WO2006025952A3 - Method of delivering direct proof private keys to devices using a distribution cd - Google Patents

Method of delivering direct proof private keys to devices using a distribution cd Download PDF

Info

Publication number
WO2006025952A3
WO2006025952A3 PCT/US2005/024486 US2005024486W WO2006025952A3 WO 2006025952 A3 WO2006025952 A3 WO 2006025952A3 US 2005024486 W US2005024486 W US 2005024486W WO 2006025952 A3 WO2006025952 A3 WO 2006025952A3
Authority
WO
WIPO (PCT)
Prior art keywords
data structure
private key
client computer
computer system
encrypted data
Prior art date
Application number
PCT/US2005/024486
Other languages
French (fr)
Other versions
WO2006025952A2 (en
Inventor
Ernest Brickell
James Ii Sutton
Clifford Hall
David Grawrock
Original Assignee
Intel Corp
Ernest Brickell
James Ii Sutton
Clifford Hall
David Grawrock
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp, Ernest Brickell, James Ii Sutton, Clifford Hall, David Grawrock filed Critical Intel Corp
Priority to CN200580023787.2A priority Critical patent/CN101019368B/en
Priority to JP2007521527A priority patent/JP4616345B2/en
Priority to GB0700526A priority patent/GB2430518B/en
Priority to DE112005001654T priority patent/DE112005001654B4/en
Publication of WO2006025952A2 publication Critical patent/WO2006025952A2/en
Publication of WO2006025952A3 publication Critical patent/WO2006025952A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/125Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations

Abstract

Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo­random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a removable storage medium (such as a CD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the removable storage medium. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.
PCT/US2005/024486 2004-07-14 2005-07-08 Method of delivering direct proof private keys to devices using a distribution cd WO2006025952A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN200580023787.2A CN101019368B (en) 2004-07-14 2005-07-08 Method of delivering direct proof private keys to devices using a distribution CD
JP2007521527A JP4616345B2 (en) 2004-07-14 2005-07-08 A method for directly distributing a certification private key to a device using a distribution CD
GB0700526A GB2430518B (en) 2004-07-14 2005-07-08 Method of delivering direct proof private keys to devices using a distribution cd
DE112005001654T DE112005001654B4 (en) 2004-07-14 2005-07-08 Method for transmitting direct-proof private keys to devices by means of a distribution CD

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/892,265 2004-07-14
US10/892,265 US7792303B2 (en) 2004-07-14 2004-07-14 Method of delivering direct proof private keys to devices using a distribution CD

Publications (2)

Publication Number Publication Date
WO2006025952A2 WO2006025952A2 (en) 2006-03-09
WO2006025952A3 true WO2006025952A3 (en) 2007-02-01

Family

ID=35599438

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/024486 WO2006025952A2 (en) 2004-07-14 2005-07-08 Method of delivering direct proof private keys to devices using a distribution cd

Country Status (6)

Country Link
US (1) US7792303B2 (en)
JP (1) JP4616345B2 (en)
CN (1) CN101019368B (en)
DE (1) DE112005001654B4 (en)
GB (1) GB2430518B (en)
WO (1) WO2006025952A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8924728B2 (en) 2004-11-30 2014-12-30 Intel Corporation Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8285991B2 (en) * 2000-10-25 2012-10-09 Tecsec Inc. Electronically signing a document
US7802085B2 (en) * 2004-02-18 2010-09-21 Intel Corporation Apparatus and method for distributing private keys to an entity with minimal secret, unique information
US7693286B2 (en) * 2004-07-14 2010-04-06 Intel Corporation Method of delivering direct proof private keys in signed groups to devices using a distribution CD
US7792303B2 (en) 2004-07-14 2010-09-07 Intel Corporation Method of delivering direct proof private keys to devices using a distribution CD
US7697691B2 (en) * 2004-07-14 2010-04-13 Intel Corporation Method of delivering Direct Proof private keys to devices using an on-line service
CA2510366C (en) 2005-06-14 2013-02-26 Certicom Corp. System and method for remote device registration
SG162784A1 (en) * 2005-06-14 2010-07-29 Certicom Corp System and method for remote device registration
CN101484901B (en) 2006-02-28 2014-09-17 塞尔蒂卡姆公司 System and method for controlling productive process
US8014530B2 (en) 2006-03-22 2011-09-06 Intel Corporation Method and apparatus for authenticated, recoverable key distribution with no database secrets
JP4449933B2 (en) * 2006-03-31 2010-04-14 ブラザー工業株式会社 Electronic certificate issuing system, electronic certificate issuing device, communication device, and program
US8761402B2 (en) * 2007-09-28 2014-06-24 Sandisk Technologies Inc. System and methods for digital content distribution
EP2204008B1 (en) * 2007-10-16 2019-03-27 Nokia Technologies Oy Credential provisioning
KR102013841B1 (en) * 2012-08-06 2019-08-23 삼성전자주식회사 Method of managing key for secure storage of data, and and apparatus there-of
GB201511385D0 (en) * 2015-06-29 2015-08-12 Nagravision Sa Secure programming of secret data
CN107171801B (en) * 2017-04-27 2020-06-23 西安诺瓦星云科技股份有限公司 Method and device for encrypted binding and encrypted display control and display screen system
CN110492989B (en) * 2019-08-23 2020-11-13 广州华多网络科技有限公司 Private key processing method, access method, and medium and device corresponding to method
GB2612125B (en) * 2021-10-22 2024-02-21 Pragmatic Semiconductor Ltd Identifier generation

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6032260A (en) * 1997-11-13 2000-02-29 Ncr Corporation Method for issuing a new authenticated electronic ticket based on an expired authenticated ticket and distributed server architecture for using same
US20040103281A1 (en) * 2002-11-27 2004-05-27 Brickell Ernie F. System and method for establishing trust without revealing identity

Family Cites Families (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US524094A (en) * 1894-08-07 Fountain cleansing-brush
US5857021A (en) * 1995-11-07 1999-01-05 Fujitsu Ltd. Security system for protecting information stored in portable storage media
US5771291A (en) * 1995-12-11 1998-06-23 Newton; Farrell User identification and authentication system using ultra long identification keys and ultra large databases of identification keys for secure remote terminal access to a host computer
US6639608B1 (en) 1996-01-23 2003-10-28 Yuichiro Itakura System for displaying two independent images received from network
US5924094A (en) 1996-11-01 1999-07-13 Current Network Technologies Corporation Independent distributed database system
JP3626340B2 (en) * 1996-12-26 2005-03-09 株式会社東芝 Cryptographic device, cryptographic key generation method, prime number generation device, and prime number generation method
US6438666B2 (en) * 1997-09-26 2002-08-20 Hughes Electronics Corporation Method and apparatus for controlling access to confidential data by analyzing property inherent in data
US6185316B1 (en) * 1997-11-12 2001-02-06 Unisys Corporation Self-authentication apparatus and method
US5991399A (en) 1997-12-18 1999-11-23 Intel Corporation Method for securely distributing a conditional use private key to a trusted entity on a remote system
US6151676A (en) * 1997-12-24 2000-11-21 Philips Electronics North America Corporation Administration and utilization of secret fresh random numbers in a networked environment
US6032261A (en) * 1997-12-30 2000-02-29 Philips Electronics North America Corp. Bus bridge with distribution of a common cycle clock to all bridge portals to provide synchronization of local buses, and method of operation thereof
US6036061A (en) * 1998-04-27 2000-03-14 O'donnell; Thomas F. Retainer for blank of split cap
US6611812B2 (en) * 1998-08-13 2003-08-26 International Business Machines Corporation Secure electronic content distribution on CDS and DVDs
US6389403B1 (en) * 1998-08-13 2002-05-14 International Business Machines Corporation Method and apparatus for uniquely identifying a customer purchase in an electronic distribution system
US6839759B2 (en) * 1998-10-30 2005-01-04 Science Applications International Corp. Method for establishing secure communication link between computers of virtual private network without user entering any cryptographic information
WO2000049764A1 (en) 1999-02-18 2000-08-24 Sun Microsystems, Inc. Data authentication system employing encrypted integrity blocks
FI112315B (en) 1999-05-11 2003-11-14 Nokia Corp Integrity protection method for radio network signaling
US6928615B1 (en) 1999-07-07 2005-08-09 Netzero, Inc. Independent internet client object with ad display capabilities
US7216110B1 (en) * 1999-10-18 2007-05-08 Stamps.Com Cryptographic module for secure processing of value-bearing items
GB9929050D0 (en) 1999-12-08 2000-02-02 Nokia Networks Oy Communication method
GB0004178D0 (en) 2000-02-22 2000-04-12 Nokia Networks Oy Integrity check in a communication system
WO2001063953A1 (en) 2000-02-24 2001-08-30 Siemens Aktiengesellschaft Method for implementing a hard handover process in a radio telephone system
JP2002041461A (en) * 2000-07-31 2002-02-08 Nippon Telegraph & Telephone East Corp Method and system for sharing conference material in electronic conference system
US6829250B2 (en) * 2000-08-10 2004-12-07 Verizon Communications Inc. Automatic programming of customer premises equipment for vertical services integration
US6749511B2 (en) * 2000-08-17 2004-06-15 Adam S. Day Website promotional applet process
US7178030B2 (en) * 2000-10-25 2007-02-13 Tecsec, Inc. Electronically signing a document
US20020080190A1 (en) * 2000-12-23 2002-06-27 International Business Machines Corporation Back-up and usage of secure copies of smart card data objects
GB0103416D0 (en) 2001-02-12 2001-03-28 Nokia Networks Oy Message authentication
JP2002261749A (en) * 2001-02-27 2002-09-13 Matsushita Electric Ind Co Ltd Communication system
US20030037237A1 (en) * 2001-04-09 2003-02-20 Jean-Paul Abgrall Systems and methods for computer device authentication
US6941456B2 (en) * 2001-05-02 2005-09-06 Sun Microsystems, Inc. Method, system, and program for encrypting files in a computer system
ITPD20010125A1 (en) * 2001-05-31 2002-12-01 Lindhaus Srl MULTI-PURPOSE PERFECTED TOOL FOR CLEANING MACHINES.
JP4145118B2 (en) * 2001-11-26 2008-09-03 松下電器産業株式会社 Application authentication system
US8332650B2 (en) * 2002-03-22 2012-12-11 Microsoft Corporation Systems and methods for setting and resetting a password
DE10218835B4 (en) 2002-04-22 2009-09-10 Deutscher Sparkassen Verlag Gmbh Method for producing a chip card and chip card
EP1617587A1 (en) 2004-07-12 2006-01-18 International Business Machines Corporation Method, system and computer program product for privacy-protecting integrity attestation of computing platform
US7693286B2 (en) * 2004-07-14 2010-04-06 Intel Corporation Method of delivering direct proof private keys in signed groups to devices using a distribution CD
US7697691B2 (en) 2004-07-14 2010-04-13 Intel Corporation Method of delivering Direct Proof private keys to devices using an on-line service
US7792303B2 (en) 2004-07-14 2010-09-07 Intel Corporation Method of delivering direct proof private keys to devices using a distribution CD
US8924728B2 (en) * 2004-11-30 2014-12-30 Intel Corporation Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6032260A (en) * 1997-11-13 2000-02-29 Ncr Corporation Method for issuing a new authenticated electronic ticket based on an expired authenticated ticket and distributed server architecture for using same
US20040103281A1 (en) * 2002-11-27 2004-05-27 Brickell Ernie F. System and method for establishing trust without revealing identity

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MENEZES, VANSTONE, OORSCHOT, 1997, CRC PRESS LLC, USA, XP002394263 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8924728B2 (en) 2004-11-30 2014-12-30 Intel Corporation Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information

Also Published As

Publication number Publication date
US7792303B2 (en) 2010-09-07
GB2430518A (en) 2007-03-28
WO2006025952A2 (en) 2006-03-09
DE112005001654B4 (en) 2011-07-21
CN101019368A (en) 2007-08-15
US20060013399A1 (en) 2006-01-19
JP4616345B2 (en) 2011-01-19
CN101019368B (en) 2014-07-23
JP2008506338A (en) 2008-02-28
GB2430518B (en) 2009-01-14
DE112005001654T5 (en) 2007-11-22
GB0700526D0 (en) 2007-02-21

Similar Documents

Publication Publication Date Title
WO2006025952A3 (en) Method of delivering direct proof private keys to devices using a distribution cd
WO2006019614A3 (en) Method of delivering direct proof private keys in signed groups to devices using a distribution cd
WO2006023151A3 (en) Method of delivering direct proof private keys to devices using an on-line service
AU2002252288A1 (en) Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys
WO2006003529A3 (en) Transparent encryption and access controll for mass-storage devices
WO2001065545A3 (en) Method and apparatus for using non-secure file servers for secure information storage
AU5245599A (en) Notebook security system (nbs)
WO2004040410A3 (en) Password encryption key
WO2008005789A3 (en) Secure escrow and recovery of media device content keys
WO2008026060B1 (en) Method, system and device for synchronizing between server and mobile device
EP2099154A3 (en) On-chip storage, creation, and manipulation of an encryption key
WO2004034184A9 (en) Encrypting operating system
MY121311A (en) Information processing apparatus, information processing method, information processing system and recording medium
MXPA05005218A (en) Secure storage on recordable medium in a content protection system.
WO2008127408A3 (en) Method and system for encryption of information stored in an external nonvolatile memory
CA2714196A1 (en) Information distribution system and program for the same
WO2009158086A3 (en) Techniques for ensuring authentication and integrity of communications
WO2008124201A3 (en) Secure file encryption
WO2006109307A3 (en) Method, device, and system of selectively accessing data
DE69926483D1 (en) SECURE DISTRIBUTION OF DIGITAL PRESENTATIONS
DE602005020482D1 (en) Masterverschlüsselung
WO2000074297A3 (en) Method and apparatus for secure distribution of public/private key pairs
WO2008150553A3 (en) Content encryption schema for integrating digital rights management with encrypted multicast
WO2007089266A3 (en) Administration of data encryption in enterprise computer systems
WO2006126191A3 (en) Method, device, and system of encrypting/decrypting data

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 2007521527

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 0700526.7

Country of ref document: GB

Ref document number: 0700526

Country of ref document: GB

WWE Wipo information: entry into national phase

Ref document number: 200580023787.2

Country of ref document: CN

Ref document number: 1120050016544

Country of ref document: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
RET De translation (de og part 6b)

Ref document number: 112005001654

Country of ref document: DE

Date of ref document: 20071122

Kind code of ref document: P

REG Reference to national code

Ref country code: DE

Ref legal event code: 8607