WO2024068938A1 - Securely obtaining an electronic key - Google Patents

Securely obtaining an electronic key Download PDF

Info

Publication number
WO2024068938A1
WO2024068938A1 PCT/EP2023/077077 EP2023077077W WO2024068938A1 WO 2024068938 A1 WO2024068938 A1 WO 2024068938A1 EP 2023077077 W EP2023077077 W EP 2023077077W WO 2024068938 A1 WO2024068938 A1 WO 2024068938A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic key
electronic
receiving unit
secure
key information
Prior art date
Application number
PCT/EP2023/077077
Other languages
French (fr)
Inventor
Nils Gerhardt
Dennis Breuer
Original Assignee
Utimaco Management Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Utimaco Management Gmbh filed Critical Utimaco Management Gmbh
Publication of WO2024068938A1 publication Critical patent/WO2024068938A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Definitions

  • Various exemplary embodiments according to the present disclosure relate to obtaining electronic key information and storing an electronic key in a secure electronic memory. Specifically, various exemplary embodiments according to the present disclosure relate to obtaining electronic key information, wherein the electronic key information is determined at least partially based on an optical signal and wherein the electronic key is determined at least partially based on the electronic key information.
  • the presentation of various exemplary embodiments in the following is merely by way of examples and is not to be construed as limitations on the scope of the present disclosure.
  • cryptographic keys are used to keep electronic information secret from unauthorized parties.
  • Algorithms for generating such cryptographic keys may rely on random number generators, which are for example implemented as software-based random number generators or physical random number generators (e.g. by using physical properties such as radioactive decay].
  • these random number generators may be security-certified to prevent that unauthorized parties may derive the generated cryptographic keys.
  • the security of a process e.g. a communication between two parties] using the generated cryptographic key relies on trusting that the generated cryptographic key is generated based on a truly randomly generated number, which is not compromised.
  • Various example embodiments according to the present disclosure may have the effect of obtaining electronic key information representing an electronic key in a secure manner and storing the electronic key in a secure electronic memory to prevent the electronic key from being compromised.
  • an apparatus for securely obtaining an electronic key comprising: a secure electronic memory; security means configured to secure the apparatus and the secure electronic memory; and connecting means for connecting the secure electronic memory with a receiving unit, wherein the apparatus is configured to: obtain electronic key information from the receiving unit, wherein the electronic key information is determined at least partially based on an optical signal obtained at the receiving unit and wherein the electronic key information represents the electronic key; and store the electronic key in the secure electronic memory.
  • the apparatus according to the first aspect may be configured to perform and/or control or may comprise respective means for performing and/or controlling the steps disclosed according to the first aspect.
  • Such means of the apparatus can for example be implemented in hardware and/or software. They may comprise for example at least one processor for executing computer program code for performing the required functions, at least one memory storing the program code, or both. Alternatively, they could comprise for example circuitry that is designed to implement the required functions, for example implemented in a chipset or a chip, like an integrated circuit.
  • the means may comprise for example one or more processing means or processors.
  • the apparatus according to the first aspect comprises a secure electronic memory, security means configured to secure the apparatus and the secure electronic memory and connecting means for connecting the secure electronic memory with a receiving unit as further described below.
  • an apparatus comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus, for example the apparatus according to the first aspect, at least to perform and/or to control the actions according to the first aspect.
  • the apparatus according to the first aspect is a hardware security module.
  • a hardware security module may for example be understood as a device that safeguards and manages electronic keys, performs encryption and decryption, authentication and other cryptographic functions.
  • a hardware security module may be denoted by different terms such as hardware cryptographic device, secure application module, secure cryptographic device, tamper resistant security module or similar.
  • an appliance server comprising: the apparatus according to the first aspect; at least a part of the receiving unit; and security means configured to secure the apparatus and at least the part of receiving unit.
  • the appliance server e.g. a hardware security module appliance server] according to the second aspect may be understood as a server that may be configured to perform and/or control or may comprise respective means for performing and/or controlling the steps disclosed according to the various aspects of the present disclosure.
  • Such means of the appliance server may for example be implemented in hardware and/or software. They may comprise for example at least one processor for executing computer program code for performing the required functions, at least one memory storing the program code, or both.
  • the means may comprise for example one or more processing means or processors.
  • the appliance server may further comprise one or more electronic communication interfaces to communicate (e.g. to exchange information] with the apparatus according to the first aspect.
  • the appliance server may be a server (e.g. a hardware security module appliance server] that is dedicated to a specific function (e.g. in contrast to a general-purpose server].
  • a specialized server may for example be designed for ease of installation and maintenance and may have hardware and software bundled in one product with required software (e.g. an operating system and/or other applications] being pre-installed.
  • the appliance server comprises the apparatus according to the first aspect, which may for example be understood to mean that the apparatus according to the first aspect may be located (e.g. mounted] within the housing of the appliance server. The appliance server and the apparatus may then for example be connected by one or more electronic communication interfaces to exchange information with each other. Further, the appliance server comprises at least a part of the receiving unit, which may for example be understood to mean that at least a part (e.g. at least a part of the means] of the receiving unit may be located (e.g. mounted] within the server housing of the appliance server. The appliance server and the receiving unit may then for example be connected by one or more electronic communication interfaces to exchange information with each other.
  • the apparatus according to the first aspect and at least a part of the receiving unit are included in the appliance server in a way that the security means of the appliance server are configured to secure the receiving unit included in the appliance server as well as the apparatus according to the first aspect included in the appliance server.
  • the security means of the appliance server may ensure that the receiving unit and the apparatus according to the first aspect may communicate and exchange information (e.g. electronic key information] in a secure manner.
  • the appliance server comprises security means (e.g. physical and/or logical security means] configured to secure the apparatus according to the first aspect and at least the part of receiving unit.
  • security means e.g. physical and/or logical security means
  • these security means of the appliance server are configured to allow for securely generating, storing and using sensitive electronic information and for preventing unauthorized access to such sensitive electronic information.
  • the security means of the appliance server may comprise encryption means for encrypting the electronic information stored in one or more electronic memories of the appliance server, erasure means for erasing one or more electronic memories of the appliance server, detection means for detecting external attack against the appliance server and/or protection means for physically protecting the appliance server.
  • These security means of the appliance server may for example be the same as or similar to the security means of the apparatus according to the first aspect and are further described below.
  • the apparatus according to the first aspect and/or the appliance server according to the second aspect may for example be respective devices or respective modules or respective components for a device.
  • the disclosed apparatuses according to the first and/or second aspect may comprise only the disclosed components, means, processor and memory, but may further comprise one or more additional components (e.g. means].
  • additional components are a communication interface, a network interface, a radio interface (e.g. a receiver, a transmitter and/or a transceiver], a data interface, a user interface (e.g. a touch-sensitive display, a keyboard, a touchpad, a display, etc.] and others.
  • a system comprising: the apparatus according to the first aspect; and the receiving unit.
  • the apparatus and the receiving unit may for example be electronically connected by the connecting means of the apparatus and/or further connecting means of the receiving unit, such that the apparatus and the receiving unit may exchange information (e.g. electronic key information] in a secure manner.
  • the system may be included or not included in the appliance server according to the second aspect.
  • the system according to the third aspect may comprise further apparatuses and/or components (e.g. means], such as for example a plurality of apparatuses according to the first aspect and a plurality of receiving units.
  • a method for securely obtaining an electronic key comprises: obtaining electronic key information, wherein the electronic key information is determined at least partially based on an optical signal received at a receiving unit and wherein the electronic key information represents the electronic key; and storing the electronic key in a secure electronic memory included in an apparatus, wherein the apparatus and the secure electronic memory is secured by security means of the apparatus.
  • the actions of the method according to the fourth aspect may for example be performed and/or controlled by an apparatus, for example the apparatus according to the first aspect or the appliance server according to the second aspect. Alternatively, this method according to the fourth aspect may be performed and/or controlled by more than one apparatus.
  • an apparatus comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus, for example the apparatus according to the first aspect or the appliance server according to the second aspect, at least to perform and/or to control the actions of the method according to the fourth aspect.
  • a computer program is disclosed, wherein the computer program when executed by a processor of an apparatus (e.g. the apparatus according to the first aspect or the appliance server according to the second aspect] causing the apparatus to perform the method according to the fourth aspect.
  • a processor of an apparatus e.g. the apparatus according to the first aspect or the appliance server according to the second aspect
  • the computer program may be stored on computer-readable storage medium, in particular a tangible and/or non-transitory medium.
  • the computer readable storage medium could for example be a disk or a memory or the like.
  • the computer program could be stored in the computer readable storage medium in the form of instructions encoding the computer-readable storage medium.
  • the computer readable storage medium may be intended for taking part in the operation of a device, like an internal or external memory, for example a Read-Only Memory [ROM] or hard disk of a computer, or be intended for distribution of the program, like an optical disc.
  • the secure electronic memory included in the apparatus according to the first aspect may for example be understood as any electronic memory which is particularly secured against unauthorized access to electronic information stored in the secured electronic memory.
  • the secure electronic memory is secured by security means of the apparatus, which security means are further described below.
  • the secured electronic memory may be any type of memory, such as for example a flash memory, which may for example be soldered or bonded to a printed circuit board, a solid-state drive comprising a plurality of memory chips (e.g. Flash memory chips], a magnetic hard drive, a Secure Digital [SD] card, a Universal Serial Bus [USB] memory stick, an optical storage medium (such as for instance a CD-ROM or DVD] and a magnetic storage medium.
  • the apparatus according to the first aspect may comprise further memories, such as for example a main memory or a program memory.
  • Security means configured to secure the apparatus and the secure electronic memory may for example be understood as any means that are suitable for securing (e.g. protecting] the apparatus and the secure electronic memory against unauthorized access.
  • the apparatus may for example be equipped with security means that are configured to secure the apparatus and also to secure the secure electronic memory that is located within the apparatus (e.g. mounted within the housing of the apparatus].
  • the security means of the apparatus may for example be physical and/or logical security means.
  • physical security means are configured to secure the apparatus and the secure electronic memory (e.g. processing and communication capabilities of the apparatus and the secure electronic memory] against physical attacks, such as mechanical or chemical penetration (e.g. into the housing of the apparatus]. Further examples of physical attacks may comprise temperature manipulation or battery manipulation.
  • Logical security means are for example configured to secure the apparatus and the secure electronic memory against logical attacks, such as attacks against software components of the apparatus, which may for example include user identification and password access, authenticating, access rights and authority levels.
  • the security means of the apparatus may comprise encryption means for encrypting electronic information stored in one or more electronic memories of the apparatus (e.g. the secure electronic memory], erasure means for erasing one or more electronic memories (e.g. the secure electronic memory] of the apparatus, detection means for detecting external attack against the apparatus and/or protection means for physically protecting the apparatus as further described below.
  • encryption means for encrypting electronic information stored in one or more electronic memories of the apparatus e.g. the secure electronic memory
  • erasure means for erasing one or more electronic memories e.g. the secure electronic memory] of the apparatus
  • detection means for detecting external attack against the apparatus and/or protection means for physically protecting the apparatus as further described below.
  • Connecting means for (e.g. configured for] connecting the secure electronic memory with a receiving unit may be understood as any connection means that are suitable for electronically connecting the secure electronic memory with the receiving unit, such that information may be exchanged between the secure electronic memory and the receiving unit (e.g. according to a specific communication standard].
  • the connecting means of the apparatus may for example at least partially provide a communication channel between the receiving unit and the secure electronic memory.
  • the secure electronic memory and the receiving unit may be connected by one or more data busses (e.g. one or more serial or parallel bus connections].
  • the connecting means may for example comprise one or more wireline and/or wireless connection as further described below.
  • the connecting means may be understood to comprise one or more communication interfaces and/or one or more connectors that together with further components are configured to connect the secure electronic memory and the receiving unit.
  • the connecting means may be understood as internal connecting means within the apparatus.
  • Such internal connecting means may be arranged within the apparatus and provide an electronic connection between the receiving unit and the secure electronic memory, for example without having any output on the housing of the apparatus.
  • the connecting means of the apparatus may for example provide an internal connection within the apparatus from the secure electronic memory to an output (e.g. a connector or port] on the housing of the apparatus, which output may then be used to connect the apparatus to the receiving unit as peripheral device by further connecting means.
  • the electronic connection between the receiving unit and the secure electronic memory as provided at least partially by the connecting means of the apparatus is to be understood as secured electronic connection, such that information exchanged via the electronic connection is protected against unauthorized access (e.g. against eavesdropping information exchanged between the receiving unit and the secure electronic memory].
  • Obtaining electronic key information from the receiving unit may for example be understood to mean that the electronic key information is sent by the receiving unit and subsequently received at the apparatus according to the first aspect.
  • the electronic key information is transmitted from the receiving unit to the apparatus at least partially based on the connecting means of the apparatus.
  • obtaining the electronic key information may for example also comprise transmitting (e.g. forwarding] the electronic key information inside the apparatus (e.g. by using the connecting means] to the secure electronic memory, where for example an electronic key represented by the electronic key information may be stored in the secure electronic memory.
  • the connecting means of the apparatus may provide a secure electronic connection between the receiving unit and the secure electronic memory as described above, the electronic key information may be obtained (e.g. received] from the receiving unit in a secure manner (e.g. protected against eavesdropping].
  • An electronic key (e.g. a cryptographic key] may for example be understood as a piece of electronic information (e.g. a sequence of symbols such as bits, numbers, letters or similar] that can be used to encode or decode cryptographic data (e.g. by processing the cryptographic data through a cryptographic algorithm].
  • symmetric cryptography may refer to using the same key both encryption and decryption, while asymmetric cryptography may rely on separate keys (e.g. a public key and a private key] for encrypting and decrypting.
  • An electronic key may for example be determined based on a random sequence of symbols (e.g. bits, numbers, letters or similar], which may for example be provided by a random number generator (e.g. a software- based or hardware-based random number generator].
  • Electronic key information may for example be understood as information that represents an electronic key, which for example means that the electronic key is included (e.g. encoded in] in the electronic key information.
  • the electronic key information representing the electronic key may be understood to mean that the electronic key may be determinable at least partially based on the electronic key information (e.g. this could mean that the electronic key is not included in the electronic key information].
  • an electronic key information may for example be represented by a random sequence of symbols (e.g. bits, numbers, letters or similar], which may for example be the electronic key represented by the electronic key information or based on which the electronic key may be determined.
  • the electronic key may be given by a random sequence of symbols, wherein the random sequence of symbols may be understood as electronic key information representing the electronic key by including the electronic key.
  • the electronic key is determined at least partially based on a random sequence of symbols (e.g. after processing the random sequence of symbols] and for example on further electronic key information, such as for example another electronic key, a password, another random sequences of symbols or similar.
  • the information based on which the electronic key is determinable may be understood as electronic key information.
  • the electronic key information is determined at least partially based on an optical signal obtained (e.g. received] at the receiving unit.
  • the electronic key information may for example depend on an optical signal that is obtained (e.g. received] at the receiving unit.
  • the receiving unit may for example perform determining the electronic key information at least partially based on the optical signal obtained (e.g. received] by the receiving unit.
  • the optical signal may comprise at least one photon (e.g. a plurality of photons] and may for example be understood as optical laser pulse (e.g. a weak laser pulse containing less than one photon per pulse on average] or as a sequence of laser pulses formed by the at least one photon (e.g. the plurality of photons].
  • the optical signal may for example also be understood as photon signal or photonic signal.
  • the optical signal may comprise at least one single photon (e.g. a plurality of single photons] and/or at least one entangled photon (e.g. a plurality of entangled photons].
  • the optical signal may be generated by a laser source, a single-photon source or an entangled-photon pair source.
  • the at least one photon may for example exhibit quantum mechanical characteristics, wherein examples of a quantum state of the at least one photon may be the polarization (e.g. right or left circular polarization or a superposition of the two] or the phase of the at least one photon.
  • determining the electronic key information is at least partially based on the quantum state of the at least one photon of the obtained optical signal.
  • the obtained optical signal comprises a sequence of a plurality of photons, wherein each photon of the plurality of photons may have a particular quantum state (e.g. a particular polarization or phase of the photon]
  • the random sequence of symbols representing the electronic key information may be determined according to the respective quantum states of the sequence of the plurality of photons.
  • the randomness of the electronic key information may for example originate from the randomness of the respective quantum states of the plurality of photons.
  • determining the electronic key information may at least partially follow one or more protocols for quantum key distribution systems (e.g. the BB84 protocol, the E91 protocol or the BBM92 protocol].
  • the receiving unit and/or the apparatus may determine whether the optical signal, the electronic key information and/or the electronic key is compromised (e.g. whether an eavesdropper has intercepted the optical signal to gain knowledge of the electronic key information and/or whether the electronic key or uses a man-in-the-middle attack to manipulate the distribution of the electronic key information and/or the electronic key].
  • an eavesdropper may change the quantum state and thus introduce anomalies detectable by the receiving unit and/or the apparatus according to the first aspect.
  • the optical signal is obtained at (e.g. by] the receiving unit, which may for example be understood to mean that the optical signal is received (e.g. observed or detected] by the receiving unit.
  • obtaining the optical signal may comprise obtaining (e.g. observing or detecting] at least one photon (e.g. a plurality of photons] of the optical signal.
  • the receiving unit may be configured to and/or comprise means for obtaining the optical signal.
  • the receiving unit may comprise one or more signal detectors (e.g. one or more photon detectors] and one or more other components (e.g. optical components] that demodulate the optical signal (e.g.
  • the receiving unit may for example comprise one or more electronic control components that may for example be connected to the one or more signal detectors to receive an electrical output from the respective signal detector, based on which the one or more electronic control components may for example determine the electronic key information.
  • the optical signal may for example be obtained (e.g. received] at the receiving unit via free space or via an optical fibre, which may for example be connected to the receiving unit (e.g. to one or more optical components of the receiving unit].
  • This may for example be understood to mean that the optical signal and the at least one photon of the optical signal may travel through free space or an optical fibre before the optical signal is obtained at the receiving unit.
  • the optical signal and the at least one photon of the optical signal may travel through a quantum channel (e.g. via free space or via an optical fibre], wherein a quantum channel may be understood as a communication channel for transmitting quantum signals.
  • the optical signal may be generated by a laser source, a single-photon source or an entangled-photon pair source and afterwards received at the receiving unit.
  • the receiving unit for obtaining the optical signal may be included in the apparatus according to the first aspect (e.g. by mounting the receiving within the housing of the apparatus], which may be understood to mean that the entire receiving unit or at least a part of the receiving unit (e.g. one or more components of the receiving unit] may be included in the apparatus.
  • the security means of the apparatus that are configured to secure the apparatus and the secure electronic memory are also configured to secure at least the part of the receiving unit included in the apparatus.
  • the security means e.g. physical and/or logical security means] of the apparatus may then allow for securely obtaining the optical signal at the receiving unit and/or for securely determining the electronic key information at the receiving unit and/or for securely transmitting the electronic key information (e.g. the electronic key] from the receiving unit to the secure electronic memory.
  • physical security means of the apparatus according to the first aspect may be configured to secure the receiving unit against physical attacks, such as mechanical or chemical penetration (e.g. into the housing of the receiving unit]. Further examples of physical attacks may comprise temperature manipulation or battery manipulation against the receiving unit.
  • detection means of the apparatus may allow for detecting external attack against the receiving apparatus and/or protection means of the apparatus may allow for physically protecting the receiving unit.
  • the electronic key After obtaining the electronic key information representing the electronic key, the electronic key is stored in the secure electronic memory.
  • the electronic key information does not include the electronic key, but the electronic key is determinable at least partially based on the electronic key information.
  • the electronic key may for example be stored in the secure electronic memory (e.g. only] after the electronic key has been determined at least partially based on the electronic key information.
  • storing the electronic key in the secure electronic memory may for example involve a write operation for saving the electronic key on the secure electronic memory.
  • storing the electronic key may comprise further steps such as for example encoding the electronic key.
  • the electronic key is secured against unauthorized access by the security means of the apparatus according to the first aspect, which are configured to secure the apparatus and the secure electronic memory.
  • the electronic key stored in the secure electronic memory may be used to encode or decode further information (e.g. further information communicated with another party].
  • the electronic key may for example be kept in the apparatus according to the first aspect, such that it remains secured by the security means of the apparatus against unauthorized access.
  • the electronic key information representing the electronic key is securely determined based on obtaining the optical signal and afterwards stored in the secure electronic memory, which allows for a comprehensive protection of the electronic key against unauthorized access.
  • the electronic key information is determined based on the optical signal obtained at the receiving unit, wherein the apparatus and/or the receiving unit may determine whether the optical signal, the electronic key information and/or the electronic key may be compromised.
  • the apparatus does not have to simply trust that the electronic key is not compromised (and e.g. generated based on a truly randomly generated number], because it may check the integrity of the optical signal (e.g. based on the quantum state of at least one photon of the optical signal], the electronic key information and/or the electronic key already upon reception.
  • the reception of the electronic key directly terminates in a secure environment provided by the apparatus and the secure electronic memory, which are secured by security means of the apparatus.
  • the connecting means of the apparatus according to the first aspect for connecting the secure electronic memory with the receiving unit allow for securely obtaining the electronic key information by providing a secure electronic connection between the apparatus and the receiving unit protected against unauthorized access by for example encryption techniques and/or authentication techniques.
  • receiving the electronic key at the receiving unit as well as storing the electronic key is additionally secured by the security means of the appliance server which are configured to secure the apparatus according to the first aspect and at least a part of the receiving unit.
  • At least a part of the receiving unit may be included in the apparatus, such that the security means of the apparatus that are configured to secure the apparatus and the secure electronic memory are also configured to secure at least the part of the receiving unit included in the apparatus.
  • the apparatus according to the first aspect and at least a part of the receiving unit may be included in the appliance server according to the second aspect in a way that the security means of the appliance server are configured to secure the receiving unit included in the appliance server as well as the apparatus according to the first aspect included in the appliance server.
  • the security means of the apparatus according to the first aspect and/or the security means of the appliance server may ensure that the electronic key is obtained in a secure manner.
  • the connecting means are configured to provide a secured wireline and/or wireless connection between the secure electronic memory and the receiving unit.
  • the connecting means of the apparatus according to the first aspect may be configured to provide the complete secured wireline and/or wireless connection between the secure electronic memory and the receiving unit or at least a part of the secured wireless and/or wireless connection between the secure electronic memory and the receiving unit.
  • the connecting means of the apparatus may for example provide an internal connection within the apparatus from the secure electronic memory to an output (e.g.
  • connections means may for example provide a wireless receiver and/or transmitter configured to receive information from and/or transmit information to (e.g. the electronic key information] the receiving unit.
  • the electronic connection (e.g. at least partially provided by the connecting means of the apparatus according to the first aspect] between the receiving unit and the secure electronic memory is to be understood as secured electronic connection (e.g. a secured electronic communication channel], such that for example the electronic key information obtained from the receiving unit via the secured electronic connection is protected against unauthorized access (e.g. against eavesdropping information exchanged between the receiving unit and the secure electronic memory].
  • secured electronic connection e.g. a secured electronic communication channel
  • encryption techniques may be used to encrypt information between the receiving unit and the secure electronic memory, such that the information is not transmitted in plain text.
  • authentication techniques may be used to verily that the information exchanged between the receiving unit and the secure electronic memory can only be sent from for example the receiving unit, the secure electronic memory or the apparatus according to the first aspect.
  • the wireline connection at least partially provided by the connecting means may be serial connection (e.g. according to the RS-232 standard], an Ethernet connection (according to any release of the IEEE-802.3 standard] and/or a Universal Serial Bus (USB] connection (e.g. according to any release of the USB standard].
  • a wireless connection at least partially provided by the connecting means may be a Wireless Local Area Network (WLAN] connection (e.g. according to the IEEE-802.11 standard family] or a Bluetooth connection (e.g. according to any release of the IEEE-802.15.1 standard].
  • WLAN Wireless Local Area Network
  • Bluetooth e.g. according to any release of the IEEE-802.15.1 standard.
  • the apparatus is further configured to: obtain an electronic message; process the obtained electronic message at least partially based on the electronic key stored in the secure electronic memory; and provide the processed electronic message.
  • the apparatus may obtain an electronic message, which has been communicated to the apparatus from another party and which may for example be encrypted to secure the electronic information against unauthorized access.
  • the other party and the apparatus may for example be connected to each other via a communication channel for exchanging electronic messages.
  • a communication channel may for example be understood as classical communication channel in contrast to a quantum communication channel over which for example the optical signal may be obtained at the receiving apparatus.
  • Processing e.g. encrypting or decrypting] the obtained electronic message may for example be based (e.g. require] the electronic key stored in the secure electronic memory.
  • the apparatus may for example be configured to decrypt the obtained electronic message using the electronic key stored in the secure electronic memory, wherein the electronic message may for example have been encrypted with the same electronic key by the party from which the electronic message is received at the apparatus. After for example decrypting the electronic message, the apparatus may provide (e.g. output] the decrypted electronic message.
  • this may enable the apparatus and the other party to securely communicate using electronic messages decrypted by the electronic key stored in the secure electronic memory.
  • the electronic key when encrypting or decrypting the electronic message to be communicated between the apparatus and the other party, the electronic key does not leave the secure electronic memory but remains in the secure electronic memory and thus remains secured by the security means of the apparatus.
  • the electronic key is included in the electronic key information and/or is determinable at least partially based on the electronic key information.
  • the electronic key information (e.g. one or more pieces of electronic key information] may for example be understood as information that represents an electronic key, which for example means that the electronic key is included (e.g. encoded in] in the electronic key information.
  • the electronic key information representing the electronic key may be understood to mean that the electronic key may be determinable at least partially based on the electronic key information. For example, this may imply that the electronic key is not included in the electronic key information and that to obtain the electronic key, determining the electronic key at least partially based on the electronic key information and potentially based on further information is required.
  • the electronic key information may be understood as initial electronic key or raw electronic key, based on which the electronic key (e.g. a final or an actual electronic key] that is stored in the secure electronic memory is determined.
  • an electronic key information may for example be represented by a random sequence of symbols (e.g. bits, numbers, letters or similar], which may for example be the electronic key represented by the electronic key information or based on which the electronic key may be determined.
  • the electronic key information needs to be processed in order to obtain the electronic key, which may for example comprise encoding or decoding the electronic key information (e.g. the random sequence of symbols representing the electronic key information] or selecting one or more parts of the electronic key information (e.g. of the random sequence of symbols representing the electronic key information].
  • determining the electronic key is based on the electronic key information, but also requires further information (e.g. further electronic key information, another electronic key, a password, another random sequence of symbols or similar].
  • the electronic key information further comprises information such as for example metadata regarding the transmission of the electronic key information.
  • the apparatus is further configured to: determine the electronic key at least partially based on the obtained electronic key information.
  • the apparatus may be configured to obtain the electronic key information from the receiving unit, afterwards determine the electronic key at least partially based on the obtained electronic key information, and subsequently store the electronic key in the secure electronic memory of the apparatus.
  • the electronic key information obtained from the receiving unit does not yet include the electronic key to be stored in the secure electronic memory and that to obtain the electronic key, determining the electronic key at least partially based on the electronic key information and potentially based on further information is required.
  • the action of determining the electronic key at least partially based on the electronic key information may be performed by the apparatus, which may for example imply that the action of determining the electronic key as well as the electronic key is secured by the security means of the apparatus.
  • the electronic key may then for example only be determined within the apparatus regardless of whether the receiving unit is separated from the apparatus or included in the apparatus. Accordingly, the electronic key may be determined and stored only inside the apparatus and thus secured by the security means of the apparatus.
  • the electronic key is determined at least partially based on the obtained electronic key information and on further electronic key information stored in the secure electronic memory.
  • the electronic key information obtained from the receiving unit does not yet include the electronic key to be stored in the secure electronic memory and that to obtain the electronic key, determining the electronic key at least partially based on the electronic key information and based on further electronic key information is required.
  • further electronic key information may for example be another electronic key, a password, another random sequences of symbols or similar.
  • the further electronic key information is stored in the secure electronic memory and has for example been stored therein before or after the electronic key information based on which the electronic key is to be determined is obtained from the receiving unit.
  • the electronic key may then for example only be determined within the apparatus and also be determined based the further electronic key information that is only stored in the secure electronic memory. This way, the security under which the electronic key is determined may be further improved.
  • the receiving unit comprises: measurement means for obtaining the optical signal; and control means for determining the electronic key information and/or the electronic key at least partially based on the optical signal.
  • measurement means including e.g. one or more optical components] of the receiving unit may be configured to obtain the optical signal, which may for example be understood to mean that the optical signal is received (e.g. observed or detected] by the measurement means, which then for example provide an electrical output to the control means (including e.g. one or more electrical components] for determining the electronic key information and/or the electronic key.
  • measurement means of the receiving unit may comprise one or more signal detectors that are configured to obtain (e.g. observe or detect] the optical signal.
  • the one or more signal detectors may for example be configured to obtain (e.g. observe or detect] at least one photon (e.g. a plurality of photons] of the optical signal.
  • a signal detector may be implemented as a photon detector (e.g. a single photon detector], which may be understood as an optically sensitive device that transforms a single photon into an electrical signal.
  • the electrical output of the photon detector may indicate the number of detection events within a certain time duration.
  • a photon detector may for example comprise an optical input for receiving the optical signal (e.g.
  • Non-limiting examples for a photon detector may be an InGaAs single photon avalanche photodiode and a superconducting nanowire single-photon detector.
  • the measurement means may for example further comprise a signal demodulation component for demodulating the optical signal obtained at the receiving unit.
  • the optical signal obtained at the receiving unit may pass the demodulation component before it may be guided to the one or more signal detectors.
  • the demodulation component may be given by an optical beam splitter, which splits the optical signal into two optical paths, wherein a first optical path ends at a first signal detector and a second optical path ends at a second signal detector.
  • the beam splitter may guide these single photons along the first optical path or second optical path depending on the quantum state of the respective photon (e.g. depending on the polarization or phase of the respective photon].
  • the combination of beam splitter and signal detectors may then for example allow for observing a plurality of photons and their respective quantum states.
  • the measurement means may for example be electronically connected to the control means of the receiving unit, which may be configured to determine the electronic key information and/or the electronic key at least partially based on the optical signal.
  • the control means may be configured to receive electrical output from the one or more signal detectors that indicate at which time a photon of a respective quantum state has been detected by the one or more signal detectors.
  • the optical signal obtained at the receiving unit comprises a sequence of a plurality of photons, each photon of the plurality of photons and its particular quantum state (e.g.
  • a particular polarization or phase of the photon] may be indicated by the electrical output signal of the one or more signal detectors.
  • the control means e.g. comprising one or more processing units such as a microprocessor and an electronic memory] may then for example determine a random sequence of symbols representing the electronic key information according to the respective quantum states of the sequence of the plurality of photons.
  • determining the electronic key information may at least partially follow one or more protocols for quantum key distribution systems (e.g. the BB84 protocol, the E91 protocol or the BBM92 protocol].
  • control means of the receiving unit may be configured to determine the electronic key information and may additionally or alternatively be configured to determine the electronic key that is represented by the electronic key information.
  • control means may for example be configured to process the determined electronic key information in order to obtain the electronic key, which may for example comprise encoding or decoding the electronic key information (e.g. the random sequence of symbols representing the electronic key information] or selecting one or more parts of the electronic key information (e.g. of the random sequence of symbols representing the electronic key information].
  • the receiving unit may comprise further means, such as for example connecting means for establishing an electronic connection to the apparatus according to the first aspect and/or to the secure electronic memory of the apparatus (e.g. conjunction with connecting means of the apparatus].
  • obtaining the optical signal comprises: observing at least one photon of the optical signal and a quantum state of the at least one photon, wherein the electronic key information and/or the electronic key is determined at least partially based on the observed quantum state of the at least one photon.
  • observing at least one photon e.g. a plurality of photons] of the optical signal and a quantum state of the at least one photon
  • the receiving unit may for example be configured to perform the observing and/or may comprise means (e.g. measurement means and control means] for the observing of at least one photon of the optical signal and a quantum state of the at least one photon.
  • the optical signal may comprise a plurality of photons (e.g. plurality of single photons or entangled photons], which successively arrive at the receiving unit (e.g. by travelling through free space or an optical fibre connected to the receiving unit].
  • the plurality of photons may be guided to a demodulation component (e.g. a beam splitter] that guide the plurality of photons along a first optical path ending at a first signal detector or a second optical path ending at a second signal detector.
  • a demodulation component e.g. a beam splitter
  • one or more photons of the plurality of photons that have a particular quantum state e.g.
  • polarization or phase may be guided along the first optical path and one or more photons of the plurality of photons that have another particular quantum state (e.g. a polarization or phase] may be guided along the second optical path.
  • a photon of a quantum state may for example depend on a measurement basis on which the respective photon is observed (wherein e.g. the measurement basis may be determined by the orientation of the beam splitter].
  • the first and second signal detector may for example observe (e.g. detect] the one or more photons of a particular quantum state after passing the demodulation component and output respective electrical signal indicating the one or more detection events to the control electronics.
  • a particular quantum state of a particular photon may then result in one of the two states of a bit (e.g. a horizontal or left diagonal polarisation results to "0” and vertical or right diagonal polarisation results to "1”].
  • observing the quantum states of each photon of the plurality of photons may for example yield a random sequence of bits according to the sequence in which the plurality of photons were observed.
  • the random sequence of bits may for example be understood as electronic key information, such that the electronic key information have been determined at least partially based on the observed respective quantum states of the plurality of photons.
  • the random sequence of bits as exemplary electronic key information determined at least partially based on the observed respective quantum states of the plurality of photons may also be the electronic key that is to be stored in the secure electronic memory.
  • random sequence of bits as exemplary electronic key information needs to be processed in order to obtain the electronic key, which may for example comprise encoding or decoding the random sequence of bits or selecting one or more parts of the random sequence of bits.
  • the electronic key may be determined by selecting those bits from the random sequence of bits that resulted from quantum states of photons that have been observed on a particular measurement basis (e.g. to obtain a sifted electronic key].
  • the electronic key may be determined by the receiving unit, while in other examples the electronic key may be determined by the apparatus according to the first aspect.
  • the apparatus may for example include (e.g. at least a part of) the receiving unit or may for example be separated from the receiving unit.
  • determining whether the optical signal, the electronic key information and/or the electronic key is compromised may for example be at least partially based on the quantum state of the at least one photon (e.g. the respective quantum states of the plurality of photons) of the obtained optical signal.
  • the optical signal, the electronic key information and/or the electronic key may be compromised by an eavesdropper intercepting the optical signal to gain knowledge of the electronic key information and/or the electronic key or by a man-in-the-middle attack to manipulate the distribution of the electronic key information and/or the electronic key.
  • an eavesdropper may change the quantum state and thus introduce anomalies detectable by the receiving unit and/or the apparatus.
  • determining whether the optical signal, the electronic key information and/or the electronic key is compromised may comprise checking the random sequence of symbols (e.g. bits, numbers, letter or similar) that represent the electronic key information that is determined at least partially based on the optical signal.
  • the random sequence of symbols could be compared to a further random sequence of symbols (which e.g. is received from another party that is supposed to have the same electronic key information as obtained at the apparatus according to the first aspect]. If for example the random sequence of symbols and the further random sequence of symbols differ from each other (e.g. differ to a certain degree that e.g.
  • the optical signal from which the electronic key information has been determined and/or the electronic key determined based on the electronic key information may also be determined to be compromised.
  • the electronic key is only determined at least partially based on the electronic key information if it has been determined that the electronic key information is not compromised.
  • the electronic key is only stored in the secure electronic memory, if it has been determined that the optical signal, the electronic key information and/or the electronic key is not compromised.
  • the security means are configured to prevent removing the electronic key from the electronic memory.
  • the security means of the apparatus may for example be physical and/or logical security means that may for example be configured to secure the apparatus and the secure electronic memory (e.g. processing and communication capabilities of the apparatus and the secure electronic memory] against physical attacks, such as mechanical or chemical penetration (e.g. into the housing of the apparatus].
  • the secure electronic memory may for example be understood as secure environment in which the reception of the electronic key terminates.
  • the security means comprise at least one of the following means: encryption means for encrypting the electronic key stored in the secure electronic memory; and/or erasure means for erasing the secure electronic memory; and/or detection means for detecting external attack against the apparatus; and/or protection means for physically protecting the apparatus.
  • physical security means are configured to secure the apparatus and the secure electronic memory (e.g. processing and communication capabilities of the apparatus and the secure electronic memory] against physical attacks, such as mechanical or chemical penetration (e.g. into the housing of the apparatus]. Further examples of physical attacks may comprise temperature manipulation or battery manipulation.
  • Logical security means are for example configured to secure the apparatus and the secure electronic memory against logical attacks, such as attacks against software components of the apparatus, which may for example include user identification and password access, authenticating, access rights and authority levels.
  • the security means may comprise encryption means for encrypting the electronic key stored in the secure electronic memory.
  • the security means may for example comprise an encryption engine that is configured to encrypt the electronic key upon storing the electronic key in the secure electronic memory (e.g. according to the advanced encryption standard, AES],
  • the encryption engine may for example be further configured to generate and/or obtain cryptographic keys that may be used for encrypting the electronic key (e.g. the encryption engine comprises one or more random number generators].
  • the encryption engine may for example be configured to perform further cryptographic functions to secure the integrity and/or authentication of the electronic key, such as for example verification of a message authentication code [MAC] or a digital signature usually done by a hashing algorithm.
  • the security means may for example comprise erasure means for erasing the secure electronic memory.
  • the security means may for example comprise an erasure circuit that is configured to erase all information including the electronic key stored in the secure electronic memory after an external attack against the apparatus has been detected (e.g. by detection means of the apparatus].
  • erasing may comprise overwriting all information stored in the secure electronic memory (e.g. by zeroes, random information or a combination thereof].
  • the security means may for example comprise detection means for detecting external attack against the apparatus.
  • the security means may for example comprise a detection circuit, one or more sensors (e.g. a temperature sensor, a light sensor, a sensor detecting movement and/or acceleration of the apparatus] and/or wiring that are configured to detect for example a mechanical and/or chemical penetration (e.g. into the housing of the apparatus] or for example a temperature and/or battery manipulation.
  • the apparatus e.g. the security means of the apparatus] may be configured to erase the secure electronic memory by means of the erasure circuit after an external attack against the apparatus has been detected by means of the detection circuit.
  • the security means may for example comprise protection means for physically protecting the apparatus.
  • the protection means may for example comprise a tamper respondent envelope (e.g. an enclosure] that protects the apparatus including its internal components (e.g. the secure electronic memory].
  • the protection means may provide further resistance to tampering in form of special screws used when assembling the apparatus.
  • tamper seals and/or tamper stickers may be used to detect unauthorized access to the apparatus.
  • security means of the apparatus according to the first aspect may also be used (e.g. in a modified form] as security means of the appliance server according to the second aspect.
  • the apparatus is a hardware security module.
  • a hardware security module may for example be understood as a device that safeguards and manages electronic keys, performs encryption and decryption, authentication and other cryptographic functions.
  • a hardware security module may comprise at least one secure crypto processor chip, one or more electronic memories including at least one secure electronic memory, security means and/or further components (e.g. one or more random number generators] as well as for example electronic connections and circuitry to connect the components of the hardware security module.
  • the apparatus may for example have the purpose of securely generating, storing and using sensitive information.
  • the apparatus may for example comprise functions that provide tamper evidence such as visible signs of tampering or logging and alerting, or tamper resistance which makes tampering difficult without making the apparatus inoperable, or tamper responsiveness such as deleting electronic keys upon tamper detection.
  • the apparatus according to the first aspect may be implemented as a plug-in card (e.g. a PCI card] or as an external device connected to for example a computer or a server.
  • the apparatus may comprise one or more communication interfaces such as for example an internal PCI interface or an external serial, Ethernet or Universal Serial Bus (USB] interface.
  • a hardware security module may be certified according to one or more standards or regulations, which for example include the European Union's General Data Protection Regulation, the PCI Data Security Standard, the Domain Name System Security Extensions, the FIPS 140-2 and/or similar.
  • the apparatus according to the first aspect further comprises at least a part of the receiving unit and the security means of the apparatus are further configured to secure at least the part of the receiving unit.
  • the receiving unit may comprise one or more means as described above.
  • apparatus comprising at least a part of the receiving unit may be understood to mean that the apparatus may for example comprises at least one of the one or more means of the receiving unit.
  • the at least one of the one or more means may then be located within the apparatus (e.g. mounted within the housing of the apparatus].
  • At least one or more means of the receiving unit that provide an electronic connection to the apparatus and/or to the secure electronic memory for transmitting the electronic key information and/or the electronic key may be included in the apparatus.
  • this may have the effect that the transmission of the electronic key information and/or the electronic from the receiving unit to the secure electronic memory may be secured by the security means of the apparatus.
  • the apparatus may comprise at least the control means of the receiving apparatus for determining the electronic key information and/or the electronic key.
  • the measurement means of the receiving unit for obtaining the optical signal for example may be or may be not included in the receiving apparatus.
  • this may have the advantage that, since at least the control means for determining the electronic key information and/or the electronic key may be included in the apparatus, the electronic key and/or the electronic key information may then for example only be determined within the apparatus, even if the receiving unit is not fully included in the apparatus. Accordingly, the electronic key may be determined and stored only inside the apparatus and thus secured by the security means of the apparatus.
  • the apparatus is further configured to: obtain additional electronic key information at least partially based on the electronic key stored in the secure electronic memory, wherein the additional electronic key information represents the electronic key; and provide the additional electronic key information to a sending unit, wherein an additional optical signal is generated at least partially based on the additional electronic key information and is transmitted at the sending unit.
  • the additional electronic key information may be equal to the electronic key information, while in other examples the additional electronic key information may represent the same electronic key as represented by the electronic key information.
  • the additional electronic key information represents the electronic key, this may for example be understood to mean that the electronic key is included (e.g. encoded in] in the additional electronic key information, while in other examples the electronic key may be determinable at least partially based on the additional electronic key information (e.g. this could mean that the electronic key is not included in the additional electronic key information].
  • the additional electronic key information may for example be represented by a random sequence of symbols (e.g. bits, numbers, letters or similar], which may for example be the electronic key represented by the additional electronic key information or based on which the electronic key may be determined.
  • obtaining the additional electronic key information at least partially based on the electronic key stored in the secure electronic memory may comprise determining the additional electronic key information at least partially based on the electronic key (and e.g. further information such as another electronic key, a password, another random sequences of symbols or similar].
  • Providing the additional electronic key information to the sending unit may for example be understood to mean that the additional electronic key information may be transmitted from the secure electronic memory of the apparatus according to the first aspect to the sending unit.
  • the connecting means of the apparatus may be used for (e.g. configured for] connecting the secure electronic memory with the sending unit, which may for example be understood to mean that an electronic connection between the secure electronic memory and the sending unit may be established such that information may be exchanged between the secure electronic memory and the sending unit (e.g. according to a specific communication standard].
  • the additional optical signal may comprise at least one photon (e.g. a plurality of photons] and may for example be understood as optical laser pulse (e.g. a weak laser pulse containing less than one photon per pulse on average] or as a sequence of laser pulses formed by the at least one photon (e.g. the plurality of photons].
  • the additional optical signal may for example also be understood as photon signal or photonic signal.
  • the optical signal may comprise at least one single photon (e.g. a plurality of single photons] and/or at least one entangled photon (e.g. a plurality of entangled photons].
  • the at least one photon may for example exhibit quantum mechanical characteristics, wherein examples of a quantum state of the at least one photon may be the polarization (e.g. right or left circular polarization or a superposition of the two] or the phase of the at least one photon.
  • a quantum state of the at least one photon may be the polarization (e.g. right or left circular polarization or a superposition of the two] or the phase of the at least one photon.
  • the sending unit may for example generate a plurality of photons of the additional optical signal, wherein the respective quantum states of the plurality of photons result from a particular symbol of a random sequence of symbols represented by the additional electronic key information.
  • the additional electronic key information represents a random sequence of bits
  • a bit state "1” may result to a vertical or right diagonal polarisation and a bit state "0” may result to a horizontal or left diagonal polarisation.
  • the additional optical signal may for example be generated at least partially based on the additional electronic key information representing the electronic key in a way such that when receiving the additional optical signal (e.g. at another apparatus according to the first aspect], the electronic key may be determined at least partially based on the additional optical signal following the actions described above.
  • the sending unit may for example comprise a signal source such as for example a laser source, a singlephoton source or an entangled-photon pair source for generating the additional optical signal and may further comprise for example a signal modulation component through which the additional optical signal passes after being generated by the signal source.
  • the sending unit may for example comprise control means for determining an electrical input signal at least partially based on the additional electronic key information, which may then be provided to the signal source for generating the additional optical signal.
  • the sending unit may be entirely included in the apparatus according to the first aspect. In other examples, at least a part (e.g. one or more means such as the signal source, the signal modulation and/or the control means] of the sending unit may be included in the apparatus according to the first aspect. In any case, the security means of the apparatus may then be configured to secure the sending unit, at least a part of the sending unit and/or for example the process of determining the additional electronic key information and/or generating the additional optical signal.
  • the security means of the apparatus may then be configured to secure the sending unit, at least a part of the sending unit and/or for example the process of determining the additional electronic key information and/or generating the additional optical signal.
  • the sending unit may be entirely included in the appliance server according to the second aspect.
  • at least a part e.g. one or more means such as the signal source, the signal modulation and/or the control means] of the sending unit may be included in the appliance server according to the second aspect.
  • the security means of the appliance server may then be configured to secure the sending unit, at least a part of the sending unit and/or for example the process of determining the additional electronic key information and/or generating the additional optical signal.
  • Transmitting the additional optical signal at the sending unit may for example be understood to mean that the additional optical signal may be transmitted via free space or via an optical fibre, which may for example be connected to the sending unit and a receiving unit of another apparatus according to the first aspect.
  • the additional optical signal and the at least one photon of the additional optical signal may travel through an additional quantum channel (e.g. via free space or via an optical fibre].
  • the electronic key that is obtained at the apparatus according to the first aspect and stored in the secure electronic memory may be securely forwarded to another recipient of the electronic key (e.g. another apparatus according to the first aspect].
  • the apparatus according to the first aspect may then for example serve as a forwarding apparatus that securely obtains the electronic key, stores the electronic key in the secure electronic memory and then further transmits the electronic key to another recipient. During this process of forwarding the electronic key, the electronic key may for example remain secured by the security means of the apparatus against unauthorized access.
  • the disclosure of a method step shall also be considered as a disclosure of means for performing the respective method step.
  • the disclosure of means for performing a method step shall also be considered as a disclosure of the method step itself.
  • Fig. 1 is a schematic illustration of an exemplary embodiment according to the various aspects of the present disclosure
  • FIGs. 2a to 2c are respective block diagrams illustrating exemplary embodiments of an apparatus according to the first aspect of the present disclosure
  • FIGs. 3a to 3c are respective block diagrams illustrating further exemplary embodiments of an appliance server according to the second aspect of the present disclosure
  • Fig. 4 is a schematic illustration of an exemplary embodiment of an apparatus according to the first aspect of the present disclosure
  • Fig. 5a is a schematic illustration of an exemplary embodiment of a receiving unit according to various aspects of the present disclosure
  • Fig. 5b is a schematic illustration of an exemplary embodiment of a sending unit according to various aspects of the present disclosure
  • Fig. 6 is a block diagram of an exemplary embodiment of an apparatus according to various aspects of the present disclosure.
  • Fig. 7 is a flow chart illustrating an exemplary embodiment of a method according to the fourth aspect of the present disclosure.
  • Fig. 8 is a schematic illustration of examples of tangible and non-transitory computer-readable storage media.
  • Fig. 1 is a schematic illustration of an exemplary embodiment according to the various aspects of the present disclosure. Without limiting the scope of the present disclosure, it may be assumed that Fig. 1 illustrates an exemplary embodiment of a system 100 according to the third aspect of the present disclosure.
  • system 100 may for example comprise one party Alice and another party Bob that want to exchange one or more electronic messages via a secure communication channel 140 between them.
  • the one or more electronic messages exchanged between Alice and Bob may be encrypted by an electronic key, which needs to be available at both parties to decrypt the exchanged one or more electronic messages.
  • Alice and Bob may for example both operate respective apparatuses 110 and 120 according to the first aspect of the present disclosure, at which the electronic key is securely obtained by respective receiving units 111, 121 and stored in respective secure electronic memories 112, 122.
  • the electronic key required for secure communication between Alice and Bob may be distributed by a satellite 130, which may for example transmit an optical signal comprising a plurality of photons of respective quantum states via a quantum channel 131 to apparatus 110 operated by Alice and further transmits an optical signal comprising a plurality of photons of respective quantum states via another quantum channel 132 to apparatus 120 operated by Bob.
  • a satellite 130 may for example transmit an optical signal comprising a plurality of photons of respective quantum states via a quantum channel 131 to apparatus 110 operated by Alice and further transmits an optical signal comprising a plurality of photons of respective quantum states via another quantum channel 132 to apparatus 120 operated by Bob.
  • the optical signal transmitted by satellite 130 may be received at receiving unit 111.
  • Receiving unit 111 may be configured to determine electronic key information representing an electronic key, at least partially based on the optical signal.
  • the electronic key information may include an electronic key or the electronic key may be determinable at least partially based on the electronic key information (e.g. this could mean that the electronic key is not included in the electronic key information].
  • the electronic key information determined at receiving unit 111 may be obtained by apparatus 110, wherein receiving unit 111 and secure electronic memory 112 may be connected by connecting means of apparatus 110 that may provide a secured wireline and/or wireless connection between secure electronic memory 112 and receiving unit 111. It is to be understood that receiving unit 111 may be included in apparatus 110 according to the exemplary embodiment as illustrated in Fig. 1, while in other examples only a part of receiving unit 111 may be included in apparatus 110 or receiving unit 111 may be separated from apparatus 110.
  • apparatus 110 may be further configured to determine at least partially based on the obtained electronic key information the electronic key, which may then be stored in secure electronic memory 112.
  • apparatus 120 may comprise receiving unit 121 and the secure electronic memory 122, wherein the optical signal transmitted by satellite 130 may be received at receiving unit 121. Further, electronic key information representing an electronic key may then be determined by receiving unit 121 at least partially based on the optical signal. Apparatus 120 is further configured to determine the electronic key at least partially based on the electronic key information and to store the electronic key in secure electronic memory 122. The electronic key may then be stored at both secure electronic memories 112, 122 and be available for encrypting and/or decrypting electronic message exchanged between Bob any Alice.
  • Figs. 2a to 2c are respective block diagrams illustrating exemplary embodiments of an apparatus 210, 220, 230 according to the first aspect of the present disclosure.
  • apparatus 210, 220, 230 is a hardware security module comprising a secure electronic memory 212, 222, 232 for storing an electronic key and further comprising security means (e.g. physical and/or logical security means, not shown in Figs. 2a to 2c] configured to secure apparatus 210, 220, 230 and secure electronic memory 212, 222, 232.
  • security means e.g. physical and/or logical security means, not shown in Figs. 2a to 2c
  • hardware security module 210 may comprise receiving unit 211, which may for example be understood to mean that receiving unit 211 may be located within hardware security module 210 (e.g. mounted within the housing of hardware security module 210], Receiving unit 211 may then be electronically connected to secure electronic memory 212 by connecting means 213 of hardware security module 210, such that electronic key information may be transmitted from receiving unit 211 to secure electronic memory 212.
  • connecting means 213 may be understood as internal connecting means within hardware security module 210.
  • the security means of hardware security module 210 are further configured to secure receiving unit 211 included in hardware security module 210. Accordingly, receiving the optical signal, determining the electronic key information and/or the electronic key and storing the electronic key is secured by the security means of hardware security module 210.
  • hardware security module 220 may comprise atleast a part of receiving unit 221, which may for example be understood to mean that atleast a part of receiving unit 221 may be located within hardware security module 220 (e.g. mounted within the housing of hardware security module 220], Receiving unit 221 may then be electronically connected to secure electronic memory 222 by connecting means 223 of hardware security module 220, such that electronic key information may be transmitted from receiving unit 221 to secure electronic memory 222.
  • connecting means 223 may be understood as internal connecting means within hardware security module 220.
  • the security means of hardware security module 220 are further configured to secure at least the part of receiving unit 221 that is included in hardware security module 220.
  • receiving unit 221 may comprise measurement means for obtaining an optical signal and controls means for determining the electronic key information and/or the electronic key at least partially based on the optical signal.
  • at least the control means of receiving unit 221 may be included in hardware security module 220. Accordingly, the electronic key and/or the electronic key information may then for example only be determined within hardware security module 220, even if receiving unit 221 is not fully included in hardware security module 220. Accordingly, the electronic key may be determined and stored only inside hardware security module 220 and thus secured by the security means of hardware security module 220.
  • hardware security module 230 may be separated from receiving unit 231.
  • connecting means 233 of hardware security module 230 may for example provide an internal connection within hardware security module 230 from secure electronic memory 232 to an output (e.g. a connector or port] on the housing of hardware security module 230, which output may then be used to connect hardware security module 230 to receiving unit 231 as peripheral device by further connecting means.
  • the electronic connection between receiving unit 231 and secure electronic memory 232 as provided at least partially by connecting means 233 of hardware security module 230 is to be understood as secured electronic connection, such that information (e.g. electronic key information] exchanged via the electronic connection is protected against unauthorized access (e.g.
  • FIGs. 3a to 3c are respective block diagrams illustrating further exemplary embodiments of an appliance server 340, 350, 360 according to the second aspect of the present disclosure.
  • appliance servers 340, 350, 360 are appliance servers comprising respective hardware security modules 310, 320, 330 as apparatuses according to the first aspect of the present disclosure, respective receiving units 311, 321, 331 and respective connecting means 313, 323, 333 of hardware security modules 310, 320, 330.
  • appliance servers 340, 350, 360 comprise security means (e.g. physical and/or logical security means, not shown in Figs. 3a to 3c] configured to secure the respective hardware security modules 310, 320, 330 and at least the part of respective receiving units 311, 321, 331 included in appliance servers 340, 350, 360.
  • security means e.g. physical and/or logical security means, not shown in Figs. 3a to 3c
  • appliance server 340 comprises hardware security module 310, which may for example be understood to mean that hardware security module 310 may be located within appliance server 340 (e.g. mounted within the housing of appliance server 340], For example, hardware security module 310 may be given by hardware security module 210 as described above according to Fig. 2a.
  • appliance server 340 includes hardware security module 310, which includes receiving unit 311, secure electronic memory 312 and connecting means 313 of hardware security module 310.
  • the security means of appliance server 340 may ensure that receiving unit 311 and hardware security module 310 may communicate and exchange information (e.g. electronic key information] in a secure manner.
  • receiving the electronic key at the receiving unit 311 as well as storing the electronic key is additionally secured by the security means of appliance server 340.
  • receiving unit 311 may only partly be included in hardware security module 310 (e.g. as described above according to Fig. 2b for hardware security module 220],
  • appliance server 350 comprises hardware security module 320, which may for example be understood to mean that hardware security module 320 may be located within appliance server 350 (e.g. mounted within the housing of appliance server 350], For example, hardware security module 320 may be given by hardware security module 230 as described above according to Fig. 2c.
  • hardware security module 320 includes secure electronic memory 322 and connecting means 323 of hardware security module 320.
  • appliance server 350 may include receiving unit 321, which may be separated from hardware security module 320.
  • the electronic connection between receiving unit 321 and secure electronic memory 322 as provided at least partially by connecting means 323 of hardware security module 320 is to be understood as secured electronic connection.
  • the security means of appliance server 350 may ensure that receiving unit 321 and hardware security module 320 may communicate and exchange information (e.g. electronic key information] in an additionally secured manner.
  • receiving the electronic key at the receiving unit 321 as well as storing the electronic key is additionally secured by the security means of appliance server 350.
  • appliance server 360 may comprise hardware security module 330 in a manner similar to appliance server 350 comprising hardware security module 320. However, as a difference towards appliance server 350 fully including receiving unit 321, appliance server 360 comprises only a part of receiving unit 331.
  • receiving unit 331 may comprise measurement means for obtaining an optical signal and controls means for determining the electronic key information and/or the electronic key at least partially based on the optical signal.
  • at least the control means of receiving unit 331 may be included in appliance server 360 (e.g. by being mounted within the housing of appliance server 360], Accordingly, the electronic key and/or the electronic key information may then for example only be determined within appliance server 360, even if receiving unit 331 is not fully included in appliance server 360. Accordingly, the electronic key may be determined and stored only inside appliance server 360 and thus additionally secured by the security means of appliance server 360.
  • receiving unit 331 may be separated from appliance server 360.
  • the electronic connection between receiving unit 331 and secure electronic memory 332 as provided at least partially by connecting means 333 of hardware security module 330 is to be understood as secured electronic connection, such that information (e.g. electronic key information] exchanged via the electronic connection is protected against unauthorized access (e.g. against eavesdropping the electronic key information exchanged between receiving unit 331 and secure electronic memory 332],
  • Fig. 4 is a schematic illustration of an exemplary embodiment of an apparatus 400 according to the first aspect of the present disclosure.
  • apparatus 400 is a hardware security module, which may for example be understood as a device that safeguards and manages electronic keys, performs encryption and decryption, authentication and other cryptographic functions.
  • hardware security module 400 may comprise at least one secure crypto processor chip on a processor board 420, one or more electronic memories including at least one secure electronic memory 460, security means 410, 430, 440, 450 and further components (e.g. one or more random number generators] as well as for example electronic connections and circuitry to connect the components of the hardware security module 400.
  • the security means of hardware security module 400 may comprise encryption means for encrypting the electronic key stored in the secure electronic memory.
  • the security means may for example comprise encryption engine 450 that is configured to encrypt the electronic key upon storing the electronic key in secure electronic memory 460 (e.g. according to the advanced encryption standard, AES],
  • encryption engine 450 may for example be further configured to generate and/or obtain cryptographic keys that may be used for encrypting the electronic key (e.g. encryption engine 450 comprises one or more random number generators].
  • encryption engine 450 may for example be configured to perform further cryptographic functions to secure the integrity and/or authentication of the electronic key, such as for example verification of a message authentication code [MAC] or a digital signature usually done by a hashing algorithm.
  • the security means of hardware security module 400 may further comprise erasure means for erasing secure electronic memory 460.
  • the security means may for example comprise erasure circuit 440 that is configured to erase all information including the electronic key stored in secure electronic memory 460 after an external attack against hardware security module 400 has been detected (e.g. by detection means of hardware security module 400],
  • erasing may comprise overwriting all information stored in secure electronic memory 460 (e.g. by zeroes, random information or a combination thereof].
  • the security means of hardware security module 400 may further comprise detection means for detecting external attack against hardware security module 400.
  • the security means may for example comprise detection circuit 430, one or more sensors (e.g. a temperature sensor, a light sensor, a sensor detecting movement and/or acceleration of the apparatus] and/or wiring that are configured to detect for example a mechanical and/or chemical penetration (e.g. into the housing of hardware security module 400] or for example a temperature and/or battery manipulation.
  • hardware security module 400 may be configured to erase secure electronic memory 460 by means of erasure circuit 440 after an external attack against hardware security module 400 has been detected by means of detection circuit 430.
  • the security means of hardware security module 400 may further comprise protection means for physically protecting hardware security module 400.
  • the protection means may for example comprise tamper respondent envelope 410 (e.g. an enclosure] that protects hardware security module 400 including its internal components (e.g. secure electronic memory 460],
  • the protection means may provide further resistance to tampering in form of special screws used when assembling hardware security module 400.
  • tamper seals and/or tamper stickers may be used to detect unauthorized access to hardware security module 400.
  • the security means of hardware security module 400 may be configured to secure the hardware security module 400 and secure electronic memory 460, but that the security means may further be configured to secure at least a part of a receiving unit (e.g. as described below according to Fig. 5a] and/or atleast a part of a sending unit (e.g. as described below according to Fig. 5b] included hardware security module 400.
  • at least a part of the receiving unit and/or the sending unit secured by the security means of hardware security module 400 may be mounted within the housing of hardware security module 400 (e.g. within the tamper respondent envelope 410 of hardware security module 400],
  • Fig. 5a is a schematic illustration of an exemplary embodiment of a receiving unit 500 according to various aspects of the present disclosure.
  • receiving unit 500 may be understood as exemplary embodiment of receiving unit 111, 121 in system 100 according to Fig. 1 and/or receiving unit 211, 221, 231, 311, 321, 331 according to Figs. 2a to 2c and Figs. 3a to 3c.
  • measurement means of receiving unit 500 may comprise one or more signal detectors 510 that are configured to obtain (e.g. observe or detect] the optical signal.
  • the one or more signal detectors may for example be configured to obtain (e.g. observe or detect] at least one photon (e.g. a plurality of photons] of the optical signal travelling through quantum channel 520 (e.g. in free space or via an optical fibre].
  • a signal detector 510 may be implemented as a photon detector (e.g. a single photon detector], which may be understood as an optically sensitive device that transforms a single photon into an electrical signal.
  • the measurement means of receiving unit 500 may for example further comprise a signal demodulation component 505 for demodulating the optical signal obtained at receiving unit 500.
  • the optical signal obtained at receiving unit 500 may pass the demodulation component 505 before it may be guided to the two signal detectors 510.
  • the demodulation component 505 may be given by an optical beam splitter, which splits the optical signal into two optical paths 525, 530, wherein a first optical path 525 ends at a first signal detector 510 and second optical path 530 ends at a second signal detector 510.
  • the beam splitter may guide these single photons along the first optical path 525 or second optical path 530 depending on the quantum state of the respective photon (e.g. depending on the polarization or phase of the respective photon].
  • the combination of beam splitter 505 and signal detectors 510 may then for example allow for observing a plurality of photons and their respective quantum states.
  • the measurement means (e.g. beam splitter 505 and one or more signal detectors 510] may for example be electronically connected to the control means 515 of receiving unit 500, which may be configured to determine the electronic key information and/or the electronic key at least partially based on the optical signal.
  • control means 515 may be configured to receive electrical output signals from the two signal detectors 510 that indicate at which time a photon of a respective quantum state has been detected by signal detectors 510.
  • the optical signal obtained at receiving unit 500 comprises a sequence of a plurality of photons, each photon of the plurality of photons and its particular quantum state (e.g.
  • Control means 515 e.g. comprising one or more processing units such as a microprocessor and an electronic memory] may then for example determine a random sequence of symbols representing the electronic key information according to the respective quantum states of the sequence of the plurality of photons.
  • determining the electronic key information may at least partially follow one or more protocols for quantum key distribution systems (e.g. the BB84 protocol, the E91 protocol or the BBM92 protocol].
  • Fig. 5b is a schematic illustration of an exemplary embodiment of a sending unit 550 according to various aspects of the present disclosure.
  • a part of sending unit 550 may be included in apparatus 110, 120 of system 100 according to Fig. 1 or included in hardware security modules 210, 220, 230, 310, 320, 330 according to Figs. 2a to 2c and Figs. 3a to 3c.
  • at least a part of sending unit 550 may be included in appliance servers 340, 350, 360 according to Figs. 3a to 3c.
  • sending unit 550 may for example generate a plurality of photons of the additional optical signal.
  • sending unit 550 may for example comprise signal source 555 such as for example a laser source, a single-photon source or an entangled-photon pair source for generating the additional optical signal and may further comprise signal modulation component 560 through which the additional optical signal passes after being generated by signal source 555.
  • sending unit 550 may for example comprise control means 565 for determining an electrical input signal at least partially based on the additional electronic key information, which may then be provided to signal source 555 for generating the additional optical signal.
  • the additional optical signal and the at least one photon of the additional optical signal may travel through an additional quantum channel 570 (e.g. in free space or via an optical fibre].
  • Fig. 6 is a block diagram of an exemplary embodiment of apparatus 600 according to various aspects of the present disclosure.
  • apparatus 600 may be understood as apparatus according to the first aspect of the present disclosure (e.g. apparatus 110, 120 of system 100 according to Fig. 1 or hardware security modules 210, 220, 230, 310, 320, 330 according to Figs. 2a to 2c and Figs. 3a to 3c] or as appliance server according to the second aspect of the present disclosure (e.g. appliance server 340, 350, 360 according to Figs. 3a to 3c], As such, apparatus 600 may for example be configured to perform the actions 710 and 720 of flow chart 700 illustrated in Fig. 7.
  • Apparatus 600 may for example comprise a processor 601 which may represent a single processor or two or more processors (which e.g. are at least partially coupled, e.g. via a bus].
  • Processor 601 may execute a program code stored in program memory 602 (e.g. program code causing apparatus 600 to perform embodiments according to the present disclosure or parts thereof] and interfaces with a main memory 603.
  • Program memory 602 may also comprise an operating system (e.g. a Linux-based operating system] for processor 601. Some or all of memories 602 and 603 may also be included into processor 601.
  • processor 601 may control one or more communication interface(s] 604 which may for example be configured to communicate with further apparatuses such as for example a receiving unit (e.g. receiving unit 500 according to Fig. 5a] and/or a sending unit (e.g. sending unit 550 according to Fig. 5b],
  • the one or more communication interface(s] 604 may provide one or more wireline and/or wireless connections.
  • a wireline connection may be serial connection (e.g. according to the RS-232 standard], an Ethernet connection (according to any release of the IEEE- 802.3 standard] and/or a Universal Serial Bus (USB] connection (e.g. according to any release of the USB standard].
  • Non-limiting examples for a wireless connection may be a Wireless Local Area Network (WLAN] connection (e.g. according to the IEEE-802.11 standard family] or a Bluetooth connection (e.g. according to any release of the IEEE-802.15.1 standard].
  • WLAN Wireless Local Area Network
  • Bluetooth e.g. according to any release of the
  • apparatus 600 may comprise various other components not shown in Fig. 6, which may for example include a secure electronic memory (e.g. secure electronic memory 460 according to Fig. 4], security means (e.g. security means 410, 430, 440, 450 according to Fig. 4], at least a part of a receiving unit (e.g. of receiving unit 500 according to Fig. 5a] and/or atleast a part of a sending unit (e.g. of sending unit 550 according to Fig. 5b],
  • a secure electronic memory e.g. secure electronic memory 460 according to Fig. 4
  • security means e.g. security means 410, 430, 440, 450 according to Fig. 4
  • at least a part of a receiving unit e.g. of receiving unit 500 according to Fig. 5a] and/or atleast a part of a sending unit (e.g. of sending unit 550 according to Fig. 5b]
  • Fig. 7 is a flow chart 700 illustrating an exemplary embodiment of a method according to the fourth aspect of the present disclosure. It may for example be assumed that the actions of flow chart 700 are performed and/or controlled by an apparatus according to the first aspect of the present disclosure (e.g. apparatus 110, 120 of system 100 according to Fig. 1 or hardware security module 210, 220, 230, 310, 320, 330 according to Figs. 2a to 2c and Figs. 3a to 3c] or by an appliance server according to the second aspect of the present disclosure (e.g. appliance server 340, 350, 360 according to Figs. 3a to 3c],
  • an apparatus according to the first aspect of the present disclosure e.g. apparatus 110, 120 of system 100 according to Fig. 1 or hardware security module 210, 220, 230, 310, 320, 330 according to Figs. 2a to 2c and Figs. 3a to 3c
  • an appliance server according to the second aspect of the present disclosure e.g. appliance
  • an optical signal comprising a plurality of photons (e.g. a plurality of entangled photons] may be obtained at receiving unit 111.
  • obtaining the optical signal may comprise observing the plurality of photons of the optical signal and respective quantum states of each photon of the plurality of photons.
  • the photons of the plurality of photons arrive successively at receiving unit 111 (e.g. by travelling through free space or an optical fibre connected to receiving unit 111] after being transmitted by satellite 130.
  • a particular quantum state of a particular photon may result in one of the two states of a bit (e.g. a horizontal or left diagonal polarisation results to "0” and vertical or right diagonal polarisation results to "1”].
  • Observing the quantum state of each photon of the plurality of photons may for example yield a random sequence of bits according to the sequence in which the plurality of photons was observed.
  • the random sequence of bits may for example be understood as electronic key information, such that the electronic key information have been determined at least partially based on the observed respective quantum states of the plurality of photons.
  • the electronic key information is determined by control of receiving unit 111.
  • receiving unit 111 may be included in apparatus 110, or at least partly included in apparatus 110, or separated from apparatus 110.
  • obtaining electronic key information in action 710 may comprise transmitting the electronic key information from receiving unit 111 to apparatus 110.
  • the electronic key information obtained in action 710 represents the electronic key to be stored in secure electronic memory 112.
  • this random sequence of bits may be the electronic key.
  • the electronic key may be determined at least partially based on the random sequence of bits, which may for example comprise encoding or decoding the random sequence of bits or selecting one or more parts of the random sequence of bits.
  • the electronic key is stored in a secure electronic memory included in an apparatus, wherein the apparatus and the secure electronic memory is secured by security means of the apparatus.
  • apparatus 110 may perform determining the electronic key at least partially based on the electronic key information obtained in action 710.
  • determining the electronic key may further be based on further electronic key information stored in secure electronic memory 112.
  • the electronic key information representing the electronic key is securely determined based on obtaining the optical signal in action 710 and afterwards stored in secure electronic memory 112 in action 720, which allows for a comprehensive protection of the electronic key against unauthorized access.
  • the electronic key information is determined based on the optical signal obtained at receiving unit 111, wherein apparatus 110 and/or receiving unit 111 may determine whether the optical signal, the electronic key information and/or the electronic key may be compromised.
  • apparatus 110 does not have to simply trust that the electronic key is not compromised (and e.g. generated based on a truly randomly generated number], because it may check the integrity of the optical signal (e.g. based on the quantum state of at least one photon of the optical signal], the electronic key information and/or the electronic key already upon reception.
  • the reception of the electronic key directly terminates in a secure environment provided by apparatus 110 and secure electronic memory 112, which are secured by security means of apparatus 110.
  • the electronic key may be used for encrypting and/or decrypting electronic message exchanged between Bob and Alice.
  • apparatus 110 may serve as a forwarding apparatus that securely obtains the electronic key in action 710, stores the electronic key in the secure electronic memory in action 720 and then further transmits the electronic key to another recipient.
  • Fig. 8 is a schematic illustration of examples of tangible and non-transitory computer-readable storage media according to the present disclosure that may for example be used to implement memory 602 of Fig. 6.
  • Fig. 8 displays a flash memory 800, which may for example be soldered or bonded to a printed circuit board, a solid-state drive 801 comprising a plurality of memory chips (e.g. Flash memory chips], a magnetic hard drive 802, a Secure Digital (SD] card 803, a Universal Serial Bus (USB] memory stick 804, an optical storage medium 805 (such as for example a CD-ROM or DVD] and a magnetic storage medium 806.
  • a flash memory 800 which may for example be soldered or bonded to a printed circuit board
  • solid-state drive 801 comprising a plurality of memory chips (e.g. Flash memory chips], a magnetic hard drive 802, a Secure Digital (SD] card 803, a Universal Serial Bus (USB] memory stick 804, an optical storage medium 805 (such as for example a CD-ROM or
  • connection in the described embodiments is to be understood in a way that the involved components are operationally coupled.
  • connections can be direct or indirect with any number or combination of intervening elements, and there may be merely a functional relationship between the components.
  • Any of the processors mentioned in this text, in particular but not limited to processor could be a processor of any suitable type.
  • Any processor may comprise but is not limited to one or more microprocessors, one or more processor(s] with accompanying digital signal processor(s], one or more processor(s] without accompanying digital signal processor(s], one or more special-purpose computer chips, one or more field-programmable gate arrays (FPGAS], one or more controllers, one or more application-specific integrated circuits [ASICS], or one or more computers].
  • FPGAS field-programmable gate arrays
  • ASICS application-specific integrated circuits
  • any of the actions or steps described or illustrated herein may be implemented using executable instructions in a general-purpose or special-purpose processor and stored on a computer- readable storage medium [e.g., disk, memory, or the like] to be executed by such a processor.
  • a computer- readable storage medium e.g., disk, memory, or the like
  • References to ‘computer-readable storage medium’ should be understood to encompass specialized circuits such as FPGAs, ASICs, signal processing devices, and other devices.
  • any of the actions described or illustrated herein may be implemented using executable instructions in a general-purpose or special-purpose processor and stored on a computer-readable storage medium [e.g., disk, memory, or the like] to be executed by such a processor.
  • a computer-readable storage medium e.g., disk, memory, or the like
  • References to ‘computer-readable storage medium’ should be understood to encompass specialized circuits such as FPGAs, ASICs, signal processing devices, and other devices.
  • A, or B, or C, or a combination thereof’ or "at least one of A, B and C” may be understood to be not exhaustive and to include at least the following: [i] A, or [ii] B, or [hi] C, or [iv] A and B, or [v] A and C, or [vi] B and C, or [vii] A and B and C.
  • Exemplary embodiment 1 is a diagrammatic representation of Exemplary embodiment 1:
  • An apparatus for securely obtaining an electronic key comprising: a secure electronic memory; security means configured to secure the apparatus and the secure electronic memory; and connecting means for connecting the secure electronic memory with a receiving unit, wherein the apparatus is configured to: obtain electronic key information from the receiving unit, wherein the electronic key information is determined at least partially based on an optical signal obtained at the receiving unit and wherein the electronic key information represents the electronic key; and store the electronic key in the secure electronic memory.
  • connection means are configured to provide a secured wireline and/or wireless connection between the secure electronic memory and the receiving unit.
  • the apparatus is further configured to: obtain an electronic message; process the obtained electronic message at least partially based on the electronic key stored in the secure electronic memory ; and provide the processed electronic message.
  • the electronic key is included in the electronic key information and/or is determinable at least partially based on the electronic key information.
  • the apparatus is further configured to: determine the electronic key at least partially based on the obtained electronic key information.
  • the electronic key is determined at least partially based on the obtained electronic key information and on further electronic key information stored in the secure electronic memory.
  • the receiving unit comprises: measurement means for obtaining the optical signal; and control means for determining the electronic key information and/or the electronic key at least partially based on the optical signal.
  • obtaining the optical signal comprises: observing at least one photon of the optical signal and a quantum state of the at least one photon, wherein the electronic key information and/or the electronic key is determined at least partially based on the observed quantum state of the at least one photon.
  • the apparatus and/or the receiving unit is further configured to determine whether the optical signal, the electronic key information and/or the electronic key is compromised.
  • the security means are configured to prevent removing the electronic key from the secure electronic memory.
  • the security means comprise at least one of the following means: encryption means for encrypting the electronic key stored in the secure electronic memory ; and/or erasure means for erasing the secure electronic memory ; and/or detection means for detecting external attack against the apparatus; and/or protection means for physically protecting the apparatus.
  • the apparatus is a hardware security module.
  • the apparatus further comprises atleast a part of the receiving unit and wherein the security means of the apparatus are further configured to secure at least the part of the receiving unit.
  • the apparatus is further configured to: obtain additional electronic key information at least partially based on the electronic key stored in the secure electronic memory, wherein the additional electronic key information represents the electronic key; and provide the additional electronic key information to a sending unit, wherein an additional optical signal is generated at least partially based on the additional electronic key information and is transmitted at the sending unit.
  • An appliance server comprising: the apparatus according to any of the preceding embodiments; at least a part of the receiving unit; and security means configured to secure the apparatus and at least the part of receiving unit.
  • a system comprising: the apparatus according to any of the embodiments 1 to 14; and the receiving unit.
  • a method for securely obtaining an electronic key comprises: obtaining electronic key information, wherein the electronic key information is determined at least partially based on an optical signal received at a receiving unit and wherein the electronic key information represents the electronic key; and storing the electronic key in a secure electronic memory included in an apparatus, wherein the apparatus and the secure electronic memory is secured by security means of the apparatus.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed is inter alia an apparatus for securely obtaining an electronic key, wherein the apparatus comprises: - a secure electronic memory; - security means configured to secure the apparatus and the secure electronic memory; and - connecting means for connecting the secure electronic memory with a receiving unit, wherein the apparatus is configured to: - obtain electronic key information from the receiving unit, wherein the electronic key information is determined at least partially based on an optical signal obtained at the receiving unit and wherein the electronic key information represents the electronic key; and - store the electronic key in the secure electronic memory, wherein the apparatus further comprises at least a part of the receiving unit and wherein the security means of the apparatus are further configured to secure at least the part of the receiving unit.

Description

Securely obtaining an electronic key
TECHNICAL FIELD
Various exemplary embodiments according to the present disclosure relate to obtaining electronic key information and storing an electronic key in a secure electronic memory. Specifically, various exemplary embodiments according to the present disclosure relate to obtaining electronic key information, wherein the electronic key information is determined at least partially based on an optical signal and wherein the electronic key is determined at least partially based on the electronic key information. However, it is to be understood that the presentation of various exemplary embodiments in the following is merely by way of examples and is not to be construed as limitations on the scope of the present disclosure.
BACKGROUND
In high security areas such as for example banking, utilities or government sectors, cryptographic keys are used to keep electronic information secret from unauthorized parties. Algorithms for generating such cryptographic keys may rely on random number generators, which are for example implemented as software-based random number generators or physical random number generators (e.g. by using physical properties such as radioactive decay]. In some examples, these random number generators may be security-certified to prevent that unauthorized parties may derive the generated cryptographic keys. Nevertheless, there remains the drawback that the security of a process (e.g. a communication between two parties] using the generated cryptographic key relies on trusting that the generated cryptographic key is generated based on a truly randomly generated number, which is not compromised.
SUMMARY OF SOME EXEMPLARY EMBODIMENTS
Various example embodiments according to the present disclosure may have the effect of obtaining electronic key information representing an electronic key in a secure manner and storing the electronic key in a secure electronic memory to prevent the electronic key from being compromised.
According to a first aspect of the present disclosure, an apparatus for securely obtaining an electronic key is disclosed, wherein the apparatus comprises: a secure electronic memory; security means configured to secure the apparatus and the secure electronic memory; and connecting means for connecting the secure electronic memory with a receiving unit, wherein the apparatus is configured to: obtain electronic key information from the receiving unit, wherein the electronic key information is determined at least partially based on an optical signal obtained at the receiving unit and wherein the electronic key information represents the electronic key; and store the electronic key in the secure electronic memory.
For example, the apparatus according to the first aspect may be configured to perform and/or control or may comprise respective means for performing and/or controlling the steps disclosed according to the first aspect. Such means of the apparatus can for example be implemented in hardware and/or software. They may comprise for example at least one processor for executing computer program code for performing the required functions, at least one memory storing the program code, or both. Alternatively, they could comprise for example circuitry that is designed to implement the required functions, for example implemented in a chipset or a chip, like an integrated circuit. In general, the means may comprise for example one or more processing means or processors. In particular, the apparatus according to the first aspect comprises a secure electronic memory, security means configured to secure the apparatus and the secure electronic memory and connecting means for connecting the secure electronic memory with a receiving unit as further described below.
According to another aspect of the present disclosure, an apparatus is disclosed, comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus, for example the apparatus according to the first aspect, at least to perform and/or to control the actions according to the first aspect.
For example, the apparatus according to the first aspect is a hardware security module. A hardware security module may for example be understood as a device that safeguards and manages electronic keys, performs encryption and decryption, authentication and other cryptographic functions. In some examples, a hardware security module may be denoted by different terms such as hardware cryptographic device, secure application module, secure cryptographic device, tamper resistant security module or similar.
According to a second aspect of the present disclosure, an appliance server is disclosed, wherein the appliance server comprises: the apparatus according to the first aspect; at least a part of the receiving unit; and security means configured to secure the apparatus and at least the part of receiving unit. In a general example, the appliance server (e.g. a hardware security module appliance server] according to the second aspect may be understood as a server that may be configured to perform and/or control or may comprise respective means for performing and/or controlling the steps disclosed according to the various aspects of the present disclosure. Such means of the appliance server may for example be implemented in hardware and/or software. They may comprise for example at least one processor for executing computer program code for performing the required functions, at least one memory storing the program code, or both. Alternatively, they could comprise for example circuitry that is designed to implement the required functions, for example implemented in a chipset or a chip, like an integrated circuit In general, the means may comprise for example one or more processing means or processors. The appliance server may further comprise one or more electronic communication interfaces to communicate (e.g. to exchange information] with the apparatus according to the first aspect.
In some examples, the appliance server may be a server (e.g. a hardware security module appliance server] that is dedicated to a specific function (e.g. in contrast to a general-purpose server]. Such a specialized server may for example be designed for ease of installation and maintenance and may have hardware and software bundled in one product with required software (e.g. an operating system and/or other applications] being pre-installed.
The appliance server comprises the apparatus according to the first aspect, which may for example be understood to mean that the apparatus according to the first aspect may be located (e.g. mounted] within the housing of the appliance server. The appliance server and the apparatus may then for example be connected by one or more electronic communication interfaces to exchange information with each other. Further, the appliance server comprises at least a part of the receiving unit, which may for example be understood to mean that at least a part (e.g. at least a part of the means] of the receiving unit may be located (e.g. mounted] within the server housing of the appliance server. The appliance server and the receiving unit may then for example be connected by one or more electronic communication interfaces to exchange information with each other.
The apparatus according to the first aspect and at least a part of the receiving unit are included in the appliance server in a way that the security means of the appliance server are configured to secure the receiving unit included in the appliance server as well as the apparatus according to the first aspect included in the appliance server. In such examples, the security means of the appliance server may ensure that the receiving unit and the apparatus according to the first aspect may communicate and exchange information (e.g. electronic key information] in a secure manner.
The appliance server comprises security means (e.g. physical and/or logical security means] configured to secure the apparatus according to the first aspect and at least the part of receiving unit. For example, these security means of the appliance server are configured to allow for securely generating, storing and using sensitive electronic information and for preventing unauthorized access to such sensitive electronic information. To give some non-limiting examples, the security means of the appliance server may comprise encryption means for encrypting the electronic information stored in one or more electronic memories of the appliance server, erasure means for erasing one or more electronic memories of the appliance server, detection means for detecting external attack against the appliance server and/or protection means for physically protecting the appliance server. These security means of the appliance server may for example be the same as or similar to the security means of the apparatus according to the first aspect and are further described below.
The apparatus according to the first aspect and/or the appliance server according to the second aspect may for example be respective devices or respective modules or respective components for a device. For example, the disclosed apparatuses according to the first and/or second aspect may comprise only the disclosed components, means, processor and memory, but may further comprise one or more additional components (e.g. means]. Examples of such additional components are a communication interface, a network interface, a radio interface (e.g. a receiver, a transmitter and/or a transceiver], a data interface, a user interface (e.g. a touch-sensitive display, a keyboard, a touchpad, a display, etc.] and others.
According to a third aspect of the present disclosure, a system is disclosed, wherein the system comprises: the apparatus according to the first aspect; and the receiving unit.
Considering that the apparatus according to the first aspect and the receiving unit are included in the system according to the third aspect, the apparatus and the receiving unit may for example be electronically connected by the connecting means of the apparatus and/or further connecting means of the receiving unit, such that the apparatus and the receiving unit may exchange information (e.g. electronic key information] in a secure manner. In some examples, the system may be included or not included in the appliance server according to the second aspect. It is to be understood that the system according to the third aspect may comprise further apparatuses and/or components (e.g. means], such as for example a plurality of apparatuses according to the first aspect and a plurality of receiving units.
According to a fourth aspect of the present disclosure, a method for securely obtaining an electronic key is disclosed, wherein the method comprises: obtaining electronic key information, wherein the electronic key information is determined at least partially based on an optical signal received at a receiving unit and wherein the electronic key information represents the electronic key; and storing the electronic key in a secure electronic memory included in an apparatus, wherein the apparatus and the secure electronic memory is secured by security means of the apparatus. The actions of the method according to the fourth aspect may for example be performed and/or controlled by an apparatus, for example the apparatus according to the first aspect or the appliance server according to the second aspect. Alternatively, this method according to the fourth aspect may be performed and/or controlled by more than one apparatus.
According to another aspect of the present disclosure, an apparatus is disclosed, comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause an apparatus, for example the apparatus according to the first aspect or the appliance server according to the second aspect, at least to perform and/or to control the actions of the method according to the fourth aspect.
According to a fifth aspect of the present disclosure, a computer program is disclosed, wherein the computer program when executed by a processor of an apparatus (e.g. the apparatus according to the first aspect or the appliance server according to the second aspect] causing the apparatus to perform the method according to the fourth aspect.
The computer program may be stored on computer-readable storage medium, in particular a tangible and/or non-transitory medium. The computer readable storage medium could for example be a disk or a memory or the like. The computer program could be stored in the computer readable storage medium in the form of instructions encoding the computer-readable storage medium. The computer readable storage medium may be intended for taking part in the operation of a device, like an internal or external memory, for example a Read-Only Memory [ROM] or hard disk of a computer, or be intended for distribution of the program, like an optical disc.
The secure electronic memory included in the apparatus according to the first aspect may for example be understood as any electronic memory which is particularly secured against unauthorized access to electronic information stored in the secured electronic memory. In particular, the secure electronic memory is secured by security means of the apparatus, which security means are further described below. The secured electronic memory may be any type of memory, such as for example a flash memory, which may for example be soldered or bonded to a printed circuit board, a solid-state drive comprising a plurality of memory chips (e.g. Flash memory chips], a magnetic hard drive, a Secure Digital [SD] card, a Universal Serial Bus [USB] memory stick, an optical storage medium (such as for instance a CD-ROM or DVD] and a magnetic storage medium. It is to be understood that in addition to the secure electronic memory, the apparatus according to the first aspect may comprise further memories, such as for example a main memory or a program memory.
Security means configured to secure the apparatus and the secure electronic memory may for example be understood as any means that are suitable for securing (e.g. protecting] the apparatus and the secure electronic memory against unauthorized access. In other words, the apparatus may for example be equipped with security means that are configured to secure the apparatus and also to secure the secure electronic memory that is located within the apparatus (e.g. mounted within the housing of the apparatus].
The security means of the apparatus according to the first aspect may for example be physical and/or logical security means. For example, physical security means are configured to secure the apparatus and the secure electronic memory (e.g. processing and communication capabilities of the apparatus and the secure electronic memory] against physical attacks, such as mechanical or chemical penetration (e.g. into the housing of the apparatus]. Further examples of physical attacks may comprise temperature manipulation or battery manipulation. Logical security means are for example configured to secure the apparatus and the secure electronic memory against logical attacks, such as attacks against software components of the apparatus, which may for example include user identification and password access, authenticating, access rights and authority levels.
To give some non-limiting examples, the security means of the apparatus according to the first aspect may comprise encryption means for encrypting electronic information stored in one or more electronic memories of the apparatus (e.g. the secure electronic memory], erasure means for erasing one or more electronic memories (e.g. the secure electronic memory] of the apparatus, detection means for detecting external attack against the apparatus and/or protection means for physically protecting the apparatus as further described below.
Connecting means for (e.g. configured for] connecting the secure electronic memory with a receiving unit may be understood as any connection means that are suitable for electronically connecting the secure electronic memory with the receiving unit, such that information may be exchanged between the secure electronic memory and the receiving unit (e.g. according to a specific communication standard]. In such a case, the connecting means of the apparatus may for example at least partially provide a communication channel between the receiving unit and the secure electronic memory. For example, the secure electronic memory and the receiving unit may be connected by one or more data busses (e.g. one or more serial or parallel bus connections]. The connecting means may for example comprise one or more wireline and/or wireless connection as further described below. Additionally or alternatively, the connecting means may be understood to comprise one or more communication interfaces and/or one or more connectors that together with further components are configured to connect the secure electronic memory and the receiving unit.
For example, assuming that at least a part of the receiving unit is included in the apparatus according to the first aspect, the connecting means may be understood as internal connecting means within the apparatus. Such internal connecting means may be arranged within the apparatus and provide an electronic connection between the receiving unit and the secure electronic memory, for example without having any output on the housing of the apparatus. In other examples where the receiving unit is not included in the apparatus according to the first aspect, the connecting means of the apparatus may for example provide an internal connection within the apparatus from the secure electronic memory to an output (e.g. a connector or port] on the housing of the apparatus, which output may then be used to connect the apparatus to the receiving unit as peripheral device by further connecting means.
In some examples, the electronic connection between the receiving unit and the secure electronic memory as provided at least partially by the connecting means of the apparatus is to be understood as secured electronic connection, such that information exchanged via the electronic connection is protected against unauthorized access (e.g. against eavesdropping information exchanged between the receiving unit and the secure electronic memory].
Obtaining electronic key information from the receiving unit may for example be understood to mean that the electronic key information is sent by the receiving unit and subsequently received at the apparatus according to the first aspect. In this example, the electronic key information is transmitted from the receiving unit to the apparatus at least partially based on the connecting means of the apparatus. In addition to receiving the electronic key information at the apparatus, obtaining the electronic key information may for example also comprise transmitting (e.g. forwarding] the electronic key information inside the apparatus (e.g. by using the connecting means] to the secure electronic memory, where for example an electronic key represented by the electronic key information may be stored in the secure electronic memory. Considering that the connecting means of the apparatus may provide a secure electronic connection between the receiving unit and the secure electronic memory as described above, the electronic key information may be obtained (e.g. received] from the receiving unit in a secure manner (e.g. protected against eavesdropping].
An electronic key (e.g. a cryptographic key] may for example be understood as a piece of electronic information (e.g. a sequence of symbols such as bits, numbers, letters or similar] that can be used to encode or decode cryptographic data (e.g. by processing the cryptographic data through a cryptographic algorithm]. For example, symmetric cryptography may refer to using the same key both encryption and decryption, while asymmetric cryptography may rely on separate keys (e.g. a public key and a private key] for encrypting and decrypting. An electronic key may for example be determined based on a random sequence of symbols (e.g. bits, numbers, letters or similar], which may for example be provided by a random number generator (e.g. a software- based or hardware-based random number generator].
Electronic key information (e.g. one or more pieces of electronic key information] may for example be understood as information that represents an electronic key, which for example means that the electronic key is included (e.g. encoded in] in the electronic key information. In other examples, the electronic key information representing the electronic key may be understood to mean that the electronic key may be determinable at least partially based on the electronic key information (e.g. this could mean that the electronic key is not included in the electronic key information]. As such, an electronic key information may for example be represented by a random sequence of symbols (e.g. bits, numbers, letters or similar], which may for example be the electronic key represented by the electronic key information or based on which the electronic key may be determined.
To give a non-limiting example, the electronic key may be given by a random sequence of symbols, wherein the random sequence of symbols may be understood as electronic key information representing the electronic key by including the electronic key. In other examples, the electronic key is determined at least partially based on a random sequence of symbols (e.g. after processing the random sequence of symbols] and for example on further electronic key information, such as for example another electronic key, a password, another random sequences of symbols or similar. In these examples, the information based on which the electronic key is determinable may be understood as electronic key information.
The electronic key information is determined at least partially based on an optical signal obtained (e.g. received] at the receiving unit. In other words, the electronic key information may for example depend on an optical signal that is obtained (e.g. received] at the receiving unit. Therein, the receiving unit may for example perform determining the electronic key information at least partially based on the optical signal obtained (e.g. received] by the receiving unit.
For example, the optical signal may comprise at least one photon (e.g. a plurality of photons] and may for example be understood as optical laser pulse (e.g. a weak laser pulse containing less than one photon per pulse on average] or as a sequence of laser pulses formed by the at least one photon (e.g. the plurality of photons]. The optical signal may for example also be understood as photon signal or photonic signal. To give some non-limiting examples, the optical signal may comprise at least one single photon (e.g. a plurality of single photons] and/or at least one entangled photon (e.g. a plurality of entangled photons]. In these examples, the optical signal may be generated by a laser source, a single-photon source or an entangled-photon pair source. In particular, the at least one photon may for example exhibit quantum mechanical characteristics, wherein examples of a quantum state of the at least one photon may be the polarization (e.g. right or left circular polarization or a superposition of the two] or the phase of the at least one photon.
For example, determining the electronic key information is at least partially based on the quantum state of the at least one photon of the obtained optical signal. Assuming that for example the obtained optical signal comprises a sequence of a plurality of photons, wherein each photon of the plurality of photons may have a particular quantum state (e.g. a particular polarization or phase of the photon], the random sequence of symbols representing the electronic key information may be determined according to the respective quantum states of the sequence of the plurality of photons. In this example, the randomness of the electronic key information may for example originate from the randomness of the respective quantum states of the plurality of photons. In some examples, determining the electronic key information may at least partially follow one or more protocols for quantum key distribution systems (e.g. the BB84 protocol, the E91 protocol or the BBM92 protocol].
For example, at least partially based on the quantum state of the at least one photon of the obtained optical signal, the receiving unit and/or the apparatus according to the first aspect may determine whether the optical signal, the electronic key information and/or the electronic key is compromised (e.g. whether an eavesdropper has intercepted the optical signal to gain knowledge of the electronic key information and/or whether the electronic key or uses a man-in-the-middle attack to manipulate the distribution of the electronic key information and/or the electronic key]. For example, when measuring a quantum state of the at least one photon of the optical signal to extract the electronic key information and/or the electronic key, an eavesdropper may change the quantum state and thus introduce anomalies detectable by the receiving unit and/or the apparatus according to the first aspect.
The optical signal is obtained at (e.g. by] the receiving unit, which may for example be understood to mean that the optical signal is received (e.g. observed or detected] by the receiving unit. In particular, obtaining the optical signal may comprise obtaining (e.g. observing or detecting] at least one photon (e.g. a plurality of photons] of the optical signal. For example, the receiving unit may be configured to and/or comprise means for obtaining the optical signal. To give some non-limiting example, the receiving unit may comprise one or more signal detectors (e.g. one or more photon detectors] and one or more other components (e.g. optical components] that demodulate the optical signal (e.g. a beam splitter] before the optical signal is observed by the one or more signal detectors. Additionally, the receiving unit may for example comprise one or more electronic control components that may for example be connected to the one or more signal detectors to receive an electrical output from the respective signal detector, based on which the one or more electronic control components may for example determine the electronic key information.
The optical signal may for example be obtained (e.g. received] at the receiving unit via free space or via an optical fibre, which may for example be connected to the receiving unit (e.g. to one or more optical components of the receiving unit]. This may for example be understood to mean that the optical signal and the at least one photon of the optical signal may travel through free space or an optical fibre before the optical signal is obtained at the receiving unit. In other examples, the optical signal and the at least one photon of the optical signal may travel through a quantum channel (e.g. via free space or via an optical fibre], wherein a quantum channel may be understood as a communication channel for transmitting quantum signals. For example, the optical signal may be generated by a laser source, a single-photon source or an entangled-photon pair source and afterwards received at the receiving unit. As mentioned above, the receiving unit for obtaining the optical signal may be included in the apparatus according to the first aspect (e.g. by mounting the receiving within the housing of the apparatus], which may be understood to mean that the entire receiving unit or at least a part of the receiving unit (e.g. one or more components of the receiving unit] may be included in the apparatus. For example, assuming that at least a part of the receiving unit may be included in the apparatus, it may for example be understood that the security means of the apparatus that are configured to secure the apparatus and the secure electronic memory are also configured to secure at least the part of the receiving unit included in the apparatus.
For example, the security means (e.g. physical and/or logical security means] of the apparatus may then allow for securely obtaining the optical signal at the receiving unit and/or for securely determining the electronic key information at the receiving unit and/or for securely transmitting the electronic key information (e.g. the electronic key] from the receiving unit to the secure electronic memory. In a nonlimiting example, physical security means of the apparatus according to the first aspect may be configured to secure the receiving unit against physical attacks, such as mechanical or chemical penetration (e.g. into the housing of the receiving unit]. Further examples of physical attacks may comprise temperature manipulation or battery manipulation against the receiving unit. In other examples, detection means of the apparatus may allow for detecting external attack against the receiving apparatus and/or protection means of the apparatus may allow for physically protecting the receiving unit.
After obtaining the electronic key information representing the electronic key, the electronic key is stored in the secure electronic memory. In some examples, the electronic key information does not include the electronic key, but the electronic key is determinable at least partially based on the electronic key information. In such cases, the electronic key may for example be stored in the secure electronic memory (e.g. only] after the electronic key has been determined at least partially based on the electronic key information.
Further considering storing the electronic key in the secure electronic memory, this may for example involve a write operation for saving the electronic key on the secure electronic memory. For example, storing the electronic key may comprise further steps such as for example encoding the electronic key. After the electronic key has been stored in the secure memory, the electronic key is secured against unauthorized access by the security means of the apparatus according to the first aspect, which are configured to secure the apparatus and the secure electronic memory. For example, the electronic key stored in the secure electronic memory may be used to encode or decode further information (e.g. further information communicated with another party]. Therein, the electronic key may for example be kept in the apparatus according to the first aspect, such that it remains secured by the security means of the apparatus against unauthorized access. Advantageously, the electronic key information representing the electronic key is securely determined based on obtaining the optical signal and afterwards stored in the secure electronic memory, which allows for a comprehensive protection of the electronic key against unauthorized access. In particular, the electronic key information is determined based on the optical signal obtained at the receiving unit, wherein the apparatus and/or the receiving unit may determine whether the optical signal, the electronic key information and/or the electronic key may be compromised. Accordingly, the apparatus does not have to simply trust that the electronic key is not compromised (and e.g. generated based on a truly randomly generated number], because it may check the integrity of the optical signal (e.g. based on the quantum state of at least one photon of the optical signal], the electronic key information and/or the electronic key already upon reception. In addition, the reception of the electronic key directly terminates in a secure environment provided by the apparatus and the secure electronic memory, which are secured by security means of the apparatus. Additionally, the connecting means of the apparatus according to the first aspect for connecting the secure electronic memory with the receiving unit allow for securely obtaining the electronic key information by providing a secure electronic connection between the apparatus and the receiving unit protected against unauthorized access by for example encryption techniques and/or authentication techniques.
Considering for example a server appliance according to the second aspect, receiving the electronic key at the receiving unit as well as storing the electronic key is additionally secured by the security means of the appliance server which are configured to secure the apparatus according to the first aspect and at least a part of the receiving unit.
In some examples, at least a part of the receiving unit may be included in the apparatus, such that the security means of the apparatus that are configured to secure the apparatus and the secure electronic memory are also configured to secure at least the part of the receiving unit included in the apparatus. In other examples, the apparatus according to the first aspect and at least a part of the receiving unit may be included in the appliance server according to the second aspect in a way that the security means of the appliance server are configured to secure the receiving unit included in the appliance server as well as the apparatus according to the first aspect included in the appliance server. In such examples, the security means of the apparatus according to the first aspect and/or the security means of the appliance server may ensure that the electronic key is obtained in a secure manner.
In the following, further exemplary features and exemplary embodiments of the different aspects of the present disclosure will be described in more detail.
According to an exemplary embodiment of the various aspects of the present disclosure, the connecting means are configured to provide a secured wireline and/or wireless connection between the secure electronic memory and the receiving unit. In some examples (e.g. depending on whether the receiving unit is at least partly included in the apparatus or separated from the apparatus], the connecting means of the apparatus according to the first aspect may be configured to provide the complete secured wireline and/or wireless connection between the secure electronic memory and the receiving unit or at least a part of the secured wireless and/or wireless connection between the secure electronic memory and the receiving unit. If for example the receiving unit is not included in the apparatus according to the first aspect, the connecting means of the apparatus may for example provide an internal connection within the apparatus from the secure electronic memory to an output (e.g. a connector or port] on the housing of the apparatus, which output may then be used to connect the apparatus to the receiving unit as peripheral device by further connecting means. Additionally or alternatively, the connections means may for example provide a wireless receiver and/or transmitter configured to receive information from and/or transmit information to (e.g. the electronic key information] the receiving unit.
In some examples, the electronic connection (e.g. at least partially provided by the connecting means of the apparatus according to the first aspect] between the receiving unit and the secure electronic memory is to be understood as secured electronic connection (e.g. a secured electronic communication channel], such that for example the electronic key information obtained from the receiving unit via the secured electronic connection is protected against unauthorized access (e.g. against eavesdropping information exchanged between the receiving unit and the secure electronic memory]. To this end, for example, encryption techniques may be used to encrypt information between the receiving unit and the secure electronic memory, such that the information is not transmitted in plain text. In another example, authentication techniques may be used to verily that the information exchanged between the receiving unit and the secure electronic memory can only be sent from for example the receiving unit, the secure electronic memory or the apparatus according to the first aspect.
To give some non-limiting examples, the wireline connection at least partially provided by the connecting means may be serial connection (e.g. according to the RS-232 standard], an Ethernet connection (according to any release of the IEEE-802.3 standard] and/or a Universal Serial Bus (USB] connection (e.g. according to any release of the USB standard]. Non-limiting examples for a wireless connection at least partially provided by the connecting means may be a Wireless Local Area Network (WLAN] connection (e.g. according to the IEEE-802.11 standard family] or a Bluetooth connection (e.g. according to any release of the IEEE-802.15.1 standard].
According to an exemplary embodiment of the various aspects of the present disclosure, the apparatus according to the first aspect is further configured to: obtain an electronic message; process the obtained electronic message at least partially based on the electronic key stored in the secure electronic memory; and provide the processed electronic message.
For example, the apparatus may obtain an electronic message, which has been communicated to the apparatus from another party and which may for example be encrypted to secure the electronic information against unauthorized access. The other party and the apparatus may for example be connected to each other via a communication channel for exchanging electronic messages. Such a communication channel may for example be understood as classical communication channel in contrast to a quantum communication channel over which for example the optical signal may be obtained at the receiving apparatus.
Processing (e.g. encrypting or decrypting] the obtained electronic message may for example be based (e.g. require] the electronic key stored in the secure electronic memory. Accordingly, the apparatus may for example be configured to decrypt the obtained electronic message using the electronic key stored in the secure electronic memory, wherein the electronic message may for example have been encrypted with the same electronic key by the party from which the electronic message is received at the apparatus. After for example decrypting the electronic message, the apparatus may provide (e.g. output] the decrypted electronic message.
For example, this may enable the apparatus and the other party to securely communicate using electronic messages decrypted by the electronic key stored in the secure electronic memory. Advantageously, when encrypting or decrypting the electronic message to be communicated between the apparatus and the other party, the electronic key does not leave the secure electronic memory but remains in the secure electronic memory and thus remains secured by the security means of the apparatus.
According to an exemplary embodiment of the various aspects of the present disclosure, the electronic key is included in the electronic key information and/or is determinable at least partially based on the electronic key information.
As described above, the electronic key information (e.g. one or more pieces of electronic key information] may for example be understood as information that represents an electronic key, which for example means that the electronic key is included (e.g. encoded in] in the electronic key information. In other examples, the electronic key information representing the electronic key may be understood to mean that the electronic key may be determinable at least partially based on the electronic key information. For example, this may imply that the electronic key is not included in the electronic key information and that to obtain the electronic key, determining the electronic key at least partially based on the electronic key information and potentially based on further information is required. In other examples, the electronic key information may be understood as initial electronic key or raw electronic key, based on which the electronic key (e.g. a final or an actual electronic key] that is stored in the secure electronic memory is determined.
As such, an electronic key information may for example be represented by a random sequence of symbols (e.g. bits, numbers, letters or similar], which may for example be the electronic key represented by the electronic key information or based on which the electronic key may be determined. For example, the electronic key information needs to be processed in order to obtain the electronic key, which may for example comprise encoding or decoding the electronic key information (e.g. the random sequence of symbols representing the electronic key information] or selecting one or more parts of the electronic key information (e.g. of the random sequence of symbols representing the electronic key information]. In other examples, determining the electronic key is based on the electronic key information, but also requires further information (e.g. further electronic key information, another electronic key, a password, another random sequence of symbols or similar]. It is to be understood that in some examples, the electronic key information further comprises information such as for example metadata regarding the transmission of the electronic key information.
According to an exemplary embodiment of the various aspects of the present disclosure, the apparatus is further configured to: determine the electronic key at least partially based on the obtained electronic key information.
For example, the apparatus may be configured to obtain the electronic key information from the receiving unit, afterwards determine the electronic key at least partially based on the obtained electronic key information, and subsequently store the electronic key in the secure electronic memory of the apparatus.
For example, it may be assumed that the electronic key information obtained from the receiving unit does not yet include the electronic key to be stored in the secure electronic memory and that to obtain the electronic key, determining the electronic key at least partially based on the electronic key information and potentially based on further information is required. In such an example, the action of determining the electronic key at least partially based on the electronic key information may be performed by the apparatus, which may for example imply that the action of determining the electronic key as well as the electronic key is secured by the security means of the apparatus. Advantageously, the electronic key may then for example only be determined within the apparatus regardless of whether the receiving unit is separated from the apparatus or included in the apparatus. Accordingly, the electronic key may be determined and stored only inside the apparatus and thus secured by the security means of the apparatus. According to an exemplary embodiment of the various aspects of the present disclosure, the electronic key is determined at least partially based on the obtained electronic key information and on further electronic key information stored in the secure electronic memory.
In a non-limiting example, it may be assumed that the electronic key information obtained from the receiving unit does not yet include the electronic key to be stored in the secure electronic memory and that to obtain the electronic key, determining the electronic key at least partially based on the electronic key information and based on further electronic key information is required. In particular, such further electronic key information may for example be another electronic key, a password, another random sequences of symbols or similar. In further examples, the further electronic key information is stored in the secure electronic memory and has for example been stored therein before or after the electronic key information based on which the electronic key is to be determined is obtained from the receiving unit. Advantageously, the electronic key may then for example only be determined within the apparatus and also be determined based the further electronic key information that is only stored in the secure electronic memory. This way, the security under which the electronic key is determined may be further improved.
According to an exemplary embodiment of the various aspects of the present disclosure, the receiving unit comprises: measurement means for obtaining the optical signal; and control means for determining the electronic key information and/or the electronic key at least partially based on the optical signal.
For example, measurement means (including e.g. one or more optical components] of the receiving unit may be configured to obtain the optical signal, which may for example be understood to mean that the optical signal is received (e.g. observed or detected] by the measurement means, which then for example provide an electrical output to the control means (including e.g. one or more electrical components] for determining the electronic key information and/or the electronic key.
For example, measurement means of the receiving unit may comprise one or more signal detectors that are configured to obtain (e.g. observe or detect] the optical signal. In particular, the one or more signal detectors may for example be configured to obtain (e.g. observe or detect] at least one photon (e.g. a plurality of photons] of the optical signal. In a non-limiting example, such a signal detector may be implemented as a photon detector (e.g. a single photon detector], which may be understood as an optically sensitive device that transforms a single photon into an electrical signal. For example, the electrical output of the photon detector may indicate the number of detection events within a certain time duration. A photon detector may for example comprise an optical input for receiving the optical signal (e.g. after the optical signal has passed a signal demodulation], an electrical output for outputting an electrical signal and further inputs or outputs. Non-limiting examples for a photon detector may be an InGaAs single photon avalanche photodiode and a superconducting nanowire single-photon detector.
The measurement means may for example further comprise a signal demodulation component for demodulating the optical signal obtained at the receiving unit. For example, the optical signal obtained at the receiving unit may pass the demodulation component before it may be guided to the one or more signal detectors. In a non-limiting example, the demodulation component may be given by an optical beam splitter, which splits the optical signal into two optical paths, wherein a first optical path ends at a first signal detector and a second optical path ends at a second signal detector. Considering for example an optical signal that comprises a plurality of single photons that successively arrive at the beam splitter, the beam splitter may guide these single photons along the first optical path or second optical path depending on the quantum state of the respective photon (e.g. depending on the polarization or phase of the respective photon]. The combination of beam splitter and signal detectors may then for example allow for observing a plurality of photons and their respective quantum states.
The measurement means (e.g. the beam splitter and the one or more signal detectors] may for example be electronically connected to the control means of the receiving unit, which may be configured to determine the electronic key information and/or the electronic key at least partially based on the optical signal. This may be understood to mean that the control means may be configured to receive electrical output from the one or more signal detectors that indicate at which time a photon of a respective quantum state has been detected by the one or more signal detectors. Assuming that for example the optical signal obtained at the receiving unit comprises a sequence of a plurality of photons, each photon of the plurality of photons and its particular quantum state (e.g. a particular polarization or phase of the photon] may be indicated by the electrical output signal of the one or more signal detectors. The control means (e.g. comprising one or more processing units such as a microprocessor and an electronic memory] may then for example determine a random sequence of symbols representing the electronic key information according to the respective quantum states of the sequence of the plurality of photons. In some nonlimiting examples, determining the electronic key information may at least partially follow one or more protocols for quantum key distribution systems (e.g. the BB84 protocol, the E91 protocol or the BBM92 protocol].
It is to be understood that the control means of the receiving unit may be configured to determine the electronic key information and may additionally or alternatively be configured to determine the electronic key that is represented by the electronic key information. To this end, as described above, the control means may for example be configured to process the determined electronic key information in order to obtain the electronic key, which may for example comprise encoding or decoding the electronic key information (e.g. the random sequence of symbols representing the electronic key information] or selecting one or more parts of the electronic key information (e.g. of the random sequence of symbols representing the electronic key information].
For example, in addition to measurement means and the control means of the receiving unit, the receiving unit may comprise further means, such as for example connecting means for establishing an electronic connection to the apparatus according to the first aspect and/or to the secure electronic memory of the apparatus (e.g. conjunction with connecting means of the apparatus].
According to an exemplary embodiment of the various aspects of the present disclosure, obtaining the optical signal comprises: observing at least one photon of the optical signal and a quantum state of the at least one photon, wherein the electronic key information and/or the electronic key is determined at least partially based on the observed quantum state of the at least one photon.
For example, observing at least one photon (e.g. a plurality of photons] of the optical signal and a quantum state of the at least one photon may be performed by the receiving unit. Accordingly, the receiving unit may for example be configured to perform the observing and/or may comprise means (e.g. measurement means and control means] for the observing of at least one photon of the optical signal and a quantum state of the at least one photon.
In a non-limiting example, the optical signal may comprise a plurality of photons (e.g. plurality of single photons or entangled photons], which successively arrive at the receiving unit (e.g. by travelling through free space or an optical fibre connected to the receiving unit]. For example, when obtaining the optical signal at the receiving unit, the plurality of photons may be guided to a demodulation component (e.g. a beam splitter] that guide the plurality of photons along a first optical path ending at a first signal detector or a second optical path ending at a second signal detector. For example, one or more photons of the plurality of photons that have a particular quantum state (e.g. polarization or phase] may be guided along the first optical path and one or more photons of the plurality of photons that have another particular quantum state (e.g. a polarization or phase] may be guided along the second optical path. To which optical path a photon of a quantum state is guided may for example depend on a measurement basis on which the respective photon is observed (wherein e.g. the measurement basis may be determined by the orientation of the beam splitter]. Subsequently, the first and second signal detector may for example observe (e.g. detect] the one or more photons of a particular quantum state after passing the demodulation component and output respective electrical signal indicating the one or more detection events to the control electronics. For example, a particular quantum state of a particular photon may then result in one of the two states of a bit (e.g. a horizontal or left diagonal polarisation results to "0” and vertical or right diagonal polarisation results to "1”]. This way, observing the quantum states of each photon of the plurality of photons may for example yield a random sequence of bits according to the sequence in which the plurality of photons were observed. Therein, the random sequence of bits may for example be understood as electronic key information, such that the electronic key information have been determined at least partially based on the observed respective quantum states of the plurality of photons.
For example, the random sequence of bits as exemplary electronic key information determined at least partially based on the observed respective quantum states of the plurality of photons may also be the electronic key that is to be stored in the secure electronic memory. In other examples, random sequence of bits as exemplary electronic key information needs to be processed in order to obtain the electronic key, which may for example comprise encoding or decoding the random sequence of bits or selecting one or more parts of the random sequence of bits. To give a non-limiting example, the electronic key may be determined by selecting those bits from the random sequence of bits that resulted from quantum states of photons that have been observed on a particular measurement basis (e.g. to obtain a sifted electronic key].
In particular, it is to be understood that in some examples, the electronic key may be determined by the receiving unit, while in other examples the electronic key may be determined by the apparatus according to the first aspect. Therein, the apparatus may for example include (e.g. at least a part of) the receiving unit or may for example be separated from the receiving unit.
According to an exemplary embodiment of the various aspects of the present disclosure, the apparatus and/or the receiving unit is further configured to determine whether the optical signal, the electronic key information and/or the electronic key is compromised.
As described above, determining whether the optical signal, the electronic key information and/or the electronic key is compromised may for example be at least partially based on the quantum state of the at least one photon (e.g. the respective quantum states of the plurality of photons) of the obtained optical signal. For example, the optical signal, the electronic key information and/or the electronic key may be compromised by an eavesdropper intercepting the optical signal to gain knowledge of the electronic key information and/or the electronic key or by a man-in-the-middle attack to manipulate the distribution of the electronic key information and/or the electronic key. For example, when measuring a quantum state of the at least one photon of the optical signal to extract the electronic key information and/or the electronic key, an eavesdropper may change the quantum state and thus introduce anomalies detectable by the receiving unit and/or the apparatus.
For example, determining whether the optical signal, the electronic key information and/or the electronic key is compromised may comprise checking the random sequence of symbols (e.g. bits, numbers, letter or similar) that represent the electronic key information that is determined at least partially based on the optical signal. To give a non-limiting example for checking the random sequence of symbols, the random sequence of symbols could be compared to a further random sequence of symbols (which e.g. is received from another party that is supposed to have the same electronic key information as obtained at the apparatus according to the first aspect]. If for example the random sequence of symbols and the further random sequence of symbols differ from each other (e.g. differ to a certain degree that e.g. could not be explained by measurement errors when observing the at least one photon], it may be determined that the electronic key information is compromised. In such cases, the optical signal from which the electronic key information has been determined and/or the electronic key determined based on the electronic key information may also be determined to be compromised.
For example, if it is determined that the optical signal and/or the electronic key information is compromised, no electronic key is determined based on the compromised optical signal and/or the electronic key information. In other examples, the electronic key is only determined at least partially based on the electronic key information if it has been determined that the electronic key information is not compromised. In yet another example, the electronic key is only stored in the secure electronic memory, if it has been determined that the optical signal, the electronic key information and/or the electronic key is not compromised.
According to an exemplary embodiment of the various aspects of the present disclosure, the security means are configured to prevent removing the electronic key from the electronic memory.
As described above, the security means of the apparatus according to the first aspect may for example be physical and/or logical security means that may for example be configured to secure the apparatus and the secure electronic memory (e.g. processing and communication capabilities of the apparatus and the secure electronic memory] against physical attacks, such as mechanical or chemical penetration (e.g. into the housing of the apparatus]. As such, due to the security means of the apparatus, the secure electronic memory may for example be understood as secure environment in which the reception of the electronic key terminates.
According to an exemplary embodiment of the various aspects of the present disclosure, the security means comprise at least one of the following means: encryption means for encrypting the electronic key stored in the secure electronic memory; and/or erasure means for erasing the secure electronic memory; and/or detection means for detecting external attack against the apparatus; and/or protection means for physically protecting the apparatus.
As described above, physical security means are configured to secure the apparatus and the secure electronic memory (e.g. processing and communication capabilities of the apparatus and the secure electronic memory] against physical attacks, such as mechanical or chemical penetration (e.g. into the housing of the apparatus]. Further examples of physical attacks may comprise temperature manipulation or battery manipulation. Logical security means are for example configured to secure the apparatus and the secure electronic memory against logical attacks, such as attacks against software components of the apparatus, which may for example include user identification and password access, authenticating, access rights and authority levels.
For example, the security means may comprise encryption means for encrypting the electronic key stored in the secure electronic memory. In a non-limiting example, the security means may for example comprise an encryption engine that is configured to encrypt the electronic key upon storing the electronic key in the secure electronic memory (e.g. according to the advanced encryption standard, AES], To this end, the encryption engine may for example be further configured to generate and/or obtain cryptographic keys that may be used for encrypting the electronic key (e.g. the encryption engine comprises one or more random number generators]. It is to be understood that the encryption engine may for example be configured to perform further cryptographic functions to secure the integrity and/or authentication of the electronic key, such as for example verification of a message authentication code [MAC] or a digital signature usually done by a hashing algorithm.
Additionally or alternatively, the security means may for example comprise erasure means for erasing the secure electronic memory. In a non-limiting example, the security means may for example comprise an erasure circuit that is configured to erase all information including the electronic key stored in the secure electronic memory after an external attack against the apparatus has been detected (e.g. by detection means of the apparatus]. For example, such erasing may comprise overwriting all information stored in the secure electronic memory (e.g. by zeroes, random information or a combination thereof].
Additionally or alternatively, the security means may for example comprise detection means for detecting external attack against the apparatus. In a non-limiting example, the security means may for example comprise a detection circuit, one or more sensors (e.g. a temperature sensor, a light sensor, a sensor detecting movement and/or acceleration of the apparatus] and/or wiring that are configured to detect for example a mechanical and/or chemical penetration (e.g. into the housing of the apparatus] or for example a temperature and/or battery manipulation. In some examples, the apparatus (e.g. the security means of the apparatus] may be configured to erase the secure electronic memory by means of the erasure circuit after an external attack against the apparatus has been detected by means of the detection circuit.
Additionally or alternatively, the security means may for example comprise protection means for physically protecting the apparatus. In a non-limiting example, the protection means may for example comprise a tamper respondent envelope (e.g. an enclosure] that protects the apparatus including its internal components (e.g. the secure electronic memory]. In further examples, the protection means may provide further resistance to tampering in form of special screws used when assembling the apparatus. In other examples, tamper seals and/or tamper stickers may be used to detect unauthorized access to the apparatus.
It is to be understood that the types of security means of the apparatus according to the first aspect as exemplarily described above may also be used (e.g. in a modified form] as security means of the appliance server according to the second aspect.
According to an exemplary embodiment of the various aspects of the present disclosure, the apparatus according to the first aspect is a hardware security module. As described above, a hardware security module may for example be understood as a device that safeguards and manages electronic keys, performs encryption and decryption, authentication and other cryptographic functions. For example, a hardware security module may comprise at least one secure crypto processor chip, one or more electronic memories including at least one secure electronic memory, security means and/or further components (e.g. one or more random number generators] as well as for example electronic connections and circuitry to connect the components of the hardware security module.
As such, the apparatus may for example have the purpose of securely generating, storing and using sensitive information. To this end, the apparatus may for example comprise functions that provide tamper evidence such as visible signs of tampering or logging and alerting, or tamper resistance which makes tampering difficult without making the apparatus inoperable, or tamper responsiveness such as deleting electronic keys upon tamper detection.
To give some non-limiting examples, the apparatus according to the first aspect (e.g. a hardware security module] may be implemented as a plug-in card (e.g. a PCI card] or as an external device connected to for example a computer or a server. In such examples, the apparatus may comprise one or more communication interfaces such as for example an internal PCI interface or an external serial, Ethernet or Universal Serial Bus (USB] interface.
In some examples, a hardware security module may be certified according to one or more standards or regulations, which for example include the European Union's General Data Protection Regulation, the PCI Data Security Standard, the Domain Name System Security Extensions, the FIPS 140-2 and/or similar.
According to an exemplary embodiment of the various aspects of the present disclosure, the apparatus according to the first aspect further comprises at least a part of the receiving unit and the security means of the apparatus are further configured to secure at least the part of the receiving unit.
For example, the receiving unit may comprise one or more means as described above. In such an example, apparatus comprising at least a part of the receiving unit may be understood to mean that the apparatus may for example comprises at least one of the one or more means of the receiving unit. To give a nonlimiting example, the at least one of the one or more means may then be located within the apparatus (e.g. mounted within the housing of the apparatus].
For example, at least one or more means of the receiving unit that provide an electronic connection to the apparatus and/or to the secure electronic memory for transmitting the electronic key information and/or the electronic key (e.g. in conjunction with connecting means of the apparatus] may be included in the apparatus. Advantageously, this may have the effect that the transmission of the electronic key information and/or the electronic from the receiving unit to the secure electronic memory may be secured by the security means of the apparatus. In another example, the apparatus may comprise at least the control means of the receiving apparatus for determining the electronic key information and/or the electronic key. In such examples, the measurement means of the receiving unit for obtaining the optical signal for example may be or may be not included in the receiving apparatus. In any case, this may have the advantage that, since at least the control means for determining the electronic key information and/or the electronic key may be included in the apparatus, the electronic key and/or the electronic key information may then for example only be determined within the apparatus, even if the receiving unit is not fully included in the apparatus. Accordingly, the electronic key may be determined and stored only inside the apparatus and thus secured by the security means of the apparatus.
According to an exemplary embodiment of the various aspects of the present disclosure, the apparatus is further configured to: obtain additional electronic key information at least partially based on the electronic key stored in the secure electronic memory, wherein the additional electronic key information represents the electronic key; and provide the additional electronic key information to a sending unit, wherein an additional optical signal is generated at least partially based on the additional electronic key information and is transmitted at the sending unit.
In some examples, the additional electronic key information may be equal to the electronic key information, while in other examples the additional electronic key information may represent the same electronic key as represented by the electronic key information. Considering that the additional electronic key information represents the electronic key, this may for example be understood to mean that the electronic key is included (e.g. encoded in] in the additional electronic key information, while in other examples the electronic key may be determinable at least partially based on the additional electronic key information (e.g. this could mean that the electronic key is not included in the additional electronic key information]. As such, the additional electronic key information may for example be represented by a random sequence of symbols (e.g. bits, numbers, letters or similar], which may for example be the electronic key represented by the additional electronic key information or based on which the electronic key may be determined.
For example, obtaining the additional electronic key information at least partially based on the electronic key stored in the secure electronic memory may comprise determining the additional electronic key information at least partially based on the electronic key (and e.g. further information such as another electronic key, a password, another random sequences of symbols or similar].
Providing the additional electronic key information to the sending unit may for example be understood to mean that the additional electronic key information may be transmitted from the secure electronic memory of the apparatus according to the first aspect to the sending unit. For example, the connecting means of the apparatus may be used for (e.g. configured for] connecting the secure electronic memory with the sending unit, which may for example be understood to mean that an electronic connection between the secure electronic memory and the sending unit may be established such that information may be exchanged between the secure electronic memory and the sending unit (e.g. according to a specific communication standard].
Similar to the optical signal, the additional optical signal may comprise at least one photon (e.g. a plurality of photons] and may for example be understood as optical laser pulse (e.g. a weak laser pulse containing less than one photon per pulse on average] or as a sequence of laser pulses formed by the at least one photon (e.g. the plurality of photons]. The additional optical signal may for example also be understood as photon signal or photonic signal. To give some non-limiting examples, the optical signal may comprise at least one single photon (e.g. a plurality of single photons] and/or at least one entangled photon (e.g. a plurality of entangled photons]. In particular, the at least one photon may for example exhibit quantum mechanical characteristics, wherein examples of a quantum state of the at least one photon may be the polarization (e.g. right or left circular polarization or a superposition of the two] or the phase of the at least one photon.
Considering generating the additional optical signal at least partially based on the additional electronic key information, the sending unit may for example generate a plurality of photons of the additional optical signal, wherein the respective quantum states of the plurality of photons result from a particular symbol of a random sequence of symbols represented by the additional electronic key information. For example, considering that the additional electronic key information represents a random sequence of bits, a bit state "1” may result to a vertical or right diagonal polarisation and a bit state "0” may result to a horizontal or left diagonal polarisation.
In other words, the additional optical signal may for example be generated at least partially based on the additional electronic key information representing the electronic key in a way such that when receiving the additional optical signal (e.g. at another apparatus according to the first aspect], the electronic key may be determined at least partially based on the additional optical signal following the actions described above.
The sending unit may for example comprise a signal source such as for example a laser source, a singlephoton source or an entangled-photon pair source for generating the additional optical signal and may further comprise for example a signal modulation component through which the additional optical signal passes after being generated by the signal source. In addition, the sending unit may for example comprise control means for determining an electrical input signal at least partially based on the additional electronic key information, which may then be provided to the signal source for generating the additional optical signal.
In some examples, the sending unit may be entirely included in the apparatus according to the first aspect. In other examples, at least a part (e.g. one or more means such as the signal source, the signal modulation and/or the control means] of the sending unit may be included in the apparatus according to the first aspect. In any case, the security means of the apparatus may then be configured to secure the sending unit, at least a part of the sending unit and/or for example the process of determining the additional electronic key information and/or generating the additional optical signal.
In other examples, the sending unit may be entirely included in the appliance server according to the second aspect. In other examples, at least a part (e.g. one or more means such as the signal source, the signal modulation and/or the control means] of the sending unit may be included in the appliance server according to the second aspect. In any case, the security means of the appliance server may then be configured to secure the sending unit, at least a part of the sending unit and/or for example the process of determining the additional electronic key information and/or generating the additional optical signal.
Transmitting the additional optical signal at the sending unit may for example be understood to mean that the additional optical signal may be transmitted via free space or via an optical fibre, which may for example be connected to the sending unit and a receiving unit of another apparatus according to the first aspect. In other examples, the additional optical signal and the at least one photon of the additional optical signal may travel through an additional quantum channel (e.g. via free space or via an optical fibre].
Advantageously, by obtaining additional electronic key information at least partially based on the electronic key stored in the secure electronic memory and generating as well as transmitting an additional optical signal, the electronic key that is obtained at the apparatus according to the first aspect and stored in the secure electronic memory may be securely forwarded to another recipient of the electronic key (e.g. another apparatus according to the first aspect]. The apparatus according to the first aspect may then for example serve as a forwarding apparatus that securely obtains the electronic key, stores the electronic key in the secure electronic memory and then further transmits the electronic key to another recipient. During this process of forwarding the electronic key, the electronic key may for example remain secured by the security means of the apparatus against unauthorized access.
It is to be understood that the presentation of the embodiments disclosed herein is merely by way of examples and non-limiting.
Herein, the disclosure of a method step shall also be considered as a disclosure of means for performing the respective method step. Likewise, the disclosure of means for performing a method step shall also be considered as a disclosure of the method step itself.
Other features of the present disclosure will become apparent from the following detailed description considered in conjunction with the accompanying drawings. It is to be understood, however, that the drawings are designed solely for purposes of illustration and not as a definition of the limits of the present disclosure, for which reference should be made to the appended claims. It should be further understood that the drawings are not drawn to scale and that they are merely intended to conceptually illustrate the structures and procedures described herein.
BRIEF DESCRIPTION OF THE FIGURES
Some example embodiments will now be described with reference to the accompanying drawings.
Fig. 1 is a schematic illustration of an exemplary embodiment according to the various aspects of the present disclosure;
Figs. 2a to 2c are respective block diagrams illustrating exemplary embodiments of an apparatus according to the first aspect of the present disclosure;
Figs. 3a to 3c are respective block diagrams illustrating further exemplary embodiments of an appliance server according to the second aspect of the present disclosure;
Fig. 4 is a schematic illustration of an exemplary embodiment of an apparatus according to the first aspect of the present disclosure;
Fig. 5a is a schematic illustration of an exemplary embodiment of a receiving unit according to various aspects of the present disclosure; Fig. 5b is a schematic illustration of an exemplary embodiment of a sending unit according to various aspects of the present disclosure;
Fig. 6 is a block diagram of an exemplary embodiment of an apparatus according to various aspects of the present disclosure;
Fig. 7 is a flow chart illustrating an exemplary embodiment of a method according to the fourth aspect of the present disclosure; and
Fig. 8 is a schematic illustration of examples of tangible and non-transitory computer-readable storage media.
DETAILED DESCRIPTION OF THE FIGURES
The following description serves to deepen the understanding of the present disclosure and shall be understood to complement and be read together with the description of exemplary embodiments of the present disclosure as provided in the above summary section of this specification.
Fig. 1 is a schematic illustration of an exemplary embodiment according to the various aspects of the present disclosure. Without limiting the scope of the present disclosure, it may be assumed that Fig. 1 illustrates an exemplary embodiment of a system 100 according to the third aspect of the present disclosure. Therein, system 100 may for example comprise one party Alice and another party Bob that want to exchange one or more electronic messages via a secure communication channel 140 between them. For example, the one or more electronic messages exchanged between Alice and Bob may be encrypted by an electronic key, which needs to be available at both parties to decrypt the exchanged one or more electronic messages. Alice and Bob may for example both operate respective apparatuses 110 and 120 according to the first aspect of the present disclosure, at which the electronic key is securely obtained by respective receiving units 111, 121 and stored in respective secure electronic memories 112, 122.
For example, the electronic key required for secure communication between Alice and Bob may be distributed by a satellite 130, which may for example transmit an optical signal comprising a plurality of photons of respective quantum states via a quantum channel 131 to apparatus 110 operated by Alice and further transmits an optical signal comprising a plurality of photons of respective quantum states via another quantum channel 132 to apparatus 120 operated by Bob.
Considering for example apparatus 110 comprising receiving unit 111 and the secure electronic memory 112, the optical signal transmitted by satellite 130 may be received at receiving unit 111. Receiving unit 111 may be configured to determine electronic key information representing an electronic key, at least partially based on the optical signal. For example, the electronic key information may include an electronic key or the electronic key may be determinable at least partially based on the electronic key information (e.g. this could mean that the electronic key is not included in the electronic key information].
Further according to present example, the electronic key information determined at receiving unit 111 may be obtained by apparatus 110, wherein receiving unit 111 and secure electronic memory 112 may be connected by connecting means of apparatus 110 that may provide a secured wireline and/or wireless connection between secure electronic memory 112 and receiving unit 111. It is to be understood that receiving unit 111 may be included in apparatus 110 according to the exemplary embodiment as illustrated in Fig. 1, while in other examples only a part of receiving unit 111 may be included in apparatus 110 or receiving unit 111 may be separated from apparatus 110.
For example, apparatus 110 may be further configured to determine at least partially based on the obtained electronic key information the electronic key, which may then be stored in secure electronic memory 112.
Similar to apparatus 110, apparatus 120 may comprise receiving unit 121 and the secure electronic memory 122, wherein the optical signal transmitted by satellite 130 may be received at receiving unit 121. Further, electronic key information representing an electronic key may then be determined by receiving unit 121 at least partially based on the optical signal. Apparatus 120 is further configured to determine the electronic key at least partially based on the electronic key information and to store the electronic key in secure electronic memory 122. The electronic key may then be stored at both secure electronic memories 112, 122 and be available for encrypting and/or decrypting electronic message exchanged between Bob any Alice.
Figs. 2a to 2c are respective block diagrams illustrating exemplary embodiments of an apparatus 210, 220, 230 according to the first aspect of the present disclosure. Without limiting the scope of the present disclosure, it may be assumed in the following that apparatus 210, 220, 230 is a hardware security module comprising a secure electronic memory 212, 222, 232 for storing an electronic key and further comprising security means (e.g. physical and/or logical security means, not shown in Figs. 2a to 2c] configured to secure apparatus 210, 220, 230 and secure electronic memory 212, 222, 232.
According to Fig. 2a, hardware security module 210 may comprise receiving unit 211, which may for example be understood to mean that receiving unit 211 may be located within hardware security module 210 (e.g. mounted within the housing of hardware security module 210], Receiving unit 211 may then be electronically connected to secure electronic memory 212 by connecting means 213 of hardware security module 210, such that electronic key information may be transmitted from receiving unit 211 to secure electronic memory 212. For example, connecting means 213 may be understood as internal connecting means within hardware security module 210.
In this example, the security means of hardware security module 210 are further configured to secure receiving unit 211 included in hardware security module 210. Accordingly, receiving the optical signal, determining the electronic key information and/or the electronic key and storing the electronic key is secured by the security means of hardware security module 210.
According to Fig. 2b, hardware security module 220 may comprise atleast a part of receiving unit 221, which may for example be understood to mean that atleast a part of receiving unit 221 may be located within hardware security module 220 (e.g. mounted within the housing of hardware security module 220], Receiving unit 221 may then be electronically connected to secure electronic memory 222 by connecting means 223 of hardware security module 220, such that electronic key information may be transmitted from receiving unit 221 to secure electronic memory 222. For example, connecting means 223 may be understood as internal connecting means within hardware security module 220. In this example, the security means of hardware security module 220 are further configured to secure at least the part of receiving unit 221 that is included in hardware security module 220.
In a non-limiting example, receiving unit 221 may comprise measurement means for obtaining an optical signal and controls means for determining the electronic key information and/or the electronic key at least partially based on the optical signal. In such an example, at least the control means of receiving unit 221 may be included in hardware security module 220. Accordingly, the electronic key and/or the electronic key information may then for example only be determined within hardware security module 220, even if receiving unit 221 is not fully included in hardware security module 220. Accordingly, the electronic key may be determined and stored only inside hardware security module 220 and thus secured by the security means of hardware security module 220.
According to Fig. 2c, hardware security module 230 may be separated from receiving unit 231. In this example, connecting means 233 of hardware security module 230 may for example provide an internal connection within hardware security module 230 from secure electronic memory 232 to an output (e.g. a connector or port] on the housing of hardware security module 230, which output may then be used to connect hardware security module 230 to receiving unit 231 as peripheral device by further connecting means. The electronic connection between receiving unit 231 and secure electronic memory 232 as provided at least partially by connecting means 233 of hardware security module 230 is to be understood as secured electronic connection, such that information (e.g. electronic key information] exchanged via the electronic connection is protected against unauthorized access (e.g. against eavesdropping the electronic key information exchanged between receiving unit 231 and secure electronic memory 232], Figs. 3a to 3c are respective block diagrams illustrating further exemplary embodiments of an appliance server 340, 350, 360 according to the second aspect of the present disclosure. Without limiting the scope of the present disclosure, it may be assumed that appliance servers 340, 350, 360 are appliance servers comprising respective hardware security modules 310, 320, 330 as apparatuses according to the first aspect of the present disclosure, respective receiving units 311, 321, 331 and respective connecting means 313, 323, 333 of hardware security modules 310, 320, 330. In addition, appliance servers 340, 350, 360 comprise security means (e.g. physical and/or logical security means, not shown in Figs. 3a to 3c] configured to secure the respective hardware security modules 310, 320, 330 and at least the part of respective receiving units 311, 321, 331 included in appliance servers 340, 350, 360.
According to Fig. 3a, appliance server 340 comprises hardware security module 310, which may for example be understood to mean that hardware security module 310 may be located within appliance server 340 (e.g. mounted within the housing of appliance server 340], For example, hardware security module 310 may be given by hardware security module 210 as described above according to Fig. 2a.
For example, appliance server 340 includes hardware security module 310, which includes receiving unit 311, secure electronic memory 312 and connecting means 313 of hardware security module 310. In this example, the security means of appliance server 340 may ensure that receiving unit 311 and hardware security module 310 may communicate and exchange information (e.g. electronic key information] in a secure manner. In particular, receiving the electronic key at the receiving unit 311 as well as storing the electronic key is additionally secured by the security means of appliance server 340.
Considering appliance server 340, it is to be understood that receiving unit 311 may only partly be included in hardware security module 310 (e.g. as described above according to Fig. 2b for hardware security module 220],
According to Fig. 3b, appliance server 350 comprises hardware security module 320, which may for example be understood to mean that hardware security module 320 may be located within appliance server 350 (e.g. mounted within the housing of appliance server 350], For example, hardware security module 320 may be given by hardware security module 230 as described above according to Fig. 2c.
For example, hardware security module 320 includes secure electronic memory 322 and connecting means 323 of hardware security module 320. Further, appliance server 350 may include receiving unit 321, which may be separated from hardware security module 320. The electronic connection between receiving unit 321 and secure electronic memory 322 as provided at least partially by connecting means 323 of hardware security module 320 is to be understood as secured electronic connection. In this example, the security means of appliance server 350 may ensure that receiving unit 321 and hardware security module 320 may communicate and exchange information (e.g. electronic key information] in an additionally secured manner. In particular, receiving the electronic key at the receiving unit 321 as well as storing the electronic key is additionally secured by the security means of appliance server 350.
According to Fig. 3c, appliance server 360 may comprise hardware security module 330 in a manner similar to appliance server 350 comprising hardware security module 320. However, as a difference towards appliance server 350 fully including receiving unit 321, appliance server 360 comprises only a part of receiving unit 331.
In a non-limiting example, receiving unit 331 may comprise measurement means for obtaining an optical signal and controls means for determining the electronic key information and/or the electronic key at least partially based on the optical signal. In such an example, at least the control means of receiving unit 331 may be included in appliance server 360 (e.g. by being mounted within the housing of appliance server 360], Accordingly, the electronic key and/or the electronic key information may then for example only be determined within appliance server 360, even if receiving unit 331 is not fully included in appliance server 360. Accordingly, the electronic key may be determined and stored only inside appliance server 360 and thus additionally secured by the security means of appliance server 360.
Considering appliance server 360, it is to be understood that receiving unit 331 may be separated from appliance server 360. In such a case, the electronic connection between receiving unit 331 and secure electronic memory 332 as provided at least partially by connecting means 333 of hardware security module 330 is to be understood as secured electronic connection, such that information (e.g. electronic key information] exchanged via the electronic connection is protected against unauthorized access (e.g. against eavesdropping the electronic key information exchanged between receiving unit 331 and secure electronic memory 332],
Fig. 4 is a schematic illustration of an exemplary embodiment of an apparatus 400 according to the first aspect of the present disclosure. Without limiting the scope of the present disclosure, it may be assumed in the following that apparatus 400 is a hardware security module, which may for example be understood as a device that safeguards and manages electronic keys, performs encryption and decryption, authentication and other cryptographic functions. For example, hardware security module 400 may comprise at least one secure crypto processor chip on a processor board 420, one or more electronic memories including at least one secure electronic memory 460, security means 410, 430, 440, 450 and further components (e.g. one or more random number generators] as well as for example electronic connections and circuitry to connect the components of the hardware security module 400. Fig. 4 serves for illustrating various security means 410, 430, 440, 450 of hardware security module 400 as described in the following. For example, the security means of hardware security module 400 may comprise encryption means for encrypting the electronic key stored in the secure electronic memory. In a non-limiting example, the security means may for example comprise encryption engine 450 that is configured to encrypt the electronic key upon storing the electronic key in secure electronic memory 460 (e.g. according to the advanced encryption standard, AES], To this end, encryption engine 450 may for example be further configured to generate and/or obtain cryptographic keys that may be used for encrypting the electronic key (e.g. encryption engine 450 comprises one or more random number generators]. It is to be understood that encryption engine 450 may for example be configured to perform further cryptographic functions to secure the integrity and/or authentication of the electronic key, such as for example verification of a message authentication code [MAC] or a digital signature usually done by a hashing algorithm.
For example, the security means of hardware security module 400 may further comprise erasure means for erasing secure electronic memory 460. In a non-limiting example, the security means may for example comprise erasure circuit 440 that is configured to erase all information including the electronic key stored in secure electronic memory 460 after an external attack against hardware security module 400 has been detected (e.g. by detection means of hardware security module 400], For example, such erasing may comprise overwriting all information stored in secure electronic memory 460 (e.g. by zeroes, random information or a combination thereof].
For example, the security means of hardware security module 400 may further comprise detection means for detecting external attack against hardware security module 400. In a non-limiting example, the security means may for example comprise detection circuit 430, one or more sensors (e.g. a temperature sensor, a light sensor, a sensor detecting movement and/or acceleration of the apparatus] and/or wiring that are configured to detect for example a mechanical and/or chemical penetration (e.g. into the housing of hardware security module 400] or for example a temperature and/or battery manipulation. In some examples, hardware security module 400 may be configured to erase secure electronic memory 460 by means of erasure circuit 440 after an external attack against hardware security module 400 has been detected by means of detection circuit 430.
For example, the security means of hardware security module 400 may further comprise protection means for physically protecting hardware security module 400. In a non-limiting example, the protection means may for example comprise tamper respondent envelope 410 (e.g. an enclosure] that protects hardware security module 400 including its internal components (e.g. secure electronic memory 460], In further examples, the protection means may provide further resistance to tampering in form of special screws used when assembling hardware security module 400. In other examples, tamper seals and/or tamper stickers may be used to detect unauthorized access to hardware security module 400. It is to be understood that the security means of hardware security module 400 may be configured to secure the hardware security module 400 and secure electronic memory 460, but that the security means may further be configured to secure at least a part of a receiving unit (e.g. as described below according to Fig. 5a] and/or atleast a part of a sending unit (e.g. as described below according to Fig. 5b] included hardware security module 400. In such a case, at least a part of the receiving unit and/or the sending unit secured by the security means of hardware security module 400 may be mounted within the housing of hardware security module 400 (e.g. within the tamper respondent envelope 410 of hardware security module 400],
Fig. 5a is a schematic illustration of an exemplary embodiment of a receiving unit 500 according to various aspects of the present disclosure. Without limiting the scope of the present disclosure, receiving unit 500 may be understood as exemplary embodiment of receiving unit 111, 121 in system 100 according to Fig. 1 and/or receiving unit 211, 221, 231, 311, 321, 331 according to Figs. 2a to 2c and Figs. 3a to 3c.
For example, measurement means of receiving unit 500 may comprise one or more signal detectors 510 that are configured to obtain (e.g. observe or detect] the optical signal. In particular, the one or more signal detectors may for example be configured to obtain (e.g. observe or detect] at least one photon (e.g. a plurality of photons] of the optical signal travelling through quantum channel 520 (e.g. in free space or via an optical fibre]. In a non-limiting example, such a signal detector 510 may be implemented as a photon detector (e.g. a single photon detector], which may be understood as an optically sensitive device that transforms a single photon into an electrical signal.
The measurement means of receiving unit 500 may for example further comprise a signal demodulation component 505 for demodulating the optical signal obtained at receiving unit 500. For example, the optical signal obtained at receiving unit 500 may pass the demodulation component 505 before it may be guided to the two signal detectors 510. In a non-limiting example, the demodulation component 505 may be given by an optical beam splitter, which splits the optical signal into two optical paths 525, 530, wherein a first optical path 525 ends at a first signal detector 510 and second optical path 530 ends at a second signal detector 510. Considering for example an optical signal that comprises a plurality of photons that successively arrive at the beam splitter, the beam splitter may guide these single photons along the first optical path 525 or second optical path 530 depending on the quantum state of the respective photon (e.g. depending on the polarization or phase of the respective photon]. The combination of beam splitter 505 and signal detectors 510 may then for example allow for observing a plurality of photons and their respective quantum states.
The measurement means (e.g. beam splitter 505 and one or more signal detectors 510] may for example be electronically connected to the control means 515 of receiving unit 500, which may be configured to determine the electronic key information and/or the electronic key at least partially based on the optical signal. This may be understood to mean that control means 515 may be configured to receive electrical output signals from the two signal detectors 510 that indicate at which time a photon of a respective quantum state has been detected by signal detectors 510. Assuming that for example the optical signal obtained at receiving unit 500 comprises a sequence of a plurality of photons, each photon of the plurality of photons and its particular quantum state (e.g. a particular polarization or phase of the photon] may be indicated by the electrical output signal of the two signal detectors 510. Control means 515 (e.g. comprising one or more processing units such as a microprocessor and an electronic memory] may then for example determine a random sequence of symbols representing the electronic key information according to the respective quantum states of the sequence of the plurality of photons. In some nonlimiting examples, determining the electronic key information may at least partially follow one or more protocols for quantum key distribution systems (e.g. the BB84 protocol, the E91 protocol or the BBM92 protocol].
Fig. 5b is a schematic illustration of an exemplary embodiment of a sending unit 550 according to various aspects of the present disclosure. For example, atleast a part of sending unit 550 may be included in apparatus 110, 120 of system 100 according to Fig. 1 or included in hardware security modules 210, 220, 230, 310, 320, 330 according to Figs. 2a to 2c and Figs. 3a to 3c. Further, at least a part of sending unit 550 may be included in appliance servers 340, 350, 360 according to Figs. 3a to 3c.
Considering generating the additional optical signal at least partially based on the additional electronic key information, sending unit 550 may for example generate a plurality of photons of the additional optical signal. To this end, sending unit 550 may for example comprise signal source 555 such as for example a laser source, a single-photon source or an entangled-photon pair source for generating the additional optical signal and may further comprise signal modulation component 560 through which the additional optical signal passes after being generated by signal source 555. In addition, sending unit 550 may for example comprise control means 565 for determining an electrical input signal at least partially based on the additional electronic key information, which may then be provided to signal source 555 for generating the additional optical signal. After generating the additional optical signal, the additional optical signal and the at least one photon of the additional optical signal may travel through an additional quantum channel 570 (e.g. in free space or via an optical fibre].
Fig. 6 is a block diagram of an exemplary embodiment of apparatus 600 according to various aspects of the present disclosure. Without limiting the scope of the present disclosure, apparatus 600 may be understood as apparatus according to the first aspect of the present disclosure (e.g. apparatus 110, 120 of system 100 according to Fig. 1 or hardware security modules 210, 220, 230, 310, 320, 330 according to Figs. 2a to 2c and Figs. 3a to 3c] or as appliance server according to the second aspect of the present disclosure (e.g. appliance server 340, 350, 360 according to Figs. 3a to 3c], As such, apparatus 600 may for example be configured to perform the actions 710 and 720 of flow chart 700 illustrated in Fig. 7. Apparatus 600 may for example comprise a processor 601 which may represent a single processor or two or more processors (which e.g. are at least partially coupled, e.g. via a bus]. Processor 601 may execute a program code stored in program memory 602 (e.g. program code causing apparatus 600 to perform embodiments according to the present disclosure or parts thereof] and interfaces with a main memory 603. Program memory 602 may also comprise an operating system (e.g. a Linux-based operating system] for processor 601. Some or all of memories 602 and 603 may also be included into processor 601.
Moreover, processor 601 may control one or more communication interface(s] 604 which may for example be configured to communicate with further apparatuses such as for example a receiving unit (e.g. receiving unit 500 according to Fig. 5a] and/or a sending unit (e.g. sending unit 550 according to Fig. 5b], For example, the one or more communication interface(s] 604 may provide one or more wireline and/or wireless connections. To give some non-limiting examples, a wireline connection may be serial connection (e.g. according to the RS-232 standard], an Ethernet connection (according to any release of the IEEE- 802.3 standard] and/or a Universal Serial Bus (USB] connection (e.g. according to any release of the USB standard]. Non-limiting examples for a wireless connection may be a Wireless Local Area Network (WLAN] connection (e.g. according to the IEEE-802.11 standard family] or a Bluetooth connection (e.g. according to any release of the IEEE-802.15.1 standard].
It is to be understood that apparatus 600 may comprise various other components not shown in Fig. 6, which may for example include a secure electronic memory (e.g. secure electronic memory 460 according to Fig. 4], security means (e.g. security means 410, 430, 440, 450 according to Fig. 4], at least a part of a receiving unit (e.g. of receiving unit 500 according to Fig. 5a] and/or atleast a part of a sending unit (e.g. of sending unit 550 according to Fig. 5b],
Fig. 7 is a flow chart 700 illustrating an exemplary embodiment of a method according to the fourth aspect of the present disclosure. It may for example be assumed that the actions of flow chart 700 are performed and/or controlled by an apparatus according to the first aspect of the present disclosure (e.g. apparatus 110, 120 of system 100 according to Fig. 1 or hardware security module 210, 220, 230, 310, 320, 330 according to Figs. 2a to 2c and Figs. 3a to 3c] or by an appliance server according to the second aspect of the present disclosure (e.g. appliance server 340, 350, 360 according to Figs. 3a to 3c],
Without limiting the scope of the present disclosure, the actions of flow chart 700 are described in following in view of system 100 according to Fig. 1.
In action 710, electronic key information is obtained, wherein the electronic key information is determined at least partially based on an optical signal obtained at the receiving unit and wherein the electronic key information represents an electronic key. Considering for example apparatus 110 (e.g. a hardware security module], an optical signal comprising a plurality of photons (e.g. a plurality of entangled photons] may be obtained at receiving unit 111. In particular, obtaining the optical signal may comprise observing the plurality of photons of the optical signal and respective quantum states of each photon of the plurality of photons. In a non-limiting example, the photons of the plurality of photons arrive successively at receiving unit 111 (e.g. by travelling through free space or an optical fibre connected to receiving unit 111] after being transmitted by satellite 130.
For example, when obtaining electronic key information in action 710, a particular quantum state of a particular photon may result in one of the two states of a bit (e.g. a horizontal or left diagonal polarisation results to "0” and vertical or right diagonal polarisation results to "1”]. Observing the quantum state of each photon of the plurality of photons may for example yield a random sequence of bits according to the sequence in which the plurality of photons was observed. Therein, the random sequence of bits may for example be understood as electronic key information, such that the electronic key information have been determined at least partially based on the observed respective quantum states of the plurality of photons. For example, the electronic key information is determined by control of receiving unit 111.
It is to be understood that receiving unit 111 may be included in apparatus 110, or at least partly included in apparatus 110, or separated from apparatus 110. When being separated from apparatus 110, obtaining electronic key information in action 710 may comprise transmitting the electronic key information from receiving unit 111 to apparatus 110.
The electronic key information obtained in action 710 represents the electronic key to be stored in secure electronic memory 112. For example, considering that the electronic key information may be given by a random sequence of bits as described above, this random sequence of bits may be the electronic key. In other examples, the electronic key may be determined at least partially based on the random sequence of bits, which may for example comprise encoding or decoding the random sequence of bits or selecting one or more parts of the random sequence of bits.
In action 720, the electronic key is stored in a secure electronic memory included in an apparatus, wherein the apparatus and the secure electronic memory is secured by security means of the apparatus.
For example, prior to storing the electronic key in secure electronic memory 112, apparatus 110 may perform determining the electronic key at least partially based on the electronic key information obtained in action 710. In particular, determining the electronic key may further be based on further electronic key information stored in secure electronic memory 112. Advantageously, the electronic key information representing the electronic key is securely determined based on obtaining the optical signal in action 710 and afterwards stored in secure electronic memory 112 in action 720, which allows for a comprehensive protection of the electronic key against unauthorized access. In particular, the electronic key information is determined based on the optical signal obtained at receiving unit 111, wherein apparatus 110 and/or receiving unit 111 may determine whether the optical signal, the electronic key information and/or the electronic key may be compromised. Accordingly, apparatus 110 does not have to simply trust that the electronic key is not compromised (and e.g. generated based on a truly randomly generated number], because it may check the integrity of the optical signal (e.g. based on the quantum state of at least one photon of the optical signal], the electronic key information and/or the electronic key already upon reception. In addition, the reception of the electronic key directly terminates in a secure environment provided by apparatus 110 and secure electronic memory 112, which are secured by security means of apparatus 110.
For example, after storing the electronic key information in secure electronic memory 112 in action 720, the electronic key may be used for encrypting and/or decrypting electronic message exchanged between Bob and Alice. In another example, apparatus 110 may serve as a forwarding apparatus that securely obtains the electronic key in action 710, stores the electronic key in the secure electronic memory in action 720 and then further transmits the electronic key to another recipient.
Fig. 8 is a schematic illustration of examples of tangible and non-transitory computer-readable storage media according to the present disclosure that may for example be used to implement memory 602 of Fig. 6. To this end, Fig. 8 displays a flash memory 800, which may for example be soldered or bonded to a printed circuit board, a solid-state drive 801 comprising a plurality of memory chips (e.g. Flash memory chips], a magnetic hard drive 802, a Secure Digital (SD] card 803, a Universal Serial Bus (USB] memory stick 804, an optical storage medium 805 (such as for example a CD-ROM or DVD] and a magnetic storage medium 806.
Any presented connection in the described embodiments is to be understood in a way that the involved components are operationally coupled. Thus, the connections can be direct or indirect with any number or combination of intervening elements, and there may be merely a functional relationship between the components.
Any of the processors mentioned in this text, in particular but not limited to processor could be a processor of any suitable type. Any processor may comprise but is not limited to one or more microprocessors, one or more processor(s] with accompanying digital signal processor(s], one or more processor(s] without accompanying digital signal processor(s], one or more special-purpose computer chips, one or more field-programmable gate arrays (FPGAS], one or more controllers, one or more application-specific integrated circuits [ASICS], or one or more computers]. The relevant structure /hard ware has been programmed in such a way to carry out the described function.
Moreover, any of the actions or steps described or illustrated herein may be implemented using executable instructions in a general-purpose or special-purpose processor and stored on a computer- readable storage medium [e.g., disk, memory, or the like] to be executed by such a processor. References to ‘computer-readable storage medium’ should be understood to encompass specialized circuits such as FPGAs, ASICs, signal processing devices, and other devices.
Moreover, any of the actions described or illustrated herein may be implemented using executable instructions in a general-purpose or special-purpose processor and stored on a computer-readable storage medium [e.g., disk, memory, or the like] to be executed by such a processor. References to ‘computer-readable storage medium’ should be understood to encompass specialized circuits such as FPGAs, ASICs, signal processing devices, and other devices.
The wording "A, or B, or C, or a combination thereof’ or "at least one of A, B and C” may be understood to be not exhaustive and to include at least the following: [i] A, or [ii] B, or [hi] C, or [iv] A and B, or [v] A and C, or [vi] B and C, or [vii] A and B and C.
It will be understood that the embodiments disclosed herein are only exemplaiy, and that any feature presented for a particular exemplary embodiment may be used with any aspect of the present disclosure on its own or in combination with any feature presented for the same or another particular exemplary embodiment and/or in combination with any other feature not mentioned. It will further be understood that any feature presented for an example embodiment in a particular category may also be used in a corresponding manner in an example embodiment of any other category.
The following embodiments are disclosed as exemplary embodiments of the various aspects of the present disclosure:
Exemplary embodiment 1:
An apparatus for securely obtaining an electronic key, wherein the apparatus comprises: a secure electronic memory; security means configured to secure the apparatus and the secure electronic memory; and connecting means for connecting the secure electronic memory with a receiving unit, wherein the apparatus is configured to: obtain electronic key information from the receiving unit, wherein the electronic key information is determined at least partially based on an optical signal obtained at the receiving unit and wherein the electronic key information represents the electronic key; and store the electronic key in the secure electronic memory.
Exemplary embodiment 2:
The apparatus according to embodiment 1, wherein the connecting means are configured to provide a secured wireline and/or wireless connection between the secure electronic memory and the receiving unit.
Exemplary embodiment 3:
The apparatus according to embodiment 1 or embodiment 2, wherein the apparatus is further configured to: obtain an electronic message; process the obtained electronic message at least partially based on the electronic key stored in the secure electronic memory ; and provide the processed electronic message.
Exemplary embodiment 4:
The apparatus according to any of the preceding embodiments, wherein the electronic key is included in the electronic key information and/or is determinable at least partially based on the electronic key information.
Exemplary embodiment 5:
The apparatus according to any of the preceding embodiments, wherein the apparatus is further configured to: determine the electronic key at least partially based on the obtained electronic key information.
Exemplary embodiment 6:
The apparatus according to any of the preceding embodiments, wherein the electronic key is determined at least partially based on the obtained electronic key information and on further electronic key information stored in the secure electronic memory.
Exemplary embodiment 7:
The apparatus according to any of the preceding embodiments, wherein the receiving unit comprises: measurement means for obtaining the optical signal; and control means for determining the electronic key information and/or the electronic key at least partially based on the optical signal.
Exemplary embodiment 8:
The apparatus according to embodiment 7, wherein obtaining the optical signal comprises: observing at least one photon of the optical signal and a quantum state of the at least one photon, wherein the electronic key information and/or the electronic key is determined at least partially based on the observed quantum state of the at least one photon.
Exemplary embodiment 9:
The apparatus according to any of the preceding embodiments, wherein the apparatus and/or the receiving unit is further configured to determine whether the optical signal, the electronic key information and/or the electronic key is compromised.
Exemplary embodiment 10:
The apparatus according to any of the preceding embodiments, wherein the security means are configured to prevent removing the electronic key from the secure electronic memory.
Exemplary embodiment 11:
The apparatus according to any of the preceding embodiments, wherein the security means comprise at least one of the following means: encryption means for encrypting the electronic key stored in the secure electronic memory ; and/or erasure means for erasing the secure electronic memory ; and/or detection means for detecting external attack against the apparatus; and/or protection means for physically protecting the apparatus.
Exemplary embodiment 12:
The apparatus according to any of the preceding embodiments, wherein the apparatus is a hardware security module.
Exemplary embodiment 13:
The apparatus according to any of the preceding embodiments, wherein the apparatus further comprises atleast a part of the receiving unit and wherein the security means of the apparatus are further configured to secure at least the part of the receiving unit.
Exemplary embodiment 14:
The apparatus according to any of the preceding embodiments, wherein the apparatus is further configured to: obtain additional electronic key information at least partially based on the electronic key stored in the secure electronic memory, wherein the additional electronic key information represents the electronic key; and provide the additional electronic key information to a sending unit, wherein an additional optical signal is generated at least partially based on the additional electronic key information and is transmitted at the sending unit.
Exemplary embodiment 15:
An appliance server comprising: the apparatus according to any of the preceding embodiments; at least a part of the receiving unit; and security means configured to secure the apparatus and at least the part of receiving unit.
Exemplary embodiment 16:
A system comprising: the apparatus according to any of the embodiments 1 to 14; and the receiving unit.
Exemplary embodiment 17:
A method for securely obtaining an electronic key, wherein the method comprises: obtaining electronic key information, wherein the electronic key information is determined at least partially based on an optical signal received at a receiving unit and wherein the electronic key information represents the electronic key; and storing the electronic key in a secure electronic memory included in an apparatus, wherein the apparatus and the secure electronic memory is secured by security means of the apparatus.

Claims

C L A I M S
1. An apparatus (110; 210; 310; 400; 600] for securely obtaining an electronic key, wherein the apparatus (110; 210; 310; 400; 600] comprises: a secure electronic memory (112; 212; 312; 460]; security means (410; 430; 440; 450] configured to secure the apparatus (110; 210; 310; 400;
600] and the secure electronic memory (112; 212; 312; 460]; and connecting means (213; 313] for connecting the secure electronic memory (112; 212; 312; 460] with a receiving unit (111; 211; 311; 500], wherein the apparatus (110; 210; 310; 400; 600] is configured to: obtain electronic key information from the receiving unit (111; 211; 311; 500], wherein the electronic key information is determined at least partially based on an optical signal obtained at the receiving unit (111; 211; 311; 500] and wherein the electronic key information represents the electronic key; and store the electronic key in the secure electronic memory (112; 212; 312; 460], wherein the apparatus (110; 210; 310; 400; 600] further comprises at least a part of the receiving unit (111; 211; 311; 500] and wherein the security means (410; 430; 440; 450] of the apparatus (110; 210; 310; 400; 600] are further configured to secure at least the part of the receiving unit (111; 211; 311; 500],
2. The apparatus (110; 210; 310; 400; 600] according to claim 1, wherein the connecting means (213; 313] are configured to provide a secured wireline and/or wireless connection between the secure electronic memory (112; 212; 312; 460] and the receiving unit (111; 211; 311; 500],
3. The apparatus (110; 210; 310; 400; 600] according to claim 1 or claim 2, wherein the apparatus (110; 210; 310; 400; 600] is further configured to: obtain an electronic message; process the obtained electronic message at least partially based on the electronic key stored in the secure electronic memory (112; 212; 312; 460]; and provide the processed electronic message.
4. The apparatus (110; 210; 310; 400; 600] according to any of the preceding claims, wherein the electronic key is included in the electronic key information and/or is determinable at least partially based on the electronic key information. The apparatus (110; 210; 310; 400; 600] according to any of the preceding claims, wherein the apparatus (110; 210; 310; 400; 600] is further configured to: determine the electronic key at least partially based on the obtained electronic key information. The apparatus (110; 210; 310; 400; 600] according to any of the preceding claims, wherein the electronic key is determined at least partially based on the obtained electronic key information and on further electronic key information stored in the secure electronic memory (112; 212; 312; 460], The apparatus (110; 210; 310; 400; 600] according to any of the preceding claims, wherein the receiving unit (111; 211; 311; 500] comprises: measurement means (505; 510] for obtaining the optical signal; and control means (525] for determining the electronic key information and/or the electronic key at least partially based on the optical signal. The apparatus (110; 210; 310; 400; 600] according to claim 7, wherein obtaining the optical signal comprises: observing at least one photon of the optical signal and a quantum state of the at least one photon, wherein the electronic key information and/or the electronic key is determined at least partially based on the observed quantum state of the at least one photon. The apparatus (110; 210; 310; 400; 600] according to any of the preceding claims, wherein the apparatus (110; 210; 310; 400; 600] and/or the receiving unit (111; 211; 311; 500] is further configured to determine whether the optical signal, the electronic key information and/or the electronic key is compromised. The apparatus (110; 210; 310; 400; 600] according to any of the preceding claims, wherein the security means (410; 430; 440; 450] are configured to prevent removing the electronic key from the secure electronic memory (112; 212; 312; 460], The apparatus (110; 210; 310; 400; 600] according to any of the preceding claims, wherein the security means (410; 430; 440; 450] comprise at least one of the following means: encryption means (450] for encrypting the electronic key stored in the secure electronic memory (112; 212; 312; 460]; and/or erasure means (440] for erasing the secure electronic memory (112; 212; 312; 460]; and/or detection means (430] for detecting external attack against the apparatus (110; 210; 310; 400; 600]; and/or protection means [410] for physically protecting the apparatus (110; 210; 310; 400; 600],
12. The apparatus (110; 210; 310; 400; 600] according to any of the preceding claims, wherein the apparatus (110; 210; 310; 400; 600] is a hardware security module (400],
13. The apparatus (110; 210; 310; 400; 600] according to any of the preceding claims, wherein the apparatus (110; 210; 310; 400; 600] is further configured to: obtain additional electronic key information at least partially based on the electronic key stored in the secure electronic memory (112; 212; 312; 460], wherein the additional electronic key information represents the electronic key; and provide the additional electronic key information to a sending unit (550], wherein an additional optical signal is generated at least partially based on the additional electronic key information and is transmitted at the sending unit (550],
14. An appliance server (340; 600] comprising: the apparatus (110; 210; 310; 400; 600] according to any of the preceding claims; atleast a part of the receiving unit (111; 211; 311; 500]; and security means (410; 430; 440; 450] configured to secure the apparatus (110; 210; 310; 400; 600] and at least the part of receiving unit (111; 211; 311; 500],
15. A system (100] comprising: the apparatus (110; 210; 310; 400; 600] according to any of the claims 1 to 13; and the receiving unit (111; 211; 311; 500],
16. A method (700] for securely obtaining an electronic key, wherein the method (700] comprises: obtaining (710] electronic key information, wherein the electronic key information is determined at least partially based on an optical signal received at a receiving unit (111; 211; 311; 500] and wherein the electronic key information represents the electronic key; and storing (720] the electronic key in a secure electronic memory (112; 212; 312; 460] included in an apparatus (110; 210; 310; 400; 600], wherein the apparatus further comprises at least a part of the receiving unit (111; 211; 311; 500], and wherein the apparatus (110; 210; 310; 400; 600], at least the part of the receiving unit (111; 211; 311; 500] and the secure electronic memory are secured by security means (410; 430; 440; 450] of the apparatus (110; 210; 310; 400; 600],
****
PCT/EP2023/077077 2022-09-30 2023-09-29 Securely obtaining an electronic key WO2024068938A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102022125290 2022-09-30
DE102022125290.6 2022-09-30

Publications (1)

Publication Number Publication Date
WO2024068938A1 true WO2024068938A1 (en) 2024-04-04

Family

ID=88287378

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2023/077077 WO2024068938A1 (en) 2022-09-30 2023-09-29 Securely obtaining an electronic key

Country Status (1)

Country Link
WO (1) WO2024068938A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1833009A1 (en) * 2006-03-09 2007-09-12 First Data Corporation Secure transaction computer network
WO2018071191A2 (en) * 2016-10-14 2018-04-19 Alibaba Group Holding Limited Method and system for data security based on quantum communication and trusted computing
US20210391988A1 (en) * 2020-06-11 2021-12-16 Western Digital Technologies, Inc. Secure optical communication link

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1833009A1 (en) * 2006-03-09 2007-09-12 First Data Corporation Secure transaction computer network
WO2018071191A2 (en) * 2016-10-14 2018-04-19 Alibaba Group Holding Limited Method and system for data security based on quantum communication and trusted computing
US20210391988A1 (en) * 2020-06-11 2021-12-16 Western Digital Technologies, Inc. Secure optical communication link

Similar Documents

Publication Publication Date Title
US10154021B1 (en) Securitization of temporal digital communications with authentication and validation of user and access devices
US10848303B2 (en) Methods and apparatuses for authentication in quantum key distribution and/or quantum data communication
Horstmeyer et al. Physical key-protected one-time pad
US7215771B1 (en) Secure disk drive comprising a secure drive key and a drive ID for implementing secure communication over a public network
EP2654238B1 (en) Secure quantum authentication system
US20070016794A1 (en) Method and device using one-time pad data
US9374222B2 (en) Secure communication of data between devices
US11888832B2 (en) System and method to improve user authentication for enhanced security of cryptographically protected communication sessions
US20110302421A1 (en) Authentication Method And Apparatus Using One Time Pads
ES2880693T3 (en) Methods and systems to transfer data safely
KR20190049006A (en) The PUF-QRNG remote meter reader
CN113645038A (en) Measuring equipment-independent quantum digital signature system and method
TW201445902A (en) Method for quantum communication
Arshinov et al. Modeling of quantum channel parameters impact on information exchange security
WO2024068938A1 (en) Securely obtaining an electronic key
Wang et al. Enhanced arbitrated quantum signature scheme using Bell states
Han et al. Scalable and secure virtualization of HSM with ScaleTrust
Rahmani Cryptographic algorithms and protocols
Banday Applications of digital signature certificates for online information security
Oleksandrivna QUANTUM CRYPTOGRAPHY AS A MEANS OF PROTECTING COMMUNICATIONS
Kapoor Quantum Cryptography Analysis For Threat Assessment
JP6053582B2 (en) Cryptographic processing apparatus, cryptographic processing method, cryptographic processing program, and authentication method
Gani et al. Securing Quantum Computers: Safeguarding Against Eavesdropping and Side-Channel Attacks
Houston III Secure ballots using quantum cryptography
Hwang et al. Development of Improved Security Command Insertion Device for Flight Termination System

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23783771

Country of ref document: EP

Kind code of ref document: A1