WO2022269544A1 - Système de stockage d'actifs sécurisé et dispositif portable - Google Patents

Système de stockage d'actifs sécurisé et dispositif portable Download PDF

Info

Publication number
WO2022269544A1
WO2022269544A1 PCT/IB2022/055853 IB2022055853W WO2022269544A1 WO 2022269544 A1 WO2022269544 A1 WO 2022269544A1 IB 2022055853 W IB2022055853 W IB 2022055853W WO 2022269544 A1 WO2022269544 A1 WO 2022269544A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
user
client application
asset
generating
Prior art date
Application number
PCT/IB2022/055853
Other languages
English (en)
Inventor
Christopher Horn
Joseph BARA
Original Assignee
Idz Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Idz Ltd. filed Critical Idz Ltd.
Publication of WO2022269544A1 publication Critical patent/WO2022269544A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • This disclosure relates to secure asset storage and a system incorporating a wearable device.
  • One aspect of the disclosure provides a method of secure asset management.
  • the computer-implemented method when executed by data processing hardware causes the data processing hardware to perform operations.
  • the operations include obtaining, from a user request, user assets and generating, for a central server, a master key and associating the master key of the central server to a unique user ID.
  • the operations include, for each user request, generating, using the master key and a key derivation function, a plurality of asset keys.
  • the operations also include obtaining, using a client application, at least one user asset key from the plurality of asset keys.
  • the operations further include generating, using the client application, a unique user ID from asset meta data and generating, using the client application and the key derivation function, a deterministic seed from the unique user asset ID and the at least one user asset key.
  • Implementations of the disclosure may include one or more of the following optional features.
  • the at least one user asset key is stored in a memory storage of a wearable device.
  • the operations may include registering, using the client application, the wearable device with the central server.
  • Biometric data of a user may be obtained from the wearable device, and the biometric data may be associated with at least one user data key of the plurality of user asset using the client application and the central server.
  • the method may include generating, using the client application, a keypair that comprises at least a private key and a public key.
  • the public key of the keypair may be stored in the central server and the public key may be associated with the unique user ID.
  • the method may include generating a random salt in the central server and associating the random salt with the unique user ID.
  • a base derivation key may be generated using the key derivation function.
  • the key derivation function may utilize the random salt and a private key of a keypair of the client application.
  • the client application may be executed on a wearable device.
  • the method may include generating a session key for the client application, the session key comprising a private key and a public key, sending the public key of the session key to a wearable device of the user, and generating, for the wearable device, a device key exchange key comprising a private device key and a public device key. The session key and the device key exchange key may then be exchanged to derive encryption and decryption keys for each of the client application and the wearable device using the client application.
  • the method may include generating, using the key derivation function, a base derivation key and using the base derivation key to encrypt the user data.
  • the method may include indexing, using the unique user asset ID, the asset meta data within the client application.
  • the mem TM" " rl w arc stores instructions that when executed on the data processing hardware cause the data processing hardware to perform operations.
  • the operations include obtaining, from a user request, user assets and generating, for a central server, a master key and associating the master key of the central server to a unique user ID.
  • the operations include, for each user request, generating, using the master key and a key derivation function, a plurality of asset keys.
  • the operations also include obtaining, using a client application, at least one user asset key from the plurality of asset keys.
  • the operations further include generating, using the client application, a unique user ID from asset meta data and generating, using the client application and the key derivation function, a deterministic seed from the unique user asset ID and the at least one user asset key.
  • Implementations of the disclosure may include one or more of the following optional features.
  • the at least one user asset key is stored in a memory storage of a wearable device.
  • the operations may include registering, using the client application, the wearable device with the central server.
  • Biometric data of a user may be obtained from the wearable device, and the biometric data may be associated with at least one user data key of the plurality of user asset using the client application and the central server.
  • the system may include generating, using the client application, a keypair that comprises at least a private key and a public key.
  • the public key of the keypair may be stored in the central server and the public key may be associated with the unique user ID.
  • the system may include generating a random salt in the central server and associating the random salt with the unique user ID.
  • a base derivation key may be generated using the key derivation function.
  • the key derivation function may utilize the random salt and a private key of a keypair of the client application.
  • the client application may be executed on a wearable device.
  • the system may include generating a session key for the client application, the session key comprising a private key and a public key, sending the public key of the session key to a wearable device of the user, and generating, for the wearable device, a device key exchange key comprising a private device key and a public device key. The session key and the device key exchange key may then be exchanged to derive encryption and decryption keys for each of the client application and the wearable device using the client application.
  • the system may include generating, using the key derivation function, a base derivation key and using the base derivation key to encrypt the user data.
  • the system may include indexing, using the unique user asset ID, the asset meta data within the client application.
  • Another aspect of the disclosure provides a system that includes at least one client application software executing on a personal computing device.
  • a user of the client application software is optionally in possession of a wearable device comprising a microcontroller and secure element.
  • At least one central server includes a hardware security module and a database.
  • the client application is configured to perform a method including the operations of generating a first random seed in a client application wherein the first random seed comprises at least a private key and a public key.
  • the operations also include storing the public key of the first random seed in the at least one central server and associating the public key of the first random seed in the at least one central server and associating the first random seed with a unique user ID.
  • the operations also include generating a random salt in the at least one central server and associating the random salt with the unique user ID.
  • a base derivation key is generated in a client application using a key derivation function that takes as input the random salt and private key of the first random seed.
  • This aspect may include one or more of the following optional features.
  • the functions performed by the client application software may be performed in a secure element of a wearable device.
  • a further aspect of the disclosure provides a method to establish a secure communication channel between the client application software and a wearable device.
  • the operations include generating an application session key comprising of at least a private key and a public key in a client application software and sending the public key of the application session key to a wearable device of a user.
  • a wearable session key is generated in the wearable device and includes at least a private key and public key.
  • the wearable device and the client application software exchange the public keys of the respective session keys, and the client a " 1 ’ *’ TM 1 software and the wearable device each use an secure algorithm to derive encryption and decryption keys using the private keys of each respective session key.
  • the operations also include using the base derivation key to encrypt user assets.
  • Another aspect of the disclosure provides a method to encrypt user assets.
  • the operations include sending a request to a central server to store a secret asset or assets by a user, wherein the central server generates a master key and associates the master key with the unique user ID and combining the master key together with the base derivation key to generate a plurality of asset keys with client application software, wherein the client application software randomly selects at least one asset key from the plurality of asset keys and generates a unique asset ID from the asset's meta data.
  • a key derivation function is applied to generate a deterministic seed from the unique asset ID and asset key with the client application software.
  • the operations also include encrypting the asset data using the deterministic seed within the client application software.
  • This aspect may include one or more of the following optional features.
  • the steps may be performed by the client application software are performed in a secure element of a wearable device.
  • FIG. 1 is a schematic view of an example system for secure asset storage.
  • FIG. 2 is a schematic view of exemplary components of a client application, a user device, and a central server.
  • FIG. 3 is a schematic view of additional exemplary components of the client application and the central server.
  • FIG. 4 is a schematic view of communication between a user device, a wearable device, and the central server.
  • FIG. 5 is a schematic view of an exchange between a client application and a wearable device.
  • FIG. 6 is a schematic view of an encryption communication between a client application, a wearable device, and a central server.
  • FIG. 7 is a schematic view of another exemplary encryption communication between the client application, the wearable device, and the central server.
  • FIG. 8 is a flowchart of an example arrangement of operations for a method of secure asset management.
  • FIG. 9 is a schematic view of an example computing device that may be used to implement the systems and methods described herein.
  • Body worn devices when connected to smartphones or computing devices via communication protocols such as Bluetooth and comprising tamper-proof secure elements capable of performing cryptographic operations and securely storing sensitive data such as encryption keys can play an important role in securing access to user assets.
  • User security can be further enhanced when the wearable is enabled with sensors capable of detecting unique biometric attributes such as fingerprints.
  • Communication of data can be accomplished by use of one or more communications technologies such as near-field communications, a cellular modem, RFID, a Bluetooth transmitter, a USB, a WIFI transmitter, a WIMAX transmitter, or an Ethernet connection.
  • a communications unit may communicate to an external device through a mobile application.
  • the present disclosure provides computer systems that are programmed to implement methods of the disclosure.
  • a computer system e.g., as shown in FIG. 1 can be programmed or otherwise configured to perform the methods described herein.
  • the computer system can regulate various aspects of the present disclosure, such as, for example, generating, storing, and/or sending instructions to the circuitry.
  • the computer system can be an electronic device of a user or a computer system that is remotely located with respect to the electronic device.
  • the electronic device can be a mobile electronic device.
  • the computer system includes a central processing unit (CPU, also “processor” and “computer processor” herein), which can be a single core or multi core processor, or a plurality of processors for parallel processing.
  • the computer system also includes memory or memory location (e.g., random-access memory, read-only memory, flash memory), electronic storage unit (e.g., hard disk), communication interface (e.g., network adapter) for communicating with one or more other systems, and peripheral devices, such as cache, other memory, data storage and/or electronic display adapters.
  • memory or memory location e.g., random-access memory, read-only memory, flash memory
  • electronic storage unit e.g., hard disk
  • communication interface e.g., network adapter
  • peripheral devices such as cache, other memory, data storage and/or electronic display adapters.
  • the memory, storage unit, interface and peripheral devices can be in communication with the CPU through a communication bus (solid lines), such as a motherboard.
  • the storage unit can be a data storage unit (or data repository) for storing data.
  • the computer system can be operatively coupled to a computer network (“network”) with the aid of the communication interface.
  • the network can be the Internet, an internet and/or extranet, or an intranet and/or extranet that is in communication with the Internet.
  • the network in some cases is a telecommunication and/or data network.
  • the network can include one or more computer servers, which can enable distributed computing, such as cloud computing.
  • the network in some cases with the aid of the computer system, can implement a peer-to-peer network, which may enable devices coupled to the computer system to behave as a client or a server.
  • the CPU can execute a sequence of machine-readable instructions, which can be embodied in a program or software.
  • the instructions may be stored in a memory location, such as the memory.
  • the instructions can be directed to the CPU, which can subsequently program or otherwise configure the CPU to implement methods of the present disclosure. Examples of operations performed by the CPU can include fetch, decode, execute, and writeback.
  • the CPU can be part of a circuit, such as an integrated circuit.
  • a circuit such as an integrated circuit.
  • One or more other components of the system can be included in the circuit.
  • the circuit is an application specific integrated circuit (ASIC).
  • ASIC application specific integrated circuit
  • the storage unit can store files, such as drivers, libraries and saved programs.
  • the storage unit can store user data, e.g., user preferences and user programs.
  • the computer system in some cases can include one or more additional data storage units that are external to the computer system, such as located on a remote server that is in communication with the computer system through an intranet or the Internet.
  • the computer system can communicate with one or more remote computer systems through the network.
  • the computer system can communicate with a remote computer system of a user (e.g., a cellular network).
  • remote computer systems include personal computers (e.g., portable PC), slate or tablet PC’s (e.g., Apple® iPad, Samsung® Galaxy Tab), telephones, Smart phones (e.g., Apple® iPhone, Android-enabled device, Blackberry®), smart watches, other wearables, or personal digital assistants.
  • the user can access the computer system via the network.
  • Methods as described herein can be implemented by way of machine (e.g., computer processor) executable code stored on an electronic storage location of the computer system, such as, for example, on the memory or electronic storage unit.
  • the machine executable or machine readable code can be provided in the form of software.
  • the code can be executed by the processor.
  • the code can be retrieved from the storage unit and stored on the memory for ready access by the processor.
  • the electronic storage unit can be precluded, and machine- executable instructions are stored on memory.
  • the code can be pre-compiled and configured for use with a machine having a processer adapted to execute the code or can be compiled during runtime.
  • the code can be supplied in a programming language that can be selected to enable the code to execute in a pre-compiled or as-compiled fashion.
  • aspects of the systems and methods provided herein can be embodied in programming.
  • Various aspects of the technology may be thought of as “products” or “articles of manufacture” typically in the form of machine (or processor) executable code and/or associated data that is carried on or embodied in a type of machine readable medium.
  • Machine-executable code can be stored on an electronic storage unit, such as memory (e.g., read-only memory, random-access memory, flash memory) or a hard disk.
  • “Storage” type media can include any or all of the tangible memory of the computers, processors or the like, or associated modules thereof, such as various semiconductor memories, tape drives, disk drives and the like, which may provide non-transitory storage at any ti ⁇ ⁇ software programming. All or portions of the software may at times be communicated through the Internet or various other telecommunication networks. Such communications, for example, may enable loading of the software from one computer or processor into another, for example, from a management server or host computer into the computer platform of an application server.
  • another type of media that may bear the software elements includes optical, electrical and electromagnetic waves, such as used across physical interfaces between local devices, through wired and optical landline networks and over various air-links.
  • a machine readable medium such as computer-executable code
  • a tangible storage medium such as computer-executable code
  • Non-volatile storage media include, for example, optical or magnetic disks, such as any of the storage devices in any computer(s) or the like, such as may be used to implement the databases, etc. shown in the drawings.
  • Volatile storage media include dynamic memory, such as main memory of such a computer platform.
  • Tangible transmission media include coaxial cables; copper wire and fiber optics, including the wires that comprise a bus within a computer system.
  • Carrier- wave transmission media may take the form of electric or electromagnetic signals, or acoustic or light waves such as those generated during radio frequency (RF) and infrared (IR) data communications.
  • RF radio frequency
  • IR infrared
  • Common forms of computer-readable media therefore include for example: a floppy disk, a flexible disk, hard disk, magnetic tape, any other magnetic medium, a CD-ROM, DVD or DVD-ROM, any other optical medium, punch cards paper tape, any other physical storage medium with patterns of holes, a RAM, a ROM, a PROM and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave transporting data or instructions, cables or links transporting such a carrier wave, or any other medium from which a computer may read programming code and/or data.
  • the computer system can include or be in communication with an electronic display that comprises a user interface (UI).
  • UI user interface
  • Examples of UI’s include, without limitation, a graphical user interface (GUI) and web-based user interface.
  • Methods and systems of the present disclosure can be implemented by way of one or more algorithms, as described and shown herein.
  • An algorithm can be implemented by way of software upon execution by the central processing unit.
  • an example system 100 includes a processing system 10.
  • the processing system 10 may be a single computer, multiple computers, a user device, a wearable device, and/or a distributed system (e.g., a cloud computing environment) having fixed or scalable/elastic computing resources 12 (e.g., data processing hardware) and/or storage resources 14 (e.g., memory hardware).
  • fixed or scalable/elastic computing resources 12 e.g., data processing hardware
  • storage resources 14 e.g., memory hardware
  • the processing system 10 may also include a central server 16 that may be equipped with a database (or filestore or equivalent persistent storage) to store encrypted user data, described in more detail below.
  • the central server 16 may also be equipped with an optional Hardware Security Module (HSM) which may be used for the secure generation of cryptographic keys as well as secure execution of cryptographic algorithms.
  • HSM Hardware Security Module
  • the processing system 10 executes a security model 200 over a network 120, such as a wide area network, such as the Internet.
  • the central server 16 is configured to receive a user and/or factory request 20 from a user device 22 associated with a respective user 24.
  • the user device 22 may also communicate with one or more wearable devices 26 associated with the respective user 24 over a local area communication channel (such as Bluetooth).
  • the personal computing device may be configured with a client application or application software 202. It is contemplated that the client application 202 may be executed on the wearable device 26.
  • the client application 202 may also be connected to the central server 16 via the network 120.
  • the central server 16 is equipped with a database (or filestore or equivalent persistent storage) to store encrypted user assets.
  • the central server 16 is also equipped with an optional Hardware Security Module (HSM) 28 which may be used for the secure generation of cryptographic keys 204, 204a-n as well as secure execution of cryptographic algorithms of the security model 200.
  • HSM Hardware Security Module
  • the wearable devices 26 are provisioned with signed and encrypted firmware together with the plurality of cryptographic keys 204, 204a-n, generated by the central server 16 in response to the request 20 made over a secure connection.
  • the factory server may send the request 20 to the central server 16 for firmware.
  • the request 20 may contain information unique to the device 22, 26 such as its serial number and/or MAC address or other unique identification (ID) 30.
  • the central server uses the HSM 28 or other similar secure cryptographic device to generate the plurality of keys 204, 204a-n.
  • the keys 204, 204a-n may then be associated with the unique ID 30 and responds with cryptographically signed and encrypted firmware together with the plurality of keys 204, 204a-n.
  • the signed and encrypted firmware is flashed in a memory 32 of the wearable device 26.
  • the associated keys 204, 204a-n used to sign and encrypt the firmware are securely stored in the memory 32 of the device 26.
  • the wearable device 26 includes a tamper-proof storage in which the associated keys 204, 204a-n may be stored.
  • the client application 202 executes user interactions and co-ordinates the request(s) 20 to the central server 16 and any connected wearable devices 26.
  • the client application 202 of the user device 22 may be distributed from the central server 16, such as an app store or servers of a service provider.
  • the client application 202 may be utilized to create a unique identity name 206a and PIN and/or password 206b to secure a user account.
  • the client application 202 generates a high-entropy deterministic cryptographic seed (EP SEED) 208 using elliptic curve cryptography (ECC), which may be used by the user as an alternative means to access their account, for example if the user 24 has lost their wearable device 26 or forgotten their PIN.
  • ECC elliptic curve cryptography
  • This process results in random keypairs 210, 210a-n.
  • the keypairs 210, 210a-n may include a secret or private key EP SEED SK 210a and a public key EP SEED PK 210b.
  • the public key 210b may be stored in the central server 16.
  • the deterministic seed 208 and its keypairs 210, 210a-n maybe generated using a secure element contained within the wearable device 26 associated with the user 24.
  • the client application 202 may send a secure request 212 to the wearable device 26 to obtain the public key 210b. arn bodiment, the request/response is sent under a secure encrypted session (such as the example provided in section 4).
  • the client application 202 displays the value of the deterministic seed 208 to the user 24 and may be displayed in a series of words or a passphrase. The user 24 may then be instructed to save/write down the deterministic seed 208 or the equivalent passphrase/words.
  • the cryptographic keypair 210, 210a-n is derived from the deterministic seed 208.
  • the client application 202 sends the identity name 206a, PIN/password 206b, and public key 210b to the central server 16.
  • the public key 210b is subsequently securely discarded by the client application 202.
  • the central server 16 may store the identity name 206a, the public key 210b, and pin/password 206b (salted and hashed) and associates each with the user’s account under a unique ID (IDENTITY ID) 220.
  • the server 16 then responds to the client application 202 with the unique user ID (IDENTITY ID) 220.
  • the central server 16 may responds with a registration success together with a random salt (SS_USER_SALT) 222, which may be generated by the central server’s 16 HSM 28.
  • the random salt 222 is associated with the unique user ID 220.
  • the random salt 222 is generated using a true random number generator.
  • the client application 202 may use a Key Derivation Function (KDF) 224, such as Scrypt, Bcrypt, Argon2 or other secure hashing algorithm, to deterministically generate the SS USER base derivation key 226 using the random salt 222 and the private key 210a .
  • KDF Key Derivation Function
  • the deterministic seed 208, the private key 210a, and the random salt 222 are securely discarded from memory to prevent in memory hacking.
  • the deterministic seed 208 can be recovered in future from the user 24 with the private key 210a and the public key 210b being derived from the deterministic seed 208.
  • the random salt 222 can be requested from the central server 16 by providing the unique user ID 220 in the request.
  • the client application 202 may then confirm successful registration to the user 24.
  • SS USER may now be used as the base derivation key 226 to encrypt user assets or data.
  • the user 24 has the option of associating the wearable device 26 with their account.
  • the user 24 uses the client application 202 to establish a communication channel with the wearable device 26 (for example using Bluetooth).
  • the communication channel may be free from additional security mechanisms.
  • the client application 202 registers the wearable device 26 with the central server 16 whereby the wearable device 26 is associated with the user’s account.
  • the client application 202 may securely send SS_USERto the wearable device 226 for safe storage, and the client application 202 may securely discard SS USER.
  • the above design ensures that all entities in the system 100 have a symbiotic relationship, so that they rely on each other to solidify the security of the system 100.
  • the user 24 holds the deterministic seed 208 as the base account recovery key.
  • the server 16 stores the random salt 222 on behalf of the user 24 and can issue challenges towards the client application 202 and/or wearable device 26 using the public key 210b to verify their authenticity, which in turn requires the deterministic seed 208.
  • the resulting SS USER key 226 is stored either in a Trusted Platform Module (TPM) of the client application 202.
  • SS_USER may be stored in a secure element of the wearable device 26.
  • the client application 202 handles user login and authentication and establishes a secure session with the central server 16. This is achieved by the client application 202 sending identity name followed by at least one secondary credential captured by the user 24 at the time of registration such as a PIN or password.
  • a secondary credential captured by the user 24 at the time of registration
  • Those skilled in the art will be familiar with specifications such as OAuth2 that can be used to securely verify the credentials and for the central server 16 to issue a short-lived token such as a cryptographically signed JSON Web Token (JWT) to be used between the user 24 and the central server 16 as a means of proving that the session has been authenticated.
  • JWT cryptographically signed JSON Web Token
  • a user 24 may access and/or recover their account securely using the deterministic seed 208.
  • the client application 202 may request the deterministic seed 208 from the user 24.
  • the deterministic seed 208 might be converted to a human understandable form such as a passphrase, series of words, QR code or other such convenient format.
  • the client application 202 may then derive the public key 210b and the private key 210a and may then send n authentication request to the central server 16 containing the public key 210b.
  • the client application 202 looks up the public key 210b in its database to find a matching account. If no matching account is found, an error is returned.
  • the request may also contain at least one identity name associated with the user’s account.
  • the user 24 is required to provide an identity name that matches with the public key in order to provide an additional layer of verification.
  • the deterministic seed 208 may be correlated with user personally identifiable data such as that provided by biometric information that can be obtained from the user 24 through various means such as via APIs of the client application 202 or using biometric information derived from the wearable device 26.
  • the central server 16 sends a challenge request to the client asking the client to sign the challenge.
  • the challenge may contain a cryptographically secure random number or other hard to guess value.
  • the client application 202 may sign the challenge using the private key 210a.
  • the challenge may be signed by secure element of the wearable device 26. In either configuration, the signed challenge is sent back to the central server 16, and the central server 16 verifies the signature using the public key 210b. If the signature is valid, the server 16 issues a short-lived signed token to authenticate the user’s session. The token is returned to the client to be used for subsequent requests.
  • the wearable device 26 may generates a device key pair 550 randomly on the elliptic curve resulting in a private device key 550a and a public device key 550b (WE RABLE_SK, WEARABLE PK). The wearable device 26 may then generate a device key exchange key (KEKw) 552 from the private device key 550a and the public key 512b. The wearable device 26 responds to the start session request with the public device key 550b.
  • KEKw device key exchange key
  • the client application 202 generates a Key Exchange Key (KEKa) 514 from the public device key 550b and the private key 512a, and the client application 202 generates a random ephemeral session key (SS SESSION) 516 that may include a private key 516a and a public key 516b.
  • the client application 202 symmetrically encrypts the session key 516 and its Initial Vector(IV) using the key exchange key 514 resulting in the public key 516b.
  • the client application 202 discards the key exchange key 514 and sends public key 516b to the wearable device 26.
  • the wearable device 26 symmetrically decrypts public key 516b using a device session key 552, and the decrypted Initial Vector resulting in SS_SESSION + IV 520, and the wearable device 26 discards the device session key 552 and responds with a success.
  • the session key 516 and the device key exchange key 552 may be used to derive encryption and decryption keys for each of the client application 202 and the wearable device 26. The foregoing allows all future communication between the client application 202 and the wearable device 26 to be encrypted/decrypted with SS_SESSION + IV 520.
  • SS USER as the base derivation key 226, user assets or data can be stored and encrypted locally in the user’s mobile computing or user device 22 and optionally secured by the user’s wearable device 26, such that the based derivation key 226 may be used to encrypt the user assets.
  • This is achieved by combining SS USER with a user identity-specific master key or user master key (SS USER ID MK) 600 held in the central server 16 HSM 28.
  • the user 24 sends or uploads the asset to be secured to the client application 202.
  • the user identity-specific master key 600 is fetched from the central server’s 16 HSM 28 using identity name or IDENTITY ID 220.
  • the Key Derivation Function 224 (examples are Scrypt, Bcrypt, Argon2) is used together with SS USER and the master key 600 to generate a plurality of user asset keys 612, 612a-n.
  • the asset keys 612, 612a-n are stored in a Trusted Platform Module 620 of the client application 202.
  • the asset keys 612, 612a-n are stored in the secure element of the wearable device 26 and may be requested by the client application 202 under a secure session, as described above.
  • a unique asset identifier or ID (ASSET ID) 700 is created from a cryptographic hash (for example using SHA256) of the asset’s meta data 704 and content.
  • the unique asset identifier 700 is used between the client application 202 and the central server 16 to uniquely and unambiguously identify the asset.
  • the unique asset identifier 700 can, for example, be used as a filename or database key.
  • One of the asset keys 612, 612a-n is selected at random (SS USER ASSET RN) 614, and a unique asset key (SS USER THIS ASSET) 706 is generated using the KDF 224 together with the unique asset identifier 700 and the random asset key 614 SS USER ASSET RN.
  • the unique asset key 706 is used as a key to symmetrically encrypt the asset’s data together with a first random Initial Vector (IV) 708, the result known for convenience as ASSET DATA and saved in the storage system of the client application 202 and indexed using the key for the unique asset identifier 700.
  • IV Initial Vector
  • SS_USER_ASSET_RN is used as a key to symmetrically encrypt the asset’s meta data 704 with the last n bytes of the unique asset identifier 700 being appended to the meta data 704 and including the asset’s name property and with the Initial Vector (IV) 708.
  • the result is labelled as ASSET META DATA, saved in the storage system of the client application 202, and indexed using the key for the unique asset identifier 700.
  • the unique asset key 706 and SS_USER_ASSET_RN may be discarded.
  • the above outlined steps may be performed in the secure element of the wearable device 26.
  • the deterministic seed 208 and the master key 600 are first securely sent to the wearable device 26 using the shared negotiated session key 516.
  • the client application 202 may instruct the wearable device 26 to generate SS USER and store SS USER in the secure element (e.g., tamper proof storage) of the wearable device 26.
  • the user 24 may ultimately be informed of the successful upload, and the client application 202 may synchronize the local changes (asset data and meta data) with the central server 16.
  • the user asset identified by the unique asset identifier 700, may be securely sent to the central server 16 by the client application 202 using an encrypted tunnel such as that provided by HTTPS and further authenticated by means of an authentication token. Assets may later be retrieved and stored in either or both the local storage of the client application 202 and/or the central server 16 memory 14 (FIG.
  • a synchronization scheme maybe used to allow the user 24 to access decrypted assets without needing to establish a connection with the central server 16.
  • the client application 202 may include logic to periodically wipe the asset keys 612, 612a-n from the local keystore. In this embodiment, once wiped, the asset keys 612, 612a-n should then be reconstructed by sending a request to the wearable device 26 to regenerate the asset keys 612, 612a-n.
  • the asset keys 612, 612a-n can be reconstructed without recourse to the wearable device 26 but instead by requesting the deterministic seed 208, or its equivalent, and any other required information as described above (for example the master key 600), from the user 24 and the central server 16.
  • the foregoing ensures that neither the user 24 nor the server 16 (and optionally the wearable device 26) can decrypt assets without each other.
  • the hash of encrypted asset (ASSET ID) 700 is compared with asset’s key 612, 612a-n (filename, database key or other similar property depending on how the asset was stored and indexed).
  • the asset’s meta data 704 is iteratively decrypted using the asset keys 612, 612a-n until a match is found by comparing the unique asset identifier 700 with the last ‘n’ bytes of the decrypted meta data 704.
  • the unique asset key 706 is derived using the unencrypted asset hash (ASSET ID) 700 from the decrypted meta data 704 and the discovered SS_USER_ASSET_RN key 612, 612a-n as input to the KDF 224.
  • the initial vector used originally to encrypt the asset’s meta data 704 is also retrieved from the decrypted meta data 704.
  • the ASSET DATA is symmetrically decrypted using the Initial Vector(IV) with unique asset key 706 and confirmed with the unencrypted asset hash (ASSET ID) from the asset’s meta data 704.
  • FIG. 8 is a flowchart of an exemplary arrangement of operations for a method 800 of secure asset management (i.e., using encryption methods).
  • the method 800 includes generating, usin” application 202, a public key 210a and a private key 210b from a deterministic seed 208.
  • the method 800 at operation 804, includes obtaining, using a central server 16, a registration request 20 for a user 24.
  • the registration request 20 may contain the public key 210b.
  • the method 800, at step 806, includes generating, in the central server 16, a unique user ID 220 and a random salt 222 and associating the random salt 222 and the public key 210b with the unique user ID 220.
  • the method 800 includes generating, in the central server 16, a user master key 600.
  • the master key 600 is associated with the unique user ID 220.
  • the method 800, at operation 814 includes selecting an asset key 612a from the plurality of asset keys 612, 612a-n.
  • the method 800 includes generating, from the asset, a deterministic asset ID 700 and a random asset key 614, a unique asset key 706.
  • the method 800, at operation 820 includes encrypting, using the unique asset key 706 and a random initial vector 708, the asset.
  • the method 800, at operation 822 includes encrypting, using the random asset key 614, meta data 704 of the asset.
  • FIG. 9 is a schematic view of an example computing device 900 that may be used to implement the systems and methods described in this document.
  • the computing device 900 is intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers.
  • the components shown here, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations described and/or claimed herein.
  • the computing device 900 includes a processor 910, memory 920, a storage device 930, a high-speed interface/controller 940 connecting to the memory 920 and high-speed expansion ports 950, and a low speed interface/controller 960 connecting to a low speed bus 970 and a storage device 930.
  • Each of the components 910, 920, 930, 940, 950, and 960 are interconnected using various busses, and may be mounted on a common motherboard or in other manne rc C r ' r ' r r priate.
  • the processor 910 can process instructions for execution within the computing device 900, including instructions stored in the memory 920 or on the storage device 930 to display graphical information for a graphical user interface (GUI) on an external input/output device, such as display 980 coupled to high speed interface 940.
  • GUI graphical user interface
  • multiple processors and/or multiple buses may be used, as appropriate, along with multiple memories and types of memory.
  • multiple computing devices 900 may be connected, with each device providing portions of the necessary operations (e.g., as a server bank, a group of blade servers, or a multi-processor system).
  • the memory 920 stores information non-transitorily within the computing device 900.
  • the memory 920 may be a computer-readable medium, a volatile memory unit(s), or non-volatile memory unit(s).
  • the non-transitory memory 920 may be physical devices used to store programs (e.g., sequences of instructions) or data (e.g., program state information) on a temporary or permanent basis for use by the computing device 900.
  • non-volatile memory examples include, but are not limited to, flash memory and read-only memory (ROM) / programmable read-only memory (PROM) / erasable programmable read-only memory (EPROM) / electronically erasable programmable read only memory (EEPROM) (e.g., typically used for firmware, such as boot programs).
  • volatile memory examples include, but are not limited to, random access memory (RAM), dynamic random access memory (DRAM), static random access memory (SRAM), phase change memory (PCM) as well as disks or tapes.
  • the storage device 930 is capable of providing mass storage for the computing device 900.
  • the storage device 930 is a computer- readable medium.
  • the storage device 930 may be a floppy disk device, a hard disk device, an optical disk device, or a tape device, a flash memory or other similar solid state memory device, or an array of devices, including devices in a storage area network or other configurations.
  • a computer program product is tangibly embodied in an information carrier.
  • the computer program product contains instructions that, when executed, perform one or more methods, such as those described above.
  • the information carrier is a computer- or machine-readable medium, such as the memory 920, the storage device 930, or memory on processor 910.
  • the high speed controller 940 manages bandwidth-intensive operations for the computing device 900, while the low speed controller 960 manages lower bandwidth intensive operations. Such allocation of duties is exemplary only.
  • the high-speed controller 940 is coupled to the memory 920, the display 980 (e.g., through a graphics processor or accelerator), and to the high-speed expansion ports 950, which may accept various expansion cards (not shown).
  • the low-speed controller 960 is coupled to the storage device 930 and a low-speed expansion port 990.
  • the low-speed expansion port 990 which may include various communication ports (e.g., USB, Bluetooth, Ethernet, wireless Ethernet), may be coupled to one or more input/output devices, such as a keyboard, a pointing device, a scanner, or a networking device such as a switch or router, e.g., through a network adapter.
  • input/output devices such as a keyboard, a pointing device, a scanner, or a networking device such as a switch or router, e.g., through a network adapter.
  • the computing device 900 may be implemented in a number of different forms, as shown in the figure. For example, it may be implemented as a standard server 900a or multiple times in a group of such servers 900a, as a laptop computer 900b, or as part of a rack server system 900c.
  • Various implementations of the systems and techniques described herein can be realized in digital electronic and/or optical circuitry, integrated circuitry, specially designed ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof.
  • ASICs application specific integrated circuits
  • These various implementations can include implementation in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, coupled to receive data and instructions from, and to transmit data and instructions to, a storage system, at least one input device, and at least one output device.
  • a software application may refer to computer software that causes a computing device to perform a task.
  • a software application may be referred to as an “application,” an “app,” or a “program.”
  • Example applications include, but are not limited to, system diagnostic applications, system management applications, system maintenance applications, word processing applications, spreadsheet applications, messaging applications, media streaming applications, social networking applications, and gaming applications.
  • the processes and logic flows described in this specification can be performed by one or more programmable processors, also referred to as data processing hardware, executing one or more computer programs to perform functions by operating on input data and generating output.
  • the processes and logic flows can also be performed by special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application specific integrated circuit).
  • processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processors of any kind of digital computer.
  • a processor will receive instructions and data from a read only memory or a random access memory or both.
  • the essential elements of a computer are a processor for performing instructions and one or more memory devices for storing instructions and data.
  • a computer will also include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto optical disks, or optical disks.
  • mass storage devices for storing data, e.g., magnetic, magneto optical disks, or optical disks.
  • Computer readable media suitable for storing computer program instructions and data include all forms of non-volatile memory, media and memory devices, including by way of example semiconductor memory devices, e.g., EPROM, EEPROM, and flash memory devices; r); sks, e.g., internal hard disks or removable disks; magneto optical disks; and CD ROM and DVD-ROM disks.
  • the processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.
  • one or more aspects of the disclosure can be implemented on a computer having a display device, e.g., a CRT (cathode ray tube), LCD (liquid crystal display) monitor, or touch screen for displaying information to the user and optionally a keyboard and a pointing device, e.g., a mouse or a trackball, by which the user can provide input to the computer.
  • a display device e.g., a CRT (cathode ray tube), LCD (liquid crystal display) monitor, or touch screen for displaying information to the user and optionally a keyboard and a pointing device, e.g., a mouse or a trackball, by which the user can provide input to the computer.
  • Other kinds of devices can be used to provide interaction with a user as well; for example, feedback provided to the user can be any form of sensory feedback, e.g., visual feedback, auditory feedback, or tactile feedback; and input from the user can be received in any form, including acoustic, speech, or tactile input

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé de gestion d'actifs sécurisée. Le procédé mis en œuvre par ordinateur, lorsqu'il est exécuté par un matériel de traitement de données, entraîne ledit matériel à effectuer des opérations. Les opérations consistent à obtenir, à partir d'une demande d'utilisateur, des actifs d'utilisateur et à générer, pour un serveur central, une clé maîtresse et à associer la clé maîtresse du serveur central à un ID d'utilisateur unique. Les opérations consistent, pour chaque demande d'utilisateur, à générer, à l'aide de la clé maîtresse et d'une fonction de dérivation de clé, une pluralité de clés d'actifs. Les opérations consistent également à obtenir, à l'aide d'une application client, au moins une clé d'actif d'utilisateur à partir de la pluralité de clés d'actif. Les opérations consistent en outre à générer, à l'aide de l'application client, un ID d'utilisateur unique à partir de métadonnées d'actif et à générer, à l'aide de l'application client et de la fonction de dérivation de clé, une amorce déterministe à partir de l'ID d'actif d'utilisateur unique et de la ou des clés d'actif d'utilisateur.
PCT/IB2022/055853 2021-06-25 2022-06-23 Système de stockage d'actifs sécurisé et dispositif portable WO2022269544A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202163215116P 2021-06-25 2021-06-25
US63/215,116 2021-06-25

Publications (1)

Publication Number Publication Date
WO2022269544A1 true WO2022269544A1 (fr) 2022-12-29

Family

ID=82611101

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2022/055853 WO2022269544A1 (fr) 2021-06-25 2022-06-23 Système de stockage d'actifs sécurisé et dispositif portable

Country Status (1)

Country Link
WO (1) WO2022269544A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130182842A1 (en) * 2012-01-12 2013-07-18 Apple Inc. System and method for key space division and sub-key derivation for mixed media digital rights management content
US20200210550A1 (en) * 2018-12-31 2020-07-02 Comcast Cable Communications, Llc Content recording and group encryption
US20210056547A1 (en) * 2019-08-19 2021-02-25 Anchor Labs, Inc. Cryptoasset custodial system with proof-of-stake blockchain support
US20210091960A1 (en) * 2019-09-24 2021-03-25 International Business Machines Corporation Tracking and verification of physical assets

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130182842A1 (en) * 2012-01-12 2013-07-18 Apple Inc. System and method for key space division and sub-key derivation for mixed media digital rights management content
US20200210550A1 (en) * 2018-12-31 2020-07-02 Comcast Cable Communications, Llc Content recording and group encryption
US20210056547A1 (en) * 2019-08-19 2021-02-25 Anchor Labs, Inc. Cryptoasset custodial system with proof-of-stake blockchain support
US20210091960A1 (en) * 2019-09-24 2021-03-25 International Business Machines Corporation Tracking and verification of physical assets

Similar Documents

Publication Publication Date Title
US11665006B2 (en) User authentication with self-signed certificate and identity verification
JP6941183B2 (ja) データのトークン化
US10116645B1 (en) Controlling use of encryption keys
TWI601405B (zh) 用於雲端輔助式密碼術之方法及設備
EP2831803B1 (fr) Systèmes et procédés pour sécuriser un stockage de données tiers
US9026805B2 (en) Key management using trusted platform modules
US8462955B2 (en) Key protectors based on online keys
US9219722B2 (en) Unclonable ID based chip-to-chip communication
US10601590B1 (en) Secure secrets in hardware security module for use by protected function in trusted execution environment
CN113691502B (zh) 通信方法、装置、网关服务器、客户端及存储介质
US20140096213A1 (en) Method and system for distributed credential usage for android based and other restricted environment devices
US10003467B1 (en) Controlling digital certificate use
US9529733B1 (en) Systems and methods for securely accessing encrypted data stores
US10462112B1 (en) Secure distributed authentication data
CN109672521B (zh) 基于国密加密引擎实现的安全存储系统和方法
US9313185B1 (en) Systems and methods for authenticating devices
JP2023531241A (ja) ポスト量子暗号アルゴリズムのtls統合
US9280687B2 (en) Pre-boot authentication using a cryptographic processor
US8850227B1 (en) Cryptographic operations using a key hierarchy
CN109076054B (zh) 用于管理单点登录应用程序的加密密钥的系统和方法
JP6756056B2 (ja) 身元検証による暗号チップ
CN109815747A (zh) 基于区块链的离线审计方法、电子装置及可读存储介质
CN113556230A (zh) 数据安全传输方法、证书相关方法、服务端、系统及介质
US11334677B2 (en) Multi-role unlocking of a data storage device
CA2891610C (fr) Agent dispensant un service de securite nuagique et dispositif de jeton de securite destine au service de securite nuagique

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22744301

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22744301

Country of ref document: EP

Kind code of ref document: A1