WO2018140052A1 - Cryptographie par masque jetable - Google Patents

Cryptographie par masque jetable Download PDF

Info

Publication number
WO2018140052A1
WO2018140052A1 PCT/US2017/015579 US2017015579W WO2018140052A1 WO 2018140052 A1 WO2018140052 A1 WO 2018140052A1 US 2017015579 W US2017015579 W US 2017015579W WO 2018140052 A1 WO2018140052 A1 WO 2018140052A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
mobile device
cryptographic key
time pad
user
Prior art date
Application number
PCT/US2017/015579
Other languages
English (en)
Inventor
Michael BEITER
Matthew D. Gaubatz
Steven J. Simske
Original Assignee
Hewlett-Packard Development Company, L.P.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett-Packard Development Company, L.P. filed Critical Hewlett-Packard Development Company, L.P.
Priority to PCT/US2017/015579 priority Critical patent/WO2018140052A1/fr
Publication of WO2018140052A1 publication Critical patent/WO2018140052A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C5/00Ciphering apparatus or methods not provided for in the preceding groups, e.g. involving the concealment or deformation of graphic data such as designs, written or printed messages
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • Unsecure communication means that if data transmitted between two electronic devices is intercepted or monitored, the interceptor can easily discern the content of the data. From a cryptographic perspective, such data is said to be plaintext, or cleartext, meaning that the data is not encrypted.
  • secure communication means that if data transmitted between two electronic devices is intercepted or monitored, the interceptor is likely unable to discern the content of the data. From a cryptographic perspective, such data is said to be ciphertext, meaning that the data is encrypted.
  • FIG. 1 is a diagram of an example apparatus that can store and utilize a one-time pad key.
  • FIG. 2 is a diagram of an example one-time pad key.
  • FIGs. 3 and 4 are flowcharts of example methods by which a portion of a one-time pad key can be used to secure communication.
  • FIG. 5 is a flowchart of an example method of use.
  • FIG. 6 is a flowchart of an example method performed by a mobile device in relation to an apparatus that can store a one-time pad key.
  • data communicated among electronic devices may be secured via encryption. If the data is intercepted during communication, the interceptor is likely unable to discern the content of the data. However, depending on how the data is encrypted, a motivated interceptor may still be able discern the content of the data. For example, the approach used to encrypt the data may have theoretical or implementation vulnerabilities that the interceptor can leverage to compromise the data. As another example, the encryption keys used to encrypt the data may have been compromised, permitting the interceptor to decrypt the data.
  • a one-time pad specifies a key that is at least as long the data to be encrypted.
  • the key is random, and for theoretically unbreakable encryption, has to be truly random.
  • the key is used to encrypt data just once, and thereafter is not used again. There should be just two copies of the key, one copy in possession of the sender to encrypt the data, and another copy in possession of the recipient, although in some situations multiple recipients may have copies of the key.
  • One-time pad cryptography is used relatively infrequently, however, due to the difficulty in securely communicating the one-time pad key to each party of a future communication, particularly since the key is used just once.
  • one-time pad cryptography has been used primarily in the prison domain, where the costs associated with delivery of one-time pad keys, such as via personal delivery, are outweighed by the nature of the data to be encrypted. Therefore, in everyday use, one-time pad keys are encountered rarely, if ever.
  • An apparatus like a printing device such as a printer or multifunction printer (MFP) or all-in-one (AIO) device stores a one-time pad key.
  • the apparatus includes an input device, such as a touchscreen, by which a user can locally request a cryptographic key.
  • the apparatus includes logic to generate the requested cryptographic key using an unused portion of the one-time pad key, and output hardware such as a display or printing hardware to provide the generated cryptographic key to a mobile device of the user.
  • a quick response (QR) code may be displayed on the display or printed on a print medium that the mobile device can optically scan to receive the cryptographic key.
  • the cryptographic key may be the unused portion of the one- time pad key itself, permitting the user via his or her mobile device to securely send or receive, once, data lesser in length than this portion of the one-time pad key.
  • this scenario can result in the one-time pad key stored in the apparatus becoming quickly depleted.
  • a user wishing to send or receive a large amount of data has to receive a one-time pad key that is longer in length than the data to be communicated.
  • the apparatus may therefore provide as the cryptographic key an unused portion of the one-time pad key that is relatively short in length.
  • the apparatus may encrypt another, second cryptographic key using this unused portion of the one-time pad key, and provide it to the mobile device of the user in a wireless communication manner, such as via the Bluetooth or Wi-Fi protocol.
  • the user can then send or receive data encrypted using the second cryptographic key after having first decrypted the second cryptographic key with the unused portion of the one-time pad key that was previously received.
  • the apparatus may extend the effective lifetime of the one-time pad key by minimizing its depletion in other ways as well. For instance, the apparatus may use an unused portion of the one-time pad key as the "salt" that is used as input to a one-way hash function to generate the cryptographic key that is provided to the user. The apparatus may use an unused portion of the one-time pad key to generate the cryptographic key in another way as well. In such instances, just a small portion of the one-time pad key may be used, to conserve the remainder of the one-time pad key for future usage.
  • cryptographic keys generated from unused portions of the one-time pad key the apparatus stores.
  • an apparatus like a printer or an MFP device may be centrally located to users within the environment.
  • the apparatus is not physically accessible publicly, outside the environment. Because receiving requests for cryptographic keys can be confined to users physically interacting with the apparatus, and because providing the cryptographic keys can be confined to the apparatus displaying them or printing them on print media, the potential for compromising the cryptographic keys is limited.
  • FIG. 1 shows an example apparatus 100.
  • the apparatus 100 can be a printing device, like a printer or an MFP device.
  • An MFP device besides including printing capability, also includes scanning, faxing, copying, and/or other functionality.
  • the apparatus 100 can be located in an environment that has at least a degree of physical security. For instance, the apparatus 100 may be located within an office, industrial, or other
  • the apparatus includes storage hardware 102.
  • the storage hardware 102 is non-volatile storage hardware, such as flash semiconductor memory, or a magnetic medium like a hard disk drive.
  • the storage hardware 102 stores a one-time pad key 104.
  • the one-time pad key 104 can be a series of random data, such as a series of random bits or bytes of data.
  • the one-time pad key 104 can be sufficiently random to pass acknowledged tests of randomness, such as that known as Yao's test.
  • the one-time pad key 104 may be generated outside the apparatus 100 in a way that ensures true randomness of the one-time pad key 104, such as by analysis of radioactive decay, and loaded onto the storage hardware 102 of the apparatus 100.
  • the one-time pad key 104 may be generated by the apparatus 100 itself, using a random number generator of the apparatus 100, which in effect generates a series of pseudorandom bits or bytes, such as a series that passes Yao's test.
  • the one-time pad key 104 may be locally loaded onto the apparatus 100 via a removable storage medium, as opposed to being communicated over a network onto the storage hardware 102.
  • the storage hardware 102 itself may have the one-time pad key 104 pre-stored thereon prior to installation of the hardware 102 within the apparatus 100. This minimizes the potential that the one-time pad key 104 can be compromised when it is transferred to the apparatus 100.
  • the onetime pad key 104 may be loaded onto the apparatus 100 at time of manufacture of the apparatus 100, or otherwise prior to delivery to and installation at the location within the environment in which users use the apparatus 100 to print documents, scan documents, fax documents, copy documents, and so on.
  • the expected lifetime of the one-time pad key 104 may be comparable to that of the apparatus 100, or otherwise measurable in months or even years. That is, it can be desired that the onetime pad key 104 is loaded onto the storage hardware 102 of the apparatus 100 once, or at least minimally renewed or refreshed. Because a portion of the one-time pad key 104 can be used just once to ensure cryptographic security, there are generally two ways to ensure the one-time pad key 104 is not prematurely depleted. A first way is to use the one-time pad key 104 in such a way that just a small portion of the one-time pad key 104 is used each time secure communication is desired. Specific approaches to achieve this are described later in the detailed description.
  • a second way is to provide a relatively large, or long, one-time pad key 104.
  • the storage hardware 102 can be maximally used to store a large or long one-time pad key 104.
  • An eight or ten terabyte hard drive may be employed to store a one-time pad key 104 that is nearly eight or ten terabytes in length. If just a small number of bits, such as 128, 192, or 256 bits (i.e., 16, 24, or 32 bytes) is used for each secure
  • the one-time pad key 104 is likely to become depleted infrequently if ever. This also permits more convenient external generation of the one-time pad key 104, such that the one-time pad key 104 stored on the storage hardware 102 has to be refreshed or replenished (or the storage hardware 102 replaced with new storage hardware 102 storing a new onetime pad key 104) infrequently if ever.
  • the apparatus 100 includes output hardware 106 to provide a generated cryptographic key to a mobile device, such as a smartphone, of a user.
  • the output hardware 106 can be or include a display device, like a flat panel display such as a liquid crystal display (LCD).
  • a code such as a QR code can be displayed on the display device temporarily, for optical scanning by the user's mobile device.
  • the code represents the generated cryptographic key.
  • the user causes the mobile device to optically capture an image of the QR code, from which the mobile device can then decode the cryptographic key.
  • the output hardware 106 may include a different type of mechanism to interact with a sensor of the mobile device.
  • the user may place a mobile device onto or inside of an apparatus such that the generated cryptographic key can be communicated via manipulation of sensors on the mobile device, including those that are part of a touchscreen, a camera, a motion sensor, or a combination thereof, as well as other types of sensors.
  • the output hardware 106 may include a surface including actuators that can render patterns of information detectable by a touchscreen or a fingerprint sensor.
  • the key that is rendered over each instance of time may change.
  • the QR code that is displayed may change, and quickly, such that the exact code received by the mobile device is less likely to be intercepted by another, and is associated with a specific duration of time.
  • the patterns of used and rendered but unused keys, and the associated durations of time create a signature that can help provide additional measures of security.
  • the output hardware 106 can involve a physical connection between the between the apparatus and a mobile device.
  • a connector such as an attachment with a micro-universal serial bus (USB) adapter may be used. The connector may be detachable from the apparatus 100, or permanently affixed to the apparatus 100.
  • USB micro-universal serial bus
  • the output hardware 106 can be or include a printing device, such as a laser-printing mechanism or an inkjet- printing mechanism that can print the code representing the generated cryptographic key on a print medium like paper, for optical scanning by the user's mobile device.
  • a printing device such as a laser-printing mechanism or an inkjet- printing mechanism that can print the code representing the generated cryptographic key on a print medium like paper, for optical scanning by the user's mobile device.
  • the apparatus 100 provides the generated
  • the cryptographic key in a way that does not involve transmitting the key as data over a network or peer-to-peer connection, such as a Wi-Fi or a Bluetooth connection, to the mobile device.
  • the key is thus provided in an out-of-band manner as compared to that by which the apparatus 100 and the user's mobile device normally communicate data between one another.
  • a display device may display the QR code for a temporary length of time, and even then just after the user has identified or otherwise authenticated him or herself in person at the apparatus 100 physically. The user may be able to interact with the apparatus 100 to cause the QR code to cease being displayed once the user has successfully captured the QR code with his or her mobile device.
  • the output hardware 106 is a printing device
  • a shredder may be provided nearby, and the QR code printed along with instructions reminding the user to securely dispose of the print medium on which the code is printed after successfully scanning the code with the user's mobile device, such as by using the shredder.
  • the output hardware 106 may include a wireless
  • the user's mobile device may have to first be authenticated with the apparatus 100, and further, the wireless communication may be a direct, peer-to-peer connection, such as via the Wi- Fi Direct or the Bluetooth protocol, instead of an indirect, network connection, such as via a Wi-Fi infrastructure communication methodology.
  • RF radio frequency
  • the apparatus 100 includes input hardware 108, such as a touchscreen or another type of virtual or physical keyboard or other input device.
  • the input hardware 108 receives local input from a user requesting a cryptographic key that is then generated and provided via the output hardware 106.
  • the input is local in that the user is physically at the apparatus 100. That is, requests for cryptographic keys may not be received over a network or in another manner, since such requests can be more susceptible to malicious intrusion efforts by those that do not have physical access to the apparatus 100.
  • additional safeguarding of the one-time pad key 104 from which the cryptographic keys are generated is provided.
  • the apparatus 100 can also include a communication device 1 10, which permits the apparatus 100 to connect to a network to which the user's mobile device is also connectable.
  • the communication device 1 10 may be a network adapter like a wired Ethernet adapter, for instance.
  • the communication device 1 10 may be a wireless communication device, such as that described above in relation to the output hardware 106, for directly wirelessly communicating with the mobile device of the user in a peer-to-peer manner, such as in a Wi-Fi Direct or Bluetooth manner.
  • the communication between the user's mobile device and the communication device 110 of the apparatus is considered an in-band communication by which relatively large amounts of data can be transmitted.
  • the generated cryptographic key that the apparatus 100 provides out-of-band to the user's mobile device can be a portion of the one-time pad key 104, which is then used to secure in-band communication between the mobile device and the communication device 1 10 of the apparatus 100.
  • the apparatus includes logic 1 12.
  • the logic 1 12 is implemented at least partially in hardware.
  • the logic 1 12 may be implemented as a hardware processor that executes computer-executable code stored on a memory or other non-transitory computer-readable medium of the apparatus 100.
  • the logic 1 12 may be implemented as an application-specific integrated circuit (ASIC), or as a field programmable gate array (FPGA).
  • ASIC application-specific integrated circuit
  • FPGA field programmable gate array
  • the logic generates the requested cryptographic key from an unused portion of the onetime pad key 104 responsive to the user's request for the key via local input at the input hardware 108.
  • the logic 1 12 provides the generated cryptographic key to the user via the output hardware 106, as has been described.
  • FIG. 2 illustratively depicts an example one-time pad key 104.
  • the one-time pad key 104 is a series of random, such as truly random or pseudorandom, bits or bytes.
  • the size of the one-time pad key 104 may be measurable in gigabytes, terabytes, or more.
  • a portion of the one-time pad key 104 that has not previously been used is used to encrypt data once, via performing a modulo-10, modulo-2, or modulo-26 operation of position- corresponding bits or bytes of this portion of the one-time pad key 104 and of the data to be encrypted.
  • a portion of the one-time pad key 104 has been used once, it is no longer used, and indeed may be securely deleted from the storage hardware 102 of the apparatus 100.
  • the logic 1 12 of the apparatus 100 can generate the
  • the unused portion may be the next available unused portion of the one-time pad key 104.
  • the one-time pad key 104 includes bytes 1 , 2, 3, 4, 5, and so on, the bytes are selected and used in this order.
  • an unused portion of the one-time pad key 104 may be selected for usage randomly from all the unused portions of the one-time pad key 104, in a contiguous or non-contiguous manner.
  • the logic 1 12 selects a contiguous unused portion of the one-time pad key 104 that is forty bytes in length. As an example of the latter, if forty bytes are needed, then the logic 112 may select forty different unused bytes as the portion of the one-time pad key 104, regardless of whether they are consecutive to one another within the one-time pad key 104.
  • the length of the unused portion of the one-time pad key 104 that the logic 1 12 of the apparatus 1 12 selects corresponds to the length of data that the one-time pad key 104 is to encrypt.
  • the length of the selected unused portion has to be at least as long as the length of the data that is to be encrypted by this portion of the one-time pad key 104.
  • Different strategies for using the one-time pad key 104 to minimize rapid depletion of the one-time pad key 104 - since each bit or byte can of the one-time pad key 104 can be used just once - are described in detail later in the detailed description.
  • one such technique involves using a portion of the one-time pad key 104 to encrypt another encryption key that is then used by the mobile device of the user and/or the apparatus 100 to communicate data. That is, the one-time pad key 104 is not used to encrypt the data itself, but rather to provide a mechanism for secure key exchange between the mobile device of the user and the apparatus 100 or between the user's mobile device and an entirely different device.
  • the providing of the portion of the one-time pad key 104 in an out-of-band manner from the encryption key that is itself encrypted with this portion of the one-time pad key 104 promotes security of the encryption key itself, since the encryption key may not itself be transmitted except once, when encrypted with the one-time pad key 104.
  • an unused portion 204 of the one-time pad key 104 may be used to encrypt a relatively large encryption key, such as one that is 256 bits in length, whereas another unused portion 206 may be used to encrypt a smaller encryption key, such as one that is 128 bits in length.
  • the unused portion 204 of the one-time pad key 104 itself just has to be no less than (and desirably equal to) 256 bits, and the unused portion 206 no less than (and desirably equal to) 128 bits. If the utmost security is unnecessary, then the encryption key that is transmitted after being encrypted with a portion of the one-time pad key 104 may be used multiple times to secure data communication.
  • Usage of the one-time pad key 104 therefore is conserved. Effectively limitless data can be transmitted via an encryption key that itself was initially encrypted with a portion of the one-time pad key 104, while just "using up" a small number of bits of the one-time pad key 104.
  • a portion of the one-time pad key 104 may be selected that has a length at least equal to the length of the data to be transmitted securely.
  • an unused portion 208 of the one-time pad key 104 may be used to encrypt data having the same or smaller size than the portion 208 of the one-time pad key 104.
  • This portion 208 is used to encrypt the data prior to transmission by the sender, and used to decrypt the encrypted data upon receipt by the recipient. Thereafter, the portion 208 of the one-time pad key 104 is discarded by both the sender and the recipient, either of which can include the apparatus 100 or the user's mobile device.
  • This technique does not conserve usage of the onetime pad key 104, since each transmission of data uses a portion of the onetime pad key 104 equal in length to the data being transmitted. However, so long as the key 104 is truly random and is not compromised at the apparatus 100 or at the user's mobile device, and is not intercepted upon output at the output hardware 106, the resulting security cannot be mathematically compromised.
  • FIG. 3 shows an example method 300 by which a portion of the one-time pad key 104 can be used to secure communication between the apparatus 100 and a mobile device of a user.
  • the method 300 depicts a scenario in which conservation of the one-time pad key 104 is emphasized over security of the communication between the apparatus 100 and the user's mobile device. Therefore, the method 300 is useful for normal or standard data communication scenarios, in which security during data transmission is desired, but not at any cost, such as the cost of using a portion of the onetime pad key equal (or greater) in length to the length of message to be communicated.
  • the apparatus 100 provides an unused portion of the one-time pad key 104 via the output hardware 106 to the user's mobile device (302), which receives this portion of the one-time pad key 104 (304), as has been described.
  • the apparatus 100 then encrypts a different encryption key with the provided portion of the one-time pad key 104 (306).
  • the portion of the one-time pad key 104 that is provided has a length no less than the length of this encryption key, and to maximally conserve the one-time pad key 104, has a length equal to the length of the encryption key.
  • the apparatus 100 transmits the encrypted encryption key in- band, via the communication device 1 10, to the user's mobile device (308), which thus receives the encrypted encryption key (310).
  • the mobile device decrypts the encryption key using the previously provided portion of the onetime pad key (312).
  • the apparatus 100 can then securely delete this now- used portion of the one-time pad key 104 (314), as can the user's mobile device (316).
  • the apparatus 100 and the mobile device of the user can exchange data with one another that is encrypted with the encryption key (318).
  • the apparatus 100 can encrypt data using the encryption key and send the encrypted data to the mobile device via the communication device 1 10, which the mobile device can then decrypt using the encryption key.
  • the mobile device can encrypt data using the encryption key and send the encrypted data to the apparatus 100, which receives the encrypted data via the communication device 100, and which can then decrypt the encrypted data using the encryption key.
  • a portion of the one-time pad key 104 is not used to exchange data between the mobile device and the apparatus 100. Rather, a portion of the one-time pad key 104 is used just to encrypt the encryption key by which data is thereafter securely exchanged between the mobile device and the apparatus 100.
  • the portion of the onetime pad key 104 is sent out-of-band from the (encrypted) encryption key, minimizing the likelihood that the portion of the one-time pad key 104 becomes compromised.
  • the encryption key is encrypted with this portion of the one-time pad key, similarly minimizing the likelihood that the encryption key becomes compromised.
  • the encryption key can be used multiple times in part 318, over multiple data exchanges between the user's mobile device and the apparatus 100. That is, an effectively limitless amount of data can be exchanged between the mobile device and the apparatus 100, with security owing in part to a portion of the one-time pad key 104 that can have a length just equal to the length of the encryption key by which this data is communicated. In this way, then, the method 300 conserves usage of the one-time pad key 104.
  • the method 300 has been described in relation to just one encryption key, and thus in relation to symmetric encryption of data exchanged between the mobile device and the apparatus 100. However, the method 300 can be extended to asymmetric data encryption as well.
  • each of the mobile device and the apparatus 100 has a pair of keys.
  • the apparatus 100 transmits its encrypting, or public, key to the mobile device, and the mobile device likewise transmits its encrypting, or public, key to the apparatus 100.
  • the apparatus 100 uses the mobile device's encrypting key to encrypt data before transmitting the data to the mobile device, which uses the other key of its key pair, which is a decrypting, or private, key to decrypt the data.
  • the mobile device likewise uses the apparatus 100's encrypting key to encrypt data before transmitting the data to the apparatus 100, which uses its decrypting, or private, key to decrypt the data.
  • the portion of the onetime pad key 104 that the apparatus 100 provides to the user's mobile device in part 302 has a length equal to the lengths of the encrypting, or public, keys of the apparatus 100 and the mobile device.
  • the mobile device uses a part of the provided portion of the one-time pad key 104 to encrypt the mobile device's public key, and the apparatus 100 uses this same part to decrypt the mobile device's public key.
  • the apparatus 100 uses the other part of the provided portion of the one-time pad key 104 to encrypt its public key, and the mobile device uses this same part to decrypt the apparatus 100's public key.
  • the encryption key is used for just one exchange of data between the mobile device and the apparatus 100 in part 318. That is, the encryption key is used for just one transmission of data from the mobile device to the apparatus 100, or for just one transmission of data from the apparatus 100 to the mobile device. After the data has been transmitted, if additional data is to be transmitted, the method 300 is repeated at part 302 in this implementation.
  • the user may wish to transmit first data to the apparatus 100, and responsively receive second data from the apparatus 100.
  • the method 300 is performed a first time, culminating in part 318 with the transmission of the first data from the mobile device to the apparatus 100.
  • the method 300 is then performed a second time, culminating in part 318 with the transmission of the second data from the apparatus 100 to the mobile device.
  • a different portion of the one-time pad key 104 is provided from the apparatus 100 to the mobile device in part 302.
  • a different encryption key is transmitted to the mobile device in part 308.
  • the portion of the one-time pad key 104 that is used desirably remains equal to the length of the encryption key by which the data is encrypted.
  • the first data that the mobile device transmits to the apparatus 100 may be gigabytes in size, but the encryption key used to encrypt this data may just be 256 bits in length. Therefore, just a 256-bit portion of the one-time pad key 104 is used to initially encrypt the encryption key.
  • the second data that the apparatus 100 sends back to the mobile device can likewise be large in size, but the (different) encryption key used to encrypt the second data may also be just 256 bits in length, so that just another 256-bit portion of the one-time pad key 104 is used to encrypt this encryption key as well.
  • FIG. 4 shows another example method 400 by which a portion of the one-time pad key 104 can be used to secure communication between the apparatus 100 and a mobile device of a user.
  • the method 400 depicts a scenario in which security of the communication between the apparatus 100 and the user's mobile device is emphasized over conservation of the one-time pad key 104. Therefore, the method 400 is useful for highly sensitive data communication scenarios, in which security during transmission is paramount, even at the relative cost of more rapid depletion of the one-time pad key 104.
  • the apparatus 100 provides an unused portion of the one-time pad key 104 via the output hardware 106 to the user's mobile device (402), which receives this portion of the one-time pad key 104 (404), as has been described.
  • the mobile device can then encrypt first data to be transmitted to the apparatus 100, via a first part of the received portion of the one-time pad key 104 (406).
  • the mobile device transmits the encrypted first data to the apparatus 100 (408), which receives the encrypted first data via the communication device 1 10 (410), and decrypts the first using the same first part of the portion of the one-time pad key 104 (412).
  • the apparatus 100 can encrypt second data to be transmitted to the mobile device 100, via a remaining second part of the portion of the one- time pad key 104 that the apparatus 100 previously provided in part 402 (414).
  • the apparatus 100 transmits the encrypted second data via the
  • the mobile device decrypts the second data using the same second part of the received portion of the one-time pad key 104 (420).
  • the mobile device can then delete the received portion of the onetime pad key 104 (422), as can the apparatus 100 (424).
  • the first part of the portion of the one-time pad key 104 may be deleted earlier, prior to the remaining, second part of this portion of the one-time pad key 104.
  • the example method 400 provides for higher security than the method 300 in the exchange of data between the mobile device and the apparatus 100. This is because in the method 400, the data is encrypted using a portion of the one-time pad key 104 itself, which can provide for mathematically unbreakable encryption so long as the one-time pad key 104 is truly random and it is not compromised in part 402. By comparison, in the method 300 the data is encrypted using an encryption key. Depending on the length of the encryption key and the methodology by which the encryption key is used to encrypt data, the security of the exchanged data is just
  • the method 400 can result in more rapid depletion of the one-time pad key 104 than the method 300 does. This is because the portion of the one-time pad key 104 provided in part 402 has to be at least as long as the length of the first data transmitted in part 408 and the length of the second data transmitted in part 416. If the lengths of the first data and the second data are known at the time that the user requests the portion of the one-time pad key 104, the portion that is provided can be exactly equal to the sum of these lengths.
  • an anticipated length of the data to be exchanged, or a preset maximum length may be selected, and a portion of the one-time pad key 104 having the selected length provided. In this case, there is potential that some of the one-time pad key 104 may be wasted, because a portion of the one-time pad key 104 is considered as used once it has been provided in part 402, regardless of whether any data is encrypted (and subsequently transmitted) via this portion of the one-time pad key 104.
  • the specific example depicted in FIG. 4 is also advantageous because it permits the user to just have to physically operate the apparatus 100 once for two transmissions of data, once from the mobile device to the apparatus 100, and once from the apparatus 100 to the mobile device. That is, a portion of the one-time pad key 104 is provided once in the method 400, in part 402, and thereafter a first part of this portion is used to encrypt first data transmitted from the mobile device to the apparatus 100, and a second part of the portion is used to encrypt second data transmitted from the apparatus to the mobile device.
  • This scenario can be extended, so that more than two transmissions of data may be achieved using different parts of the portion of the one-time pad key 104 provided in part 402. For example, so long as the portion of the one-time pad key 104 has sufficient length, a third part of this portion of the one-time pad key 104 may be used to send third data from the mobile device to the apparatus 100, or vice-versa.
  • the specific example depicted in FIG. 4 can be adjusted to provide better security, by limiting the one-time pad key portion provided in part 402 to use in a single data transmission, either from the mobile device to the apparatus 100, or from the apparatus 100 to the mobile device.
  • Such additional security reduces the likelihood that the portion of the one-time pad key 104 will be compromised, particularly at the mobile device of the user, because each time the user wishes to send or receive data, the user has to physically operate the apparatus 100 to retrieve another portion of the one-time pad key 104.
  • heightened security can be less convenient to the user, particularly if the user is typically not physically near the apparatus 100.
  • both methods 300 and 400 have been described in relation to a user of a mobile device retrieving a portion of a one-time pad key 104 from the apparatus 100 for subsequent secure data exchange with the apparatus 100.
  • the subsequent data exchange that occurs may be between the mobile device and another device different than the apparatus 100.
  • a user of the different device may also have to retrieve the portion of the one-time pad key 104 from the apparatus 100, no differently than the user of the mobile device.
  • the apparatus 100 may instead send the portion of the one-time pad key 104 via the communication device 1 10 to the different device, which may be a server that itself has the same physical security as the apparatus 100 to maintain at least a degree of security.
  • the apparatus 100 specifically the logic 1 12 thereof, deletes the portion of the one-time pad key 104 after having provided it to the mobile device and to the other device.
  • the logic 1 12 of the apparatus 100 sends a communication, via the communication device 1 10, which the logic 1 12 has encrypted using a portion of the one-time pad key 104.
  • the communication may be another encryption key, as in the method 300, or other data, as in the method 400.
  • the logic 1 12 of the apparatus 100 in the method 400 can further receive a communication, via the communication device 1 10, which has been encrypted using a portion of the one-time pad key 104.
  • the logic 1 12 thus decrypts this communication.
  • the logic 1 12 of the apparatus 100 also in both the transmission and the receipt of an encrypted communication ultimately deletes the used portion of the one-time pad key 104 from the storage hardware 102.
  • FIG. 5 shows an example method 500 that a user of a mobile device can perform in relation to the apparatus 100.
  • the user locally operates the apparatus 100 to cause the apparatus 100 to generate a cryptographic key from an unused portion of a one-time pad key 104 (502).
  • the user locally operates the apparatus 100 to cause the apparatus 100 to generate a cryptographic key from an unused portion of a one-time pad key 104 (502).
  • cryptographic key can be the unused portion of the one-time pad key 104 itself.
  • the user travels to the location of the apparatus 100, and physically interacts with the apparatus 100, such as via its input hardware 108.
  • the user causes his or her mobile device to receive the generated key (504).
  • the apparatus 100 may temporally display a code representing the key on a display, such that the user employs the mobile device to optically scan or capture the code.
  • the apparatus 100 may print the code on a print medium, such that the user employs the mobile device optically scans or captures the printed code.
  • the mobile device is then able to decode the cryptographic key from the captured or scanned code.
  • the user causes the mobile device to securely communicate via this cryptographic key (506). Such secure communication can be performed in accordance with the methods 300 and 400 that have been described.
  • FIG. 6 shows an example method 600 from the perspective of the mobile device of the user.
  • the method 600 can thus be implemented as computer-executable code stored on a non-transitory computer-readable data storage medium of the mobile device, and executable by a processor of the mobile device.
  • the code may be in the form of an app, for instance, which is a computer program executable by mobile devices like smartphones.
  • a representation of a cryptographic key provided by the apparatus 100 is optically captured by the mobile device (602).
  • the apparatus 100 generates the cryptographic key from an unused portion of the one-time pad key 104, and the key can be this portion of the one-time pad key 104.
  • the mobile device may have a digital camera mechanism, for instance, by which it can capture an image including the representation of the cryptographic key. The mobile device then decodes the cryptographic key from this optically captured representation (604).
  • the mobile device can therefore securely communicate with the apparatus 100 using the cryptographic key (606).
  • secure communication can be achieved by exchanging a pair of cryptographic keys with the apparatus 100, where the cryptographic keys are each encrypted via at least a part of the received portion of the one-time pad key 104. Secure communication of data can then be performed by encrypting the data using the exchanged cryptographic key pair.
  • the secure communication can be achieved by the mobile device encrypting data via at least a part of the received portion of the one-time pad key 104, and transmitting the encrypted data to the apparatus 100, which then decrypts the data using this same part of the one-time pad key portion.
  • the mobile device can also receive data that the apparatus 100 has encrypted via at least a part of the portion of the onetime pad key 104. The mobile device then decodes the encrypted data using this same part of the one-time pad key portion.
  • the techniques that have been described herein therefore leverage an apparatus found in multiple user environments, such as a printing device like a printer or an MFP device, to provide for improved secure communication using a mathematically unbreakable one-time pad key.
  • the apparatus brokers distribution of portions of the one-time pad key responsive to physically local requests at the apparatus, in an out-of-band manner as compared to other data transmission.
  • Different approaches have been presented to balance security on the one hand with conservation of the onetime pad key on the other, which can be individually selected on a case-by- case basis.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Selon l'invention, un appareil stocke une clé de masque jetable. En réponse à la réception d'une entrée locale d'un utilisateur demandant une clé cryptographique, par l'intermédiaire d'un matériel d'entrée de l'appareil, l'appareil génère la clé cryptographique demandée depuis une partie non utilisée de la clé de masque jetable. L'appareil fournit la clé cryptographique générée à un dispositif mobile de l'utilisateur, par l'intermédiaire d'un matériel de sortie de l'appareil.
PCT/US2017/015579 2017-01-30 2017-01-30 Cryptographie par masque jetable WO2018140052A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2017/015579 WO2018140052A1 (fr) 2017-01-30 2017-01-30 Cryptographie par masque jetable

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2017/015579 WO2018140052A1 (fr) 2017-01-30 2017-01-30 Cryptographie par masque jetable

Publications (1)

Publication Number Publication Date
WO2018140052A1 true WO2018140052A1 (fr) 2018-08-02

Family

ID=62978620

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2017/015579 WO2018140052A1 (fr) 2017-01-30 2017-01-30 Cryptographie par masque jetable

Country Status (1)

Country Link
WO (1) WO2018140052A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030026429A1 (en) * 2000-03-29 2003-02-06 Vadium Technology, Inc. One-time-pad encryption with key ID and offset for starting point
US20140003608A1 (en) * 2012-06-29 2014-01-02 Dark Matter Labs Inc. Key management system
WO2015157720A2 (fr) * 2014-04-11 2015-10-15 Oscar Tango Papa Llc Procédés et appareil d'implémentation d'un système de communication sécurisé au moyen de fonctions pad à usage unique
US20160373253A1 (en) * 2015-06-18 2016-12-22 Kabushiki Kaisha Toshiba Communication device, communication system, communication method, and computer program product

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030026429A1 (en) * 2000-03-29 2003-02-06 Vadium Technology, Inc. One-time-pad encryption with key ID and offset for starting point
US20140003608A1 (en) * 2012-06-29 2014-01-02 Dark Matter Labs Inc. Key management system
WO2015157720A2 (fr) * 2014-04-11 2015-10-15 Oscar Tango Papa Llc Procédés et appareil d'implémentation d'un système de communication sécurisé au moyen de fonctions pad à usage unique
US20160373253A1 (en) * 2015-06-18 2016-12-22 Kabushiki Kaisha Toshiba Communication device, communication system, communication method, and computer program product

Similar Documents

Publication Publication Date Title
CN1307819C (zh) 安全分配公开/秘密密钥对的方法和装置
CN107925577B (zh) 用于加密密钥生成和管理的方法以及计算机可读介质
TW548939B (en) Entropy sources for encryption key generation
KR101747888B1 (ko) 암호화/복호화 키의 생성 방법
JP2019516266A (ja) 量子鍵配送に基づく暗号化及び復号のためのシステム及び方法
JP5167374B2 (ja) データ暗号化装置、及び、メモリカード
US20030044012A1 (en) System and method for using a profile to encrypt documents in a digital scanner
WO2013048509A1 (fr) Impression sécurisée entre une imprimante et un dispositif client d'impression
JP2004086894A5 (fr)
EP3153985A1 (fr) Dispositif et procédé pour la génération de mot de passe dans un dispositif utilisateur
JP2018523360A (ja) 安全なsms通信のための方法及びシステム
Hazra et al. A hybrid cryptosystem of image and text files using blowfish and Diffie-Hellman techniques
JP2009200565A (ja) デジタル複合機
US11588809B2 (en) System and method for securing a content creation device connected to a cloud service
JP5054317B2 (ja) 暗号鍵設定方法、ネットワークシステム、管理装置、情報処理端末、および暗号鍵設定プログラム
KR101364859B1 (ko) 스캔 이미지 처리 시스템 및 스캔 이미지 처리 방법
JP2007318699A (ja) 暗号伝送システム、送信装置、受信装置、送信方法、受信方法、ならびに、プログラム
JP2016201032A (ja) 端末管理システム、端末管理装置、及び端末管理方法
WO2018140052A1 (fr) Cryptographie par masque jetable
JP2012050075A (ja) 暗号化通信システム及び暗号化通信方法
JP2023539152A (ja) 既知のユーザ間のセキュアな通信
KR101467402B1 (ko) 네트워크 망을 통하여 수신된 팩스 데이터 관리 방법 및 그 방법을 이용한 관리장치
JP2013041538A (ja) 情報処理装置、情報処理装置の制御方法及び情報処理装置の制御プログラム
JP6216662B2 (ja) 暗号化通信装置、暗号化通信システム、及び暗号化通信方法
JP2010219883A (ja) 画像形成装置および画像形成方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17893868

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17893868

Country of ref document: EP

Kind code of ref document: A1