WO2018199953A1 - Updating one-time pad of printer using physical document with encoded key material - Google Patents

Updating one-time pad of printer using physical document with encoded key material Download PDF

Info

Publication number
WO2018199953A1
WO2018199953A1 PCT/US2017/029837 US2017029837W WO2018199953A1 WO 2018199953 A1 WO2018199953 A1 WO 2018199953A1 US 2017029837 W US2017029837 W US 2017029837W WO 2018199953 A1 WO2018199953 A1 WO 2018199953A1
Authority
WO
WIPO (PCT)
Prior art keywords
printer
time pad
key material
physical document
server
Prior art date
Application number
PCT/US2017/029837
Other languages
French (fr)
Inventor
Michael BEITER
Steven J. Simske
Original Assignee
Hewlett-Packard Development Company, L.P.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett-Packard Development Company, L.P. filed Critical Hewlett-Packard Development Company, L.P.
Priority to PCT/US2017/029837 priority Critical patent/WO2018199953A1/en
Publication of WO2018199953A1 publication Critical patent/WO2018199953A1/en

Links

Classifications

    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C5/00Ciphering apparatus or methods not provided for in the preceding groups, e.g. involving the concealment or deformation of graphic data such as designs, written or printed messages
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Definitions

  • a one-time pad is a string of random bits, shared in entirety and in order in secret between multiple parties. These bits can be used as a cryptographic key, for instance, to effectively authenticate and/or encrypt messages between the parties using successive portions of the one-time pad that are not reused for successive transmissions.
  • Figure 1 is a diagram illustrating a system for performing encrypted communications according to one example.
  • Figure 2 is a block diagram illustrating elements of the printer shown in Figure 1 according to one example.
  • Figure 3 is a flow diagram illustrating a method for replenishing one-time pad key material in a printer according to one example.
  • Figure 4 is a block diagram illustrating an example computing device in which example systems and methods described herein may operate.
  • Figure 5 is a flow diagram illustrating a method of updating a one-time pad of a printer according to one example.
  • the workflow may utilize parts, or all, of the one-time pad for such cryptographic operations.
  • a printer and a secure server may communicate using a one-time pad to secure messages transmitted between the printer and the secure server without the need for encryption. Over time, the printer and secure server may begin to exhaust the stored one-time pad. As each given bit in the one-time pad can by definition be used one time, the key material contained in the one-time pad will eventually be depleted.
  • one-time pad may be performed to facilitate continued secure communication between the printer and the secure server.
  • the usage of one-time pads on printers may be somewhat limited by the fact that one-time pads are consumables that are depleted and eventually
  • the one-time pad key material is kept secret, and is known to the device performing the operation (e.g., a printer device), and a server side process that interacts with the printer as a workflow partner and has access to the operations that are protected with the one-time pad.
  • the one-time pad key material is kept secret from other entities.
  • Some examples are directed to a system and method for replenishing one-time pad key material in a printer (e.g., a multi-function printing (MFP) device) using a physical document (e.g., a data bearing hardcopy).
  • a printer e.g., a multi-function printing (MFP) device
  • MFP multi-function printing
  • a physical document e.g., a data bearing hardcopy
  • Some examples use a one-time pad in workflows to facilitate variable data printing (VDP) on a package for security workflows and/or tied to advanced
  • Examples disclosed herein address the issue of how to replenish the one-time pad key material in a secure way, which may be implemented as a "consumables" business / subscription business around one-time pad key material.
  • Examples include a secure self-service process (e.g., to implement a Software as a Service (SaaS) offering) as well as a process that relies on administrative action (e.g., to implement a "technician services" based offering).
  • Examples disclosed herein enable the creation of a consumable business that is based on selling one-time pad key material to customers; for instance, on a subscription based service, or as an on-demand solution.
  • Some examples may provide cryptography and security as a service, with a constant revenue stream that is based on one-time pad consumables that are inherent to some
  • Some examples allow a user to request a physical document from a server, where the physical document includes encoded one-time pad key material in a machine-readable form that can be recovered by a printer.
  • the one-time pad key material may be protected against eavesdropping and/or unauthorized modification by binding it to a specific human user and/or a specific printer.
  • These examples rely on paper hardcopies as a medium for securely transporting the replacement onetime pad key material. This allows using postal mail as a delivery vehicle, which is widely accepted for transport of confidential information, and is specifically protected against tampering and theft in many jurisdictions, making it often the sole legal method for shipment of legally-binding documents.
  • some examples use advanced cryptographic methods to provide both data
  • FIG. 1 is a diagram illustrating a system 90 for performing encrypted communications according to one example.
  • System 90 includes a printer 1 10 and a server 120.
  • Printer 1 10 may be, for example, an office printer, a desktop printer, an industrial printer, a 3D printer, and so forth, and may be implemented as a multi-function printing (MFP) device with scanning and other capabilities.
  • Printer 1 10 and server 120 communicate securely over a network 130 using a one-time pad 100.
  • One-time pad 100 may be a randomly generated series of data.
  • the one-time pad 100 may have m sequences of length n, allowing encryption of m messages of up to length n.
  • the one-time pad 100 may be used by printer 1 10 to securely communicate with a trusted device, such as server 120, which shares a copy of the one-time pad 100, using the one-time pad 100 as a basis for encryption of messages between printer 1 10 and the server 120.
  • a trusted device such as server 120
  • one-time pad 100 is illustrated as having four segments and corresponding identifiers.
  • one-time pad 100 may be arbitrarily large depending on a size of a memory made available for storing one-time pad 100.
  • identifiers for the segments may not be stored alongside the segments, and instead an offset may be used to communicate which segment has been used to encrypt a message between printer 1 10 and server 120. Segment length may also vary depending on types and/or lengths of messages intended to be encrypted using one-time pad 100.
  • printer 1 10 may encrypt the message using a segment of one-time pad 100.
  • printer 1 10 may use multiple segments of one-time pad 100. Encrypting the message may involve applying an XOR operation to the segment(s) of one-time pad 100 that is chosen by printer 1 10 and the message that printer 1 10 intends to transmit to server 120. In other examples, printer 1 10 may also apply further encryption techniques to further secure the message, authenticate itself to server 120, and so forth. For example, printer 1 10 may XOR an identifier unique to printer 1 10 with the result of encrypting the message to further prove its identity to server 120.
  • One-time pad 100 may also be used to implement cryptographic operations for authenticating messages and documents.
  • Printer 1 10 may then transmit the message to server 120 over network 130.
  • printer 1 10 may also transmit an identifier to the segment of one-time pad 100 used to encrypt the message. This may specifically identify to server 120 which segment of one-time pad 100 was used.
  • printer 1 10 and server 120 may automatically know based on a programmed sequence which segment of one-time pad 100 is used. By way of illustration, printer 1 10 may sequentially use odd numbered segments of onetime pad 100 for encrypting messages transmitted to server 120, and server 120 may sequentially use even numbered segments of one-time pad 100 for encrypting messages transmitted to printer 1 10.
  • server 120 may decrypt the message using the segment of one-time pad 100 that was used by printer 1 10 to encrypt the message.
  • Server 120 may figure out the segment used by one-time pad 100 based on, for example, a segment identifier transmitted by printer 1 10, a pre-agreed segment usage plan, and so forth.
  • server 120 may apply the XOR operation to the segment of one-time pad 100 and the encrypted message to retrieve the original message that printer 1 10 sought to transmit to server 120.
  • Server 120 may then take some action appropriate to the message received from printer 1 10.
  • server 120 seeks to transmit a sensitive message to printer 1 10
  • server 120 and printer 1 10 may take a similar series of actions, although with server 120 encrypting the sensitive message, and printer 1 10 decrypting the sensitive message.
  • printer 1 10 and server 120 may seek to prevent themselves from reusing that segment. This may be achieved by marking segments of one-time pad 100 as used segments as the segments are used to generate encrypted messages that are transmitted between printer 1 10 and server 120.
  • printer 1 10 and server 120 may effectively "use up" one-time pad 100 over time.
  • actions may be taken to replenish or replace one-time pad 100 with new onetime pad data.
  • a user of printer 1 10 or the printer 1 10 itself may request a new set of one-time pad data for installation in the printer 1 10.
  • the request may be sent to server 120, or to a different secure server.
  • server 120 In the example of the request being sent to server 120, server 120 generates a physical document 140 in response to the received request.
  • the physical document 140 includes a new set of one-time pad key material 150 encoded in machine-readable form (e.g., extended bar codes, graphical alphanumerics, etc.), which is delivered to the location of the printer 1 10.
  • This new set of onetime pad key material 150 may be used to replenish or replace the one-time pad 100 that is local to the printer 1 10.
  • the physical document 140 may not have the onetime pad replenishing material explicitly embedded in its binary representation, meaning that the document 140 is printed somewhere to make it readable and thus ingestible.
  • the new set of one-time pad key material 1 50 can be requested either manually by a user, or in an automated fashion directly by the printer 1 10, some examples involve at least one human to deliver the physical document 140 to the location of the printer 1 10 and install the new set of one-time pad key material 150 on the printer 1 10.
  • This human may be a service technician, a customer, or another person.
  • Some examples provide a high probability that the new set of one-time pad key material 150 can be read solely by the printer 1 10, and not by any human party (no matter if authorized or unauthorized) who may get access to the key material 150 during transport. Once the new set of one-time pad key material 150 has been installed in the printer 1 10, it may be further protected by the printer 1 10 against unauthorized access.
  • FIG. 2 is a block diagram illustrating elements of the printer 1 10 shown in Figure 1 according to one example.
  • Printer 1 10 includes memory 210, encryption module 220, decryption module 230, refresh module 240, and request module 250.
  • Module includes but is not limited to hardware, firmware, software stored on a computer-readable medium or in execution on a machine, and/or combinations of each to perform a function(s) or an action(s), and/or to cause a function or action from another module, method, and/or system.
  • a module may include a software controlled microprocessor, a discrete module, an analog circuit, a digital circuit, a programmed module device, a memory device containing instructions, and so on.
  • Modules may include gates, combinations of gates, or other circuit components. Where multiple logical modules are described, it may be possible to incorporate the multiple logical modules into one physical module. Similarly, where a single logical module is described, it may be possible to distribute that single logical module between multiple physical modules.
  • Memory 210 may be, for example, a secure storage, a hard disk, and so forth embedded within printer 1 10. Memory 210 may store a one-time pad 100 ( Figure 1 ).
  • Encryption module 220 may encrypt a message using the one-time pad 100 stored in memory 210. For example, encryption module 220 may select a segment(s) of the one-time pad 100 and perform an XOR operation between the segment(s) and the message to create an encrypted message. Encryption module 220 may also transmit the encrypted message to server 120. Server 120 may also store a copy of the one-time pad 100, or otherwise have access to the one-time pad 100. In one example, encryption module 220 may transmit the encrypted message to a cloud service. In this example, server 120 may be a member of the cloud service. Further, encrypted module 220 may uniquely identify printer 1 10 to the cloud service using the one-time pad 100, a unique device identifier, and so forth. A one-time pad may be considered "fail safe", meaning that if the one-time pad is misaligned by even a bit, the message is incomprehensible and just as secure as if it were from another one-time pad.
  • Decryption module 230 may decrypt a received message using the onetime pad 100.
  • the received message may be received from server 120.
  • Decryption module 230 may control printer 1 10 to perform an action based on the received message.
  • decryption module 230 may control printer 1 10 to access a resource, configure a network of which the printer 1 10 is a member, configure a device, configure printer 1 10, complete a transaction, display information, and so forth.
  • Request module 250 transmits a request for a new set of one-time pad key material to a server, such as server 120.
  • the printer 1 10 itself invokes the request module 250 to cause the request to be transmitted without human involvement.
  • a human user of printer 1 10 may interact with the request module 250 to cause the request to be
  • the request module 250 may also be implemented in a separate computing device, which allows the user to use that separate computing device to cause the request to be transmitted.
  • server 120 In the example of the request being sent to server 120, server 120 generates the physical document 140 ( Figure 1 ) in response to the received request, and the physical document 140 is delivered to the location of the printer 1 10 by at least one human.
  • Refresh module 240 processes the physical document 140, and decodes the one-time pad key material 150 that is encoded on the physical document 140. Refresh module 240 then replenishes or replaces the one-time pad 100 stored in memory 210 with the decoded one-time pad key material 150.
  • FIG. 3 is a flow diagram illustrating a method 300 for replenishing onetime pad key material in a printer according to one example.
  • system 90 ( Figure 1 ) performs method 300.
  • the printer 1 10 registers with a server 120 (e.g., cloud server) and, during the registration, submits a public key (unique to that specific printer 1 10) to the server 120, and receives a unique identity from the server 120.
  • This public key may be structured in a way so that it is linked to a related private key, which is known solely to the printer 1 10, such that content encrypted with the public key can be decrypted solely with the private key.
  • the keys may be derived, pulled directly, or negotiated based on the remaining onetime pad.
  • a request for a new set of one-time pad key material for the specific printer 1 10 is sent to the server 120.
  • the request is sent by a human user.
  • the printer 1 10 itself directly requests the key material from the server 120 via request module 250 ( Figure 2) without human involvement, triggered by certain events, such as the amount of locally available (e.g., unused) one-time pad key material running low.
  • the server 120 securely generates the requested one-time pad key material.
  • the server 120 may use different processes for this, depending on contractual relationships with customers.
  • the server 120 retrieves binding data (e.g., a cryptographic key) from server storage, and binds the new set of one-time pad key material to the specific printer 1 10 and/or a specific user using the retrieved binding data.
  • binding data e.g., a cryptographic key
  • Different implementations of binding the one-time pad key material to a specific user may provide different levels of security.
  • One example of a weaker form of binding is utilization of ideograms (a form of visual authentication), where the user manually confirms that certain visual markers are present, and does not proceed with the installation procedure if the markers are missing or not correct.
  • Other examples may bind the one-time pad key material to the user by utilizing cryptographic mechanisms such as secret sharing.
  • binding based on secret sharing may utilize a secret sharing method that is built on binary access structures, such as a star-shaped access structure, which can be built on vector space constructions.
  • the server 120 may also bind the one-time pad key material to the specific printer 1 10. For example, the server 120 may encrypt the one-time pad key material with a method such that the one-time pad key material can be decrypted solely by the specific printer 1 10 for which the key material has been requested.
  • the server 120 may employ a public key encryption scheme that utilizes the public key of the printer 1 10.
  • the server 120 may use a "hybrid encryption" scheme, where the server 120 first generates a new symmetric encryption key, encrypts the one-time pad key material with the symmetric encryption key, and then encrypts the symmetric encryption key with the public encryption key of the printer 1 10. Further implementations may use a method where the server 120 additionally protects the encrypted one-time pad key material against
  • computationally secure cryptographic means such as a digital signature or a keyed-hash message authentication code (HMAC).
  • HMAC keyed-hash message authentication code
  • the level of security is "lowest” while the new set of one-time pad key material is in transit, but that the same rules (e.g., the one-time pad key material can be used solely by the correct device) apply once delivered. This provides perfect security (in an information theoretic sense) for all participants but the owners of transit.
  • the server 120 renders the new set of one-time pad key material in a format that is appropriate for the transport mechanism to be used (e.g., the server 120 generates a PDF (Portable Document Format) that is printed to produce a physical document).
  • the server 120 may encode the (encrypted and signed) one time pad key material in various forms. Some examples may use a 2D barcode (such as a visually significant barcode, or any other graphical alphanumeric code), or a 3D barcode.
  • the 3D barcode may be a black and white 2D barcode with additional data encoded in certain color encoding schemes.
  • the server 120 may also encode additional key material in the barcode, such as the symmetric encryption key used in examples that utilize hybrid encryption.
  • the physical document with the one-time pad key material generated at 310 is provided to a human for transport to the printer 1 10. In some examples, there is no direct interaction between the server 120 and the printer 1 10 in returning the one-time pad key material.
  • the physical document with the one-time pad key material is transported to the location of the printer 1 10.
  • a human with the physical document interacts with the printer 1 10 to install the one-time pad key material on the printer 1 10.
  • the installation procedure depends on the transport mechanism used at 314. As an example, the installation procedure may involve the human scanning a barcode contained on the physical document.
  • the printer 1 10 decodes the one-time pad key material. If the one-time pad key material was additionally encrypted for transport, then the printer 1 10 uses, for example, its private key to decrypt the key material.
  • the printer 1 10 may perform additional operations to, for example, verify the integrity of the one-time pad key material before using it.
  • Part of the residual one-time pad may be used to obfuscate a portion of the new one-time pad or obfuscate metadata associated with the new one time pad.
  • the metadata might be a list of orders and lengths (e.g., 2 600, 3 1700, 1 700), which indicates to rearrange so bits 701 -1300 move to the front, followed by bits 1301 -3000, then followed by bits 1 -700.
  • Obfuscating the one-time pad in this way is a further deterrent to man-in-the-middle interception.
  • Other mechanisms that can be employed based on the residual one-time pad include, but are not limited to, using the residual one-time pad as key material seed for a
  • computationally secure encryption algorithm such as AES.
  • FIG. 4 is a block diagram illustrating an example computing device 400 in which example systems and methods described herein may operate.
  • the computing device 400 which may be a printer, for example, includes a processor 410, a memory 420, and an encryption module 440, which are all communicatively coupled to each other via a bus 430.
  • Processor 410 and encryption module 440 may perform, alone or in combination, various functions described herein with reference to the example systems and methods.
  • printer encryption module 440 may be implemented as a non- transitory computer readable medium storing processor-executable instructions, in hardware, software, firmware, an application specific integrated circuit, and/or combinations thereof.
  • the instructions may also be presented to computing device 400 as data 450 and/or process 460 that are temporarily stored in memory 420 and then executed by processor 410.
  • the processor 410 may be a variety of processors including dual microprocessor and other multi-processor architectures.
  • Memory 420 may include non-volatile memory (e.g., read only memory) and/or volatile memory (e.g., random access memory).
  • Memory 420 may also be, for example, a magnetic disk drive, a solid state disk drive, a floppy disk drive, a tape drive, a flash memory card, an optical disk, and so on.
  • memory 420 may store process 460 and/or data 450.
  • Computing device 400 may also be associated with other devices including other computers, devices, peripherals, and so forth in numerous configurations.
  • FIG. 5 is a flow diagram illustrating a method 500 of updating a onetime pad of a printer according to one example.
  • a remote server generates a physical document that includes encoded one-time pad key material.
  • the physical document is transported from a location of the remote server to a location of a printer.
  • the printer decodes the encoded one-time pad key material included in the physical document.
  • a one-time pad stored in the printer is updated with the decoded one-time pad key material.
  • the one-time pad key material included in the physical document in method 500 may be encrypted with a public key of the printer and
  • Another example is directed to a printer that includes a memory to store a one-time pad, and a request module to send a request to a remote server for one-time pad key material.
  • the printer further includes a refresh module to decode encoded one-time pad key material contained in a physical document generated by the remote server in response to the request, and update the onetime pad with the decoded one-time pad key material.
  • the printer may include an encryption module to encrypt a message using the one-time pad and to transmit the encrypted message to a trusted device that stores a copy of the one-time pad; and a decryption module to decrypt, using the one-time pad, a received message from the trusted device and to control the printer to perform an action based on the received message.
  • the request module may send the request without human involvement based on an amount of available information remaining in the one-time pad.
  • the one-time pad key material in the physical document may be bound to a specific user using a visual authentication method in which the user manually confirms that certain visual markers are present.
  • the one-time pad key material in the physical document may be bound to a specific user using a secret sharing method.
  • the one-time pad key material in the physical document may be bound to the printer using a public key of the printer to encrypt the one-time pad key material.
  • the one-time pad key material in the physical document may be bound to the printer using a hybrid encryption method in which the one-time pad key material is encrypted with a symmetric encryption key, and then the symmetric encryption key is encrypted with a public key of the printer.
  • the one-time pad key material in the physical document may be protected by a digital signature.
  • the one-time pad key material in the physical document may be protected by a keyed-hash message authentication code (HMAC).
  • HMAC keyed-hash message authentication code
  • the one-time pad key material may be implemented as one of a 2D or 3D barcode on the physical document. Transport of the physical document from a location of the remote server to a location of the printer may involve
  • Yet another example is directed to a system that includes a server to generate a physical document that includes encrypted one-time pad key material that is encrypted with a public key.
  • the system also includes a printer, located geographically remote from the server, to decrypt the encrypted onetime pad key material included in the physical document with a private key, and update a one-time pad stored in the printer with the decrypted one-time pad key material.
  • Transport of the physical document from a location of the server to a location of the printer may involve transporting the physical document via postal mail.

Abstract

A printer includes a memory to store a one-time pad, and a request module to send a request to a remote server for one-time pad key material. The printer further includes a refresh module to decode encoded one-time pad key material contained in a physical document generated by the remote server in response to the request, and update the one-time pad with the decoded one-time pad key material.

Description

UPDATING ONE-TIME PAD OF PRINTER USING PHYSICAL DOCUMENT
WITH ENCODED KEY MATERIAL
Background
[0001] A one-time pad is a string of random bits, shared in entirety and in order in secret between multiple parties. These bits can be used as a cryptographic key, for instance, to effectively authenticate and/or encrypt messages between the parties using successive portions of the one-time pad that are not reused for successive transmissions.
Brief Description of the Drawings
[0002] Figure 1 is a diagram illustrating a system for performing encrypted communications according to one example.
[0003] Figure 2 is a block diagram illustrating elements of the printer shown in Figure 1 according to one example.
[0004] Figure 3 is a flow diagram illustrating a method for replenishing one-time pad key material in a printer according to one example.
[0005] Figure 4 is a block diagram illustrating an example computing device in which example systems and methods described herein may operate.
[0006] Figure 5 is a flow diagram illustrating a method of updating a one-time pad of a printer according to one example. Detailed Description
[0007] In the following detailed description, reference is made to the
accompanying drawings which form a part hereof, and in which is shown by way of illustration specific examples in which the disclosure may be practiced. It is to be understood that other examples may be utilized and structural or logical changes may be made without departing from the scope of the present disclosure. The following detailed description, therefore, is not to be taken in a limiting sense, and the scope of the present disclosure is defined by the appended claims. It is to be understood that features of the various examples described herein may be combined, in part or whole, with each other, unless specifically noted otherwise.
[0008] When a user performs workflow operations that are built on a one-time pad, such as encryption operations, authentication operations, as well as other cryptographic operations, the workflow may utilize parts, or all, of the one-time pad for such cryptographic operations. A printer and a secure server may communicate using a one-time pad to secure messages transmitted between the printer and the secure server without the need for encryption. Over time, the printer and secure server may begin to exhaust the stored one-time pad. As each given bit in the one-time pad can by definition be used one time, the key material contained in the one-time pad will eventually be depleted.
Consequently, refreshing the one-time pad may be performed to facilitate continued secure communication between the printer and the secure server. The usage of one-time pads on printers may be somewhat limited by the fact that one-time pads are consumables that are depleted and eventually
exhausted during normal operation. Without a mechanism to easily replenish the one-time pad key material, adoption of services based on one-time pads may be low.
[0009] As the security of workflows are based on the confidentiality of the onetime pad, the one-time pad key material is kept secret, and is known to the device performing the operation (e.g., a printer device), and a server side process that interacts with the printer as a workflow partner and has access to the operations that are protected with the one-time pad. The one-time pad key material is kept secret from other entities. With the workflow operations potentially affecting legally binding contracts, the confidentiality level that may be attached to the one-time pad (and thus to the data that is transmitted with protection of the one-time pad) may have to meet the legal standards for the respective contract. In certain situations and jurisdictions, the highest possible legal standard is a physical document.
[0010] Some examples are directed to a system and method for replenishing one-time pad key material in a printer (e.g., a multi-function printing (MFP) device) using a physical document (e.g., a data bearing hardcopy). Some examples use a one-time pad in workflows to facilitate variable data printing (VDP) on a package for security workflows and/or tied to advanced
authentication methods. Workflows based on a one-time pad naturally
"consume" the one-time pad key material, eventually depleting it completely, thus preventing the continued use of the aforementioned workflows.
[0011] Examples disclosed herein address the issue of how to replenish the one-time pad key material in a secure way, which may be implemented as a "consumables" business / subscription business around one-time pad key material. Examples include a secure self-service process (e.g., to implement a Software as a Service (SaaS) offering) as well as a process that relies on administrative action (e.g., to implement a "technician services" based offering). Examples disclosed herein enable the creation of a consumable business that is based on selling one-time pad key material to customers; for instance, on a subscription based service, or as an on-demand solution. Some examples may provide cryptography and security as a service, with a constant revenue stream that is based on one-time pad consumables that are inherent to some
cryptographic protocols and applications.
[0012] Some examples allow a user to request a physical document from a server, where the physical document includes encoded one-time pad key material in a machine-readable form that can be recovered by a printer.
Depending on the implementation, the one-time pad key material may be protected against eavesdropping and/or unauthorized modification by binding it to a specific human user and/or a specific printer. These examples rely on paper hardcopies as a medium for securely transporting the replacement onetime pad key material. This allows using postal mail as a delivery vehicle, which is widely accepted for transport of confidential information, and is specifically protected against tampering and theft in many jurisdictions, making it often the sole legal method for shipment of legally-binding documents. In addition to this transport mechanism that provides a high level of legal compliance, some examples use advanced cryptographic methods to provide both data
confidentiality and data integrity in case of the postal delivery being (illegally) intercepted.
[0013] Figure 1 is a diagram illustrating a system 90 for performing encrypted communications according to one example. System 90 includes a printer 1 10 and a server 120. Printer 1 10 may be, for example, an office printer, a desktop printer, an industrial printer, a 3D printer, and so forth, and may be implemented as a multi-function printing (MFP) device with scanning and other capabilities. Printer 1 10 and server 120 communicate securely over a network 130 using a one-time pad 100. One-time pad 100 may be a randomly generated series of data. In some examples, the one-time pad 100 may have m sequences of length n, allowing encryption of m messages of up to length n. The one-time pad 100 may be used by printer 1 10 to securely communicate with a trusted device, such as server 120, which shares a copy of the one-time pad 100, using the one-time pad 100 as a basis for encryption of messages between printer 1 10 and the server 120.
[0014] In the illustrated example, one-time pad 100 is illustrated as having four segments and corresponding identifiers. However, in practice, one-time pad 100 may be arbitrarily large depending on a size of a memory made available for storing one-time pad 100. Additionally, identifiers for the segments may not be stored alongside the segments, and instead an offset may be used to communicate which segment has been used to encrypt a message between printer 1 10 and server 120. Segment length may also vary depending on types and/or lengths of messages intended to be encrypted using one-time pad 100. [0015] When printer 1 10 seeks to transmit a message to server 120, printer 1 10 may encrypt the message using a segment of one-time pad 100. If the length of the message used by printer 100 exceeds the length of a segment, printer 1 10 may use multiple segments of one-time pad 100. Encrypting the message may involve applying an XOR operation to the segment(s) of one-time pad 100 that is chosen by printer 1 10 and the message that printer 1 10 intends to transmit to server 120. In other examples, printer 1 10 may also apply further encryption techniques to further secure the message, authenticate itself to server 120, and so forth. For example, printer 1 10 may XOR an identifier unique to printer 1 10 with the result of encrypting the message to further prove its identity to server 120. One-time pad 100 may also be used to implement cryptographic operations for authenticating messages and documents.
[0016] Printer 1 10 may then transmit the message to server 120 over network 130. In some examples, printer 1 10 may also transmit an identifier to the segment of one-time pad 100 used to encrypt the message. This may specifically identify to server 120 which segment of one-time pad 100 was used. In other examples, printer 1 10 and server 120 may automatically know based on a programmed sequence which segment of one-time pad 100 is used. By way of illustration, printer 1 10 may sequentially use odd numbered segments of onetime pad 100 for encrypting messages transmitted to server 120, and server 120 may sequentially use even numbered segments of one-time pad 100 for encrypting messages transmitted to printer 1 10.
[0017] Upon receiving the encrypted message from printer 1 10, server 120 may decrypt the message using the segment of one-time pad 100 that was used by printer 1 10 to encrypt the message. Server 120 may figure out the segment used by one-time pad 100 based on, for example, a segment identifier transmitted by printer 1 10, a pre-agreed segment usage plan, and so forth. In examples where printer 1 10 used the XOR operator to generate the encrypted message, server 120 may apply the XOR operation to the segment of one-time pad 100 and the encrypted message to retrieve the original message that printer 1 10 sought to transmit to server 120. Server 120 may then take some action appropriate to the message received from printer 1 10. In examples where server 120 seeks to transmit a sensitive message to printer 1 10, server 120 and printer 1 10 may take a similar series of actions, although with server 120 encrypting the sensitive message, and printer 1 10 decrypting the sensitive message.
[0018] Upon using a segment of one-time pad 100 to encrypt and/or decrypt a message, printer 1 10 and server 120 may seek to prevent themselves from reusing that segment. This may be achieved by marking segments of one-time pad 100 as used segments as the segments are used to generate encrypted messages that are transmitted between printer 1 10 and server 120.
[0019] As a result of these actions, printer 1 10 and server 120 may effectively "use up" one-time pad 100 over time. To continue communicating securely, actions may be taken to replenish or replace one-time pad 100 with new onetime pad data. In some examples, a user of printer 1 10 or the printer 1 10 itself may request a new set of one-time pad data for installation in the printer 1 10. The request may be sent to server 120, or to a different secure server. In the example of the request being sent to server 120, server 120 generates a physical document 140 in response to the received request. The physical document 140 includes a new set of one-time pad key material 150 encoded in machine-readable form (e.g., extended bar codes, graphical alphanumerics, etc.), which is delivered to the location of the printer 1 10. This new set of onetime pad key material 150 may be used to replenish or replace the one-time pad 100 that is local to the printer 1 10. With the use of machine-readable patterns, such as graphical images, the physical document 140 may not have the onetime pad replenishing material explicitly embedded in its binary representation, meaning that the document 140 is printed somewhere to make it readable and thus ingestible.
[0020] Although the new set of one-time pad key material 1 50 can be requested either manually by a user, or in an automated fashion directly by the printer 1 10, some examples involve at least one human to deliver the physical document 140 to the location of the printer 1 10 and install the new set of one-time pad key material 150 on the printer 1 10. This human may be a service technician, a customer, or another person. Some examples provide a high probability that the new set of one-time pad key material 150 can be read solely by the printer 1 10, and not by any human party (no matter if authorized or unauthorized) who may get access to the key material 150 during transport. Once the new set of one-time pad key material 150 has been installed in the printer 1 10, it may be further protected by the printer 1 10 against unauthorized access.
[0021] Figure 2 is a block diagram illustrating elements of the printer 1 10 shown in Figure 1 according to one example. Printer 1 10 includes memory 210, encryption module 220, decryption module 230, refresh module 240, and request module 250. "Module", as used herein, includes but is not limited to hardware, firmware, software stored on a computer-readable medium or in execution on a machine, and/or combinations of each to perform a function(s) or an action(s), and/or to cause a function or action from another module, method, and/or system. A module may include a software controlled microprocessor, a discrete module, an analog circuit, a digital circuit, a programmed module device, a memory device containing instructions, and so on. Modules may include gates, combinations of gates, or other circuit components. Where multiple logical modules are described, it may be possible to incorporate the multiple logical modules into one physical module. Similarly, where a single logical module is described, it may be possible to distribute that single logical module between multiple physical modules.
[0022] Memory 210 may be, for example, a secure storage, a hard disk, and so forth embedded within printer 1 10. Memory 210 may store a one-time pad 100 (Figure 1 ).
[0023] Encryption module 220 may encrypt a message using the one-time pad 100 stored in memory 210. For example, encryption module 220 may select a segment(s) of the one-time pad 100 and perform an XOR operation between the segment(s) and the message to create an encrypted message. Encryption module 220 may also transmit the encrypted message to server 120. Server 120 may also store a copy of the one-time pad 100, or otherwise have access to the one-time pad 100. In one example, encryption module 220 may transmit the encrypted message to a cloud service. In this example, server 120 may be a member of the cloud service. Further, encrypted module 220 may uniquely identify printer 1 10 to the cloud service using the one-time pad 100, a unique device identifier, and so forth. A one-time pad may be considered "fail safe", meaning that if the one-time pad is misaligned by even a bit, the message is incomprehensible and just as secure as if it were from another one-time pad.
[0024] Decryption module 230 may decrypt a received message using the onetime pad 100. The received message may be received from server 120.
Decryption module 230 may control printer 1 10 to perform an action based on the received message. In various examples, decryption module 230 may control printer 1 10 to access a resource, configure a network of which the printer 1 10 is a member, configure a device, configure printer 1 10, complete a transaction, display information, and so forth.
[0025] Request module 250 transmits a request for a new set of one-time pad key material to a server, such as server 120. In one example, the printer 1 10 itself invokes the request module 250 to cause the request to be transmitted without human involvement. In another example, a human user of printer 1 10 may interact with the request module 250 to cause the request to be
transmitted. The request module 250 may also be implemented in a separate computing device, which allows the user to use that separate computing device to cause the request to be transmitted. In the example of the request being sent to server 120, server 120 generates the physical document 140 (Figure 1 ) in response to the received request, and the physical document 140 is delivered to the location of the printer 1 10 by at least one human.
[0026] Refresh module 240 processes the physical document 140, and decodes the one-time pad key material 150 that is encoded on the physical document 140. Refresh module 240 then replenishes or replaces the one-time pad 100 stored in memory 210 with the decoded one-time pad key material 150.
[0027] Figure 3 is a flow diagram illustrating a method 300 for replenishing onetime pad key material in a printer according to one example. In one example, system 90 (Figure 1 ) performs method 300. At 302 in method 300, as part of an initialization process, the printer 1 10 registers with a server 120 (e.g., cloud server) and, during the registration, submits a public key (unique to that specific printer 1 10) to the server 120, and receives a unique identity from the server 120. This public key may be structured in a way so that it is linked to a related private key, which is known solely to the printer 1 10, such that content encrypted with the public key can be decrypted solely with the private key. The keys may be derived, pulled directly, or negotiated based on the remaining onetime pad.
[0028] At 304 in method 300, a request for a new set of one-time pad key material for the specific printer 1 10 is sent to the server 120. In one example, the request is sent by a human user. In another example, the printer 1 10 itself directly requests the key material from the server 120 via request module 250 (Figure 2) without human involvement, triggered by certain events, such as the amount of locally available (e.g., unused) one-time pad key material running low. At 306, the server 120 securely generates the requested one-time pad key material. The server 120 may use different processes for this, depending on contractual relationships with customers.
[0029] At 308 in method 300, the server 120 retrieves binding data (e.g., a cryptographic key) from server storage, and binds the new set of one-time pad key material to the specific printer 1 10 and/or a specific user using the retrieved binding data. Different implementations of binding the one-time pad key material to a specific user may provide different levels of security. One example of a weaker form of binding is utilization of ideograms (a form of visual authentication), where the user manually confirms that certain visual markers are present, and does not proceed with the installation procedure if the markers are missing or not correct. Other examples may bind the one-time pad key material to the user by utilizing cryptographic mechanisms such as secret sharing. These stronger forms of binding are particularly useful for some examples disclosed herein because they can be implemented with perfect security, and, depending on the implementation, will not lower the perfect security provided by the one-time pad. One example of binding based on secret sharing may utilize a secret sharing method that is built on binary access structures, such as a star-shaped access structure, which can be built on vector space constructions. [0030] As mentioned above, the server 120 may also bind the one-time pad key material to the specific printer 1 10. For example, the server 120 may encrypt the one-time pad key material with a method such that the one-time pad key material can be decrypted solely by the specific printer 1 10 for which the key material has been requested. In some implementations, the server 120 may employ a public key encryption scheme that utilizes the public key of the printer 1 10. In other implementations, the server 120 may use a "hybrid encryption" scheme, where the server 120 first generates a new symmetric encryption key, encrypts the one-time pad key material with the symmetric encryption key, and then encrypts the symmetric encryption key with the public encryption key of the printer 1 10. Further implementations may use a method where the server 120 additionally protects the encrypted one-time pad key material against
modification through computationally secure cryptographic means such as a digital signature or a keyed-hash message authentication code (HMAC).
[0031] Note that in some examples described herein, the level of security is "lowest" while the new set of one-time pad key material is in transit, but that the same rules (e.g., the one-time pad key material can be used solely by the correct device) apply once delivered. This provides perfect security (in an information theoretic sense) for all participants but the owners of transit.
However, even though the transit personnel are generally considered trusted, there is still a high level of probabilistic security (in an information theoretic sense) available during transit through the symmetric key encryption, which differentiates these examples from methods that do not have specific in-transit security mechanisms.
[0032] At 310 in method 300, the server 120 renders the new set of one-time pad key material in a format that is appropriate for the transport mechanism to be used (e.g., the server 120 generates a PDF (Portable Document Format) that is printed to produce a physical document). If the one-time pad key material is encoded in a PDF file, the server 120 may encode the (encrypted and signed) one time pad key material in various forms. Some examples may use a 2D barcode (such as a visually significant barcode, or any other graphical alphanumeric code), or a 3D barcode. The 3D barcode may be a black and white 2D barcode with additional data encoded in certain color encoding schemes. Depending on the implementation, the server 120 may also encode additional key material in the barcode, such as the symmetric encryption key used in examples that utilize hybrid encryption.
[0033] At 312 in method 300, the physical document with the one-time pad key material generated at 310 is provided to a human for transport to the printer 1 10. In some examples, there is no direct interaction between the server 120 and the printer 1 10 in returning the one-time pad key material. At 314, the physical document with the one-time pad key material is transported to the location of the printer 1 10. At 316, a human with the physical document interacts with the printer 1 10 to install the one-time pad key material on the printer 1 10. The installation procedure depends on the transport mechanism used at 314. As an example, the installation procedure may involve the human scanning a barcode contained on the physical document.
At 318 in method 300, the printer 1 10 decodes the one-time pad key material. If the one-time pad key material was additionally encrypted for transport, then the printer 1 10 uses, for example, its private key to decrypt the key material.
Depending on the mechanism that was used to protect the one-time pad key material at 310, the printer 1 10 may perform additional operations to, for example, verify the integrity of the one-time pad key material before using it. Part of the residual one-time pad may be used to obfuscate a portion of the new one-time pad or obfuscate metadata associated with the new one time pad. For example, if the one-time is supposed to be re-arranged upon receipt, the metadata might be a list of orders and lengths (e.g., 2 600, 3 1700, 1 700), which indicates to rearrange so bits 701 -1300 move to the front, followed by bits 1301 -3000, then followed by bits 1 -700. Obfuscating the one-time pad in this way is a further deterrent to man-in-the-middle interception. Other mechanisms that can be employed based on the residual one-time pad include, but are not limited to, using the residual one-time pad as key material seed for a
computationally secure encryption algorithm, such as AES.
[0034] At 320, the printer 1 10 stores the one-time pad key material in its memory 210 (Figure 2), thus making it available to be used by applications. [0035] Figure 4 is a block diagram illustrating an example computing device 400 in which example systems and methods described herein may operate. The computing device 400, which may be a printer, for example, includes a processor 410, a memory 420, and an encryption module 440, which are all communicatively coupled to each other via a bus 430. Processor 410 and encryption module 440 may perform, alone or in combination, various functions described herein with reference to the example systems and methods. In some examples, printer encryption module 440 may be implemented as a non- transitory computer readable medium storing processor-executable instructions, in hardware, software, firmware, an application specific integrated circuit, and/or combinations thereof.
[0036] The instructions may also be presented to computing device 400 as data 450 and/or process 460 that are temporarily stored in memory 420 and then executed by processor 410. The processor 410 may be a variety of processors including dual microprocessor and other multi-processor architectures. Memory 420 may include non-volatile memory (e.g., read only memory) and/or volatile memory (e.g., random access memory). Memory 420 may also be, for example, a magnetic disk drive, a solid state disk drive, a floppy disk drive, a tape drive, a flash memory card, an optical disk, and so on. Thus, memory 420 may store process 460 and/or data 450. Computing device 400 may also be associated with other devices including other computers, devices, peripherals, and so forth in numerous configurations.
[0037] One example is directed to a method for updating a one-time pad of a printer. Figure 5 is a flow diagram illustrating a method 500 of updating a onetime pad of a printer according to one example. At 502 in method 500, a remote server generates a physical document that includes encoded one-time pad key material. At 504, the physical document is transported from a location of the remote server to a location of a printer. At 506, the printer decodes the encoded one-time pad key material included in the physical document. At 508, a one-time pad stored in the printer is updated with the decoded one-time pad key material. The one-time pad key material included in the physical document in method 500 may be encrypted with a public key of the printer and
implemented on the physical document as a barcode.
[0038] Another example is directed to a printer that includes a memory to store a one-time pad, and a request module to send a request to a remote server for one-time pad key material. The printer further includes a refresh module to decode encoded one-time pad key material contained in a physical document generated by the remote server in response to the request, and update the onetime pad with the decoded one-time pad key material.
[0039] The printer may include an encryption module to encrypt a message using the one-time pad and to transmit the encrypted message to a trusted device that stores a copy of the one-time pad; and a decryption module to decrypt, using the one-time pad, a received message from the trusted device and to control the printer to perform an action based on the received message.
[0040] The request module may send the request without human involvement based on an amount of available information remaining in the one-time pad. The one-time pad key material in the physical document may be bound to a specific user using a visual authentication method in which the user manually confirms that certain visual markers are present. The one-time pad key material in the physical document may be bound to a specific user using a secret sharing method. The one-time pad key material in the physical document may be bound to the printer using a public key of the printer to encrypt the one-time pad key material. The one-time pad key material in the physical document may be bound to the printer using a hybrid encryption method in which the one-time pad key material is encrypted with a symmetric encryption key, and then the symmetric encryption key is encrypted with a public key of the printer.
[0041] The one-time pad key material in the physical document may be protected by a digital signature. The one-time pad key material in the physical document may be protected by a keyed-hash message authentication code (HMAC). The one-time pad key material may be implemented as one of a 2D or 3D barcode on the physical document. Transport of the physical document from a location of the remote server to a location of the printer may involve
transporting the physical document via postal mail. [0042] Yet another example is directed to a system that includes a server to generate a physical document that includes encrypted one-time pad key material that is encrypted with a public key. The system also includes a printer, located geographically remote from the server, to decrypt the encrypted onetime pad key material included in the physical document with a private key, and update a one-time pad stored in the printer with the decrypted one-time pad key material. Transport of the physical document from a location of the server to a location of the printer may involve transporting the physical document via postal mail.
[0043] Although specific examples have been illustrated and described herein, a variety of alternate and/or equivalent implementations may be substituted for the specific examples shown and described without departing from the scope of the present disclosure. This application is intended to cover any adaptations or variations of the specific examples discussed herein. Therefore, it is intended that this disclosure be limited only by the claims and the equivalents thereof.

Claims

1 . A printer, comprising:
a memory to store a one-time pad;
a request module to send a request to a remote server for one-time pad key material; and
a refresh module to decode encoded one-time pad key material contained in a physical document generated by the remote server in response to the request, and update the one-time pad with the decoded one-time pad key material.
2. The printer of claim 1 , and further comprising:
an encryption module to encrypt a message using the one-time pad and to transmit the encrypted message to a trusted device that stores a copy of the one-time pad; and
a decryption module to decrypt, using the one-time pad, a received message from the trusted device and to control the printer to perform an action based on the received message.
3. The printer of claim 1 , wherein the request module sends the request without human involvement based on an amount of available information remaining in the one-time pad.
4. The printer of claim 1 , wherein the one-time pad key material in the physical document is bound to a specific user using a visual authentication method in which the user manually confirms that certain visual markers are present.
5. The printer of claim 1 , wherein the one-time pad key material in the physical document is bound to a specific user using a secret sharing method.
6. The printer of claim 1 , wherein the one-time pad key material in the physical document is bound to the printer using a public key of the printer to encrypt the one-time pad key material.
7. The printer of claim 1 , wherein the one-time pad key material in the physical document is bound to the printer using a hybrid encryption method in which the one-time pad key material is encrypted with a symmetric encryption key, and then the symmetric encryption key is encrypted with a public key of the printer.
8. The printer of claim 1 , wherein the one-time pad key material in the physical document is protected by a digital signature.
9. The printer of claim 1 , wherein the one-time pad key material in the physical document is protected by a keyed-hash message authentication code (HMAC).
10. The printer of claim 1 , wherein the one-time pad key material is implemented as one of a 2D or 3D barcode on the physical document.
1 1 . The printer of claim 1 , wherein transport of the physical document from a location of the remote server to a location of the printer involves transporting the physical document via postal mail.
12. A method, comprising:
generating with a remote server a physical document that includes encoded one-time pad key material;
transporting the physical document from a location of the remote server to a location of a printer;
decoding with the printer the encoded one-time pad key material included in the physical document; and updating a one-time pad stored in the printer with the decoded one-time pad key material.
13. The method of claim 12, wherein the one-time pad key material included in the physical document is encrypted with a public key of the printer and is implemented on the physical document as a barcode.
14. A system, comprising:
a server to generate a physical document that includes encrypted onetime pad key material that is encrypted with a public key; and
a printer, located geographically remote from the server, to decrypt the encrypted one-time pad key material included in the physical document with a private key, and update a one-time pad stored in the printer with the decrypted one-time pad key material.
15. The system of claim 14, wherein transport of the physical document from a location of the server to a location of the printer involves transporting the physical document via postal mail.
PCT/US2017/029837 2017-04-27 2017-04-27 Updating one-time pad of printer using physical document with encoded key material WO2018199953A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2017/029837 WO2018199953A1 (en) 2017-04-27 2017-04-27 Updating one-time pad of printer using physical document with encoded key material

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2017/029837 WO2018199953A1 (en) 2017-04-27 2017-04-27 Updating one-time pad of printer using physical document with encoded key material

Publications (1)

Publication Number Publication Date
WO2018199953A1 true WO2018199953A1 (en) 2018-11-01

Family

ID=63919919

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2017/029837 WO2018199953A1 (en) 2017-04-27 2017-04-27 Updating one-time pad of printer using physical document with encoded key material

Country Status (1)

Country Link
WO (1) WO2018199953A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112597453A (en) * 2020-12-04 2021-04-02 光大科技有限公司 Program code encryption and decryption method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6681214B1 (en) * 1999-06-29 2004-01-20 Assure Systems, Inc. Secure system for printing authenticating digital signatures
US20050102241A1 (en) * 2000-12-18 2005-05-12 Jon Cook Method of using personal signature as postage
US20150248561A1 (en) * 2014-03-03 2015-09-03 Ctpg Operating, Llc System and method for securing a device with a dynamically encrypted password.

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6681214B1 (en) * 1999-06-29 2004-01-20 Assure Systems, Inc. Secure system for printing authenticating digital signatures
US20050102241A1 (en) * 2000-12-18 2005-05-12 Jon Cook Method of using personal signature as postage
US20150248561A1 (en) * 2014-03-03 2015-09-03 Ctpg Operating, Llc System and method for securing a device with a dynamically encrypted password.

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112597453A (en) * 2020-12-04 2021-04-02 光大科技有限公司 Program code encryption and decryption method and device

Similar Documents

Publication Publication Date Title
US8209535B2 (en) Authentication between device and portable storage
US9544142B2 (en) Data authentication using plural electronic keys
US7810162B2 (en) Method and apparatus for playing back content based on digital rights management between portable storage and device, and portable storage for the same
AU2005225953B2 (en) Method and apparatus for acquiring and removing information regarding digital rights objects
CN1997953B (en) Method and device for protecting digital content in mobile applications
RU2584500C2 (en) Cryptographic authentication and identification method with real-time encryption
US20080005033A1 (en) Secure device licensing
CN105103119A (en) Data security service
WO2005116859A1 (en) Method and apparatus for transmitting rights object information between device and portable storage
JP2009103774A (en) Secret sharing system
CN101286994A (en) Digital literary property management method, server and system for content sharing within multiple devices
EP3449415B1 (en) Printer encryption
US20210103270A1 (en) Regulating production of an object
CN107409043B (en) Distributed processing of products based on centrally encrypted stored data
WO2018199953A1 (en) Updating one-time pad of printer using physical document with encoded key material
KR20140071775A (en) Cryptography key management system and method thereof
JP2008513858A (en) Method and equipment for postage payment
KR102496436B1 (en) Method of storing plurality of data pieces in storage in blockchain network and method of receiving plurality of data pieces
CN106790100A (en) A kind of data storage and access control method based on asymmetric cryptographic algorithm
US11093622B2 (en) Electronic system and method for managing digital content relating to works of art
CN106203138B (en) A kind of access control system of electronic product code
JP2005020608A (en) Content distribution system
US20230396419A1 (en) Data encryption key splits
JPH07162408A (en) Data delivery method
JP2003281476A (en) Communication system of ic card with cpu, ic card with cpu, management center and reading apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17906831

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17906831

Country of ref document: EP

Kind code of ref document: A1