Open protocol for authentication and key establishment with privacy

Abstract

A suite of efficient authentication and key establishment protocols for securing contact or contactless interfaces between communicating systems. The protocols may be used in secure physical access, logical access and / or transportation applications, among other implementations. The system authenticates a mobile device such as a smart card and / or mobile phone equipped with a secure element presented to one or more host terminals and establishes shared secure messaging keys to protect communications between the device and terminal. Secure messaging provides an end-to-end protected path of digital documents or transactions through the interface. The protocols provide that the device does not reveal identification information to entities different from a trusted host. The terminal may be a contactless reader at a door for controlling physical access, a desktop, laptop or kiosk for controlling logical access, and / or an access point for obtaining an encrypted digital ticket from an authenticated mobile device used for transit applications.

Description

RELATED APPLICATIONS[0001]This application claims priority to: U.S. Provisional App. No. 61 / 349,396 filed May 28, 2010; U.S. Provisional App. No. 61 / 261,634 filed Nov. 16, 2009; U.S. Provisional App. No. 61 / 256,192 filed Oct. 29, 2009; and U.S. Provisional App. No. 61 / 224,379 filed Jul. 9, 2009, all of which are incorporated herein by reference.TECHNICAL FIELD[0002]This application is related to the field of secure communications and, more particularly, to cryptographic key management and the establishment of a protected communication channel between entities.BACKGROUND OF THE INVENTION[0003]Secure communications technology, such as GlobalPlatform secure channel, IpSec, SSL / TLs etc., is available to allow two communicating systems equipped with cryptographic modules to exchange information with confidentiality and integrity. These methods rely generally on a first shared secret key establishment step and a second key derivation step whereby session keys are derived from the shared s...

AI Technical Summary

Benefits of technology

[0011]According further to the system described herein, a non-transitory computer readable medium stores computer software for authenticating a device. The computer software may include executable code that receives a request to authenticate a device. Executable code may be provided that generates a response to the request. Executable code may be provided that sends the response to the host wherein the response includes encrypted information and an anonymous identifier of the device that does not provide readable identification information to an entity other than the host and in which the response authenticates the device to the host. The anonymous identifier and / or the encrypted information may be a one-time use identifier of the device. The encrypted information may be generated using at least one of: information provided in the request and a key derived from a shared secret of the device and the host. Executable code may be provided that authenticates the host to the device. Executable code may be provided that retrieves stored information corresponding to the authenticating of the host that is stored on the device. The host may be an access point of an access controlled system and upon presentation of the device at the access point, the access point may authenticate the device and establish a shared secret with the device to obtain an access credential, and the access point may rely on the access control system to validate the access credential for authorization and granting access.

[0012]According further to the system described herein, a system for authenticating a device includes a host and a device that authenticates to the host. The host may include a non-transitory computer readable medium that includes: executable code that generates authentication information at the host; executable code that sends a request to authenticate the device, where the request includes at least a portion of the authentication information; executable code that receives a response to the request from the device, where the response includes encrypted information and an anonymous identifier of the device that does not provide readable identification information to an entity other than the host; and executable code that authenticates the device using the encrypted information and the anonymous identifier. The device may include a non-transitory computer readable that includes: executable code that receives the request; executable code that generates the response; and executable code that sends the response to the host, where the response authenticates the device to the host. The host may include a client application and a secure access module. The device may include at least one of: a smart card and a mobile phone including a secure element. The request sent from the host to the device may be unencrypted, and a portion of the encrypted information in the response may be encrypted using the portion of the authentication information. Each of the host and the device may use a shared secret which may be one of: established by the device before sending back the response to the request to the host and established in advance before sending authentication information from the host. A portion of the encrypted information in the response may be encrypted using a key derived from the shared secret. The host may be an access point of an access controlled system and upon presentation of the device at the access point, the access point may authenticate the device and establish a shared secret with the device to obtain an access credential, and the access point may rely on the access control system to validate the access credential for authorization and granting access.

Problems solved by technology

However, increased security in protecting the access and exchange of the confidential information often results in reduced performance / increased user wait times. Traditionally, for contactless solutions with rapid transactions, performance has been favored over security.

Such systems offer no protection or weak protection for the credential data that is communicated.

A concern of such key establishment techniques is that the time for executing the cryptography of the first key establishment step inside the ICC of a personal security device with low computing power is prohibitive.

This prevents the deployment of such technology with the desired key length or security protection level.

These multiple requests may add overhead and latency to the transaction, particularly with remote systems.

Images