the server in a profile. This allows control by the server over a device's self-issued certificates.
- the certificate issuing process occurs within a secure microprocessor.
- the invention discloses a method for providing self-issuing certificates in a device in a telecommunications system.
- the method includes receiving, from an external source, a request to generate a new certificate, wherein the request includes a certificate parameter; using a secure microprocessor to generate a new certificate that uses the certificate parameter; and using the new certificate in data transfers.
- the preferred embodiment includes receiving, from an external source, a request to generate a new certificate, wherein the request includes a signed profile of what parameters should appear in the new certificate.
- the device generates a new public/private key pair and then signs a new certificate - all done as a single combined operation inside a secure microprocessor.
- the request itself includes a public key and an encrypted private key.
- the device in that case decrypts the private key and signs the new certificate - again, all done inside a secure microprocessor as a single combined operation.
- the decryption key used is a (longer) private key that was installed in the device at the time of manufacture.
- the device can sign the new certificate with a (longer) certificate signing key that was installed at the time of manufacture.
- the new key pair and certificate, along with the pre-installed certificate for the device's certificate-signing key, can be used to secure call signaling and other communications.
- Fig. 1 is a flowchart that describes the basic steps of the present invention
- Fig. 2 A shows a portion of a telephony network 100 including a Cable Telephony Adapter
- Fig. 2B shows an exemplary embodiment of the CTA.
- DESCRIPTION OF THE SPECIFIC EMBODIMENTS The present invention is preferably included in a cable telephony system that is described in detail in the priority documents referenced at the beginning of this specification. Although specific reference is made to a cable telephony system, the invention is adaptable for use in virtually any telecommunications system that uses secured transactions.
- FIG. 2 A shows a portion of an IP telephony network 100 constructed in accordance with the present invention.
- the network 100 includes a first user 102 coupled to a source CTA 104.
- the source CTA 104 is further coupled to a source gateway controller 106 and an IP telephony network backbone 110.
- the network 100 also includes a second user 112 coupled to a destination
- the network 100 also includes a customer service representative (CSR) center 120, a provisioning server 122 and a billing host 124.
- CSR customer service representative
- Each user of the network 100 goes through an initialization process to activate network service. For example, when the user 102 and associated CTA 104 are coupled to the network, a series of messages are exchanged between the CTA 104, the gateway controller 106 and the CSR 120. The messages provide for activation of telephony service for the user 102, establishment of account information and creation of encryption keys to be used by the CTA to encrypt and decrypt messages exchanged over the network.
- the billing host 124 is used to setup account information for each user and to bill for network usage.
- the provisioning server 122 is used to initialize and register CTA devices within a specific IP telephony network.
- Fig. 2B shows an exemplary embodiment of the CTA 104 constructed in accordance with the present invention.
- the CTA 104 includes a cable input interface (I/F) 202, a cable output I/F 204, a user output I/F 206, a user input I/F 208, a host processor 210, a memory 212 and an additional secure processor 220 along with secure memory 222, used to protect public/private key pairs 224. Certificates 214 are stored in regular memory because they are signed and don't require additional protection.
- the cable input I/F 202 is coupled to a cable telephony input 216.
- the cable output I/F 204 is coupled to a cable telephony output 218.
- the cable telephony input and output I/F couple the CTA 200 to a cable telephony network, such as by connecting to a cable modem (not shown) that is coupled to the cable telephony network.
- a cable modem (not shown) that is coupled to the cable telephony network.
- the cable modem is included in the CTA so that the cable telephony network may be connected directly to the CTA.
- the processor 210 couples to the cable input I F 202 and the cable output I/F 204 to provide processing of information received and transmitted, respectively, on the telephony network.
- the line 216 carries secure encrypted and/or signed information which cannot be processed directly by the host processor, since it does not have access to cryptographic keys. The host processor has to pass on this information to the secure processor, which has access to the necessary keys to perform cryptographic operations.
- the connections between the cable I/F modules and the user I/f modules carry unencrypted information.
- the unencrypted information is commonly referred to as clear text, which extends back to the user.
- clear text user input needs to be encrypted and/or signed, this cannot be done directly by the host processor. It passes on the information to the secure processor that performs the cryptographic operations. This way, encrypted and/or signed data appears on line 218.
- the certificates in 214 cryptographically bind each public key to an identity.
- the short, self-signed public key may be bound to either the device or user identity, while the longer public keys installed at the time of manufacture must be bound to the identity of the device (since the user identity is unknown at that time).
- the certificates are not protected in secure memory because they are already cryptographically protected with a digital signature.
- Fig. 1 is a flowchart that describes the basic steps of the present invention.
- flowchart 10 is entered during provisioning when the CTA gets a request from a server to issue itself a certificate for a new public key.
- the preferred embodiment uses a 768-bit RSA key pair as a "small' key pair with a self-issued certificate.
- the CTA is provided with a large 2048-bit RSA public/private certificate signing key pair and a corresponding public key certificate upon manufacture of the CTA at a factory.
- a large key-exchange public/private key pair e.g., 2048-bit RSA key pair
- a corresponding certificate are also installed into the CTA at the factory.
- Steps 14, 18 and 20 are performed by the secure microprocessor in the CTA. Thus, all of the steps necessary to issue a certificate for a small public key and certificate are performed inside the secure microprocessor.
- the request from the server is authenticated by verifying the signature.
- a "short" (e.g. 768-bit) RSA key pair is generated inside the secure microprocessor.
- step 18 results in the decryption of the "short" RSA private key sent in the certificate request.
- the CTA issues itself a new certificate for the corresponding public key that is also included in the server request. This new certificate is signed with the CTA's large certificate-signing key.
- the parameters in the new certificate (e.g., validity time) are copied from the certificate request sent by the server and are used in the self-issued certificate.
- Table I shows a list of different parameters in the profile of the server request.
- Table II lists the parameters that are copied over to the certificate from the profile in the request.
- Signature Algorithm e.g., RSA over SHA-1
- Signature Over Certificate Request Network Certificate (2048-bit)
- Network Equipment Manufacturer Certificate (2048-bit)
- Public Key (optional - used if the device does not generate a key pair, itself)
- the CTA can use them to either authenticate itself or for secure key exchanges. Because the new certificate is issued inside a secure microprocessor, a hacker can't tamper with the certificate- issuing process. The certificate is based on the information in the server certificate request. Also, it is difficult for a hacker to imitate a server certificate request as the request must be signed with the server's private key.
Abstract
Description
Claims
Priority Applications (8)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU32186/00A AU761317B2 (en) | 1999-01-29 | 2000-01-28 | Self-generation of certificates using a secure microprocessor in a device for transferring digital information |
JP2000596433A JP4651197B2 (en) | 1999-01-29 | 2000-01-28 | Certificate self-generation using a secure microprocessor in devices that transfer digital information |
KR1020017009554A KR20010103756A (en) | 1999-01-29 | 2000-01-28 | Self-generation of certificates using a secure microprocessor in a device for transferring digital information |
EP00910024A EP1151579B1 (en) | 1999-01-29 | 2000-01-28 | Self-generation of certificates using a secure microprocessor in a device for transferring digital information |
DE60043053T DE60043053D1 (en) | 1999-01-29 | 2000-01-28 | SELF-GENERATION OF CERTIFICATES USING A SAFE MICROPROCESSOR IN A DIGITAL DATA TRANSMISSION DEVICE |
CA002359673A CA2359673C (en) | 1999-01-29 | 2000-01-28 | Self-generation of certificates using a secure microprocessor in a device for transferring digital information |
AT00910024T ATE444620T1 (en) | 1999-01-29 | 2000-01-28 | SELF-GENERATION OF CERTIFICATES USING A SECURE MICROPROCESSOR IN A DIGITAL DATA TRANSMISSION DEVICE |
US09/890,178 US6839841B1 (en) | 1999-01-29 | 2000-01-28 | Self-generation of certificates using secure microprocessor in a device for transferring digital information |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11778899P | 1999-01-29 | 1999-01-29 | |
US60/117,788 | 1999-01-29 | ||
US12877299P | 1999-04-09 | 1999-04-09 | |
US60/128,772 | 1999-04-09 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2000045241A2 true WO2000045241A2 (en) | 2000-08-03 |
WO2000045241A3 WO2000045241A3 (en) | 2000-12-14 |
Family
ID=26815656
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2000/002317 WO2000045241A2 (en) | 1999-01-29 | 2000-01-28 | Self-generation of certificates using a secure microprocessor in a device for transferring digital information |
PCT/US2000/002174 WO2000045539A1 (en) | 1999-01-29 | 2000-01-28 | Key management for telephone calls to protect signaling and call packets between cta's |
PCT/US2000/002101 WO2000045273A1 (en) | 1999-01-29 | 2000-01-28 | Authentication enforcement using decryption and authentication in a single transaction in a secure microprocessor |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2000/002174 WO2000045539A1 (en) | 1999-01-29 | 2000-01-28 | Key management for telephone calls to protect signaling and call packets between cta's |
PCT/US2000/002101 WO2000045273A1 (en) | 1999-01-29 | 2000-01-28 | Authentication enforcement using decryption and authentication in a single transaction in a secure microprocessor |
Country Status (12)
Country | Link |
---|---|
US (1) | US7929701B1 (en) |
EP (5) | EP1236303A4 (en) |
JP (3) | JP2002540443A (en) |
KR (3) | KR20010103756A (en) |
CN (1) | CN1347605A (en) |
AT (1) | ATE444620T1 (en) |
AU (4) | AU777383B2 (en) |
CA (4) | CA2360781A1 (en) |
DE (1) | DE60043053D1 (en) |
HK (1) | HK1047003A1 (en) |
MX (1) | MXPA01007563A (en) |
WO (3) | WO2000045241A2 (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2366139A (en) * | 2000-08-15 | 2002-02-27 | Ericsson Telefon Ab L M | Network authentication |
EP1198129A2 (en) * | 2000-09-04 | 2002-04-17 | Pioneer Corporation | Information sending method and information sending apparatus, information receiving apparatus and information receiving method, information transmission system and information transmission method, and information recording medium |
GB2385740A (en) * | 2002-02-22 | 2003-08-27 | Zarlink Semiconductor Ltd | Voice over IP telephone subscriber unit with encryption facilities |
WO2004027588A2 (en) * | 2002-09-23 | 2004-04-01 | Koninklijke Philips Electronics N.V. | Certificate based authorized domains |
KR100774013B1 (en) | 2004-12-23 | 2007-11-08 | 인피니언 테크놀로지스 아게 | Data processing device, telecommunication-terminal equipment and method for data processing by means of a data processing device |
US7461249B1 (en) | 1999-08-13 | 2008-12-02 | Hewlett-Packard Development Company, L.P. | Computer platforms and their methods of operation |
US7526785B1 (en) | 1999-09-25 | 2009-04-28 | Hewlett-Packard Development Company, L.P. | Trusted computing platform for restricting use of data |
US7917764B2 (en) | 2005-01-24 | 2011-03-29 | Panasonic Corporation | Signature generation device and signature verification device |
US7917752B2 (en) | 2002-08-23 | 2011-03-29 | Hewlett-Packard Development Company, L.P. | Method of controlling the processing of data |
EP2357754A1 (en) * | 2008-12-11 | 2011-08-17 | Mitsubishi Electric Corporation | Self-authentication communication equipment and equipment authentication system |
US8165299B2 (en) | 2000-08-15 | 2012-04-24 | Telefonaktiebolaget Lm Ericsson (Publ) | Network authentication |
EP2809028A1 (en) * | 2013-05-30 | 2014-12-03 | Compal Broadband Networks Inc. | Method and electronic device of generating digital certificate |
US8909555B2 (en) | 2001-04-24 | 2014-12-09 | Hewlett-Packard Development Company, L.P. | Information security system |
WO2018125020A1 (en) * | 2016-12-29 | 2018-07-05 | Limited Liability Company "Innovation Development Hub" | Cryptographic transformation device |
Families Citing this family (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2360781A1 (en) * | 1999-01-29 | 2000-08-03 | General Instrument Corporation | Key management for telephone calls to protect signaling and call packets between cta's |
WO2001056249A1 (en) * | 2000-01-25 | 2001-08-02 | Telefonaktiebolaget Lm Ericsson (Publ) | Encryption of payload on narrow-band ip links |
US7376625B2 (en) | 2001-11-15 | 2008-05-20 | Nokia Corporation | System and method for activating individualized software modules in a digital broadcast environment |
WO2003096613A1 (en) * | 2002-05-09 | 2003-11-20 | Niigata Seimitsu Co., Ltd. | Centralized encryption management system |
CN100461780C (en) * | 2003-07-17 | 2009-02-11 | 华为技术有限公司 | A safety authentication method based on media gateway control protocol |
US20070288746A1 (en) * | 2004-04-02 | 2007-12-13 | Jones Neville R | Method of providing key containers |
CN1691583B (en) | 2004-04-26 | 2010-04-28 | 华为技术有限公司 | Method of secure communication based on endpoints |
US7602910B2 (en) * | 2004-11-17 | 2009-10-13 | Microsoft Corporation | Password protection |
JPWO2006087819A1 (en) * | 2005-02-21 | 2008-07-03 | 富士通株式会社 | Communication device |
JP4761348B2 (en) * | 2005-05-02 | 2011-08-31 | Kddi株式会社 | User authentication method and system |
JP4879524B2 (en) | 2005-06-30 | 2012-02-22 | ブラザー工業株式会社 | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, AND PROGRAM |
CN101064592A (en) * | 2006-04-29 | 2007-10-31 | 华为技术有限公司 | Method for preventing false initialization of digital user line transceiver |
JP4906449B2 (en) * | 2006-09-13 | 2012-03-28 | 株式会社リコー | Image processing apparatus, electronic signature assigning method, and electronic signature assigning program |
US8023654B2 (en) * | 2006-12-18 | 2011-09-20 | Palo Alto Research Center Incorporated | Securing multimedia network communication |
TW200949541A (en) * | 2008-05-28 | 2009-12-01 | Ind Tech Res Inst | A browsing method for digital content of hierarchical image management and system therefore |
US9087219B2 (en) * | 2008-06-16 | 2015-07-21 | Infineon Technologies Ag | Circuit with a plurality of modes of operation |
JP5202646B2 (en) * | 2008-12-11 | 2013-06-05 | 三菱電機株式会社 | Self-authenticating communication device and device authentication system |
US9203618B2 (en) * | 2010-06-16 | 2015-12-01 | Nokia Technologies Oy | Information theoretic security mechanisms using a time-varying key |
JP5634427B2 (en) * | 2012-03-23 | 2014-12-03 | 株式会社東芝 | KEY GENERATION DEVICE, KEY GENERATION METHOD, AND PROGRAM |
US9524399B1 (en) * | 2013-04-01 | 2016-12-20 | Secturion Systems, Inc. | Multi-level independent security architecture |
EP2819057B1 (en) * | 2013-06-24 | 2017-08-09 | Nxp B.V. | Data processing system, method of initializing a data processing system, and computer program product |
JP6100133B2 (en) * | 2013-09-20 | 2017-03-22 | 株式会社東芝 | Information processing apparatus, management apparatus, information processing system, information processing method, and program |
KR102201642B1 (en) * | 2014-11-28 | 2021-01-13 | 삼성전자주식회사 | Physically unclonable function circuit and key enrolling method thereof |
US10944572B2 (en) | 2017-01-02 | 2021-03-09 | Western Digital Technologies, Inc. | Decryption and variant processing |
JP6644037B2 (en) * | 2017-09-08 | 2020-02-12 | 株式会社東芝 | Communication control system |
JP7042853B2 (en) * | 2020-01-06 | 2022-03-28 | 株式会社東芝 | Client-side communication control device and server-side communication control device |
US11405187B2 (en) | 2020-04-29 | 2022-08-02 | International Business Machines Corporation | Extended-life asymmetric cryptographic key scheme |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5917912A (en) * | 1995-02-13 | 1999-06-29 | Intertrust Technologies Corporation | System and methods for secure transaction management and electronic rights protection |
US6026491A (en) * | 1997-09-30 | 2000-02-15 | Compaq Computer Corporation | Challenge/response security architecture with fuzzy recognition of long passwords |
US6058188A (en) * | 1997-07-24 | 2000-05-02 | International Business Machines Corporation | Method and apparatus for interoperable validation of key recovery information in a cryptographic system |
Family Cites Families (63)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US128772A (en) | 1872-07-09 | Improvement in loom-stop-actuating mechanisms | ||
US117788A (en) | 1871-08-08 | Improvement in tremolos for reed-organs | ||
US5742677A (en) * | 1995-04-03 | 1998-04-21 | Scientific-Atlanta, Inc. | Information terminal having reconfigurable memory |
US4578531A (en) | 1982-06-09 | 1986-03-25 | At&T Bell Laboratories | Encryption system key distribution method and apparatus |
JPS6314251A (en) * | 1986-07-04 | 1988-01-21 | Meidensha Electric Mfg Co Ltd | File processing system |
US4868877A (en) * | 1988-02-12 | 1989-09-19 | Fischer Addison M | Public key/signature cryptosystem with enhanced digital signature certification |
US5005200A (en) * | 1988-02-12 | 1991-04-02 | Fischer Addison M | Public key/signature cryptosystem with enhanced digital signature certification |
JP3102692B2 (en) * | 1988-05-19 | 2000-10-23 | エヌ・シー・アール・インターナショナル・インコーポレイテッド | How to prove the authenticity of a card |
CA1321649C (en) * | 1988-05-19 | 1993-08-24 | Jeffrey R. Austin | Method and system for authentication |
DE59009910D1 (en) * | 1989-05-31 | 1996-01-11 | Siemens Ag | Hierarchical key management method with partial keys for the transmission of digitized information. |
US5297206A (en) | 1992-03-19 | 1994-03-22 | Orton Glenn A | Cryptographic method for communication and electronic signatures |
US5237611A (en) | 1992-07-23 | 1993-08-17 | Crest Industries, Inc. | Encryption/decryption apparatus with non-accessible table of keys |
US5410602A (en) * | 1993-09-27 | 1995-04-25 | Motorola, Inc. | Method for key management of point-to-point communications |
JP3263878B2 (en) * | 1993-10-06 | 2002-03-11 | 日本電信電話株式会社 | Cryptographic communication system |
US5371794A (en) | 1993-11-02 | 1994-12-06 | Sun Microsystems, Inc. | Method and apparatus for privacy and authentication in wireless networks |
DE69330065T2 (en) * | 1993-12-08 | 2001-08-09 | Ibm | Method and system for key distribution and authentication in a data transmission system |
US5539828A (en) * | 1994-05-31 | 1996-07-23 | Intel Corporation | Apparatus and method for providing secured communications |
US5535276A (en) * | 1994-11-09 | 1996-07-09 | Bell Atlantic Network Services, Inc. | Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography |
US5557678A (en) | 1994-07-18 | 1996-09-17 | Bell Atlantic Network Services, Inc. | System and method for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem |
US5838792A (en) * | 1994-07-18 | 1998-11-17 | Bell Atlantic Network Services, Inc. | Computer system for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem |
BR9509131A (en) | 1994-10-28 | 1997-09-02 | Surety Technologies Inc | Registration process of first digital document for authentication process for authentication of digital document process for naming of first digital document digital representation of document certificate authentication and clock-stamp process for first digital document for authentication |
JP3392961B2 (en) * | 1994-11-24 | 2003-03-31 | リコーエレメックス株式会社 | Encryption adapter |
JPH08185361A (en) * | 1994-12-28 | 1996-07-16 | Hitachi Ltd | Semiconductor integrated circuit device |
IL113259A (en) | 1995-04-05 | 2001-03-19 | Diversinet Corp | Apparatus and method for safe communication handshake and data transfer |
IL113375A (en) | 1995-04-13 | 1997-09-30 | Fortress U & T Ltd | Internationally regulated system for one to one cryptographic communications with national sovereignty without key escrow |
US5923759A (en) * | 1995-04-20 | 1999-07-13 | Lee; Philip S. | System for securely exchanging data with smart cards |
NZ500372A (en) * | 1995-06-05 | 2001-04-27 | Certco Inc | Delegated use of electronic signature |
CA2228014C (en) * | 1995-07-31 | 2008-07-22 | Verifone, Inc. | Method and apparatus for operating resources under control of a security module or other secure processor |
JP3625540B2 (en) * | 1995-09-11 | 2005-03-02 | 三洋電機株式会社 | Descrambling device |
DE19539700C1 (en) * | 1995-10-25 | 1996-11-28 | Siemens Ag | Security chip for data protection |
US5680458A (en) | 1995-11-14 | 1997-10-21 | Microsoft Corporation | Root key compromise recovery |
JP3431745B2 (en) * | 1996-01-08 | 2003-07-28 | 富士通株式会社 | Gateway system |
JPH09223210A (en) * | 1996-02-19 | 1997-08-26 | Dainippon Printing Co Ltd | Portable information storage medium and authentication method and authentication system using the same |
US5761306A (en) * | 1996-02-22 | 1998-06-02 | Visa International Service Association | Key replacement in a public key cryptosystem |
JPH09270784A (en) * | 1996-03-29 | 1997-10-14 | Hitachi Software Eng Co Ltd | Ciphering/decoding/digital signature generating/ verification device |
JP3683031B2 (en) * | 1996-04-17 | 2005-08-17 | 株式会社リコー | Program protector |
JPH09307544A (en) * | 1996-05-16 | 1997-11-28 | Nippon Telegr & Teleph Corp <Ntt> | Portable ciphering key verification system |
US5812671A (en) | 1996-07-17 | 1998-09-22 | Xante Corporation | Cryptographic communication system |
US5850443A (en) * | 1996-08-15 | 1998-12-15 | Entrust Technologies, Ltd. | Key management system for mixed-trust environments |
WO1998010558A1 (en) * | 1996-09-06 | 1998-03-12 | Walker Asset Management, Limited Partnership | Method and system for establishing and maintaining user-controlled anonymous communications |
US5974043A (en) | 1996-09-16 | 1999-10-26 | Solram Electronics Ltd. | System and method for communicating information using the public switched telephone network and a wide area network |
US5999525A (en) | 1996-11-18 | 1999-12-07 | Mci Communications Corporation | Method for video telephony over a hybrid network |
US6035402A (en) | 1996-12-20 | 2000-03-07 | Gte Cybertrust Solutions Incorporated | Virtual certificate authority |
US6236653B1 (en) * | 1996-12-23 | 2001-05-22 | Lucent Technologies Inc. | Local telephone service over a cable network using packet voice |
US5935249A (en) * | 1997-02-26 | 1999-08-10 | Sun Microsystems, Inc. | Mechanism for embedding network based control systems in a local network interface device |
JP3874127B2 (en) * | 1997-04-10 | 2007-01-31 | 日本電信電話株式会社 | Registration key duplication prevention device in authentication system |
JP2002500842A (en) * | 1997-05-28 | 2002-01-08 | ルーカス ヤング,アダム | Automatic recovery and automatic authentication possible encryption system |
US6240183B1 (en) | 1997-06-19 | 2001-05-29 | Brian E. Marchant | Security apparatus for data transmission with dynamic random encryption |
SE513246C2 (en) | 1997-06-23 | 2000-08-07 | Ericsson Telefon Ab L M | Procedure and device in an IP-based network |
ATE444614T1 (en) * | 1997-07-24 | 2009-10-15 | Axway Inc | EMAIL FIREWALL |
IL121551A (en) | 1997-08-14 | 2003-04-10 | Diversinet Corp | System and method for reliable key transfer |
US6438666B2 (en) * | 1997-09-26 | 2002-08-20 | Hughes Electronics Corporation | Method and apparatus for controlling access to confidential data by analyzing property inherent in data |
US6061449A (en) * | 1997-10-10 | 2000-05-09 | General Instrument Corporation | Secure processor with external memory using block chaining and block re-ordering |
US6314521B1 (en) | 1997-11-26 | 2001-11-06 | International Business Machines Corporation | Secure configuration of a digital certificate for a printer or other network device |
US6263437B1 (en) | 1998-02-19 | 2001-07-17 | Openware Systems Inc | Method and apparatus for conducting crypto-ignition processes between thin client devices and server devices over data networks |
JPH11275068A (en) | 1998-03-20 | 1999-10-08 | Fujitsu Ltd | Key management server, terminal equipment for chat system, chat system and recording medium |
US6233341B1 (en) * | 1998-05-19 | 2001-05-15 | Visto Corporation | System and method for installing and using a temporary certificate at a remote site |
US6044350A (en) * | 1998-12-24 | 2000-03-28 | Pitney Bowes Inc. | Certificate meter with selectable indemnification provisions |
CA2360781A1 (en) * | 1999-01-29 | 2000-08-03 | General Instrument Corporation | Key management for telephone calls to protect signaling and call packets between cta's |
US6757823B1 (en) | 1999-07-27 | 2004-06-29 | Nortel Networks Limited | System and method for enabling secure connections for H.323 VoIP calls |
US6571221B1 (en) | 1999-11-03 | 2003-05-27 | Wayport, Inc. | Network communication service with an improved subscriber model using digital certificates |
US6795555B1 (en) | 1999-12-30 | 2004-09-21 | Nortel Networks Limited | Encryption key exchange protocol |
US6889321B1 (en) | 1999-12-30 | 2005-05-03 | At&T Corp. | Protected IP telephony calls using encryption |
-
2000
- 2000-01-28 CA CA002360781A patent/CA2360781A1/en not_active Abandoned
- 2000-01-28 EP EP00911658A patent/EP1236303A4/en not_active Withdrawn
- 2000-01-28 DE DE60043053T patent/DE60043053D1/en not_active Expired - Lifetime
- 2000-01-28 WO PCT/US2000/002317 patent/WO2000045241A2/en not_active Application Discontinuation
- 2000-01-28 EP EP11152312.2A patent/EP2312791B1/en not_active Expired - Lifetime
- 2000-01-28 AU AU35841/00A patent/AU777383B2/en not_active Ceased
- 2000-01-28 MX MXPA01007563A patent/MXPA01007563A/en unknown
- 2000-01-28 KR KR1020017009554A patent/KR20010103756A/en not_active Application Discontinuation
- 2000-01-28 JP JP2000596463A patent/JP2002540443A/en active Pending
- 2000-01-28 KR KR1020017009556A patent/KR20010108151A/en not_active Application Discontinuation
- 2000-01-28 EP EP00910024A patent/EP1151579B1/en not_active Expired - Lifetime
- 2000-01-28 EP EP00913279A patent/EP1161806B1/en not_active Expired - Lifetime
- 2000-01-28 KR KR1020017009555A patent/KR20010108150A/en not_active IP Right Cessation
- 2000-01-28 AT AT00910024T patent/ATE444620T1/en not_active IP Right Cessation
- 2000-01-28 CA CA002360785A patent/CA2360785C/en not_active Expired - Lifetime
- 2000-01-28 JP JP2000596433A patent/JP4651197B2/en not_active Expired - Lifetime
- 2000-01-28 CA CA002359685A patent/CA2359685A1/en not_active Abandoned
- 2000-01-28 AU AU32186/00A patent/AU761317B2/en not_active Ceased
- 2000-01-28 WO PCT/US2000/002174 patent/WO2000045539A1/en active Application Filing
- 2000-01-28 CA CA002359673A patent/CA2359673C/en not_active Expired - Lifetime
- 2000-01-28 AU AU34750/00A patent/AU3475000A/en not_active Abandoned
- 2000-01-28 CN CN00803128A patent/CN1347605A/en active Pending
- 2000-01-28 AU AU33520/00A patent/AU3352000A/en not_active Abandoned
- 2000-01-28 JP JP2000596686A patent/JP2003521834A/en not_active Withdrawn
- 2000-01-28 US US10/049,812 patent/US7929701B1/en not_active Expired - Fee Related
- 2000-01-28 WO PCT/US2000/002101 patent/WO2000045273A1/en not_active Application Discontinuation
- 2000-01-28 EP EP00914452A patent/EP1163589A4/en not_active Withdrawn
-
2002
- 2002-10-31 HK HK02107933.3A patent/HK1047003A1/en unknown
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5917912A (en) * | 1995-02-13 | 1999-06-29 | Intertrust Technologies Corporation | System and methods for secure transaction management and electronic rights protection |
US6058188A (en) * | 1997-07-24 | 2000-05-02 | International Business Machines Corporation | Method and apparatus for interoperable validation of key recovery information in a cryptographic system |
US6026491A (en) * | 1997-09-30 | 2000-02-15 | Compaq Computer Corporation | Challenge/response security architecture with fuzzy recognition of long passwords |
Non-Patent Citations (1)
Title |
---|
See also references of EP1151579A2 * |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7461249B1 (en) | 1999-08-13 | 2008-12-02 | Hewlett-Packard Development Company, L.P. | Computer platforms and their methods of operation |
US7526785B1 (en) | 1999-09-25 | 2009-04-28 | Hewlett-Packard Development Company, L.P. | Trusted computing platform for restricting use of data |
GB2366139B (en) * | 2000-08-15 | 2004-07-14 | Ericsson Telefon Ab L M | Network authentication |
US8165299B2 (en) | 2000-08-15 | 2012-04-24 | Telefonaktiebolaget Lm Ericsson (Publ) | Network authentication |
GB2366139A (en) * | 2000-08-15 | 2002-02-27 | Ericsson Telefon Ab L M | Network authentication |
US7222364B2 (en) | 2000-09-04 | 2007-05-22 | Pioneer Corporation | Information sending method and information sending apparatus, information receiving apparatus and information receiving method, information transmission system and information transmission method, and information recording medium |
EP1198129A2 (en) * | 2000-09-04 | 2002-04-17 | Pioneer Corporation | Information sending method and information sending apparatus, information receiving apparatus and information receiving method, information transmission system and information transmission method, and information recording medium |
US8909555B2 (en) | 2001-04-24 | 2014-12-09 | Hewlett-Packard Development Company, L.P. | Information security system |
GB2385740B (en) * | 2002-02-22 | 2005-04-20 | Zarlink Semiconductor Ltd | A telephone subscriber unit and a semiconductor device for use in or with a telephone subscriber unit |
GB2385740A (en) * | 2002-02-22 | 2003-08-27 | Zarlink Semiconductor Ltd | Voice over IP telephone subscriber unit with encryption facilities |
US7917752B2 (en) | 2002-08-23 | 2011-03-29 | Hewlett-Packard Development Company, L.P. | Method of controlling the processing of data |
WO2004027588A3 (en) * | 2002-09-23 | 2004-06-03 | Koninkl Philips Electronics Nv | Certificate based authorized domains |
WO2004027588A2 (en) * | 2002-09-23 | 2004-04-01 | Koninklijke Philips Electronics N.V. | Certificate based authorized domains |
KR100774013B1 (en) | 2004-12-23 | 2007-11-08 | 인피니언 테크놀로지스 아게 | Data processing device, telecommunication-terminal equipment and method for data processing by means of a data processing device |
US7917764B2 (en) | 2005-01-24 | 2011-03-29 | Panasonic Corporation | Signature generation device and signature verification device |
EP2357754A4 (en) * | 2008-12-11 | 2014-09-03 | Mitsubishi Electric Corp | Self-authentication communication equipment and equipment authentication system |
EP2357754A1 (en) * | 2008-12-11 | 2011-08-17 | Mitsubishi Electric Corporation | Self-authentication communication equipment and equipment authentication system |
EP2809028A1 (en) * | 2013-05-30 | 2014-12-03 | Compal Broadband Networks Inc. | Method and electronic device of generating digital certificate |
TWI500311B (en) * | 2013-05-30 | 2015-09-11 | Compal Broadband Networks Inc | Method and electronic device of generating digital certificate |
WO2018125020A1 (en) * | 2016-12-29 | 2018-07-05 | Limited Liability Company "Innovation Development Hub" | Cryptographic transformation device |
Also Published As
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2359673C (en) | Self-generation of certificates using a secure microprocessor in a device for transferring digital information | |
US6839841B1 (en) | Self-generation of certificates using secure microprocessor in a device for transferring digital information | |
EP3318043B1 (en) | Mutual authentication of confidential communication | |
US20220158832A1 (en) | Systems and Methods for Deployment, Management and Use of Dynamic Cipher Key Systems | |
US6058188A (en) | Method and apparatus for interoperable validation of key recovery information in a cryptographic system | |
CA2590989C (en) | Protocol and method for client-server mutual authentication using event-based otp | |
US20070083766A1 (en) | Data transmission links | |
US20030210789A1 (en) | Data transmission links | |
JP2005515701A6 (en) | Data transmission link | |
CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
CN111934884B (en) | Certificate management method and device | |
KR20140023799A (en) | Method for guarantying the confidentiality and integrity of a data in controller area networks | |
CN112766962A (en) | Method for receiving and sending certificate, transaction system, storage medium and electronic device | |
CN103905384A (en) | Embedded inter-terminal session handshake realization method based on security digital certificate | |
JP2020506627A (en) | Programmable hardware security module and method used for programmable hardware security module | |
KR100970552B1 (en) | Method for generating secure key using certificateless public key | |
CN114124362B (en) | Key distribution method, device and computer readable medium | |
Yeun et al. | Secure software download for programmable mobile user equipment | |
CN116633530A (en) | Quantum key transmission method, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
ENP | Entry into the national phase |
Ref document number: 2359673 Country of ref document: CA Ref country code: CA Ref document number: 2359673 Kind code of ref document: A Format of ref document f/p: F |
|
ENP | Entry into the national phase |
Ref country code: JP Ref document number: 2000 596433 Kind code of ref document: A Format of ref document f/p: F |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020017009554 Country of ref document: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 32186/00 Country of ref document: AU |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2000910024 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2000910024 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 1020017009554 Country of ref document: KR |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09890178 Country of ref document: US |
|
WWR | Wipo information: refused in national office |
Ref document number: 1020017009554 Country of ref document: KR |