The instant invention relates to a method for securely producing cryptographic keys in metering devices such as a postage meter. More particularly, the instant invention is directed to the secure storage and decryption of cryptographic keys within an electronic chip.
Vault 3 includes a central processing unit (CPU) 9, Read-Only Memory (ROM) 11, Random Access Memory (RAM) 13, Non-Volatile Memory (NVM) 15, and an Electrically Erasable Programmable Read-Only Memory (EEPROM) 16. CPU 9 controls the operation of vault 3 by executing code stored in ROM 11. RAM 13 serves as a volatile working memory during operation of vault 3 while NVM 15 includes conventional accounting registers that are updated to securely account for the postage dispensed by postage meter 1. EEPROM 16 is used to store personalized data for vault 3.
Printhead module 7 includes a smart card chip 17 containing a CPU 19, a ROM 21, a RAM 23, NVM 25, and EEPROM 27. The smart card chip 17 components are each used to permit the printing function of the postage meter 1 to be accomplished in a known manner. Further, printhead module 7 includes an application specific integrated circuit 29, a flash memory 31, and a printhead 33 which cooperate together with the smart card chip 17 to effectuate the printing of the postage indicium as is more fully described in U.S. Pat. No. 5,651,103 which is hereby incorporated by reference.
Postage meter 1 responds to a request to dispense postage which is entered via a keyboard (not shown). In response to the postage request, and prior to the printing of an indicium, the vault 3 and printhead module 7 are designed to perform a mutual authentication procedure as is more fully described in U.S. Pat. No. 5,923,762 which is hereby incorporated by reference. During the mutual authentication process, both the printhead module 7 and the vault 3 generate a common session key using a set of authentication keys (AK) that are stored in both ROM 11 and ROM 21. Since the generation of the session key is fundamental to the mutual authentication process, the security of the authentication keys is of critical importance. Accordingly, strong measures must be taken to prevent the compromise of the set of AK.
In postage meter 1, the conventional physical and logic security features of the smart card chips 3 and 17 are relied upon to prevent access to the AK's that are stored in the clear in ROM's 11, 21. However, the process by which the AK's are put into the mask for the smart card chip 17 can be improved upon from a security viewpoint. That is, the postage meter vendor typically receives the smart card chip 17 from a third party vendor with the AK's already contained in the smart card chip 17. The third party vendor gets the AK's from the meter manufacturer, such as for example, on a floppy disc. The third party vendor then masks the smart card chip 17 with the AK's. This process of providing the third party vendor with the AK's in the clear introduces an extra link in the chain of custody of the AK's that is not desirable.
In addition to the above, a distinct set of AK's is generated for a particular domain. A domain can be a specific country or a particular region of the world. The bottom line is that a mask for a smart card chip 17 for each set of domain authentication keys is typically created resulting in increased costs in creating the various domain chip masks. Moreover, a plurality of each domain specific smart card chips 17 must be produced and procured in bulk for each domain. This leads to increased inventory control procedures to accommodate the storage and distribution of the various smart card chips 17. Additionally, if the meter manufacturer begins selling or leasing postage meters in one domain and subsequently ceases doing business there, any surplus smart card chips 17 in inventory for that domain become scrap since they cannot be used for other domains.
The instant invention is directed toward overcoming the problems discussed above in a postage metering system but is also applicable to any apparatus requiring a more secure handling of cryptographic keys. The instant invention is appropriately set forth in the appended claims.
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate a presently preferred embodiment of the invention, and together with the general description given above and the detailed description of the preferred embodiment given below, serve to explain the principles of the invention.
Referring to
Initial Loading of Executable Code and Data
At step 301, a key management system (not shown) uses a decryption key “DK” to encrypt a set of AK's for a corresponding domain. This process is repeated using a separate DK for each domain to produce a set of encrypted AK's for each domain. Each of the encrypted sets of domain specific AK's are then stored in region 2 of EEPROM 33 while an executable code and a decryption algorithm (the function of each which is discussed in more detail below) are stored in region 3 of EEPROM (step 302). Once the smart card chip 41 manufacturer has masked the operating code in ROM 39, completed step 302, and performed any programming required in NVM 40, the smart card chip 41 is provided to the meter manufacturer for further processing.
The meter manufacturer, upon completion of step 301, creates a pointer data file 35, as discussed in more detail below, and stores it in region B of flash memory 37. The pointer data file 35 is created by first obtaining the DK associated with each domain from the key management system (step 303). In the preferred embodiment each DK is 8 bytes and is in a hexadecimal format. Thus, for example, a DK could be represented as “AF 3F 75 42 A1 B2 34”. Each of the numbers or letters of the DK is 4 bits of data and represents a “nibble” of the DK. Accordingly, once a DK is known, a software program scans the hexadecimal operating code stored in the code space of ROM 39 starting at a random location. The purpose of the scanning function is to locate 16 nibbles of data in the ROM code space that corresponds to the 16 nibbles of the DK (step 305). It should be noted that since the meter manufacturer provided the ROM code that was masked by the chip manufacturer, the meter manufacturer knows the location in ROM of the entire ROM code. Accordingly, the meter manufacturer doesn't have to physically probe the ROM code space itself to find the nibbles but can do it separate and apart from the physical smart card chip 41.
Once the 16 nibbles are found, a pointer to the location of each of the nibbles in the ROM 39 code space is stored in the pointer data file 35. This process is repeated for each domain DK until data file 35 has a set of pointers corresponding to each nibble of each domain key DK (step 307). In a preferred embodiment it is also desirable to cryptographically secure the data file 35. One such method is to scramble the pointer files for each domain DK with a domain code (that identifies the domain) and a scrambling algorithm (step 309)). A checksum is then performed at step 111 to ensure the correctness of the scrambling activity. The scrambled pointer data file is then stored in region B of flash memory 37 (step 313). Finally, when it is time to personalize a particular printhead module 31 for use in a specific domain, the desired domain code is loaded into region A of flash memory 37.
At this point in time (as reflected in FIG. 2), the printhead module 31 has all of the sets of encrypted domain specific AK's stored in EEPROM 33 but there is no DK stored in the smart card chip 41 to decrypt the AK's. Thus, in the process set forth above, the third party supplier of the smart card chip 41 never receives the sets of AK's in an unencrypted form. Moreover, while the chip supplier does receive the executable code for unscrambling the pointer data as well as the decryption algorithm for decrypting the AK's, the supplier does not have access to the pointer data file 35 and therefore cannot create the DK for any domain. Accordingly, the security of the system is greatly improved over the system described in the prior art.
Initial Power-up of Postage Meter
Referring specifically to
Returning to step 403, if the answer is yes, a checksum is performed on the unencrypted target authentication key set (step 435). If the checksum result is correct, the predetermined secure region 42 of EEPROM 33 is checked to see if it has been set as a read-only region (step 437). If yes, the meter goes into its normal operation (step 433). If no, the process returns to step 423 and continues through steps 423 to 433.
If at step 435 the answer is no, the key set stored in the predetermined secure area 42 (step 439) is erased and an error message sent (step 441). Likewise, if the answer at step 409 is no, the error message is set at step 441.
Additional advantages and modifications will readily occur to those skilled in the art. Therefore, the invention in its broader aspects is not limited to the specific details and representative devices, shown and described herein. Accordingly, various modifications may be made without departing from the spirit or scope of the general inventive concept as defined by the appended claims. For example, while the preferred embodiment has been described in connection with a postage meter, the method of handling, storing, and dynamically creating and destroying secret keys within a chip can be applied to any product where improved key security is desired. Also, while the preferred embodiment discusses a smart card chip and authentication keys, the inventive process can be applied to any chip and any type of cryptographic keys. Moreover, while the embodiments described above deal with a private key system, the instant invention is also applicable to the secret keys in a public key infrastructure.
Finally, the term “software code” as used in this specification refers to code contained in the inventive apparatus that is used for purposes other than identifying any keys. Such software code includes what is commonly referred to as program code, operation code, machine codes, or instruction codes. The instant invention takes advantage of the situation where the software code that provides functionality for the operation of the apparatus is in the same form as that of a cryptographic key (i.e. both in hexadecimal form). Accordingly, no specific cryptographic key data is stored in the electronic chip. Rather the component parts of the cryptographic key are assembled within the chip by locating corresponding portions of the software code based on pointers imported into the chip at power-up. If an electronic chip is attacked to obtain its cryptographic key, the attempt will be unsuccessful because no specific key data is stored therein. Only when the pointers are made available to the chip can the key be determined and even then after assembly of the key it is erased together with the pointer data file to prevent its recreation.
Number | Name | Date | Kind |
---|---|---|---|
5651103 | Arsenault et al. | Jul 1997 | A |
5745569 | Moskowitz et al. | Apr 1998 | A |
5923762 | Dolan et al. | Jul 1999 | A |
6442525 | Silverbrook et al. | Aug 2002 | B1 |
6587842 | Watts | Jul 2003 | B1 |
6609117 | Sutherland et al. | Aug 2003 | B2 |
20020003547 | Bleumer | Jan 2002 | A1 |
Number | Date | Country |
---|---|---|
1040526 | Oct 1996 | DE |
Number | Date | Country | |
---|---|---|---|
20020065782 A1 | May 2002 | US |