CN115004624A - Apparatus and method for key enforcement - Google Patents

Apparatus and method for key enforcement Download PDF

Info

Publication number
CN115004624A
CN115004624A CN202080094603.6A CN202080094603A CN115004624A CN 115004624 A CN115004624 A CN 115004624A CN 202080094603 A CN202080094603 A CN 202080094603A CN 115004624 A CN115004624 A CN 115004624A
Authority
CN
China
Prior art keywords
seed
key
priv
bundle
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202080094603.6A
Other languages
Chinese (zh)
Inventor
桑泊·索维欧
珍妮·哈码莱尼
杨-艾瑞克·艾克伯格
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN115004624A publication Critical patent/CN115004624A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/64Self-signed certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

A processor for: generating an initial seed (L) from a random number generator; deriving a SEED value (SEED) from the initial SEED (L) and a first key definition function; generating a key pair (K) according to the SEED value (SEED) and a first key generation method pub 、K priv ). The key pair (K) pub 、K priv ) Including a public key (K) pub ) And a private key (K) priv ). According to the public key (K) pub ) Encrypting the initial seed to create a encrypted value (X). Building a bundle (B) comprising the encrypted value (X) and the public key (K) pub ). Subsequent processes or devices may use the bundle package (B) and the embedded cryptographic value (X) to verify the key pair (K) pub 、K priv ) Is generated by an approved key generation method.

Description

Apparatus and method for key enforcement
Technical Field
Aspects of the disclosed embodiments relate generally to computer security and, more particularly, to verifying the strength of encryption keys.
Background
The digital security of modern cryptographic systems is based on secret, difficult to guess binary values, called keys or encryption keys. Key generation typically requires the application of a deterministic key generation method to one or more random values. The strength of the obtained key depends on the quality of the random number generator and the applied key generation method.
Industry standards such as Federal Information Processing Standard (FIPS) 186-4 provide explicit guidance on how keys should be generated. Failure to follow approved guidelines may result in the generation of a weak key. The reason for generating weak keys is various.
Currently, there is no way to determine the strength of a given key, nor is it determined that the given key was generated using an approved key generation method. The device manufacturer or user must trust that key generation has been performed properly and that the obtained key is of sufficient strength.
Accordingly, there is a need for improved methods and apparatus to prove that keys were generated using approved or accepted key generation methods and that appropriate entropy has been included in the random number generator. It is therefore desirable to provide methods and apparatus that address at least some of the problems discussed above.
Disclosure of Invention
Aspects of the disclosed embodiments relate to certifying that keys are generated using approved or accepted key generation methods and ensuring that appropriate additional entropy has been employed. This and other objects are achieved by the subject matter claimed in the independent claims. Further advantageous modifications are provided in the dependent claims.
The above and other objects and advantages are achieved according to a first aspect by a computing device. In one embodiment, the computing device includes a memory communicatively coupled to a processor. The processor is configured to: generating an initial seed (L) from a random number generator; according to the initial seed(L) deriving a SEED value (SEED) from the first key definition function; generating a key pair (K) according to the SEED value (SEED) and a first key generation method pub 、K priv ) Said key pair (K) pub 、K priv ) Including a public key (K) pub ) And a private key (K) priv ) (ii) a According to the public key (K) pub ) Encrypting the initial seed to create a encrypted value (X); constructing a bundle package (B) comprising the encrypted value (X) and the public key (K) pub ). Subsequent processes or devices may use the bundle package (B) and the embedded cryptographic value (X) to verify the key pair (K) pub 、K priv ) Is generated by an approved key generation method.
In one possible implementation of the computing device, the processor is configured to: according to the bundle (B) and the private key (K) priv ) Generating a signature; combining the signature and the bundle (B) into a signature bundle (B) S ). In the signature bundle (B) S ) Including a signature provides a means for verifying that the signature bundle (B) is included in S ) And verifying the signed bundle (B) S ) Has a corresponding private key (K) priv )。
In one possible implementation of the computing device, the processor is configured to: packaging the signature bundle (B) S ) Configured as a Certificate Signing Request (CSR). Using a standardized format such as the CSR format simplifies the processing of the information contained in the bundle.
In one possible implementation of the computing device, the processor is configured to: packaging the signature bundle (B) S ) Configured to one of self-sign a certificate and a certificate authority sign a certificate. Using a self-signed certificate format simplifies the processing of information contained in the signed bundle, and a Certificate Authority (CA) signed certificate improves security by providing a signature with a trusted third party.
In one possible implementation of the computing device, the processor is configured to: the SEED value (SEED) is further generated from an additional SEED (G). The additional SEED (G) may contain information relating to additional criteria like an expiration time applied to the SEED value (SEED).
In one possible implementation of the computing device, the processor is configured to: obtaining the additional seed (G) from a trusted entropy source, the additional seed (G) being usable by a key detection apparatus. Obtaining the additional seed in this way may improve the quality of the initial random value used for key generation. Furthermore, security is improved by including additional entities during authentication and revealing the additional seeds during authentication.
In one possible implementation manner of the apparatus, the processor is configured to: obtaining the additional seed (G) from a trusted entropy source, the additional seed (G) being publicly available to a key detection device. The inclusion of said additional seed (G) has advantages, for example providing means for including additional entropy from a trusted or trusted server in said seed.
In one possible implementation of the computing device, the processor is configured to: secretly providing the additional seed (G) in the computing device. The security provision helps to protect the confidentiality of said additional seed (G).
In one possible implementation of the computing device, the processor is configured to: information indicating the key generation method is contained in the bundle (B). Including information about the key generation method in the bundle may avoid providing an alternative channel to pass this information from the key generation device to the key verification device.
According to a second aspect, the above and other objects and advantages are achieved by a computing device. In one embodiment, the computing device includes a memory communicatively coupled to a processor. The processor is configured to: receiving a first private key (K) priv1 ) And a bundle (B1) comprising an encrypted value (X) and a public key (K) pub ) The first private key (K) priv1 ) Is generated according to a first key generation method; according to the first private key (K) priv1 ) To pairDecrypting the encrypted value (X) to recover a decrypted initial seed (L'); deriving a second SEED value (SEED ') from said decrypted initial SEED (L') and a second key defining function; generating a second private key (K ') according to the second SEED value (SEED ') and a second key generation method ' priv ) (ii) a By comparing the first private key (K) priv1 ) And the second private key (K' priv ) And verifying the first key generation method. Using the first private key (K) priv1 ) And the second private key (K' priv ) Matching certifies the first private key (K) priv1 ) Is generated using the first key generation method.
In one possible implementation of the computing device, the processor is configured to: receiving an additional seed (G1); -generating the second seed value from the second initial seed (L'), the additional seed (G) and the key definition function. Including the additional seed in the key generation improves security and provides a means for adding additional functionality when verifying the obtained key. When the additional seed (G1) is provided, the above verification method may prove that the additional seed (G1) was used in generating the key. When the additional seed (G1) is known to be generated by the trusted random number generator, the verifier can conclude that: the SEED value based on the initial SEED (L) and the additional SEED (G) contains a suitable amount of entropy.
In one possible implementation of the computing device, the processor is configured to: recording a plurality of decrypted initial seed values (L'); an entropy measurement test is run on the recorded plurality of decrypted initial seed values. Running tests on multiple initial seed values may detect problems with entropy sources used during random number generation.
The above and other objects and advantages are achieved by a method according to a third aspect. In one embodiment, the method comprises: generating an initial seed (L) from a random number generator; deriving a SEED value (SEED) from the initial SEED (L) and a first key definition function; generating a key pair (K) according to the SEED value (SEED) and a first key generation method pub 、K priv ) Said key pair (K) pub 、K priv ) Including a public key (K) pub ) And private key (K) priv ) (ii) a According to the public key (K) pub ) Encrypting the initial seed to create an encrypted value (X); constructing a bundle package (B) comprising the encrypted value (X) and the public key (K) pub ). The obtained bundle (B) provides the necessary information for the subsequent verification of the private key (K) priv ) Is generated according to an approved key generation method.
In one possible implementation manner of the method, the method further includes: according to the bundle (B) and the private key (K) priv ) Generating a signature; combining the signature and the bundle (B) into a signature bundle (B) S ). In the signature bundle (B) S ) Including a signature provides a means for verifying that the signature bundle (B) is included in S ) The integrity of the data in (1).
In one possible implementation of the method, the bundle (B) comprises information indicating the key generation method. Including information about the key generation method in the bundle may avoid providing an alternative channel to pass this information from the key generation device to the key verification device.
In one possible implementation manner of the method, the method further includes: receiving the private key (K) priv ) And the bundle package (B); according to the private key (K) priv ) Decrypting the encrypted value (X) to recover a decrypted initial seed (L'); deriving a second SEED value (SEED ') from said decrypted initial SEED (L') and a second key defining function; generating a second private key (K ') according to the second SEED value (SEED ') and a second key generation method ' priv ) (ii) a By comparing said received private key (K) priv ) And the second private key (K' priv ) And verifying the first key generation method. Using the first private key (K) priv1 ) And the second private key (K' priv ) Matching certifies the first private key (K) priv1 ) Is generated using the first key generation method.
These and other aspects, implementations, and advantages of the exemplary embodiments will become apparent from the embodiments described herein when considered in conjunction with the accompanying drawings. It is to be understood, however, that such description and drawings are for the purpose of illustration only and are not intended as a definition of the limits of the disclosed invention; for any limitation of the invention, reference should be made to the appended claims. Additional aspects and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. Furthermore, the aspects and advantages of the invention may be realized and obtained by means of the instrumentalities and combinations particularly pointed out in the appended claims.
Drawings
In the following detailed description of the invention, the invention will be explained in detail with reference to exemplary embodiments shown in the drawings, in which:
FIG. 1 shows a schematic block diagram of an exemplary computing device incorporating aspects of the disclosed embodiments;
FIG. 2 shows a schematic block diagram of an exemplary computing device incorporating aspects of the disclosed embodiments;
FIG. 3 illustrates a flow diagram 300 of an exemplary key generation and key verification process incorporating aspects of the disclosed embodiments.
Detailed Description
FIG. 1 shows a schematic block diagram of an exemplary apparatus 100 provided by aspects of the disclosed embodiments. Aspects of the disclosed embodiments relate to proving that an encryption key is generated using an accepted key generation method and, when needed, that additional entropy from a reliable server is used during basic random number generation.
As shown in fig. 1, the computing device 100 includes a memory 152, the memory 152 communicatively coupled to the processor 150. Although only one memory 152 is shown in fig. 1, it is to be understood that the memory 152 may include one or more memory blocks or modules. The memory 152 may be a combination of various types of volatile and nonvolatile computer memory such as Read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disk, flash memory, or other suitable types of computer memory.
The processor 150 may be any suitable type of computer processing device. For example, the processor 150 may be a single processing device, or may include multiple processing devices including dedicated devices such as Digital Signal Processing (DSP) devices, microprocessors, dedicated processing devices, parallel processing cores, or general purpose computer processors. In some embodiments, the processor 150 and the memory 152 may be included in a system on a chip (SoC) device or chipset. The processor 150 is used to read non-transitory program instructions from the memory 152 and perform any of the methods and processes described herein. The processor 150 may also include a CPU that works in conjunction with a Graphics Processing Unit (GPU), which may include a DSP or other dedicated graphics processing hardware.
In one embodiment, the processor 150 is configured to generate an initial seed (L), which may be a random binary value, from the random number generator 102. Any suitable type of random number generator 102 may be advantageously employed, such as hardware-based random number generators and pseudo-random number generators. The random number generator 102 is applied to generate a true random number sequence or a suitable explicit random number sequence. The initial seed (L) may be a suitably large random binary value or number, as desired.
The processor 150 is configured to derive a SEED value (SEED) from the initial SEED (L) and the first key definition function 104. The first key definition function 104 may be any desired Key Definition Function (KDF) for deterministically deriving a desired SEED value (SEED) from an initial value such as the initial SEED (L).
The processor 150 then generates an asymmetric key pair (K) based on the SEED value (SEED) and a first key generation method 106 pub 、K priv ) Said key pair (K) pub 、K priv ) Including a public key (K) pub ) And private key (K) priv ). The first passwordKey generation method 106 may be an accepted and/or approved key generation method, such as the key generation method described in Federal Information Processing Standard (FIPS) 186-4, which provides explicit guidance on how keys should be generated. The key pair (K) pub 、K priv ) May be any desired type of asymmetric encryption key pair, such as a key pair based on a Rivest-Shamir-adleman (rsa) encryption system, Elliptic Curve Cryptography (ECC) system, or other desired asymmetric encryption system.
The processor 150 then constructs the bundle (B) by: according to the public key (K) pub ) Encrypting (108) the initial seed (L) to create a cryptographic value (X); generating the bundle package (B) comprising the encrypted value (X) and the public key (K) pub ). To aid understanding, it may be helpful to consider the bundle (B) as a verification bundle that includes the necessary information to verify or prove the key pair (K) pub 、K priv ) Is generated using the accepted key generation method. The encryption (108) is performed according to an encryption system corresponding to the first key generation method 106, wherein the public key (K) is pub ) For encrypting the initial seed (L) to create the encrypted initial seed value (X). Using said public key (K) pub ) Encrypting the initial seed (L) to ensure that the initial seed (L) can only be accessed by a corresponding private key (K) having access priv ) The entity of (1) is recovered.
As will be discussed further below, the bundle (B) may be used to certify the key pair (K) pub 、K priv ) Is generated according to the approved key generation method and is not compromised or otherwise attacked.
In one embodiment of the computing device 100, the processor 150 is configured to: according to the bundle (B) and the private key (K) priv ) Generating a signature 110; combining the signature and the bundle (B) into a signature bundle (B) S ). The signature 110 can verify the bundleIntegrity of the package, providing additional assurance that the information in the bundle package (B) has not been tampered with or altered. The signature 110 also proves the creation of the signature bundle (B) S ) Has said private key (K) priv )。
In some embodiments, it may be advantageous to configure the signature bundle (B) according to a defined format, such as a Certificate Signing Request (CSR) or a self-signed digital certificate, that conforms to a well-known X.509 public key certificate format S ). Although the bundle is a new type of bundle, the use of a standardized data format to carry a new type of information bundle may simplify the development of computer software for processing the new type of information bundle (B) by incorporating a third party software library rather than developing a completely new software program.
Alternatively, the bundle (B) or the signature bundle (B) may be packaged S ) Provided to a trusted certificate authority for inclusion in an x.509 or other desired digital certificate. The signature may be verified according to a public key of the trusted certificate authority. The use of a trusted certificate authority provides an additional level of assurance that the information in the bundle (B) has not been altered.
In one embodiment, the processor 150 is configured to: the SEED value (SEED) is generated from the initial SEED (L), an additional SEED (G) and a random number generator 102. The additional seed may be any desired value, such as publicly available values and securely provided values. The additional seed (G) may be obtained from a trusted entropy source and may be publicly available to the key detection apparatus. The inclusion of said additional SEED (G) has advantages, such as providing a method for including additional entropy from a trusted or trusted server in said SEED value (SEED) and a method for including additional factors obtained from a third party or an external service during key verification.
In certain embodiments, it may be desirable to obtain the additional seed (G) from a publicly available source. When obtaining the additional seed (G) from a publicly available source, the verifier may perform the verification without any additional configuration or communication between the key generation and verification processes. The public value or the additional seed (G) may contain a verification criterion, e.g. may include an expiration time to indicate that the key should only be generated from the additional seed (G) value within a certain time window.
In one embodiment, the processor 150 is configured to: the additional seed (G) is secretly provided in the computing device 100. Secretly providing the additional seed (G) in the computing device is a process in which the additional seed (G) is securely provided in the computing device in a manner that ensures confidentiality of the additional seed (G). Providing the additional seed (G) secretly improves security based on an additional shared secret value between the key generation and verification devices or processes. The term "secret provisioning" as used herein refers to the process of securely storing a secret value in the computing device in a manner that ensures that the confidentiality of the secret value is protected.
In one embodiment, the processor 150 is configured to: information indicating the key generation method 106 is contained in the bundle (B). For example, when some keys are ECC based and others are RSA based, it may be desirable to use multiple key generation methods 106. The inclusion of information about the key generation method 106 in the bundle enables a single authentication device or process to be used to authenticate a variety of different key generation methods according to a variety of different encryption systems without prior knowledge of the key generation method employed.
FIG. 2 illustrates a schematic block diagram of an exemplary apparatus 200 provided by aspects of the disclosed embodiments. The exemplary device 200 is used to verify an encryption key that has been generated according to an approved key generation method, such as the key pair (K) described above pub 、K priv )。
As shown in fig. 2, the computing device 200 includes a memory 252, the memory 252 communicatively coupled to a processor 250. The memory 252 and the processor 250 may include any suitable type of processor 250 and memory 252, such as the processor 150 and memory 152 described above and in connection with fig. 1.
In the exemplary embodiment shown in FIG. 2, the processor 250 is configured to interface withReceive private key (K) priv1 ) And a bundle package (B1). The received private key (K) priv1 ) And the bundle (B1) may be the private key (K) as described above and in connection with FIG. 1 priv ) And a bundle (B), the received private key (K) priv1 ) And the bundle (B1) includes information sufficient to verify the private key (K) priv1 ) Is information generated according to an approved key generation method (e.g., the key generation method described in industry standard FIPS 186-4). Any type of encryption key that needs to prove the strength of the key can be used as the private key (K) priv1 )。
The bundle (B1) may comprise an encrypted value (X) and a public key, wherein the included public key is a corresponding public key from the key pair comprising the received private key (K) priv1 ). In one embodiment, it is advantageous to include information indicative of the second key generation function 204 in the received bundle (B1). Including an indication of the second key generation function 204 in the received bundle (B1) enables the apparatus 200 to be used to verify keys based on various key generation functions, thereby enabling the apparatus 200 to be used to verify a greater variety of key types. Similarly, the bundle (B1) may include a private key (K) that facilitates verification of the receipt priv1 ) Such as information about the key generation method, the encryption system, or other information used during key generation.
The processor 250 decrypts (202) the encrypted value (X) to recover an initial seed value (L'). According to the received private key (K) priv1 ) Decrypting the encrypted value (X). The initial seed (L') may be at the private key (K) priv1 ) The same random numbers or random binary values used during generation.
The processor 250 is configured to derive a second SEED value (SEED ') from the second key defining function 204 and the decrypted initial SEED value (L'). The second SEED value (SEED ') may then be used to generate a second private key (K') from the second SEED value (SEED ') and a key generation method 206' priv )。
By comparing (208) the received private key (K) priv1 ) And the second private key (K' priv ) The first key generation method 106 is verified. Only when used to generate the received private key (K) priv1 ) And the key generation method for generating the second private key (K' priv ) Is the same as the second key generation method 206, the received private key (K) is priv1 ) Is with the second private key (K' priv ) The same is true. Thus, the received private key (K) is enabled priv ) And the second private key (K' priv ) Matching verifiable private key (K) used to generate the reception priv1 ) And the key generation method for generating the second private key (K' priv ) The second key generation method 206 of (a) is the same. The term "verifying the first key generation method" used herein means proving that the first key generation method is identical to the second key generation method by comparing the first private key generated by the first key generation method and the second private key generated by the second key generation method.
In one embodiment, the processor 250 is configured to: receiving an additional seed value (G1); a second SEED value (SEED ') is generated from the additional SEED value (G1), the initial SEED value (L') and the key definition function 204. The additional seed value may be any desired value, such as the additional seed (G) described above and in connection with FIG. 1.
In certain embodiments, the processor 250 is configured to: recording a plurality of decrypted initial seed values (L'); an entropy test is run on the recorded plurality of seed values. Running an entropy test on the plurality of seed values (L') may detect problems with entropy sources used during key generation.
Referring to FIG. 3, a flow diagram 300 of an exemplary key generation 350 and key verification 352 process incorporating aspects of the disclosed embodiments is shown. The exemplary method 300 may be used to prove to others that a high security standard was followed during encryption key generation.
The exemplary key generation method 350 first generates (302) an initial seed (L) from a random number generator. The random number generator may be any desired type of random number generator capable of generating a series of random numbers or pseudo-random numbers or binary values.
In 304, a seed value is derived from the initial seed and a first key definition function. The key definition function, sometimes referred to as a key derivation function, may be any desired deterministic function for deriving an initial seed value from one or more random values.
Generating (306) a key pair (K) from the SEED value (SEED) and a first key generation method pub 、K priv ) Said key pair (K) pub 、K priv ) Including a public key and a corresponding private key. The key pair may be based on any desired asymmetric encryption system, such as RSA, ECC, or other sufficiently secure encryption system.
In the exemplary key generation method 350, the key pair (K) is generated in accordance with the generated key pub 、K priv ) Encrypts (308) the initial seed to create a encrypted value (X). Then, a bundle (B) may be constructed (310) using the encrypted value (X), the bundle (B) comprising the encrypted value (X) and the public key (K) pub )。
In some embodiments, the key pair (K) is generated (306) from the bundle (B) and the key pair (K) pub 、K priv ) Generates (312) a signature. Including (314) the generated signature with the generated (312) signature in a signature bundle (B) S ) Wherein the signature bundle comprises the bundle (B).
In certain embodiments, it may be advantageous to include additional information in the bundle (B), for example indicating the key generation method, encryption system and the key pair (K) being generated (308) pub 、K priv ) The key used defines the information of the function. Advantageously, any information used to inform the subsequent key verification process 352 may be included in the bundle (B).
If necessary, a signature may be generated (312) from the bundle (B) and the generated (306) private key. The signature may be included in the bundle (B) to create (314) a signed bundle (B) S ). Subsequently, can useThe signature verifies the integrity of the bundle (B), ensuring that cryptographic values and other information in the bundle (B) have not been tampered with or otherwise altered.
The key pair (K) may be certified by the exemplary key verification process 352 shown in FIG. 3 pub 、K priv ) Is generated (306) according to the approved key generation method. The example Key verification Process 352 is used to receive (320) a private key (K) priv1 ) And a bundle (B1), such as the private key and bundle (B) generated by the key generation method 350 described above.
In some embodiments, the received bundle (B1) may include a digital signature. The signature or the digital signature may be used to verify the integrity of the received bundle (B1).
Using said received private key (K) priv1 ) Decrypting (322) the encrypted value (X) contained in the received bundle (B1) to recover an initial seed value (L'). A second SEED value (SEED') may be derived (324) from a key definition function using the recovered initial SEED value.
Generating (326) a second private key (K ') from the second SEED value (SEED ') and a key generation method ' priv ). The key generation method may be any desired or approved key generation method, such as the key generation method described in industry standard FIPS 186-4 or other suitable secure key generation method.
When the second private key (K' priv ) With the private key (K) received in process step 320 priv ) -verifying said received private key (K) by comparing (328) said keys when identical priv ) Is used for generating the second private key (K' priv ) Generated by the same key generation method (326). A forward comparison (328) attests to the received private key (K) priv ) Is generated (306) according to an approved key generation method.
Thus, while there have been shown, described, and pointed out fundamental novel features of the invention as applied to exemplary embodiments thereof, it will be understood that various omissions and substitutions and changes in the form and details of the devices and methods illustrated, and in their operation, may be made by those skilled in the art without departing from the spirit and scope of the invention. Further, it is expressly intended that all combinations of those elements that perform substantially the same function in substantially the same way to achieve the same results are within the scope of the invention. Moreover, it should be recognized that structures and/or elements shown and/or described in connection with any form or embodiment of the invention disclosed may be incorporated in any other form or embodiment disclosed or described or suggested as a general matter of design choice. It is the intention, therefore, to be limited only as indicated by the scope of the claims appended hereto.

Claims (15)

1. A computing device (100) comprising a memory (152), the memory (152) communicatively coupled to a processor (150), the processor (150) configured to:
generating an initial seed (L) from a random number generator (102);
deriving a SEED value (SEED) from the initial SEED (L) and a first key definition function;
generating a key pair (K) from the SEED value (SEED) and a first key generation method pub 、K priv ) Said key pair (K) pub 、K priv ) Including a public key (K) pub ) And private key (K) priv );
According to the public key (K) pub ) Encrypting the initial seed to create a encrypted value (X);
constructing a bundle package (B) comprising the encrypted value (X) and the public key (K) pub )。
2. The computing device (100) of claim 1, wherein the processor (150) is configured to: according to the bundle (B) and the private key (K) priv ) Generating a signature (110); combining the signature (110) and the bundle (B) into a signature bundle (B) S )。
3. The computing device (100) of any of claims 1 or 2, wherein the computing device is configured to be used in a computing environmentIn that the processor (150) is configured to: packaging the signature bundle (B) S ) Configured as a Certificate Signing Request (CSR).
4. The computing device (100) of any of the above claims, wherein the processor (150) is configured to: packaging the signature bundle (B) S ) Configured to one of self-sign a certificate and a certificate authority sign a certificate.
5. The computing device (100) of any of the above claims, wherein the processor (150) is configured to: the SEED value (SEED) is further generated from an additional SEED (G).
6. The computing device (100) of claim 5, wherein the processor (150) is configured to: obtaining the additional seed (G) from a trusted entropy source, the additional seed (G) being usable by a key detection apparatus.
7. The computing device (100) according to any one of claims 5 and 6, wherein the processor (150) is configured to: secretly providing the additional seed (G) in the computing device (100).
8. The computing device (100) of any of the above claims, wherein the processor (150) is configured to: information indicating the key generation method is contained in the bundle (B).
9. A computing device (200) comprising a memory (252), the memory (252) communicatively coupled to a processor (250), the processor (250) configured to:
receiving a first private key (K) priv1 ) And a bundle (B1) comprising an encrypted value (X) and a public key (K) pub ) The first private key (K) priv1 ) Is generated according to a first key generation method;
according to whatThe first private key (K) priv1 ) Decrypting the encrypted value (X) to recover a decrypted initial seed (L');
deriving a second SEED value (SEED ') from said decrypted initial SEED (L') and a second key defining function;
generating a second private key (K ') according to the second SEED value (SEED ') and a second key generation method ' priv );
By comparing the first private key (K) priv ) And the second private key (K' priv ) And verifying the first key generation method.
10. The computing device (200) of claim 9, wherein the processor (250) is configured to:
receiving an additional seed (G1);
generating the second SEED value (SEED') further from the additional SEED (G1).
11. The computing device (200) according to any one of claims 9 or 10, wherein the processor (250) is configured to: saving a plurality of decrypted initial seed values (L'); an entropy measurement test is run on the recorded plurality of decrypted initial seed values.
12. A method (300), comprising:
generating (302) an initial seed (L) from a random number generator;
-deriving (304) a SEED value (SEED) from the initial SEED (L) and a first key definition function;
generating (306) a key pair (K) according to the SEED value (SEED) and a first key generation method pub 、K priv ) Said key pair (K) pub 、K priv ) Including a public key (K) pub ) And private key (K) priv );
According to the public key (K) pub ) Encrypting (308) the initial seed to create a cryptographic value (X);
constructing (310) a bundle package (B) comprising the cryptographic value (X) andsaid public key (K) pub )。
13. The method (300) of claim 12, further comprising:
according to the bundle (B) and the private key (K) priv ) Generating (312) a signature;
combining (314) the signature and the bundle (B) into a signature bundle (B) S )。
14. The method (300) according to any of claims 12 or 13, wherein the bundle (B) comprises information indicating the key generation method.
15. The method (300) according to any one of claims 12-14, further comprising:
receiving (320) the private key (K) priv ) And the bundle package (B);
according to the private key (K) priv ) Decrypting (322) the encrypted value (X) to recover a decrypted initial seed (L');
deriving (324) a second SEED value (SEED ') from the decrypted initial SEED (L') and a second key defining function;
generating (326) a second private key (K ') from the second SEED value (SEED ') and a second key generation method ' priv );
By comparing the private keys (K) priv ) And the second private key (K' priv ) The first key generation method is verified (328).
CN202080094603.6A 2020-01-29 2020-01-29 Apparatus and method for key enforcement Pending CN115004624A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2020/052129 WO2021151480A1 (en) 2020-01-29 2020-01-29 Apparatus and method for key strengthening

Publications (1)

Publication Number Publication Date
CN115004624A true CN115004624A (en) 2022-09-02

Family

ID=69375364

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080094603.6A Pending CN115004624A (en) 2020-01-29 2020-01-29 Apparatus and method for key enforcement

Country Status (2)

Country Link
CN (1) CN115004624A (en)
WO (1) WO2021151480A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022192872A1 (en) * 2021-03-08 2022-09-15 SecureXperts Incorporated Techniques for generating cryptographic values
US20220222183A1 (en) * 2022-03-25 2022-07-14 Intel Corporation Tagless implicit integrity with multi-perspective pattern search

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7502924B2 (en) * 2005-01-25 2009-03-10 International Business Machines Corporation Transparent on-demand certificate provisioning for secure email
US10484172B2 (en) * 2015-06-05 2019-11-19 Apple Inc. Secure circuit for encryption key generation
US11144649B2 (en) * 2018-01-25 2021-10-12 Kigen (Uk) Limited Sensitive information provision process

Also Published As

Publication number Publication date
WO2021151480A1 (en) 2021-08-05

Similar Documents

Publication Publication Date Title
CN101369889B (en) Method for electronic endorsement of document
US6968060B1 (en) Method for verifying the use of public keys generated by an on-board system
TWI488477B (en) Method and system for electronically securing an electronic device using physically unclonable functions
JP6366595B2 (en) Method and system for anti-glitch cryptographic discrete log-based signature
TWI809292B (en) Data encryption and decryption method, device, storage medium and encrypted file
CN107317677B (en) Secret key storage and equipment identity authentication method and device
US7693286B2 (en) Method of delivering direct proof private keys in signed groups to devices using a distribution CD
US20080104402A1 (en) Countermeasure against fault-based attack on RSA signature verification
CN110995685B (en) Data encryption and decryption method, device, system and storage medium
US20180375667A1 (en) Apparatus and method for certificate enrollment
CN114692218A (en) Electronic signature method, equipment and system for individual user
CN115004624A (en) Apparatus and method for key enforcement
CN102270285B (en) Key authorization information management method and device
CN114726536A (en) Timestamp generation method and device, electronic equipment and storage medium
CN100437422C (en) System and method for enciphering and protecting software using right
CN108242997B (en) Method and apparatus for secure communication
US11374770B2 (en) Data integrity validation via degenerate keys
CN113114458A (en) Encryption certificate generation method, decryption method, encryption certificate generation device, decryption device and encryption certificate system
US20080080707A1 (en) RSA signature authentication with reduced computational burden
KR100897075B1 (en) Method of delivering direct proof private keys in signed groups to devices using a distribution cd
KR101677138B1 (en) Method of on-line/off-line electronic signature system for security of off-line token
KR102563514B1 (en) Method for generating private certificate using quantum random number
CN116743461B (en) Commodity data encryption method and device based on time stamp
CN116318672A (en) Electronic seal key encryption method, electronic seal key decryption method and device
CN118157946A (en) Mixed encryption and decryption method, device, equipment and medium for data integrity verification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination