Cryptography – Key management
Reexamination Certificate
1999-03-19
2003-08-12
Barron, Gilberto (Department: 2132)
Cryptography
Key management
C380S278000, C380S044000, C380S047000
Reexamination Certificate
active
06606387
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The invention relates to a system and method for securely establishing a cryptographic key between a first cryptographic device and a second cryptographic device. More particularly, the invention relates to a system and method for establishing initial cryptographic keys for a plurality of cryptographic devices that are geographically widely scattered, such as bank Automated Teller Machines (ATMs).
2. Description of Related Art
A bank or other financial institution may provide Automated Teller Machines (ATMs), or equivalent field devices, for the convenience of its customers. The ATMs usually communicate electronically with a central computer physically located at a branch office of the bank so that the customer can manipulate his bank account at any time regardless of the operating hours of the branch without interacting with a human representative. Such bank transactions may include the transfer of money between accounts, the deposit and withdrawal of funds and the like. Network operating rules and voluntary ANSI Standards require the use of cryptography to protect sensitive information such as the Personal Identification Number (PIN) usually associated with such bank transactions from potential compromise by an opponent intent on committing fraud against the network and the cardholder.
As should be expected, it is necessary for the bank to verify that a field device, for example an ATM, is authorized to communicate with the central computer at the branch office. Such measures endeavor to prevent an unauthorized device from imitating the ATM and accessing a customer's account without proper authorization. There are a number of ways in which to establish secure electronic communications between a network of ATMs and the central computer. One way is via a dedicated arrangement of data transmission lines. The transmission lines connect the ATMs directly to the central computer. Accordingly, only authorized ATMs can communicate with the central computer over the dedicated transmission lines. However, the cost of installing dedicated transmission lines and the associated communications hardware is generally prohibitive, especially in light of the need to secure rights of way to carry the transmission lines between each of the ATMs and the central computer. Furthermore, even dedicated transmission lines may still be vulnerable to access by individuals possessing the ability to physically tap into the transmission lines.
A more economical approach to establish secure electronic communications between a network of field devices and a host device is by means of cryptography. Good cryptographic practice requires that each pair of communicating devices on the network share a unique cryptographic key. The use of a unique cryptographic key for each pair of communicating devices limits the degree to which an unauthorized user can compromise the network to that one pair of devices. Where a plurality of devices are provided with a common cryptographic key, often referred to as a Global key, an unauthorized user can compromise any of the devices by compromising any one of the devices sharing the Global key. For example, an unauthorized user could gain access to a large number of ATMs with the knowledge of only a single cryptographic key. The banking industry actually facilitates this high degree of risk since the present practice is to load many field devices in a network with a Global key for operational convenience.
Two general types of cryptography are presently in use. One type is public key or asymmetric cryptography, for example RSA. The other type is symmetric cryptography, for example the Data Encryption Algorithm (DEA). The DEA is currently the most widely used algorithm in ATM banking devices. Symmetric cryptography requires the same cryptographic key to be established at both cryptographic devices, namely the field device and the host device. In addition, symmetric cryptography requires the cryptographic key to be managed under the principles of split knowledge and dual control usually implemented by utilizing two different individuals, referred to as key custodians, to establish the key. Each key custodian is entrusted with a portion, referred to as a component, of the cryptographic key that they must physically enter into the field device, for example an ATM. Thus, the key custodians must personally visit each ATM in the network in turn to establish the appropriate key in the ATM. The same, or other key custodians, must then personally visit the host device to establish the same cryptographic key in the host device. Since the ATMs and the host devices are oftentimes geographically widely scattered, it is frequently impractical for the key custodians to accomplish the necessary visits within an acceptable timeframe. As a result of this key management logistics problem, many banks use the same cryptographic key for a large number of ATMs on a single ATM network.
With the above concerns in mind, it is an objective of the present invention to provide a system and method for securely establishing a unique cryptographic key between a first cryptographic device and a second cryptographic device.
It is a further, and more particular, objective of the present invention to provide a system and method for securely establishing a cryptographic key between a first cryptographic device and a second cryptographic device without the need for the extensive protective measures typically required to manage the components of the cryptographic key.
It is still a further objective of the present invention to provide a system and method for securely establishing a cryptographic key between a first cryptographic device and a second cryptographic device that are geographically widely scattered.
It is still a further objective of the present invention to provide a system and method for securely establishing a cryptographic key between a first cryptographic device and a second cryptographic device without the custodial overhead normally associated with the distribution and secure management of the components of the key.
It is still a further objective of the present invention to provide a system and method for securely establishing a cryptographic key between a first cryptographic device and a second cryptographic device wherein a plurality of unrelated random numbers are distributed to serve as key components.
It is still a further objective of the present invention to provide a system and method for ensuring a high probability that a cryptographic key established between a first cryptographic device and a second cryptographic device is unique.
It is still a further objective of the present invention to provide a system and method for securely establishing a cryptographic key between a first cryptographic device and a second cryptographic device including a database of information relating to the establishment of the cryptographic key that permits the devices, the key custodians and the key components utilized to establish the cryptographic key to be traced and routinely audited.
These and other objectives and advantages will become more readily apparent to those of skill in the art with reference to the following detailed description and the accompanying drawing figures.
SUMMARY OF THE INVENTION
The aforementioned objectives and advantages are realized by a system and method for establishing secure cryptographic keys between cryptographic devices according to the present invention. The system includes a plurality of key components, each having a first unique identifier. Preferably, each of the key components is a random number generated by a strong random number generator and is indexed to a predetermined reference number.
The system further includes a first cryptographic device. The first cryptographic device includes an electronic database wherein each of the key components is encrypted and indexed by its corresponding first unique identifier. Preferably, the first cryptographic device further includes a Tamper Resistant Security Module (TRSM)
Barron Gilberto
Doubet Marcia L.
Dremann Christopher C.
Gurshman G.
Trusted Security Solutions, Inc.
LandOfFree
Secure establishment of cryptographic keys does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure establishment of cryptographic keys, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure establishment of cryptographic keys will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3121262