The instant invention relates to cryptographic modules, and more particularly, to cryptographic modules that require a change of cryptographic keys used therein base on a non-time parameter of the cryptographic module.
The United States Postal Service (USPS) is currently advocating the implementation of a new Information-Based Indicia Program (IBIP) in connection with the printing of postage indicium by postage metering systems. Under this new program, each postage indicium that is printed will include cryptographically secured information in a barcode format together with human readable information such as the postage amount and the date of submission to the post office. The cryptographically secured information is generated using public key cryptography and allows a verification authority, such as the post office, to verify the authenticity of the printed postage indicium based on the information printed in the indicium and the printed destination address. Moreover, it has also been proposed to use secret key cryptography as an alternative to the public key system described above. In the secret key system verifiable cryptographically secured information is also included as part of the indicium.
Regardless of whether a public or secret key system is utilized, both systems use a key that is securely and secretly stored within the postage meter. This stored key is referred to as a private key in a public key system and a secret key in a secret key system. In either case, the stored key is used to cryptographically secure certain information contained within the printed postage indicium. However, since the security of either system is dependent upon maintaining the secrecy of the stored key, it is imperative that such stored key not be compromised.
One of the ways that the stored key becomes vulnerable to attack such as cryptoanalysis, differential fault analysis, and differential power analysis is based on its use. That is, the more the stored key is used to cryptographically secure data the more vulnerable it is to these attacks. In order to partially solve this problem, it has been suggested to require the postage meter to obtain a new secret key after a predetermined period of time has expired. The problem with this method is that it does not necessarily reflect the actual usage of the stored key in generating cryptographically secured indicia images. Thus, if a specific postage meter has extremely high usage, waiting for the predetermined period of time to expire before requiring the changing of the stored key may not be a satisfactory security solution.
Accordingly, what is needed is a method for ensuring the secrecy of a stored key in a device which produces cryptographically secured data, the method requiring a change of the stored key based on an indicator of actual use of the stored key in producing cryptographically secured data.
It is an object of the invention to overcome the deficiencies of the prior art devices discussed above. This object is met by providing a method that includes the steps of: storing a constraint value for a non-time parameter of a cryptographic apparatus, the non-time parameter being related to the operation of the cryptographic apparatus; and requiring a key used by the cryptographic apparatus to be changed when an actual value of the non-time parameter is not within a range defined by the constraint value.
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate a presently preferred embodiment of the invention, and together with the general description given above and the detailed description of the preferred embodiment given below, serve to explain the principles of the invention.
Referring to
The postage metering accounting subsystem 218 includes a processor 224 coupled to a memory 226. The processor 224 has associated with it an encryption engine 228, a hash function processor 230, a secure clock 232 and a communications port 234. The memory 226 may have stored within it different data as well as the operating programs for the postage metering accounting subsystem 218. The data shown as stored in memory 226 includes a private key 246 of a specified length (i.e. 512, 1024, to 4096 bits), a corresponding public key 247, public key certificate data 248 (which could either be an actual public key certificate or a unique public key certificate identifier), an issued indicium piece count 249, conventional postage accounting ascending/descending register circuitry 250 which accounts for the amount of postage dispensed, other data 251 which may be included as part of the printed indicium (such as an algorithm identifier, customer identifier, and software identifier), indicium image data and associated programming 252 used to build the postage indicium image, a maximum piece count 254, a specific future date 256, and a maximum ascending register value 258. The accounting: circuitry 250 can be conventional accounting circuitry which has the added benefit of being capable of being recharged with additional prepaid postage funds via communication with a remote data center.
Referring to
Returning to
The above described time dependent system in which the keys are required to be changed over time is deficient, as previously discussed, because it does not take into account the actual usage (number of times used) of the private key 246 in cryptographically securing data. Thus, a high usage postage metering system 202 may be more susceptible to a cryptoanalysis attack than a low usage system over the same time period. The instant invention overcomes this problem by requiring a change of keys based upon a non-time parameter value such as one that is indicative of the amount of usage of the stored cryptographic keys 246,247 in generating cryptographically secured postage indicium. For example, the stored maximum piece count 254 and/or the maximum ascending register value 258 can be the parameter values used to require that a new key pair 246,247 be generated. Thus, when the postage piece count 249 is the same as the maximum piece count 254, or the maximum ascending register value 258 is the same as the ascending register value in the accounting circuitry 250, the postage metering system 202 requires itself to communicate with the remote data center 222 to initiate, in a known manner, the generation and storage of new keys 246,247 in memory 226. The programming in postage metering system 202 is such that until the communication with the data center 222 and the generation and storage of new keys 246,247 is successfully completed, the printing of a valid postage indicium by the postage metering system 202 is not possible and/or the postage metering system 202 is inhibited from printing a postage indicium. Additionally, as part of the new key generation communication with the data center 222, the data center 222 sends to the postage metering system 202 a new maximum piece count 254 and a new maximum ascending register value 258 associated with the newly stored key pair 246,247 to permit continued printing of valid postal indicium by the postage metering system 202.
The above discussed parameters of maximum piece count 254 and maximum ascending register value 258 are each directly related to the actual number of times that the private key 246 is used to cryptographically secure a postage indicium. That is, in many postage metering systems the piece count 249 will correspond on a one for one basis with the use of the public key 246. However, where the postage metering system 202 processes batches of mail that have a single postage indicium associated therewith, a separate counter could be used to count the generation of each indicium. Therefor, instead of a stored maximum piece count 254, a maximum indicium count would be stored to determine when a new key pair is required. On the other hand, while the ascending register value does not correspond on a one for one basis with the actual usage of the private key 246, it is indicative of the actual usage of the private key 246. For example, if the smallest postage that is applicable to a piece of mail is considered to be 32 cents, the maximum assumed usage of the postage metering system 202 would be the ascending register value divided by 32 cents. Thus, while this calculation does not represent the exact usage of the private key 246 it can be used to establish a maximum ascending register value 258 which is at least partially indicative of the actual usage of the private key 246. Moreover, the maximum ascending register value 258, in and of itself, represents a use of the private key 246 relative to an amount of postage dispensed. It may be desirable for security purposes to simply limit the use of the private key 246 because it has been used in conjunction with a predetermined amount of postage dispensed, regardless of the actual number of times the private key 246 has been used to dispense such postage.
As discussed above, after the successful generation and storage of new keys 246, 247 in the postage metering system 202 the data center 222 downloads a new maximum piece count value 254 and/or a new maximum ascending, register value 258 into the postage metering system 202. The new values form the basis for when the next set of keys is required to be installed in the manner described above. The downloading of these new values will now be described with reference to
It is clear from the above description that even if an attacker obtains all of the secrets in the postage metering system 202, any indicium that he attempts to fraudulently print are detectable at the verification facility 278 if the indicium data does not fall within an acceptable range defined by the non-time parameter value constraint contained in the signed CM. Moreover, if the attacker tries to print extra indicium having piece counts within the piece count constraint value, then there will be detectable duplicate piece counts. Additionally, if the attacker tries to print extra indicium without exceeding the maximum ascending register value, there will be overlapping ascending register values that can be detected at the verification facility 278. That is, the duplicate piece counts and the overlapping ascending register values are detectable if the verification facilities or a central data base maintain a record of all of the scanned indicium at all verification facilities.
Additional advantages and modifications will readily occur to those skilled in the art. Therefore, the invention in its broader aspects is not limited to the specific details and representative devices, shown and described herein. Accordingly, various modifications may be made without departing from the spirit or scope of the general inventive concept as defined by the appended claims. For example, the following are some examples of such modifications.
Number | Name | Date | Kind |
---|---|---|---|
5186498 | Dietrich | Feb 1993 | A |
5508933 | Abumehdi | Apr 1996 | A |
5666421 | Pastor et al. | Sep 1997 | A |
5687237 | Naclerio | Nov 1997 | A |
5708710 | Duda | Jan 1998 | A |
5819240 | Kara | Oct 1998 | A |
5978781 | Sansone | Nov 1999 | A |
6041317 | Brookner | Mar 2000 | A |
6064989 | Cordery et al. | May 2000 | A |
6144950 | Davies et al. | Nov 2000 | A |
6157919 | Cordery et al. | Dec 2000 | A |
Number | Date | Country |
---|---|---|
0649120 | Apr 1995 | EP |
0811955 | Dec 1997 | EP |
408273011 | Oct 1996 | JP |