WO2010013121A2 - Method and apparatus for initialising a cryptographic communications system - Google Patents

Method and apparatus for initialising a cryptographic communications system Download PDF

Info

Publication number
WO2010013121A2
WO2010013121A2 PCT/IB2009/006386 IB2009006386W WO2010013121A2 WO 2010013121 A2 WO2010013121 A2 WO 2010013121A2 IB 2009006386 W IB2009006386 W IB 2009006386W WO 2010013121 A2 WO2010013121 A2 WO 2010013121A2
Authority
WO
WIPO (PCT)
Prior art keywords
key material
exchange
communications channel
energizing
key
Prior art date
Application number
PCT/IB2009/006386
Other languages
French (fr)
Other versions
WO2010013121A3 (en
Inventor
Benjamin Gittins
Original Assignee
Synaptic Laboratories Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2008903827A external-priority patent/AU2008903827A0/en
Application filed by Synaptic Laboratories Ltd. filed Critical Synaptic Laboratories Ltd.
Publication of WO2010013121A2 publication Critical patent/WO2010013121A2/en
Publication of WO2010013121A3 publication Critical patent/WO2010013121A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0855Quantum cryptography involving additional nodes, e.g. quantum relays, repeaters, intermediate nodes or remote nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Definitions

  • host means a computing device connected to a network. Every host is a node on the network, but not every node is considered a host on the network. For example, network nodes such as modems and network switches are not generally considered hosts.
  • host we further restrict the use of the term "host” to refer to a node that has been adapted according to a preferred embodiment of the present invention.
  • a network node such as a modem, or network switch may be a host, when that node is the intended recipient of a message from another host according to a preferred embodiment of the present invention.
  • Two hosts may establish a network session with each other according to a preferred embodiment of the present invention that is facilitated by other nodes on the network, including but not limited to switch nodes, router nodes, relay nodes, and nodes running network services.
  • a host may refer to either a process, the process running on an apparatus, or the apparatus running the process.
  • a host may partially reside as software on a computer and as software on a hardware security module, such as a smart card, connected to that computer.
  • a hardware security module is a purpose built hardware device that is intended to provide a tamper evident environment for storing and processing cryptographic material.
  • Some HSMs such as smart cards offer superior suppression of exploitable signal emanations that may be used by side channel attacks to recover sensitive information such as key material. While HSM are the preferred processing environment for implementing key exchanges as described in the present invention it is understood that potentially less secure processing environments, such as common desktop computers running the Windows operating system, may be used.
  • the second channel runs over a private network.
  • the first channel runs over a public network.
  • each iteration of the n-part key exchange is performed under the control of a different person or group of people.
  • three iterations of a 3-part key exchange are performed at two different locations, specifically two different buildings.
  • the first relay device 305 of figure 3 is owned and controlled by party A and the first iteration of the 3-part key exchange is performed by party A.
  • the second relay device 405 of figure 4 is owned by party B.
  • the second iteration of the multi-part key exchange is performed on relay device 405 by party B using operating system and application software to run the key exchange that is executed from a CD-ROM supplied and owned by party B (not illustrated).
  • one of the host HSM exchanging key material is adapted as a one-time-pad HSM 1318 that has a visual display unit and has a means of bi-directional communication with one or more other HSMs, including but not limited to one or a combination of:
  • the computer program may be fixed in any form in a signal that is transmittable to a computer using any of various communication technologies, including, but in no way limited to, analog technologies, digital technologies, optical technologies, wireless technologies (e.g., Bluetooth), networking technologies, and inter- networking technologies.
  • the computer program may be distributed in any form as a removable storage medium with accompanying printed or electronic documentation (e.g., shrink wrapped software), preloaded with a computer system (e.g., on system ROM or fixed disk), or distributed from a server or electronic bulletin board over the communication system (e.g., the Internet or World Wide Web).

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Lock And Its Accessories (AREA)
  • Storage Device Security (AREA)

Abstract

A process of cryptographic data exchange between a first device and a second device over a first communications channel, which cryptographic data exchange takes place subsequent to the exchange of key material between the first device and the second device, the exchange of key material between the first device and the second device comprising the process of: energizing the first device and the second device; exchanging first key material between the first device and the second device over a second communications channel which is different from the first communications channel; de-energizing the first device and the second device; performing at least one iteration of a process which comprises: relocating the first device and the second device; energizing the first device and the second device; exchanging further key material between the first device and the second device over a further communications channel which is different from the second communications channel; and de-energizing the first device and the second device; and in which: the process of cryptographic data exchange between the first device and the second device over the first communications channel employs key material which is derived from the key material which has been exchanged between the first device and the second device.

Description

Title
Method and Apparatus for Initialising a Cryptographic Communications System.
Related applications The present application claims priority from Australian provisional patent application
Number 2008903827 in the name of Synaptic Laboratories Limited, filed on 28 July 2008, and entitled "Method and Apparatus for Secure Communication", the contents of which is incorporated herein.
The present application claims priority from Australian provisional patent application Number 2008905704 in the name of Synaptic Laboratories Limited, filed on 5 November 2009, and entitled "Method and Apparatus for Secure Communication", the contents of which is incorporated herein.
Field of the invention The present invention relates to computer network security. In one form, the present invention relates to a method and system for performing a key exchange between two or more devices over two or more distinct channels.
Background of the invention Throughout this specification, including the claims: when we refer to deriving a value y from a value x, this includes non-linear operations, linear operations and the assignment operation; when we refer to 'blocks' of information such as data, key, message digests or hash digests, it is to be understood that they are at least 2 bits in length, not necessarily identical in size, and depend on the function receiving input or generating output; we the use the term "post quantum secure" (PQS) to refer to a communication that is secure against both known classical computing attacks and known quantum super computing attacks; when we refer to the exchange of key material between a first device and a second device, we comprehend all three occurrences of key material exchange: 1) key material sent from the first device to the second device, 2) of key material sent from the second device to the first device and 3) the mutual exchange of key material between the devices. It is likely that none of the well-known public key encryption cryptographic systems based on the difficulty factoring, based on the difficulty of the discrete logarithm problem or that use of elliptic curves will be adequately secure in times of quantum super computers. Alternate cryptographic systems that are conjectured to be post quantum secure are known — some of these proposals rely on the security of pre-shared symmetric secrets. In one example, quantum key distribution (QKD) systems rely on the one-time use of pre-shared secret key material to perform information theoretically secure message authentication operations. In another well-known example, multiple-use long-lived pre-shared secrets are used to derive session keys. In both cases, it is important that these pre-shared secrets are securely exchanged.
In this description and the appended claims the term "host" means a computing device connected to a network. Every host is a node on the network, but not every node is considered a host on the network. For example, network nodes such as modems and network switches are not generally considered hosts. We further restrict the use of the term "host" to refer to a node that has been adapted according to a preferred embodiment of the present invention. A network node such as a modem, or network switch may be a host, when that node is the intended recipient of a message from another host according to a preferred embodiment of the present invention. Two hosts may establish a network session with each other according to a preferred embodiment of the present invention that is facilitated by other nodes on the network, including but not limited to switch nodes, router nodes, relay nodes, and nodes running network services. Depending on the context a host may refer to either a process, the process running on an apparatus, or the apparatus running the process. A host may partially reside as software on a computer and as software on a hardware security module, such as a smart card, connected to that computer.
In the art TEMPEST is a codename referring to investigations and studies of compromising emanations (CE). CE are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, disclose the information transmitted, received, handled, or otherwise processed by information-processing equipment. The US and NATO TEMPEST standards that describe the requirements of electromagnetic shielding enclosures (ESE) to protect against monitoring of CE can be found in the NATO TEMPEST SECAN Doctrine and Information Publication SDIP-27 and USA national security telecommunications and information systems security advisory memoranda (NSTISSAM) TEMPEST publications. See also the publication titled "TEMPEST Fundamentals, NACSIM 5000" authored and published by the US National Security Agency. An ESE may also be a Faraday Cage/Faraday Shield.
A hardware security module (HSM) is a purpose built hardware device that is intended to provide a tamper evident environment for storing and processing cryptographic material. Some HSMs such as smart cards offer superior suppression of exploitable signal emanations that may be used by side channel attacks to recover sensitive information such as key material. While HSM are the preferred processing environment for implementing key exchanges as described in the present invention it is understood that potentially less secure processing environments, such as common desktop computers running the Windows operating system, may be used.
Any discussion of documents, devices, acts or knowledge in this specification is included to explain the context of the invention. It should not be taken as an admission that any of the material forms a part of the prior art base or the common general knowledge in the relevant art on or before the priority date of the present application.
Summary of the invention
A process of cryptographic data exchange between a first device and a second device over a first communications channel, which cryptographic data exchange takes place subsequent to the exchange of key material between the first device and the second device, the exchange of key material between the first device and the second device comprising the process of: energizing the first device and the second device; exchanging first key material between the first device and the second device over a second communications channel which is different from the first communications channel; de-energizing the first device and the second device; performing at least one iteration of a process which comprises: relocating the first device and the second device; energizing the first device and the second device; exchanging further key material between the first device and the second device over a further communications channel which is different from the second communications channel; and de-energizing the first device and the second device; and in which: the process of cryptographic data exchange between the first device and the second device over the first communications channel employs key material which is derived from the key material which has been exchanged between the first device and the second device.
A process of receiving at a first device cryptographic data that has been transmitted from a second device over a first communications channel, which cryptographic data exchange takes place subsequent to the exchange of key material between the first device and the second device, the exchange of key material between the first device and the second device comprising the process of: energizing the first device and the second device; exchanging first key material between the first device and the second device over a second communications channel which is different from the first communications channel; de-energizing the first device and the second device; performing at least one iteration of a process which comprises: relocating the first device and the second device; energizing the first device and the second device; exchanging further key material between the first device and the second device over a further communications channel which is different from the second communications channel; and de-energizing the first device and the second device; and in which: cryptographic processing of the cryptographic data at the first device employs key material which is derived from key material which has been exchanged between the first device and the second device.
Preferably, in which the first key material is exchanged in the clear. Preferably, in which at least some further key material is symmetrically encrypted using key material which has been previously exchanged between the first device and the second device.
Preferably, in which the first device and the second device exchange first key material over the second channel when they are both enclosed inside the same ESE. Preferably, in which the first device and the second device exchange further key material when they are enclosed inside the same ESE.
Preferably, in which the second channel runs over a private network.
Preferably, in which the first channel runs over a public network.
Preferably, in which key material exchanged between the first device and the second device is received by a relay device and is transmitted by that relay device.
A process of generating and transmitting cryptographic data which is intended for a second device from a first device, which cryptographic data exchange takes place subsequent to the exchange of key material between the first device and the second device, the exchange of key material between the first device and the second device comprising the process of: energizing the first device and the second device; exchanging first key material between the first device and the second device over a second communications channel which is different from the first communications channel; de-energizing the first device and the second device; performing at least one iteration of a process which comprises: relocating the first and second device; energizing the first device and the second device; exchanging further key material between the first device and the second device over a further communications channel which is different from the second communications channel; and de-energizing the first device and the second device; and comprising: generating cryptographic data at the first device employing key material which is derived from key material which has been exchanged between the first device and the second device
Preferably, in which the first key material is exchanged in the clear. Preferably, in which at least some further key material is symmetrically encrypted using key material which has been previously exchanged between the first device and the second device. Preferably, in which the first and second device exchange first key material over the second channel when they are enclosed inside the same ESE.
Preferably, in which the first and second device exchange further key material when they are enclosed inside the same ESE.
Preferably, in which the second channel runs over a private network. Preferably, in which the first channel runs over a public network.
Preferably, in which key material exchanged between the first device and the second device is received by a relay device and is transmitted by that relay device.
A process of exchange of key material between a first device and a second device, the process comprising: energizing the first device and the second device; exchanging first key material between the first device and the second device over a second communications channel which is different from the first communications channel; de-energizing the first device and the second device; performing at least one iteration of a process which comprises: relocating the first and second device; energizing the first device and the second device; exchanging further key material between the first device and the second device over a further communications channel which is different from the second communications channel; and de-energizing the first device and the second device; and where the first device and second device are adapted to perform cryptographic data exchanges between each other using key material which is derived from the key material which has been exchanged between the first device and second device. Preferably, in which key material exchanged between the first device and the second device is received by a relay device and is transmitted by that relay device.
Further scope of applicability of embodiments of the present invention will become apparent from the detailed description given hereinafter.
Brief description of the drawings In order that the present invention be more readily understood preferred embodiments of it are described with reference to the accompanying drawings, which are given by way of illustration only, and thus are not limitative of the disclosure herein, and in which: Figure 1 is a schematic diagram 100 illustrating: a first private network; an optional second private network; an optional third private network; a public network; eight host devices where two of the eight host devices are illustrated to be discretely connected to at most one of the 4 networks at different time intervals; and four logically distinct (potentially bi-directional) channels, where each channel connects the two host devices across a different network respectively according to a preferred embodiment of the present invention;
Figure 2 is a schematic diagram illustrating n parts of key material of an n-part key exchange of figure 1 according to a preferred embodiment of the present invention. Figure
3 is a schematic diagram of a small private network of figure 1 depicting a first relay device and the eight host devices of figure 1 connected to the first relay device according to a preferred embodiment of the current invention; Figure 4 is a schematic diagram of a small private network of figure 1 depicting a second relay device and the eight host devices of figure 1 connected to the second relay device according to a preferred embodiment of the current invention;
Figure 5 is a schematic diagram of a logical network model depicting three computers connected to the public network of figure 1 and each one of the three host of figure 1 are connected to a different computer connected to the network and a logical communications channel of figure 1 according to a preferred embodiment of the current invention;
Figure 6 is a block schematic diagram illustrating a portion of the general-purpose computers of figure 4 and of figure 5; Figure 7 is a block schematic diagram illustrating a portion of the eight host USB tokens of figures 1, 2, 3, 4 and 5;
Figure 8 is a block schematic diagram illustrating a portion of the relay device of figure 3;
Figure 9 is a flow chart diagram describing the high-level process of two host devices of figure 1 performing a n-part key exchange over n-independent channels to generate a shared symmetric key, and where the two host devices are further adapted to perform cryptographic operations between each other using key material derived from the key material;
Figure 10 is a flow chart diagram partially describing the high-level process of a group of eight host devices of figure 2 each performing a n-part key exchange over «- independent channels (of figure 3 and of figure 4) to generate pairwise shared symmetric keys with each of the other seven hosts, and where each of the eight host devices are further adapted to perform cryptographic operations between each other using said pairwise symmetric keys; Figure 11 is a flow chart diagram describing the high-level process of a relay device of figure 3 assisting two host smart card devices to perform the first part of an n-part key exchange using public key technologies according to a preferred embodiment of the present invention; Figure 12 is a flow chart diagram describing the high-level process of a relay device of figure 4 assisting two host smart card devices to perform the second part of an w-part key exchange using symmetric key technologies according to a preferred embodiment of the present invention; Figure 13 is a schematic diagram of a star network model depicting a relay device assisting key exchange operations and eight host HSM of two different types, and an additional HSM connected to the relay device according to a preferred embodiment of the current invention.
Description of preferred embodiments of the invention
Figure 1 is a schematic diagram 100 illustrating: a first private network 101; an optional second private network 102; an optional third private network 103; a public network 104; eight host devices 110, 111, 112, 113, 114, 115, 116, 117 where two of the eight host devices are illustrated to be discretely connected to at most one of the 4 networks 101, 102, 103, 104 at different time intervals 120, 130; and four logically distinct (potentially bi-directional) communications channels 141, 143, 145, 147, where each communications channel connects the two host devices 110 and 111 across a different network 101, 102, 103, 104 respectively according to a preferred embodiment of the present invention.
In this illustration, each of the eight host devices 110 to 117 are HSM in the form factor of a smart card that has been adapted to communicate with a master device using the universal serial bus (USB) protocol. In alternative preferred embodiments of the current invention, the host devices have other form factors. Each of the 8 HSM 110 to 117 illustrated have key exchange applets installed in them that implement methods according to a preferred embodiment of the present invention installed. Each of the 8 HSM 110 to 117 have a random number generator.
Label 151 illustrates an aggregated part of key material. Labels 153, 155, 157 illustrate an additional 3 aggregated parts of aggregated key material. In a preferred embodiment of the present invention, the value of the key material 151, 153, 155, 157 is derived from the output of a random number generator residing in one or both of hosts 110 and 111. The four parts 151, 153, 155, 157 of key material are part of an n-part key exchange according to a preferred embodiment of the present invention, where n is illustrated as 4. Typically, the entropy within each of the M-parts is at least 80-bits for classical security, and at least 160-bits for post quantum security. Each of the M-parts 151, 153, 155, 157 of a n-part key exchange operation are illustrated to be sequentially transmitted over just 1 of the total of « logically distinct (potentially bidirectional) communications channels 141, 143, 145, 147, and where for a M-channel system we consider that there are always at most n aggregated parts. Label 159 illustrates that the value of the shared secret key which is derived from the value of each of the n-parts of key material 151, 153, 155, 157, and that this shared secret key 159 is stored locally in both hosts 110 and 111.
The label 120 illustrates a first virtual rotary switch illustrated with seven terminals. The virtual rotary switch 120 does not typically refer to a physical switch, rather it is a diagrammatic aid to describe the logical behaviour of the current system. In the present illustration, the host 110 cycles sequentially from the first terminal 121 through to the seventh terminal 127.
The label 130 illustrates a second virtual rotary switch also illustrated with seven terminals. In the present illustration, the host 111 cycles sequentially from the first terminal 131 through to the seventh terminal 137.
When the first terminal positions 121 and 131 are selected at the same time, the host 110 and 111 are energized and then connected to a logical communications channel 141 that connects the host 110 and 111 over private network 101. The nodes on the path of the logical communications channel 141, such as the host computer connected to the smart card host 110 and network 101, are not illustrated in figure 1. See figures 2 and 3 for a more detailed illustration.
When the second terminal position 122 is selected, the host 110 is not connected to any network, is disconnected from all power sources, and is de-energized. When the second terminal position 132 is selected, the host 111 is not connected to any network, is disconnected from all power sources, and is effectively de-enerized. When the third terminal positions 123 and 133 are selected at the same time, the host 110 and 111 energized and are then connected to a logical communications channel 143 that connects the host 110 and 111 over private network 102.
When the fourth terminal position 124 is selected, the host 110 is not connected to any network, is disconnected from all power sources, and is de-energized. When the fourth terminal position 134 is selected, the host 111 is not connected to any network, is disconnected from all power sources, and is de-energized.
When the fifth terminal positions 125 and 135 are selected at the same time, the host 110 and 111 are energized and then are connected to a logical communications channel 145 that connects the host 110 and 111 over private network 103.
When the sixth terminal position 126 is selected, the host 110 is not connected to any network, is disconnected from all power sources, and is de-energized. When the sixth terminal position 136 is selected, the host 111 is not connected to any network, is disconnected from all power sources, and is de-energized.
When the seventh terminal position 127 and 137 are selected at the same time, the host 110 and 111 are energized and then are connected to a logical communications channel 147 that connects the host 110 and 111 over public network 104.
Figure 2 is a schematic diagram illustrating 200 n parts of key material 201 of a w-part key exchange (where n=4) of figure 1 according to a preferred embodiment of the present invention. The M-parts of key material 201 comprises the four parts of aggregated key material 151, 153, 155, 157 of figure 1. In this illustration, the w-parts of key material 201 are hashed using an invocation of a cryptographic hash function, the value of the resulting digest is used as the shared secret key material 159 of figure 1.
Figure 3 is a schematic diagram of a small private network 101 of figure 1 that depicts a first relay device 305 and the eight host devices of figure 1 (110 to 117) connected to the first relay device 305 according to a preferred embodiment of the current invention.
Label 305 illustrates that the relay device assisting exchange of key material is a rack mount server that is not connected to another network (such as 102, 103, 104) or other external computing device.
Label 141 of figure 3 illustrates a bi-directional channel 141 of figure 1 between host 110 and 111 through relay device 305 over private network 101 of figure 1.
Label 151 illustrates aggregated key material 151 of figure 1 that is exchanged over the bidirectional channel 141 between host 110 and 111 through relay device 305.
Label 301 illustrates an electromagnetic shielded enclosure (ESE) that wholly encapsulates all devices 305 and 110 to 117 and all communications cabling connecting said devices. The ESE must be closed when any of the devices 305 and 110 to 117 are exchanging key material so the ESE can mitigate, militate or prevent monitoring of potentially CE by an attacker outside of ESE 301 (not illustrated).
Figure 4 is a schematic diagram of a small private network 102 of figure 1 that depicts a second relay device 405 and the eight host devices of figure 1 (110 to 117) connected to the second relay device 405 according to a preferred embodiment of the current invention.
Label 405 illustrates the relay device assisting exchange of key material is a desktop computer that is not connected to another network (such as 101, 103, 104) or other external computing device.
Label 143 of figure 2 illustrates a bi-directional channel 143 of figure 1 between host 110 and 111 through relay device 405 over private network 102 of figure 1.
Label 153 illustrates aggregated key material 153 of figure 1 that is exchanged over the bidirectional channel 143 between host 110 and 111 through relay device 405.
Label 401 illustrates an electromagnetic shielded enclosure (ESE) that wholly encapsulates all devices 405 and 110 to 117 and all communications cabling connecting said devices. The ESE must be closed when any of the devices 405 and 110 to 117 are exchanging key material so the ESE can mitigate, militate or prevent monitoring of potentially CE by an attacker outside of ESE 401 (not illustrated).
For the purpose of this invention, if the relay device 305 and 405 were physically the same computer, and the ESE 301 and 401 were physically the same enclosure, the process of de- energizing and physically disconnecting the hosts 110 to 117 in figure 3, and then reconnecting and re-energizing the hosts 110 to 117 in figure 4 would result in a logically distinct network. Physically disconnecting the hosts is an act of relocation.
Figure 5 is a schematic diagram of a logical network model 500 depicting three computers 510, 511, 513 connected to the public network 104 of figure 1 and each one of the three host 110, 111, 113 of figure 1 are connected to a different computer {110, 510}, {111, 511}, {113, 513} connected to the network and a logical communications channel 147 of figure 1 according to a preferred embodiment of the current invention.
The embodiment of figure 5 comprises a general-purpose computer 510, which can interface with a secure module or device, such as USB smart card token 110 of figure 1, a general-purpose computer 511, which can interface USB smart card token 111 of figure 1, a general-purpose computer 513, which can interface with USB smart card token 113. Each of the three general-purpose computers 510, 511, 513 can communicate with each other over public network 104. Cryptographic primitives may be implemented in software, in hardware or a combination of software and hardware on any one of the USB smart card tokens 110, 111, 113, and computers 510, 511, 513. Label 147 illustrates a bidirectional message flow/logical communications channel across the network 104 between host 110 and 111, where the two hosts 110 and 111 reside outside of the ESE 201 of figure 2 and ESE 301 of figure 3, and where the two hosts 110 and 111 are not in the same ESE.
Figure 6 is a block schematic diagram 600 illustrating a portion of the general-purpose computers 405 of figure 4 and 510, 511 and 513 of figure 5. The said general-purpose computers comprise a central processing unit 601, random access memory 602, an input / output system 603 and a video card 604.
Figure 7 is a block schematic diagram 700 illustrating a portion of the eight host USB tokens 110 to 117 of figures 1, 2, 3, 4 and 5. The said USB tokens comprise a central processing unit (CPU) 701, random access memory (RAM) 702, a communication interface such as a universal bus (USB) 703, a dedicated cryptographic processor (DCP) 704, and non- volatile memory (NVR) 705.
Figure 8 is a block schematic diagram 800 illustrating a portion of the relay device 305 of figure 3. The relay device 305 comprises a central processing unit (CPU) 801, random access memory 802, and an input / output system 803.
Figure 9 is a flow chart diagram 900 describing the high-level process of two host devices 110, 111 of figure 1 performing an w-part key exchange over «-independent logical communications channels 141, 143, 145, 147 to generate a shared symmetric key 159, and where the two host devices 110, 111 are further adapted to perform cryptographic operations between each other using key material derived from the key material 151, 153, 155, 157.
The flow chart 900 is written in the context that devices 110 and 111 have no prior established shared secrets, and that they are currently disconnected from all networks and are de-energized.
In a preferred embodiment a key exchange process is performed as follows: Label 901) Start the key exchange process.
Label 902) The host 110 is energized and connected 121 to network 101. The host 111 is energized and connected 131 to network 101. Hosts 110 and 111 are instructed to perform the first step of a 4 step key exchange operation between each other. A logical communications channel 141 is established between hosts 110 and 111 over network 101. Hosts 110 and 111 exchange one aggregated part of key material 151 over logical communications channel 141. A local copy of the value of the key material 151 is stored in both hosts 110 and 111.
Label 903) The host 110 is disconnected 122 from all networks and de-energized. The host 111 is disconnected 132 from all networks and de-energized.
Label 904) The host 110 is energized and connected 123 to network 102. The host 111 is energized and connected 133 to network 102. Hosts 110 and 111 are instructed to perform the second step of a 4 step key exchange operation between each other. A logical communications channel 143 is established between hosts 110 and 111 over network 102.
Hosts 110 and 111 exchange one part of aggregated key material 153 over logical communications channel 143. A local copy of the value of the key material 153 is stored in both hosts 110 and 111. Label 905) The host 110 is disconnected 124 from all networks and de-energized.
The host 111 is disconnected 134 from all networks and de-energized.
Label 906) The host 110 is energized and connected 125 to network 103. The host 111 is energized and connected 135 to network 103. Hosts 110 and 111 are instructed to perform the third step of a 4 step key exchange operation between each other. A logical communications channel 145 is established between hosts 110 and 111 over network 103. Hosts 110 and 111 exchange one part of aggregated key material 155 over logical communications channel 145. A local copy of the value of the key material 155 is stored in both hosts 110 and 111.
Label 907) The host 110 is disconnected 126 from all networks and de-energized. The host 111 is disconnected 136 from all networks and de-energized.
Label 908) The host 110 is energized and connected 127 to network 104. The host 111 is energized and connected 137 to network 104. Hosts 110 and 111 are instructed to perform the fourth step of a 4 step key exchange operation between each other. A logical communications channel 147 is established between hosts 110 and 111 over network 104. Hosts 110 and 111 exchange 1 part of key material 157 over logical communications channel 147. A local copy of the key material 157 is stored in both hosts 110 and 111.
Label 909) The host 110 performs an invocation of a cryptographic hash 202 of figure 2 of the 4 parts of key material 151, 153, 155, 157 to create a local copy of the value of the shared key 159. The host 111 also performs an invocation of a cryptographic hash 202 of figure 2 of the 4 parts of key material 151, 153, 155, 157 to create a local copy of the value of the shared key 159.
Label 910) The key exchange process stops.
The hosts 110 and 111 can now perform a cryptographic operation between each other using shared key material 159. They can also be individually energized, de-energized and connected or disconnected from the network 104 or other networks at will.
Figure 10 is a flow chart diagram 1000 partially describing the high-level process of a group of eight host devices 110 to 117 of figure 2 each performing an n-part key exchange over n-independent channels (141 of figure 3 and 143 of figure 4) to generate pairwise shared symmetric keys with each of the other seven hosts, and where each of the eight host devices 110 to 117 are further adapted to perform cryptographic operations between each other using said pairwise symmetric keys.
The flow chart 1000 is written in the context that the eight host devices 110 to 117 have not negotiated prior shared secrets between them, and that they are all currently disconnected from all networks and are de-energized.
In a preferred embodiment of the present invention a key exchange process is performed as follows:
Label 1001) Start the key exchange process.
Label 1002) A node. Label 1003) The ESE 301 or 401 is opened. The relay device 305 or 405 and eight host devices 110 to 117 are installed inside the ESE. The said devices are connected to power and energized. Communications cables are connected between said devices.
Label 1004) The relay device 305 or 405 is instructed to initiate the key exchange operation. In preferred embodiments, the relay device 305 or 405 waits for the ESE to be closed before proceeding to perform key exchange operations between the hosts.
Label 1005) Close the ESE 301 or 401.
Label 1006) The relay device 305 or 405 facilitates the exchange of pairwise key material between the eight hosts. Each of the eight hosts will be instructed by the relay device to establish a unique shared secret with the remaining seven hosts. The relay device 305 or 405 will relay communications between the eight hosts 110 to 117 as instructed by the hosts. After the relay device has been notified that all key exchange operations between the hosts is completed, the relay device 305 or 405 optionally notifies the user that the key exchange operation is complete.
Label 1007) The ESE 301 or 401 is opened. Label 1008) AU the devices installed in the ESE 301 or 401 during step 1003 are removed from the ESE.
Label 1009) If all n parts of the w-part key exchange operation have been exchanged the process continues at step 1010, otherwise the process continues at step 1002. Label 1010) Stop the key exchange process. Each of the eight host devices 110 to
117 can now perform a cryptographic operation between each other using pair wise shared key material negotiated during this process.
In a preferred embodiment, each iteration of the n-part key exchange is performed under the control of a different person or group of people. For example, in a preferred embodiment illustrating this property, three iterations of a 3-part key exchange are performed at two different locations, specifically two different buildings. At the first location the first relay device 305 of figure 3 is owned and controlled by party A and the first iteration of the 3-part key exchange is performed by party A. At the second location, the second relay device 405 of figure 4 is owned by party B. The second iteration of the multi-part key exchange is performed on relay device 405 by party B using operating system and application software to run the key exchange that is executed from a CD-ROM supplied and owned by party B (not illustrated). The third iteration of the 3-part key exchange is performed on relay device 405 by party C using operating system and application software executed from an external hard drive owned and supplied by party C (not illustrated). The execution environment as described can be arranged such that when party A performs a first iteration of the incremental/multi-part key exchange both parties B and C are not present and presumably unable to monitor the communications, and likewise when B and C perform their separate key exchange iterations it is assumed party A is not present to monitor the communications. Furthermore, when parties B and C are performing their respective iterations of the incremental key exchange they may have an increased assurance that neither party present is recording the messages routed between the HSMs and that the software used in at least one of the key exchanges is controlled by them.
In this way if no party A, B, C, or other attacking party (not illustrated) becomes aware of the value of all the parts of key material exchanged over the above 3 iterations of a 3-part key exchange between any two pair of hosts 110 to 117 and each of the three parts of key material are least 160-bits long, then the incremental key exchange between each pair of HSM may be considered to be post quantum secure.
Figure 11 is a flow chart diagram 1100 describing the high-level process of a relay device 305 of figure 3 assisting two host smart card devices 110, 111 to perform the first part of an n-part key exchange using public key technologies according to a preferred embodiment of the present invention.
In a preferred embodiment of the present invention the key exchange process is performed as follows:
Label 1101) Start key exchange.
Label 1102) Relay device 305 selects hosts 110, 111 and calls the selected applet in host 111 to retrieve it's public key for key exchange operations. Label 1103) If host 111 does not have a {public, private} key pair, it generates a pair and stores the private and public key in its NVRAM. If the host 111 does not have a public identifier, the host 111 generates a random 256-bit number as it's globally unique public identifier.
Label 1104) Host 111 returns a copy of its public identifier and public key to relay device 305.
Label 1105) Relay device 305 calls the selected applet on host 110 to perform an asymmetric key exchange with host 111.
Label 1106) Relay device 305 sends a copy of the public identifier and the public key for host 111 to the applet in host 110. Label 1107) Host 110 receives the public identifier and public key for host 111.
Label 1108) Host 110 generates a nonce using its random number generator and encrypts it using the public key for host 111. Host 110 stores the public identifier for host 111 and the value of the nonce in its NVRAM. If the host 110 does not have a public identifier, the host 110 generates a random 256-bit number as it's globally unique public identifier.
Label 1109) Host 110 supplies it's globally unique public identifier and the encrypted random nonce to relay device 305.
Label 1110) Relay device 305 supplies the encrypted nonce and public identifier from host 110 to host 111. Label 1111) Host 111 receives the encrypted nonce and public identifier for host
110.
Label 1112) Host 111 decrypts the nonce using it's public and private key pair and stores the public identifier for host 110 and the decrypted random number in NVRAM. Label 1113) Stop key exchange. HSM 110 and 111 now share a common symmetric key, in this case it is a portion of the first part 151 of a multi-part key exchange.
In a further preferred embodiment of the present invention, the immediately preceding key exchange process is repeated over the same channel, modified such that roles of host 110 and 111 are exchanged. This additional symmetric key becomes the second portion of the first part 151 of a multi-part key exchange.
In a preferred embodiment of the present invention, a standards based classically secure public key operation is used to satisfy existing security standards. In an alternate preferred embodiment of the present invention, a candidate post quantum secure public key operation is used. In a further alternate preferred embodiment the public key operation is performed twice, once with a classically secure key exchange operation, and once with a post quantum secure key exchange operation, where the aggregated key material comprises the two keys negotiated as a result of the classical and candidate post quantum secure key exchange operations.
Figure 12 is a flow chart diagram 1200 describing the high-level process of a relay device 405 of figure 4 assisting two host smart card devices 110, 111 to perform the second part of an w-part key exchange using symmetric key technologies according to a preferred embodiment of the present invention. The flow chart 1200 is written in the context that the relay device 405 has already retrieved the public identifiers of the host 110 to 117.
In a preferred embodiment of the present invention the key exchange process is performed as follows:
Label 1201) Start key exchange.
Label 1202) Relay device 405 selects hosts 110, 111 and calls the selected applet in host 111 to relay further key material to host 110. The relay device forwards the public identifier of host 110 in that call to the applet.
Label 1203) Host 111 generates a nonce using its random number generator. Host 111 stores a copy of the nonce associated with the public identifier of host 110 in its NVRAM. The NVRAM in host 111 now stores two aggregated parts of aggregated key material of an n-part key exchange associated with host 110. Label 1204) Host 111 encrypts the nonce using the key material derived from the first part of key material 151 exchanged with host 110.
Label 1205) Host 111 send the value of the encrypted nonce to the relay device 405.
Label 1206) Relay device 405 sends a copy of the encrypted nonce generated by host 111 to the applet in host 110.
Label 1207) Host 110 receives the public identifier for host 111 and the encrypted nonce.
Label 1208) Host 110 decrypts the encrypted nonce using the first part of key material 151 previously exchanged with host 111. Label 1209) Host 110 stores a copy of this nonce associated with the public identifier of host 111 in its NVRAM. The NVRAM in host 110 now stores two aggregated parts of aggregated key material of an /j-part key exchange material associated with host 111.
Label 1210) Stop key exchange.
HSM 110 and 111 now share 2 aggregated parts of a multi-part key exchange operation.
In a further preferred embodiment of the present invention, the immediately preceding key exchange process is repeated over the same channel, modified such that roles of host 110 and 111 are exchanged. This additional symmetric key becomes the second portion of the second part 153 of a multi-part key exchange.
In this and related ways hosts exchange portions of parts of the multi-part key exchange operation.
Without limitation, any part of aggregated key material negotiated between hosts 110 to 117 can be any one or a combination of the following techniques: a) quantum key distribution, b) classically secure public key exchange, c) candidate post quantum secure public key exchange, d) transmission of key material in the clear outside of an ESE, e) scalable post quantum secure key exchanges based on symmetric techniques, f) an embodiment of the present invention.
In a preferred embodiment two or more host have the ability to perform communications between each other without the assistance of an additional relay device. For example, two
HSM exchanging keys may be adapted with an Ethernet port and an Ethernet cable that directly connects the two HSM, allowing them to communicate directly.
In a preferred embodiment of the present invention, each host increments an internal counter corresponding to the number of attempted and successful iterations of the key exchange between it and every host it exchanges keys with and can report this information when requested. This allows parties to independently check that the expected number of iterations of the incremental key exchange have been performed.
In a preferred embodiment further new communications session between hosts 110 and 113 of figure 5 results in additional part of a multi-party key exchange operation being performed. That is, the number of parts of an n-part key exchange does not need to be predetermined, and can arbitrarily increase over time. This can be achieved by first establishing a secure authenticated encryption connection using the current private shared key between hosts 110, 113; then each module 110, 113 generating key material using their random number generator, exchanging the key material in an encrypted form over the secure connection, and mixing the new key material with the current session-key. In this way, the public network 104 and computers 510, 313 collectively perform the role of a 'relay device' such as previously described for 305 and 405. However, we note that the assurances of this type of key exchange are of a qualitative weaker level because it may be trivially easy for the value of communications transported across public network 104 to be monitored, and that this monitoring might be performed by an attacker who may have been able to record the previous key exchange material exchanged between the two devices.
We observe that a single iteration of the multi-part key exchange operation between two HSM facilitated by a first party, followed by the use of the HSM by end-users whose facilitate a second iteration of the multi-part key exchange over a public network still constitutes two separate parties performing two independent iterations of the multi-part key exchange. However, it is strongly preferred that the users facilitate an iteration of the multi-part key exchange between the two devices over a private network. While the processes of preferred embodiments of the invention have been described as not using prior established shared secrets as part of the w-part key exchange operation, they can be trivially adapted to take advantage of any previously negotiated secret key material between the two devices using a different independent process as the first part of an «-part key exchange according to preferred embodiments of the present invention.
Figure 13 is a schematic diagram of a star network model 1300 depicting a purpose built relay device 1302 assisting key exchange operations and eight host HSM of two different types 1310 to 1313 and 1314 to 1317, and an additional HSM 1307 connected to the relay device 1302 according to a preferred embodiment of the current invention. In the current illustration label 1302 illustrates a motherboard, label 1303 illustrates an FPGA processor and label 1304 a small micro controller responsible for managing the FPGA processor 1303. Label 1306 illustrates a visual display unit. Label 1305 illustrates a push button switch. Labels 1310 to 1313 illustrate host HSM with a "Peripheral component interconnect (PCI) Express" form factor. Labels 1314 to 1317 and 1307 illustrate host HSM with a smart card form factor.
The FPGA chip 1304 is connected to the micro controller 1304, the four host HSM 1310 to 1313 via a PCI express bus, the four host HSM 1314 to 1317 via four USB interfaces. The VDU 1306 and the button 1305 are connected via independent buses to the micro controller 1304. The HSM 1307 is connected to the micro controller 1304.
In a preferred embodiment of figure 13, a first party and a second party are present and participating during the operation of two or more iterations of a multi-part key exchange performed using the motherboard. It is preferred in the present embodiment of the invention that at least three iterations are performed with one such iteration performed by a third party not in the presence of the first and second party.
In this preferred embodiment of the current invention, the process involving the first and second parties has two stages.
In the first stage of the process, the first party de-energizes the motherboard 1302 (not illustrated) and connects four PCI Express HSM 1310 to 1313 and four smart card HSM to the motherboard 1302. The first party has a first firmware for the FPGA chip 1303 loaded on the smart card 1307. The first party connects the smart card 1307 into the motherboard 1302. The first party now energizes 1302 and depresses the button 1305 to start the initialisation process.
The micro controller 1304 communicates with the smart card 1307 and extracts the value of firmware which it then loads into the FPGA chip 1303. The FPGA chip initialises itself and reports back a message to micro controller 1304 which is visually displayed on the VDU 1306. The first party validates that the message is as they expected (such as a one- time-use random number selected for this key exchange operation uniquely assigned to the FPGA firmware stored in the smart card) and then depresses the button 1305 to start a single iteration of the multi-part key exchange operation. The FPGA chip 1303 connects with all eight HSM 1310 to 1317 and completes an iteration of the multi-part key exchange operation. When the key exchange operation is complete, the FPGA 1303 sends a message to the micro controller and a message is displayed on 1306 displaying the result of the key exchange. The first party de-energizes motherboard 1302 and retrieves the smart card 1307.
The second stage of the process now begins with the second party supplying their own smart card carrying their own copy of the firmware for FPGA 1303 into the motherboard 1304. The removal of the smart card 1307 and the loading of a different copy of the firmware on a different smart card physically modifies the relay device 1302, which results in a logically 'different' relay device. The second party energizes the motherboard 1302, depresses the button 1305, and checks the VDU to ensure the users firmware has been loaded and if the number is as expected depresses button 1305 to start a single iteration of the multi-part key exchange operation to perform. After the iteration of the multi-part key exchange operation is complete and the result is displayed on the VDU 1306 the second party de-energizes the motherboard 1302.
In a preferred embodiment of the present invention, there are two motherboards, one owned by each party. The first party supplies the motherboard which is loaded with the second party's FPGA firmware to perform an iteration of the incremental key exchange and the second party supplies the motherboard which is loaded with the first party's fϊrmware to perform an iteration of the incremental key exchange. In this way, both parties can be assured the hardware and firmware involved in the key exchanges works as intended.
In a preferred embodiment of the key exchange, each of the four "PCI express" HSM 1310 to 1313 exchange keys with each other, and each smart card HSM 1314 to 1317 exchanges keys only with HSM 1310 to 1313 respectively. In this way, a smart card can be uniquely allotted to a "PCI express" HSM, and that smart card can be physically transported to negotiate more keys on behalf of its "PCI express" HSM that is physically connected to an online server. Once a new key has been negotiated by the smart card, the smart card can securely relay the key to its corresponding "PCI express" HSM.
In an alternate preferred embodiment of the present invention, two or more smart cards exchange secret key material and act as a singular logical identity. The two or more smart cards may be adapted to rely on external non- volatile memory stored in a database located outside of non-volatile memory of the two or more smart cards. The records and optionally the tables within the database are encrypted using key material shared by the two or more smart cards. If one smart card is lost or damaged it is possible to obtain a new smart card and take the remaining smart cards with the same identity and create a new session key between them and upgrade the remotely stored database. In this way, one or more of the cards not in use can be securely stored in a safe as a disaster recovery mechanism. Each card can also report a unique identifier to enable others to establish which smart card instance was used to perform a specific operation.
In a preferred embodiment one of the host HSM exchanging key material is adapted as a one-time-pad HSM 1318 that has a visual display unit and has a means of bi-directional communication with one or more other HSMs, including but not limited to one or a combination of:
• A wireless interface, such as bluetooth or RFID, • A USB interface,
• A smart card reader interface.
In a further preferred embodiment, the one-time-pad HSM 1318 is associated uniquely with one logical smart card identity, which may have one or more physical smart cards
1316, 1317.
In a further preferred embodiment of the present invention, the logical smart card is adapted to use the one-time-pad HSM 1318 to authenticate control operations. This provides a user-friendly method of authenticating operations to the smart card processor (irrespective of smart card form factor).
While this invention has been described in connection with specific embodiments thereof, it will be understood that it is capable of further modification(s). This application is intended to cover any variations uses or adaptations of the invention following in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains and as may be applied to the essential features hereinbefore set forth.
As the present invention may be embodied in several forms without departing from the spirit of the essential characteristics of the invention, it should be understood that the above described embodiments are not to limit the present invention unless otherwise specified, but rather should be construed broadly within the spirit and scope of the invention as defined in the appended claims. The described embodiments are to be considered in all respects as illustrative only and not restrictive.
Various modifications and equivalent arrangements are intended to be included within the spirit and scope of the invention and appended claims. Therefore, the specific embodiments are to be understood to be illustrative of the many ways in which the principles of the present invention may be practiced. In the following claims, means-plus- function clauses are intended to cover structures as performing the defined function and not only structural equivalents, but also equivalent structures. For example, although a nail and a screw may not be structural equivalents in that a nail employs a cylindrical surface to secure wooden parts together, whereas a screw employs a helical surface to secure wooden parts together, in the environment of fastening wooden parts, a nail and a screw are equivalent structures. It should be noted that where the terms "server", "secure server" or similar terms are used herein, a communication device is described that may be used in a communication system, unless the context otherwise requires, and should not be construed to limit the present invention to any particular communication device type. Thus, a communication device may include, without limitation, a bridge, router, bridge-router (router), switch, node, or other communication device, which may or may not be secure.
It should also be noted that where a flowchart or equivalent illustration of processes or systems is used herein to demonstrate various aspects of the invention, it should not be construed to limit the present invention to any particular logic flow or logic implementation. The described logic may be partitioned into different logic blocks (e.g., programs, modules, functions, or subroutines) without changing the overall results or otherwise departing from the true scope of the invention. Often, logic elements may be added, modified, omitted, performed in a different order, or implemented using different logic constructs (e.g., logic gates, looping primitives, conditional logic, and other logic constructs) without changing the overall results or otherwise departing from the true scope of the invention.
Various embodiments of the invention may be embodied in many different forms, including computer program logic for use with a processor (e.g., a microprocessor, microcontroller, digital signal processor, or general purpose computer), programmable logic for use with a programmable logic device (e.g., a Field Programmable Gate Array
(FPGA) or other PLD), discrete components, integrated circuitry (e.g., an Application
Specific Integrated Circuit (ASIC)), or any other means including any combination thereof. In an exemplary embodiment of the present invention, predominantly all of the communication between users and any other communication device, such as a server for example, is implemented as a set of computer program instructions that is converted into a computer executable form, stored as such in a computer readable medium, and executed by a microprocessor under the control of an operating system.
Computer program logic implementing all or part of the functionality where described herein may be embodied in various forms, including a source code form, a computer executable form, and various intermediate forms (e.g., forms generated by an assembler, compiler, linker, or locator). Source code may include a series of computer program instructions implemented in any of various programming languages (e.g., an object code, an assembly language, or a high-level language such as Fortran, C, C++, JAVA, or HTML) for use with various operating systems or operating environments. The source code may define and use various data structures and communication messages. The source code may be in a computer executable form (e.g., via an interpreter), or the source code may be converted (e.g., via a translator, assembler, or compiler) into a computer executable form.
A computer program(s) implementing all or part of the functionality where described herein may be fixed in any form (e.g., source code form, computer executable form, or an intermediate form) either permanently or transitorily in a tangible storage medium, such as a semiconductor memory device (e.g, a RAM, ROM, PROM, EEPROM, or Flash- Programmable RAM), a magnetic memory device (e.g., a diskette or fixed disk), an optical memory device (e.g., a CD-ROM or DVD-ROM), a PC card (e.g., PCMCIA card), or other memory device. The computer program may be fixed in any form in a signal that is transmittable to a computer using any of various communication technologies, including, but in no way limited to, analog technologies, digital technologies, optical technologies, wireless technologies (e.g., Bluetooth), networking technologies, and inter- networking technologies. The computer program may be distributed in any form as a removable storage medium with accompanying printed or electronic documentation (e.g., shrink wrapped software), preloaded with a computer system (e.g., on system ROM or fixed disk), or distributed from a server or electronic bulletin board over the communication system (e.g., the Internet or World Wide Web).
Hardware logic (comprising programmable logic for use with a programmable logic device) implementing all or part of the functionality where described herein may be designed using traditional manual methods, or may be designed, captured, simulated, or documented electronically using various tools, such as Computer Aided Design (CAD), a hardware description language (e.g., VHDL or AHDL), or a PLD programming language (e.g., PALASM, ABEL, or CUPL). Programmable logic may be fixed either permanently or transitorily in a tangible storage medium, such as a semiconductor memory device (e.g., a RAM, ROM, PROM, EEPROM, or Flash-Programmable RAM), a magnetic memory device (e.g., a diskette or fixed disk), an optical memory device (e.g., a CD-ROM or DVD-ROM), or other memory device. The programmable logic may be fixed in a signal that is transmittable to a computer using any of various communication technologies, including, but in no way limited to, analog technologies, digital technologies, optical technologies, wireless technologies (e.g., Bluetooth), networking technologies, and Internetworking technologies. The programmable logic may be distributed as a removable storage medium with accompanying printed or electronic documentation (e.g., shrink wrapped software), preloaded with a computer system (e.g., on system ROM or fixed disk), or distributed from a server or electronic bulletin board over the communication system (e.g., the Internet or World Wide Web).
"Comprises/comprising" when used in this specification is taken to specify the presence of stated features, integers, steps or components but does not preclude the presence or addition of one or more other features, integers, steps, components or groups thereof. Thus, unless the context clearly requires otherwise, throughout the description and claims, the words 'comprise', 'comprising', and the like are to be construed in an inclusive sense as opposed to an exclusive or exhaustive sense; that is to say, in the sense of "including, but not limited to".

Claims

Claims
1. A process of cryptographic data exchange between a first device and a second device over a first communications channel, which cryptographic data exchange takes place subsequent to the exchange of key material between the first device and the second device, the exchange of key material between the first device and the second device comprising the process of: energizing the first device and the second device; exchanging first key material between the first device and the second device over a second communications channel which is different from the first communications channel; de-energizing the first device and the second device; performing at least one iteration of a process which comprises: relocating the first device and the second device; energizing the first device and the second device; exchanging further key material between the first device and the second device over a further communications channel which is different from the second communications channel; and de-energizing the first device and the second device; and in which: the process of cryptographic data exchange between the first device and the second device over the first communications channel employs key material which is derived from the key material which has been exchanged between the first device and the second device.
2. A process of receiving at a first device cryptographic data that has been transmitted from a second device over a first communications channel, which cryptographic data exchange takes place subsequent to the exchange of key material between the first device and the second device, the exchange of key material between the first device and the second device comprising the process of: energizing the first device and the second device; exchanging first key material between the first device and the second device over a second communications channel which is different from the first communications channel; de-energizing the first device and the second device; performing at least one iteration of a process which comprises: relocating the first device and the second device; energizing the first device and the second device; exchanging further key material between the first device and the second device over a further communications channel which is different from the second communications channel; and de-energizing the first device and the second device; and in which: cryptographic processing of the cryptographic data at the first device employs key material which is derived from key material which has been exchanged between the first device and the second device.
3. A process as claimed in claim 2 in which the first key material is exchanged in the clear.
4. A process as claimed in any one of claims 2 or 3 in which at least some further key material is symmetrically encrypted using key material which has been previously exchanged between the first device and the second device.
5. A process as claimed in any one of claims 2 to 4 in which the first device and the second device exchange first key material over the second channel when they are both enclosed inside the same ESE.
6. A process as claimed in any one of claims 2 to 5 in which the first device and the second device exchange further key material when they are enclosed inside the same ESE.
7. A process as claimed in any one of claims 2 to 6 in which the second channel runs over a private network.
8. A process as claimed in claim 7 in which the first channel runs over a public network.
9. A process as claimed in any one of claims 2 to 8 in which key material exchanged between the first device and the second device is received by a relay device and is transmitted by that relay device.
10. A process of generating and transmitting cryptographic data which is intended for a second device from a first device, which cryptographic data exchange takes place subsequent to the exchange of key material between the first device and the second device, the exchange of key material between the first device and the second device comprising the process of: energizing the first device and the second device; exchanging first key material between the first device and the second device over a second communications channel which is different from the first communications channel; de-energizing the first device and the second device; performing at least one iteration of a process which comprises: relocating the first and second device; energizing the first device and the second device; exchanging further key material between the first device and the second device over a further communications channel which is different from the second communications channel; and de-energizing the first device and the second device; and comprising: generating cryptographic data at the first device employing key material which is derived from key material which has been exchanged between the first device and the second device
11. A process as claimed in claim 10 in which the first key material is exchanged in the clear.
12. A process as claimed in any one of claims 10 or 11 in which at least some further key material is symmetrically encrypted using key material which has been previously exchanged between the first device and the second device.
13. A process as claimed in any one of claims 10 to 12 in which the first and second device exchange first key material over the second channel when they are enclosed inside the same ESE.
14. A process as claimed in any one of claims 10 to 13 in which the first and second device exchange further key material when they are enclosed inside the same ESE.
15. A process as claimed in any one of claims 10 to 14 in which the second channel runs over a private network.
16. A process as claimed in claim 15 in which the first channel runs over a public network.
17. A process as claimed in any one of claims 10 to 16 in which key material exchanged between the first device and the second device is received by a relay device and is transmitted by that relay device.
18. A process of exchange of key material between a first device and a second device, the process comprising: energizing the first device and the second device; exchanging first key material between the first device and the second device over a second communications channel which is different from the first communications channel; de-energizing the first device and the second device; performing at least one iteration of a process which comprises: relocating the first and second device; energizing the first device and the second device; exchanging further key material between the first device and the second device over a further communications channel which is different from the second communications channel; and de-energizing the first device and the second device; and where the first device and second device are adapted to perform cryptographic data exchanges between each other using key material which is derived from the key material which has been exchanged between the first device and second device.
19. A process of exchange of key material between a first device and a second device as claimed in claim 18 in which key material exchanged between the first device and the second device is received by a relay device and is transmitted by that relay device.
20. A device which has received and stored key material by a process as claimed in claim 18 or claim 19.
21. A process of exchange of key material: comprising initiating a key exchange between a first device and a second device; and relaying key material exchanged between the first device and the second device, as claimed in any one of claims 18 to 20.
22. A relay device which is adapted to initiate the exchange of the key material of claim 18 between the first device and the second device.
23. A relay device as claimed in claim 22, which is adapted to initiate the exchanging of the first key material of claim 18 between the first device and the second device.
24. A relay device as claimed in claim 22, which is adapted to initiate the exchanging of a portion of the further key material of claim 18 between the first device and the second device.
25. An apparatus adapted to implement the process as claimed in any one of claims 1 to 21.
26. A relay device when adapted to implement in the implementation of a process as claimed in any one of claims 1 to 21.
27. An ESE when being used in the implementation of a process as claimed in any one of claims 1 to 21.
28. A signal carrying data which has been generated according to the process of any one of claims 1 to 21.
29. Machine executable code for performance of the process as claimed in any one of the claims 1 to 21.
30. Source code for a computer program which is adapted to perform the process as claimed in any one of claims 1 to 21.
31. A machine readable substrate carrying machine executable code for performance of the process as claimed in any one of claims 1 to 21.
32. A machine readable substrate carrying source code for a computer program which is adapted to perform the process as claimed in any one of claims 1 to 21.
PCT/IB2009/006386 2008-07-28 2009-07-28 Method and apparatus for initialising a cryptographic communications system WO2010013121A2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
AU2008903827 2008-07-28
AU2008903827A AU2008903827A0 (en) 2008-07-28 Method and Apparatus for Secure Communication
AU2008905704A AU2008905704A0 (en) 2008-11-05 Method and Apparatus for Secure Communication
AU2008905704 2008-11-05

Publications (2)

Publication Number Publication Date
WO2010013121A2 true WO2010013121A2 (en) 2010-02-04
WO2010013121A3 WO2010013121A3 (en) 2010-03-25

Family

ID=41478895

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2009/006386 WO2010013121A2 (en) 2008-07-28 2009-07-28 Method and apparatus for initialising a cryptographic communications system

Country Status (1)

Country Link
WO (1) WO2010013121A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10285683B2 (en) 2015-03-24 2019-05-14 Omnilife Science, Inc Orthopedic joint distraction device
EP3557897A1 (en) * 2018-04-20 2019-10-23 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Method and device for providing at least one cryptographic key for at least one mobile device
WO2022157501A1 (en) * 2021-01-22 2022-07-28 Arqit Limited A system and method for trustless key provisioning

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040184603A1 (en) * 2003-03-21 2004-09-23 Pearson David Spencer Systems and methods for quantum cryptographic key transport
US20050078826A1 (en) * 2003-10-10 2005-04-14 Nec Corporation Quantum cryptography communication system and quantum cryptography key distributing method used in the same
US20060013396A1 (en) * 2002-11-22 2006-01-19 Arc Seibersdorf Research Gmbh Communication system using quantum cryptography and comprising switching stations

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060013396A1 (en) * 2002-11-22 2006-01-19 Arc Seibersdorf Research Gmbh Communication system using quantum cryptography and comprising switching stations
US20040184603A1 (en) * 2003-03-21 2004-09-23 Pearson David Spencer Systems and methods for quantum cryptographic key transport
US20050078826A1 (en) * 2003-10-10 2005-04-14 Nec Corporation Quantum cryptography communication system and quantum cryptography key distributing method used in the same

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
BECHMANN-PASQUINUCCI H ET AL: "Quantum key distribution with trusted quantum relay" INTERNET CITATION 13 May 2005 (2005-05-13), pages 1-13, XP002534289 Retrieved from the Internet: URL:http://www.quantumoptics.it/research/publications/0505089.pdf> [retrieved on 2009-06-26] *
DULIGALL J L ET AL: "Low cost and compact quantum key distribution" NEW JOURNAL OF PHYSICS, INSTITUTE OF PHYSICS PUBLISHING, BRISTOL, GB, vol. 8, no. 10, 1 October 2006 (2006-10-01), pages 249-249, XP020107565 ISSN: 1367-2630 *
MARKUSG KUHN ED - JOSYULAR RAO ET AL: "Security Limits for Compromising Emanations" 1 January 2005 (2005-01-01), CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS - CHES 2005 LECTURE NOTES IN COMPUTER SCIENCE;;LNCS, SPRINGER, BERLIN, DE, PAGE(S) 265 - 279 , XP019017437 ISBN: 9783540284741 the whole document *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10285683B2 (en) 2015-03-24 2019-05-14 Omnilife Science, Inc Orthopedic joint distraction device
US10849609B2 (en) 2015-03-24 2020-12-01 Omnilife Science, Inc. Orthopedic joint distraction device
US11051798B2 (en) 2015-03-24 2021-07-06 Omnilife Science, Inc. Orthopedic joint distraction device
US11369358B2 (en) 2015-03-24 2022-06-28 Omnilife Science, Inc. Orthopedic joint distraction device
US11596392B2 (en) 2015-03-24 2023-03-07 Omnilife Science, Inc. Orthopedic joint distraction device
EP3557897A1 (en) * 2018-04-20 2019-10-23 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Method and device for providing at least one cryptographic key for at least one mobile device
WO2022157501A1 (en) * 2021-01-22 2022-07-28 Arqit Limited A system and method for trustless key provisioning
GB2603128A (en) * 2021-01-22 2022-08-03 Arqit Ltd A system and method for trustless key provisioning
GB2603128B (en) * 2021-01-22 2023-11-08 Arqit Ltd A system and method for trustless key provisioning

Also Published As

Publication number Publication date
WO2010013121A3 (en) 2010-03-25

Similar Documents

Publication Publication Date Title
CN108965230B (en) Secure communication method, system and terminal equipment
Sun et al. Improvements of Juang's password-authenticated key agreement scheme using smart cards
CN105027107B (en) Migrate the computer implemented method and computing system of computing resource
CN107294709A (en) A kind of block chain data processing method, apparatus and system
CN105007272A (en) Information exchange system with safety isolation
CN112400299B (en) Data interaction method and related equipment
AU2021271512A1 (en) Constructing a distributed ledger transaction on a cold hardware wallet
US10680799B2 (en) Secure remote aggregation
CN106452771B (en) JCE calls the method and device of the built-in RSA key operation of cipher card realization
CN110708291B (en) Data authorization access method, device, medium and electronic equipment in distributed network
CN114143117B (en) Data processing method and device
CN108667820B (en) Shared electronic whiteboard encryption method, system, electronic equipment and storage medium
CN108882030A (en) A kind of monitor video classification encryption and decryption method and system based on time-domain information
CN116244750A (en) Secret-related information maintenance method, device, equipment and storage medium
WO2010013121A2 (en) Method and apparatus for initialising a cryptographic communications system
JP2023510002A (en) System and method for secure data transfer using air gapping hardware protocol
CN110912683B (en) Password storage method and device and password verification method and device
CN115001865B (en) Communication processing method and system, client, communication server and supervision server
Walz et al. PROFINET Security: A Look on Selected Concepts for Secure Communication in the Automation Domain
CN107592294A (en) Data reporting method and device
CN113672954A (en) Feature extraction method and device and electronic equipment
JP2002183094A (en) Cooperative system for log-in among a plurality of servers, client device, log-in management device, server device and storage medium
CN110932843A (en) Data communication encryption method for embedded system
CN108199841A (en) A kind of SM2 keys operation method realized based on JCE frames and device
CN115694997B (en) Intelligent gateway system of Internet of things

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09740948

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09740948

Country of ref document: EP

Kind code of ref document: A2