The present invention relates generally to secure digital communication, and more specifically, to providing a client certificate and associated private key to a client device.
In order to communicate securely between client devices and a network, a secure architecture is commonly used in which the client device stores a client certificate and an associated private key. Currently a certificate and its private key can be loaded into the client device within a secured environment or an environment that is considered secure. For example, for client set-top boxes, which are considered secure devices, the private key and certificate are loaded in the factory using a secure server protocol and protected using a one time programming key. Since the set-top box has a secure boot as well as other hardware security features, only authorized set-top box applications can run on the set-top box to access the private key. This kind of secure device has an anti-debug feature built in, so the private key is securely protected.
However, this kind of secure device requires that the keys are loaded in a secure environment such as the factory and also require that the program execution environment has a secure authentication for programs, with debugging capability disabled. For many consumer electronic devices, such as cellular client devices, there may not be any built-in security features like secure boot and anti-debug, or the built-in security system may be broken. Furthermore, the company that is providing a secure application for such electronic devices may not have any control over their manufacturing process and yet there is a need to install keys and digital certificates in order for that secure application to be fully functional.
The accompanying figures, where like reference numerals refer to identical or functionally similar elements throughout the separate views, together with the detailed description below, are incorporated in and form part of the specification, and serve to further illustrate embodiments of concepts that include the claimed invention, and explain various principles and advantages of those embodiments. The description is meant to be taken in conjunction with the accompanying drawings in which:
Referring to
Referring to
Referring to
Referring to
Referring to
Referring to
Referring to
Referring to
Referring to
Referring to
Referring to
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of the embodiments.
In the description below, like reference numerals are used to describe the same, similar or corresponding parts in the several views of the drawings.
Embodiments described herein generally relate to authenticating a client device that may not be deemed to be a secure device. A non-secure client device is provisioned with a client application that is deemed to be a secure client application because of information embedded within the secure client application that is not accessible using techniques that are practical for a almost all clients and because of the operation of the secure client application in conjunction with a client device that is deemed secure. A key is embedded in the secure client application in encrypted form using an obfuscation technique and the key is used to decrypt a client private key using a white box technique. The private key is delivered in double encrypted form through a client device that is a secure device. Unique techniques are used in the client secure application of the non-secure client device. The client secure device also delivers a client certificate that is unique to the client device and provides the public key that is paired to the client private key.
Referring to
At least some of the communications sent from the headend 105 are intended to be available only to certain client devices, such as communications that include digital rights managed communications. In certain embodiments, such rights are protected using a protocol called Internet Protocol Rights Management (IPRM), which is described in U.S. Patent Publication 20060242069, published on Oct. 26, 2006, entitled “Digital rights management for local recording and home network distribution”. Accordingly, the client node 115 that is to receive such communications must be securely authenticated. In certain embodiments the client node 115 is a set-top box/DVR that receives TV programming streams from the service provider's headend 105 and records the streams locally in the DVR portion of the set-top box.
The client secure device 125 communicates with client node 115 to download the recorded content. It then transcodes the content into a resolution and format that is appropriate for client device consumption and stores the transcoded content persistently with IPRM protection.
The client device, such as a mobile phone, communicates with the client secure device to download the transcoded and encrypted content and stores it in its local storage. Alternatively, the client device may not be fully trusted to store high value content and may be allowed only to render the content received from the client secure device, without recording it.
The content delivered from the headend is protected by the service provider's protection scheme. When the client node 115 records and stores the content, it does so using a service provider based protection mechanism. Content transferred from the client node 115 to the client secure device 125 is protected by a content protection protocol such as the DTCP-IP (digital transmission content protection-internet protocol) or DVR2Go™ (Comcast) protocol. IPRM re-encrypts the content before the content is stored in the client secure device 125. The client secure device 125 can then transfer the encrypted content to the client device, where it stays encrypted until playback time, if the client device is authenticated. Alternatively, the content is immediately rendered by the client device and is not persistently saved there.
Services such as transferring content to the client device 130 are not provided unless the client device is provisioned with a digital certificate. Installation of the digital certificate is not always feasible in a secure environment, which for a cellular telephone may only be the factory in which it is manufactured. Embodiments described herein provide a technique to securely download a client certificate to a secure client application running in a non-secure device. Three aspects related to securely downloading a client certificate to a client device 130 are as follows. Firstly, a client secure application having certain characteristics is authenticated to the client secure device 125 prior to downloading the client certificate from the client secure device 125 to the client device 130. Secondly, the private key associated with the client certificate is securely transferred to the client device 130. Thirdly, the private key is securely protected in the client device 130.
Certificate Hierarchy
Referring to
An unsigned (that is, a to-be-signed [TBS]) Client Sub CA certificate (TBSClSubCert) is signed 212 by a Client Root CA Private Key (ClRootCAPriK). (CA stands for certificate authority.) The Client Sub CA private key (ClSubCAPriK) of the public key pair associated with the Client Sub CA certificate is used by the PKI 205 to sign client certificates (TBSClCerts) that will be used by a group of client devices such as client devices 130, 135 and others that share a common Bootstrap public key pair. This group may be, for example client devices that are to be used within a communication system operated by one operator. At an appropriate time a Client Sub CA certificate 270 is downloaded to each client device that will later be provisioned in accordance with the embodiments described herein. The downloading need not be performed using secure connection. The client device authenticates 280 the signed certificate and if authentication is successful, the Client Sub CA Certificate (ClSubCACert) is stored 285 in a client device memory, which may be persistent but may not be secure. The authentication 280 uses a Client Root Public CA key (ClRootCAPubK) that is embedded 290 in the client secure application 275 at the time of the compiling of the client secure application, although it is possible that other techniques may be used to put the value into the client secure application 275 (such as using an known location in a loadable version of the client secure application after it is compiled). “Embedding” in the context of this document means that a value, which in this case is the Client Root Public CA key, is compiled or otherwise stored within the programmed instructions of the client secure application, as for example, a defined constant, rather than being stored in the client device in locations not used for the client secure application 275. The embedding takes place in a secure environment, such as a secure factory site that is manufacturing or distributing client devices for an operator of the communication system 100 or clients thereof. The client secure application 275 need not be downloaded into the client device within a secure environment (but it must be authenticated as described herein below when it requests a client certificate and private key). This is a benefit of the embodiments described herein.
Referring to
Bootstrap Certificate
The Bootstrap certificate is issued by the Client Sub CA and signed by the Client Sub CA Private key (Not explicitly shown in
Client Certificate
Referring back to
Home KDC Sub CA Certificate
A TBS Home KDC Sub CA certificate (TBSHomeKDCSubCACert) is signed by a Home KDC Root CA Private key (HomeKDCRootCAPriK). The signed Home KDC Sub CA certificate is authenticated (not shown in
Client Secure Device Certificate
The Client Secure Device certificate (CSDCert) 261 is issued by the Home KDC Sub CA (not shown in
Certificate Download to Client Device with Two-way Authentication
When a cellular telephone or other client device communicates with the client secure device 125 and requests the certificate and the private key, a two-way authentication is conducted so as to prevent the client secure device 125 from giving the client certificate and the client private key to a rogue client device and to prevent the client device from getting content from illegitimate entities. The two way authentication is detailed below in three sections: preconditions, trigger, and steps.
Preconditions to Certificate Download to Client Device
The following preconditions have been detailed above in the paragraphs of the certificate hierarchy and provisioning operation: The obfuscated Bootstrap Private key, the Home KDC Root CA Public key, the Bootstrap Public key identification, and the Client Root CA Public key are embedded 290 (
Trigger for Certificate Download to Client Device
The process to provision the client device with the client certificate and associated client private key is triggered when the client secure application is opened and determines that it does not have the client certificate and associated client private key.
Method of Certificate Download to Client Device with two way Authentication
Referring to
At step 505, the client secure application 275 running on the client device 130 generates a 16-byte random number N0, and retrieves the Bootstrap Public Key ID (BPubKID), its Device Type (DevType), and its Device ID (DevID) and uses them to compose a Session Key Request message R1. The client device 130 sends R1 to the client secure device 125 at step 510. The BPubKID is an ID for the BPubK. If a list of BPubKs is supported by the client secure application 275, the client secure application 275 will try a most preferred BPubKID first.
At step 515, the client secure device 125 receives message R1 and checks whether the BPubKID is supported. If not, the client secure device 125 returns an error to the client device 130 indicating that the BPubKID is not supported. (Not shown in
At step 516, the DevType and DevID may be used by client secure device 125 to identify whether this request is an attempt to re-download a client certificate by a client device 130 that has previously downloaded a client certificate. The same client device is allowed to re-download a client certificate, if the client secure application 275 has been removed and re-installed in the client device 130. However, if a new certificate is successfully downloaded to the same client device, the previous certificate is revoked on the client secure device 125. This helps to de-register a client device if the client forgets to de-register the client device when the client secure application is removed.
At step 520, the client secure device 125 generates a random number N1 and RSA encrypts N1 with BPubK using a PKCS#1 v1.5 encryption algorithm. The client secure device 125 at step 521 gets its Client Secure Device certificate (CSDCert), generates a signature SR2 over N0 and the encrypted N1 using its private key CSDPriK and at step 525 sends a signed Session Key Reply message R2 to the client device 130. Message R2 includes Client Secure Device certificate, N0, encrypted N1 and the signature SR2.
At step 530, the client secure application 275 verifies the client secure device certificate chain using Home KDC Root CA Public Key that has been embedded in the client secure application 275 and extracts the Client Secure Device's public key CSDPubK from the certificate if the certificate is verified. Since the RSA signature verification doesn't involve any secret key or data, the signature verification function doesn't need to be obfuscated. The client secure application 275 verifies that the received N0 matches the one sent out and verifies the signature SR2 using the CSDPubK, which authenticates the client secure device 125 as a trusted device. If authentication succeeds, the method continues with the next step, otherwise the method goes into an exception mode.
At step 535 the client secure application 275 invokes a Fixed Key White Box RSA decode function (FK WB-RSA) to decrypt the encrypted value N1 using the transformed Bootstrap private key BPriKTa. The FK-WB-RSA decrypt function results in a transform of the N1, which is designated N1Tb. Note that as a result of steps 520, 525, and 535, the untransformed value of N1 not exposed in the client device 130. Referring to
At step 536 (
At step 537 (
At step 538 (
Upon receipt of Message R3, the client secure device 125 generates the Session Encryption Key (SEK) and the Session Authentication Key (SAK) at steps 545, 546 (
At step 546 the client secure device 125 generates the Session Authentication Key (SAK) using the same process as used by the client secure application 275 in step 538.
At step 547 the client secure device 125 verifies the signature SR3 using SAK. If the signature is verified, it proves that the client secure application 275 has decrypted N1 using the Bootstrap private key and derived the SAK correctly. This also authenticates the client secure application 275 is a trusted client secure application. If the signature is verified, the method continues with the next step, otherwise the method goes into an exception mode.
At step 550 the client secure device 125 retrieves the next available double encrypted Client Private key and its corresponding certificate CCert from secure storage in the client secure device 125.
At step 551 the client secure device 125 decrypts the outer layer of the double encrypted client private key EESK(EBPubK(KEK) ∥ EKEK(ClPriK)) using the external storage key ESK of the client secure device 125, decrypting with AES CBC mode and IV=0, and uses the same AES algorithm to re-encrypt it with the SEK to get ESEK(EBPubK(KEK) ∥ EKEK(ClPriK)), which is a double encryption of another form. If there is a short residual block, the last block is encrypted again and the left side bytes of the ciphertext are used to XOR with the residual block.
At step 552 the client secure device 125 generates an AES-CMAC signature over the SEK double encrypted private key using SAK: SR4=AES−CMACSAK(ESEK(EBPK(KEK) ∥ EKEK(ClPriK))). Other symmetric signature functions could alternatively be used.
At step 553 the client secure device 125 generates a Client Certificate Reply message R4 with the client certificate ClCert, the SEK double encrypted private key and the AES-CMAC signature that was generated in step 553 and sends R4 at step 555 to the client secure application 275. The client secure device 125 marks this set of client certificate and private key with the Client Device ID which indicates that it is in use by the client device 130.
At step 560 the client secure application 275 verifies the client certificate chain using Client Root CA public key that is embedded in the client secure application 275 and extracts the client public key CPubK.
At step 561 the client secure application 275 generates the AES-CMAC over the double encrypted the client private key using SAK in a signature function and verifies whether it matches the received AES-CMAC signature. Referring to
At step 565 (
At step 566 (
At step 567 the client secure application 275 decrypts the encrypted client private key (ClPriK) using KEKTb in a white box AES decryption function (WB-AES DEC) to get a transformed ClPriKTb. Note that this transformed CPriKTB only contains the private exponent of the private key. The modulus can be retrieved from the client device certificate. The private exponent is encoded with the modulus following a White Box format before being used by the WB-RSA signing function in step 568. Referring to
At step 568 (
At step 569 (
At step 570 the client secure application 275 generates a 16 byte transformed random number N3Tc and at step 571 saves the transformed N3 persistently. The transform Tc is specifically for N3 and only used for N3. At step 572 the client secure application 275 obtains hardware information HW_Info from the client device 130, including for example the Device Type, Device ID, MAC address for WiFi and/or Ethernet, CPU information and other information. This hardware information is platform dependent. For example, for iPhone or iPod Touch, the names of some hardware information are DevType, UDID, WiFi MAC address, and certain processor information.
At step 573 the client secure application 275 generates a SHA256 hash over the concatenation of the hardware information and NTc3, and XOR's the first and the second 16 bytes of the hash. Referring to
At step 574 (
At step 575 (
Use of Private Key by the secure client application
When the client secure application 275 invokes the use of the client private key, the client secure application 275 retrieves the transformed random number N3 and collects the hardware information HW_Info from the device. The client secure application 275 derives a transformed Node-Locking Key (NLK) the same way as described above. The client secure application 275 retrieves the encrypted client private key and decrypts it with the NLK. Referring to
Referring to
The memory 1915 is herein termed “persistent memory”, which comprises memory that is external to the processing function 1910 and excludes transient memory such as internal cache memory, registers, and processor stacks for which data that is being stored therein cannot be extracted from the client device by techniques that are non-invasive to the integrated circuits of the processing function 1910.
Referring to
Referring to
In some embodiments the steps described with reference to
Referring to
The memory 2315 is herein termed “persistent memory”, which comprises memory that is external to the processing function 2310 and excludes transient memory such as internal cache memory, registers, and processor stacks for which data that is being stored therein cannot be extracted by techniques that are non-invasive to the integrated circuits of the processing function 2310. The processing function 2310 may include input/output (I/O) interface circuitry and may be coupled to separate input/output interface circuitry 2320 that is controlled by the processing function 2310. The client device 2305 I/O 1920 provides for communications to other computing devices, such as servers and other network devices (e.g., the secure device 125), using standard hardware and software protocols.
The client device 2305 is referred to as a non-secure device in some embodiments because it may have no security features to protect information stored in any persistent memory, or it may have security features that been found to be insecure or have been deemed after analysis to be insecure in the sense of preventing an user from gaining unauthorized access to data stored in the device or data that is to be downloaded to the device. Therefore the client device 2305 is referred to as a non-secure device. In accordance with certain embodiments, a secure application 275 has been installed (in the software sense) in the non-secure device 2305, with the program instructions residing in the memory 2316. The secure application 275 has unique aspects described throughout this document. This secure application 275 does not render the client device 2305 as a secure device; rather it renders the functions provided by the secure application 275 to be secure, in spite of the fact that the data stored by the secure application 275 may be insecure. The secure application 275 may be also installed in client devices that are secure and could operate as described herein.
Referring to
At step 2430 the secure application sends a third message to the secure device with a symmetric signature computed using the session authentication key. At step 2435 the secure application receives a fourth message from the secure device comprising the client certificate and a double encrypted client private key that are assigned to the client device, wherein the double encrypted client private key comprises an encrypted client private key that has been encrypted with the client group bootstrap public key and the resultant encrypted client private key is encrypted by the session authentication key and wherein the fourth message is signed with a symmetric signature computed using the session authentication key. At step 2440 the secure application authenticates the signed fourth message using the session authentication key. At step 2445 the secure application stores the device certificate in persistent memory of the non-secure client device. At step 2450 the secure application decrypts the double encrypted client private key using the session key and the bootstrap public key, thereby generating the client private key. At step 2455 the secure applications re-encrypts the private key with a node locking key based on hardware specific information of the client device and persistently storing the re-encrypted private key in persistent memory of the non-secure client device, wherein the secure device random nonce and the client private key are never stored in plain form (without white box transformation) in the memory of the non-secure client device. Note that the secure application would operate the same way if installed in a secure client device, even though it may be deemed to be unnecessary. In some embodiments the steps described with reference to
Benefits
The embodiments described herein resolve security issues for the download of a client certificate to an unsecured client device and also secure the storage and usage of the private key.
The client certificates and private keys are loaded into a client secure device in a secure environment. Therefore all the certificates and private keys are protected securely in the client secure device.
Normally the client secure application has to register with the client secure device before it can connect to any other communication device. It is convenient for the client secure application to provision the client certificate and private key from the client secure device using the client LAN. This doesn't require the client device to have an Internet connection to become provisioned from an Internet server. However, the secure device can be a device over the Internet.
The client private key is downloaded and stored by the client secure application rather than an OS or platform code of the client device. This helps prevent other unsecured applications from using this private key. This also allows a third party software provider which doesn't control OS and platform code on client devices to implement client certificate and private key download.
The two-way authentication between the client secure application and the client secure device, and the client private key and certificate verification in the protocol prevents illegal applications from acquiring the private key and the certificate and also prevents the secure client application from being given a private key and certificate by a fake secure device.
The protocol design securely verifies the client using the client's embedded private key and exchanges the session key. The Bootstrap Private key embedded into the client application helps to authenticate the client application as a legitimate application. Also the Bootstrap Private key is protected by the 3rd party obfuscation technology that can be trusted by the industry.
The secret data are processed by the protocol and obfuscation techniques in a secure way so that no vital data is exposed in the memory of the client device.
Re-encrypting the client private key using a NLK prevents the client private key from being cloned in another client device.
The client certificates are issued with one or more special sub-CA's (Certificate Authorities). In case the Bootstrap private key that is embedded inside the client secure application is compromised on a particular class of devices (e.g., a particular brand of mobile devices), all the client secure applications that are affected can be revoked by just revoke the sub-CA certificate that is associated with that class of devices. Different classes of devices may have their own separate sub-CA certificate as well as their own Bootstrap private key.
Comprehensive Statements
It should be apparent to those of ordinary skill in the art that for the methods described herein other steps may be added or existing steps may be removed, modified or rearranged without departing from the scope of the methods. Also, the methods are described with respect to the apparatuses described herein by way of example and not limitation, and the methods may be used in other systems.
In this document, relational terms such as first and second, top and bottom, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. The terms “comprises,” “comprising,” or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. An element preceded by “comprises . . . a” does not, without more constraints, preclude the existence of additional identical elements in the process, method, article, or apparatus that comprises the element.
Reference throughout this document to “one embodiment”, “certain embodiments”, “an embodiment” or similar terms means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, the appearances of such phrases or in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments without limitation.
The term “or” as used herein is to be interpreted as an inclusive or meaning any one or any combination. Therefore, “A, B or C” means “any of the following: A; B; C; A and B; A and C; B and C; A, B and C.” An exception to this definition will occur only when a combination of elements, functions, steps or acts are in some way inherently mutually exclusive.
The processes illustrated in this document, for example (but not limited to) the method steps described in
It will be appreciated that some embodiments may comprise one or more generic or specialized processors (or “processing devices”) such as microprocessors, digital signal processors, customized processors and field programmable gate arrays (FPGAs) and unique stored program instructions (including both software and firmware) that control the one or more processors to implement, in conjunction with certain non-processor circuits, some, most, or all of the functions of the methods and/or apparatuses described herein. Alternatively, some, most, or all of these functions could be implemented by a state machine that has no stored program instructions, or in one or more application specific integrated circuits (ASICs), in which each function or some combinations of certain of the functions are implemented as custom logic. Of course, a combination of the approaches could be used.
Further, it is expected that one of ordinary skill, notwithstanding possibly significant effort and many design choices motivated by, for example, available time, current technology, and economic considerations, when guided by the concepts and principles disclosed herein will be readily capable of generating such stored program instructions and ICs with minimal experimentation.
In the foregoing specification, specific embodiments have been described. However, one of ordinary skill in the art appreciates that various modifications and changes can be made without departing from the scope of the present invention as set forth in the claims below. Accordingly, the specification and figures are to be regarded in an illustrative rather than a restrictive sense, and all such modifications are intended to be included within the scope of present invention. The benefits, advantages, solutions to problems, and any element(s) that may cause any benefit, advantage, or solution to occur or become more pronounced are not to be construed as a critical, required, or essential features or elements of any or all the claims. The invention is defined solely by the appended claims including any amendments made during the pendency of this application and all equivalents of those claims as issued.
This application claims priority to U.S. Provisional Patent Application No. 61/514,016 filed on Aug. 1, 2011, “Method of Securing Certificate Download and Protecting the Private Key.”
Number | Date | Country | |
---|---|---|---|
61514016 | Aug 2011 | US |