[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CA2486267C - Secure authenticated channel - Google Patents

Secure authenticated channel Download PDF

Info

Publication number
CA2486267C
CA2486267C CA 2486267 CA2486267A CA2486267C CA 2486267 C CA2486267 C CA 2486267C CA 2486267 CA2486267 CA 2486267 CA 2486267 A CA2486267 A CA 2486267A CA 2486267 C CA2486267 C CA 2486267C
Authority
CA
Canada
Prior art keywords
key
ephemeral
public key
calculating
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CA 2486267
Other languages
French (fr)
Other versions
CA2486267A1 (en
Inventor
Alain Durand
Jean-Pierre Andreaux
Thomas Sirvent
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thomson Licensing SAS
Original Assignee
Thomson Licensing SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Licensing SAS filed Critical Thomson Licensing SAS
Priority to CA 2486267 priority Critical patent/CA2486267C/en
Publication of CA2486267A1 publication Critical patent/CA2486267A1/en
Application granted granted Critical
Publication of CA2486267C publication Critical patent/CA2486267C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

A protocol (i.e. method) and corresponding apparatuses for calculating a session key. Two peers with knowledge of a common Diffie-Hellman permanent key, K perm, and the identity and public key of the other peer. A first peer chooses a first ephemeral private key x and calculates the first corresponding ephemeral public key g x, which is sent to the second peer. The second peer calculates a second ephemeral public key g y in the same manner, and an ephemeral shared key K eph, hashes g y, K eph, K perm, and its identity, and sends g y and the hash to the first peer. The first peer calculates K eph, verifies the hash, and hashes g x, K eph, K perm, and its identity, and sends it to the second peer that verifies this hash. Thereafter, both peers obtain a session key by hashing K eph. The apparatuses may then use the session key to establish a secure authenticated channel (SAC).

Description

SECURE AUTHENTICATED CHANNEL
TECHNICAL FIELD OF THE INVENTION
[0001] The invention relates generally to secure authenticated channels, and in particular to calculation of session keys for establishment of such channels for protection of digital content, for example in a digital television system.
BACKGROUND OF THE INVENTION
[0002] Secure authenticated channels, well known in the art of cryptography, are established to allow two mutually authenticated devices (often called peers) to exchange information confidentially. A secure authenticated channel should preferably have the following characteristics:
¨ mutual authentication of the peers;
¨ key confirmation, i.e. a common secret is established and at least one peer is able to verify that the secret indeed is common;
forward secrecy, i.e. old session keys cannot be calculated even when long-term secret keys (such as certificate secret keys) are known.
[0003] These characteristics can be formally proven mathematically, and it has been proven that if there exists a way to circumvent one of the above characteristics for a given cryptographic protocol, then the whole protocol may be broken with relative ease.
[0004] Over the years, the cryptographic community has proposed many protocols for secure authenticated channels.
Only a few of these channels have been proven to fulfill the characteristics above.
[0005] The protocols that do provide channels with the required characteristics all use a number of different cryptographic primitives: at least one asymmetric primitive (such as asymmetric encryption or digital signature), hash functions, Message Authentication Code (MAC), and, in some of them, other primitives such as symmetric encryption. A problem with these protocols is that they are quite resource consuming and are as such difficult to implement in a device with limited computing capabilities, such as for example a portable security module, like a smart card. Another problem is that the use of many cryptographic primitives makes it difficult to prove that a protocol is secure.
[0006] The present invention provides a secure access channel protocol that has the required characteristics and that is particularly suitable for implementation in a device with limited computing capabilities.
[0007] Throughout the description, it will be assumed that, as cryptography is a mature art, the basic concepts are well known. These concepts will for reasons of clarity and succinctness not be described more than necessary for the comprehension of the invention.
SUMMARY OF THE INVENTION
[0008] In a first aspect, the invention is directed to a method of calculating a session key shared by a first and a second device. The first device has knowledge of an identity corresponding to itself and an identity corresponding to the second device, and an agreed key common to both devices, while the second device has knowledge of an identity corresponding to itself and an identity corresponding to the first device, and the agreed key common to both devices. The first device chooses a first ephemeral private key, calculates a first ephemeral public key, and sends the first ephemeral public key to the second device. Upon reception of the first ephemeral public key, the second device chooses a second ephemeral private key, calculates a second ephemeral public key, calculates an ephemeral shared key from the first ephemeral public key and the second ephemeral private key, and calculates a first value from the second ephemeral public key, the ephemeral shared key, the agreed key, and the identity corresponding to itself, and sends the second ephemeral public key and the first value to the first device. Upon reception of the second ephemeral public key and the first value from the second device, the first device calculates the ephemeral shared key from the second ephemeral public key and the first ephemeral private key, verifies the first value, calculates a second value from the first ephemeral public key, the ephemeral shared key, the agreed key, and the identity corresponding to itself, sends the second value to the second device, and calculates a session key as a function of the ephemeral shared key. The second device receives the second value, verifies the second value, and calculates the session key as a function of the ephemeral shared key.
[0009] In some embodiments, the method is aborted if a verification fails.
[0010] In some embodiments, the first value, the second value, and the session key are calculated using hash functions.
[0011] In some embodiments, the hash functions used to calculate H1, H2, and Ksess are the same.
[0012] In a second aspect, the invention is directed to a first device for participating, with a second device, in the calculation of a shared session key.
The first device has knowledge of an identity corresponding to itself and an identity corresponding to the second device, and an agreed key common to both devices. The first device comprises a processor for choosing an ephemeral private key; calculating a first ephemeral public key; sending the first ephemeral public key to the second device; receiving a second ephemeral public key and a first value calculated from the second ephemeral public key, an ephemeral shared key, the agreed key, and the identity corresponding to the second device from the second device; calculating the ephemeral shared key from the ephemeral private key and the second ephemeral public key; verifying the first value;
calculating a second value from the first ephemeral public key, the ephemeral shared key, the agreed key, and the identity corresponding to the first device; sending the second value to the second device; and calculating a session key as a function of the ephemeral shared key.
[0013] In a third aspect, the invention is directed to a second device for participating, with a first device, in the calculation of a shared session key. The second device has knowledge of an identity corresponding to itself and an identity corresponding to the first device, and an agreed key common to both devices.

The second device comprises a processor for receiving from the first device a first ephemeral public key; choosing an ephemeral private key; calculating a second ephemeral public key; calculating an ephemeral shared key; calculating a first value from the second ephemeral public key, the ephemeral shared key, the agreed key, and the identity corresponding to the second device; sending the second ephemeral public key and the first hash value to the first device;
receiving a second value calculated from the first ephemeral public key, the ephemeral shared key, the agreed key, and the identity corresponding to the first device from the first device; verifying the second value; and calculating a session key as a function of the ephemeral shared key.
[0014] In some embodiments, the processor in the devices of the second and third aspect aborts the calculation if a hash value is not successfully verified.
[0015] In a fourth aspect, the invention is directed to a method of calculating a session key common to a first and a second device. The first device has a certificate comprising a public key and an identity corresponding to itself, and knowledge of the identity corresponding to itself, a private key, and the public key.
The second device has a certificate comprising a public key and an identity corresponding to itself, and knowledge of the identity corresponding to itself, a private key and the public key. The first device chooses a first ephemeral private key, calculates a first ephemeral public key, and sends its certificate and the first ephemeral public key to the second device. Upon reception of the certificate of the first device and the first ephemeral public key, the second device verifies the certificate of the first device, chooses a second ephemeral private key, calculates a second ephemeral public key, calculates an ephemeral shared key from the first ephemeral public key and the second ephemeral private key, calculates a permanent key from the public key of the first device and its own private key, calculates a first value from the second ephemeral public key, the ephemeral shared key, the permanent key, and the identity corresponding to itself, and sends its certificate, the second ephemeral public key and the first value to the first device. Upon reception of the certificate of the second device, the second ephemeral public key and the first value from the second device, the first device verifies the certificate of the second device, calculates the ephemeral shared key from the second ephemeral public key and the first ephemeral private key, calculates the permanent key from the public key of the first device and its own private key, verifies the first value, calculates a second value from the first ephemeral public key, the ephemeral shared key, the permanent key, and the identity corresponding to itself, and sends the second value to the second device.
Upon reception of the second value, the second device verifies the second value, and calculates a session key as a function of the ephemeral shared key. The first device also calculates the session key as a function of the ephemeral shared key.
[0016] In a fifth aspect, the invention is directed to a first device for participating, with a second device, in the calculation of a session key. The first device has a certificate comprising a public key and an identity corresponding to itself, and knowledge of the identity corresponding to itself, a private key, and the public key. The first device comprises a processor for choosing an ephemeral private key; calculating a first ephemeral public key; sending its certificate and the first ephemeral public key to the second device; receiving a certificate of the second device, a second ephemeral public key and a first value from the second device, the certificate comprising a public key and an identity of the second device, and the first value being calculated from the second ephemeral public key, an ephemeral shared key, a permanent key, and the identity corresponding to the second device; verifying the certificate of the second device; calculating the ephemeral shared key from the second ephemeral public key and the ephemeral private key; calculating the permanent key from the public key of the first device and its own private key; verifying the first value; calculating a second value from the first ephemeral public key, the ephemeral shared key, the permanent key, and the identity corresponding to itself; sending the second value to the second device; and calculating a session key as a function of the ephemeral shared key.
[0017] In a sixth aspect, the invention is directed to a second device for participating, with a first device, in the calculation of a session key. The second device has a certificate comprising a public key and an identity corresponding to itself, and knowledge of the identity corresponding to itself, a private key, and the public key. The second device comprises a processor for receiving a certificate of the first device and a first ephemeral public key, the certificate comprising a public key and an identity of the first device; verifying the certificate of the first device;
choosing an ephemeral private key; calculating a second ephemeral public key;
calculating an ephemeral shared key from the first ephemeral public key and the ephemeral private key; calculating a permanent key from the public key of the first In a seventh aspect of the invention, there is provided a first device adapted to verify a hash value, the first device having a certificate comprising a public In an eighth aspect of the invention, there is provided a second device adapted to verify a hash value, the second device having a certificate comprising a public key and an identity corresponding to itself, and knowledge of the comprising a processor for: receiving from a first device a certificate of the first device and a first ephemeral public key, the certificate comprising a public key and an identity of the first device; verifying the certificate of the first device; choosing an ephemeral private key; calculating a second ephemeral public key;
calculating an ephemeral shared key from the first ephemeral public key and the ephemeral private key; calculating a permanent key from the public key of the first device and its own private key; calculating a first hash value from the second ephemeral public key, the ephemeral shared key, the permanent key, and the identity corresponding to itself; sending its certificate, the second ephemeral public key and the first hash value to the first device; receiving a second hash value from the first device, the second value being calculated from the first ephemeral public key, the ephemeral shared key, the permanent key, and the identity corresponding to the first device; and verifying the second hash value.
In a ninth aspect of the invention, there is provided a method for verifying a hash value, the being performed by a first device having a certificate comprising a public key and an identity corresponding to itself, and knowledge of the identity corresponding to itself, a private key, and the public key, the method comprising the steps of: choosing an ephemeral private key; calculating a first ephemeral public key; sending its certificate and the first ephemeral public key to a second device; receiving a certificate of the second device, a second ephemeral public key and a first hash value from the second device, the certificate comprising a public key and an identity of the second device, and the first hash value being calculated from the second ephemeral public key, an ephemeral shared key, a permanent key, and the identity corresponding to the second device; verifying the certificate of the second device; calculating the ephemeral shared key from the second ephemeral public key and the ephemeral private key; calculating the permanent key from the public key of the second device and its own private key;
and verifying the first hash value.
In a tenth aspect of the invention, there is provided a method for verifying a hash value, the method being performed by a second device having a certificate comprising a public key and an identity corresponding to itself, and knowledge of the identity corresponding to itself, a private key, and the public key, the method comprising the steps of: receiving from a first device a certificate of the first device and a first ephemeral public key, the certificate comprising a public key and an identity of the first device; verifying the certificate of the first device;
choosing an ephemeral private key; calculating a second ephemeral public key;
calculating an ephemeral shared key from the first ephemeral public key and the ephemeral private key; calculating a permanent key from the public key of the first BRIEF DESCRIPTION OF THE DRAWINGS
[0018] Figure 1 illustrates the Authenticated Diffie-Hellman key agreement protocol as known in the prior art;
15 Figure 2 illustrates the session key exchange according to a first embodiment of the present invention;
Figure 3 illustrates the session key exchange according to a second embodiment of the present invention;
Figure 4 schematically illustrates the architecture of the relevant Figure 5 illustrates an exemplary implementation of the protocol according to an embodiment of the present invention.
DETAILED DESCRIPTION OF EMBODIMENTS
25 [0019] The secure access channel protocol comprises two stages. The first stage is performed whenever a device is first introduced to another device.
The second stage is performed when session key are to be exchanged.

, [0020] The first stage utilizes the Diffie-Hellman key agreement protocol illustrated in Figure 1. The first device 10 starts the protocol by sending its certificate 12 (or one of its suitable certificates in case it has more than one) to the second device 20 in message 102. The certificate 12 comprises the first device's public key ga and an identity of the first device IDa, preferably the serial number of the certificate 12. ga is a short notation for ga mod p, where a is the first device's private key, g is a known generator and p is a known prime number, as is well known in the art. This short notation is used throughout the description and, where applicable, in the claims and the drawings.
[0021] In step 104, the second device 20 extracts ga and IDa, i.e. the first device's public key and identity. Then, in step 106, the second device 20 verifies that the certificate 12 is valid. Steps 104 and 106 may be performed in an inversed order 8a [0022] The second device 20 then sends its certificate 22 (or one of its suitable certificates in case it has more than one) to the first device 10 in message 108. The certificate 22 comprises the second device's public key gb and an identity of the second device IDb, preferably the serial number of the certificate 22.
[0023] In step 110, the first device 10 extracts gb and IDb, i.e. the second device's public key and identity. Then, in step 112, the first device 10 verifies that the certificate is valid. Steps 110 and 112 may be performed in an inversed order.
[0024] In steps 114 and 116, the first device 10 and the second device 20 independently calculate the Diffie-Hellman gab;
permanent key 30 Kperm= the first device 10 calculates gab= (gb) Aa, while the second device 20 calculates gab= (ga) Ab, where a is the first device's private key and b is the second device's private key.
[0025] Figure 2 illustrates the session key exchange according to a first embodiment of the present invention, i.e. stage two of the secure access channel protocol. It should be noted that the second stage may be performed immediately upon termination of stage one (in which case certain steps, such as the verification of the validity of the certificates in steps 202 and 204 hereinafter) may be omitted, and that stage two preferably also is performed at intervals, regular or irregular, to refresh (i.e. change) the session key.
[0026] In steps 202 and 204 the first device 10 and the second device 20 independently verify that the two certificates 12, 22 have not been revoked, i.e. that they are still valid. It should be noted that is preferable that both devices verify both certificates. If a device detects that either its own certificate or the received certificate has been revoked, then it aborts the protocol and refuses to establish any session key. In practice, a device will normally verify a certificate only when it is aware that the protocol has been initiated (in which case step 204 would be performed upon reception of message 208 hereinafter).
[0027] At this point, the first device 10 knows the identities ID,, 1Db of both devices, its own private key a and public key ga, the second device's public key gb, and the Diffie-Hellman permanent key Kperm. The second device 20 has the corresponding knowledge: IDa, 1Db, b, gb, ga, and Kperm.
[0028] In step 206, the first device 10 chooses a, preferably, random value, x, and calculates gx. The value gx is then sent to the second device 20 in message 208.
[0029] Upon reception of message 208, the second device 20 chooses a, preferably, random value, y, and calculates gY and g", in step 210. In step 212, the second device then calculates a first hash value H(gY, gxY, Kperm, IDb) using the values gY and g", the Diffie-Hellman permanent key Kperm, and the identity ID1, that it communicated to the first device 10 during the first stage and a suitable hash function, for example one of the many functions known in the art. The second device 20 then sends the value gY and the first hash value H(gY, gxY, Kperm, IDb) to the first device 10 in message 214.
[0030] Upon reception of message 214, the first device 10 extracts gY, and H(gY, g", Kperm, IDb) and computes the value g"
in step 216. In step 218, the first device 10 verifies the first hash value, using the same hash function as the second device 20. If the first hash value is not verified, then the first device 10 aborts the protocol, but if the first hash value is verified, then the first device 10 calculates a second hash value H(gx, gxY, Kperm, IDa) in step 220, using the values gx, g", the Diffie-Hellman permanent key Kperm and the identity IDa that it communicated to the second device 20 during the first stage. The first device 10 sends the second hash value H(gx, g", Kperm, IDa) to the second device 20 in message 222.

[0031] Upon reception of the message 222, the second device 20 verifies the second hash value H(gx, g", Kpermr 'pa) in step 224, using the same hash function as the one used by the first device 10 in step 220. If the second hash value is not verified, then the second device 20 aborts the protocol, but if the second hash value is verified, then the second device 20 calculates, in step 226, a session key Ksess by calculating the hash value of g".
[0032] After having sent message 222 to the second device 20, the first device 10 calculates, in step 228, the same session key Ksess by calculating the hash value of g" using the same hash function as that used by the second device 20 in step 226.
[0033] At this point, both the first and the second device 10, 20 possess the session key Ksess that can be used to protect information sent between them. With the protocol according to the invention, the confidentiality of the private keys is assured, the authentication and the key confirmation are mutual. Furthermore, the forward secrecy and the robustness against leakage of previous session key are assured as well. A
person skilled in the art will appreciate that the three hash functions described in connection with steps 212, 220, and 226 may be different, the same, or that two of them are the same while the third is different.
[0034] Figure 3 illustrates the session key exchange according to a second embodiment of the present invention.
[0035] Before the start of the method, the first device 11 knows its identity IDa, its own private key a and public key ga. The second device 21 has the corresponding knowledge: IlDb, b, gb. Certificates for the devices comprise the public key and the identity; Ca( ga, IDa) and Cb(gb, IDb), respectively.
[0036] In step 252, the first device 11 chooses, preferably randomly, a first ephemeral private key x and calculates an ephemeral public key gx, that it sends together with its certificate Ca(ga, IDa) to the second device 21 in message 254.
[0037] Upon reception of message 254, the second device 21 verifies the certificate Ce(ga, IDe) of the first device 11;
step 256. If the verification is unsuccessful, the second device 21 abandons the method. However, if the verification is successful, then it chooses, preferably randomly, a second ephemeral private key y, and calculates a second ephemeral public key gY, a ephemeral shared key Keph= gxY, and a Diffie-gab, Hellman permanent key Kperm= in step 258.
[0038] In step 260, the second device 21 then calculates a first hash value H(gY, Keph, Kperm, IDb) using the second ephemeral public key gY, the ephemeral shared key Keph, the Diffie-Hellman permanent key Kperm, and its identity IDb, and a suitable hash function, for example one of the many functions known in the art. It should be known that other suitable functions than hash functions may be used for this and the following hash value calculations of the embodiment. The second device 21 then sends the second ephemeral public key gY, its certificate Cb(gb, IDb), and the first hash value H(gY, Kephr Kperm, IDb) to the first device 11 in message 262.
[0039] Upon reception of message 262, the first device 11 verifies the certificate Cb(g , IDb) of the second device 21;
step 264. If the verification is unsuccessful, the first device 11 abandons the method. However, if the verification is successful, the first device 11 computes the ephemeral shared key Keph and the Diffie-Hellman permanent key Kperr, in step 266.
In step 268, the first device 11 verifies the first hash value, using the same hash function as the second device 21 used in step 260. If the first hash value is not verified, then the first device 11 aborts the method, but if the first hash value is verified, then the first device 11 calculates a second hash value H(gx, Keph, Kperm, IDe) in step 270, using the first ephemeral public key gx, the ephemeral shared key Kephr ¨ ¨

the Diffie-Hellman permanent key Kperm and its identity IDa. The first device 11 sends the second hash value H(gx, Kepht Kpermf IDa) to the second device 21 in message 272.
[0040] Upon reception of the message 272, the second device 21 verifies the second hash value H(gx, Kephr '<perm/ IDa) in step 274, using the same hash function as the one used by the first device 10 in step 270. If the second hash value is not verified, then the second device 21 aborts the protocol, but if the second hash value is verified, then the second device 21 calculates, in step 276, a session key Ksess by calculating the hash value of the ephemeral shared key Keph. Then it sends a "ready" message 278 to the first device 11 to indicate that the second hash value H(gx, Keph, '<perm/ IDa) has been successfully verified and the session key Keese has been calculated.
[0041] Upon reception of the "ready" message 278 from the second device 21, the first device 11 calculates, in step 280, the same session key Ksess by calculating the hash value of the ephemeral shared key Keph, using the same hash function as that used by the second device 21 in step 276. Then the first device 11 sends a "ready" message 282 to the second device 21 to indicate that it too has calculated the session key Ksess=
[0042] At this point, both the first device 11 and the second device 21 possess the session key Iceõ that can be used to protect information sent between them. With the protocol according to the invention, the confidentiality of the private keys is assured, the authentication and the key confirmation are mutual. Furthermore, the forward secrecy and the robustness against leakage of previous session key are assured as well. A person skilled in the art will appreciate that the three hash functions described in connection with steps 212, 220, and 226 may be different, the same, or that two of them are the same while the third is different.

DETAILED DESCRIPTION OF AN EXEMPLARY IMPLEMENTATION
[0043] The protocol according to the invention is particularly suitable in a system where one of the devices has limited calculation capacity, for example in a security module such as a smart card or a PC card. One field of application is thus content protection, such as in a digital television system, which will be used hereinafter as an example. In such a system, a secure authenticated channel is advantageously used for secure transmission from a security module to the television of the secret keys that allow access to digital content by descrambling the latter. As the features of a digital television system are well known in the art, they will usually only be described in more detail when this is relevant to the invention.
[0044] Figure 4 schematically illustrates the architecture of the relevant parts of an exemplary system, a digital television system, for use with the invention. A digital television set 310 comprises a digital input 311 for receiving scrambled digital content over connection 312. The digital input 311 is connected to a demultiplexer 313 for extracting content and Entitlement Control Messages (ECMs) from the digital content, and for forwarding this information to a descrambler 314. The descrambler 314 comprises a memory 3141 and a processor 3142 that, among other things, are used for establishing a secure authenticated channel, and is also for descrambling scrambled digital content. The descrambler 314 is also connected to a MPEG-2 decoder 315 for decoding descrambled digital content and for forwarding the decoded content to a screen 316 for display, and to a security module interface 317, such as for example a smart card reader. The security module interface 317 allows the digital television set 310 to interact with a security module 320 and to exchange standardized messages, preferably compliant with the ISO 7816-3 standard.

[0045] The security module 320 comprises a processor 322 and a memory 324, which among other things are used when establishing a secure authenticated channel according to the present invention.
[0046] The connection 312 is preferably a digital IEEE 1394 bus that carries digital audio/video content using the Advanced Television Systems Committee (ATSC) standard system.
An ATSC transport stream comprises digital audio/video content and ECMs, of which the latter comprise code words for descrambling the audio/video content.
[0047] The establishment of the secure channel is executed by the processor 322 of the security module 320, normally using information stored in the memory 324, and, similarly, the processor 3142 of the descrambler 314 using information stored in the memory 3141. It should be noted that as the security module interface 317 acts as an interface (also called gateway) between the descrambler 314 and the security module 320 it will not be cited in the description of the protocol -it essentially only forwards information without changing it.
[0048] Figure 5, comprising Figures 5A and 5B, illustrates an exemplary implementation of the protocol according to the present invention.
[0049] The first stage is executed when the security module 320 is inserted in the security module interface (317 in Fig.
4) of the digital television set (310 in Fig. 4). It should be noted that the first stage may also be executed when the digital television set is switched on, unless for example there are circuits that detect that the security module remains in the security module interface during the entirety of the absence of power.
[0050] The descrambler 314 sends its X509v3 certificate 3143 to the security module 320 in message 330. In step 332, the security module 320 extracts the Diffie-Hellman 1024-bit public key gd and the 64-bit identity IDd from the received certificate 3143, and verifies the certificate 3143 using the RSASSA-PSS-VERIFY signature verification algorithm with the root authority RSA 1024-bit public key P. If the certificate 3143 is not valid, the security module 320 aborts the protocol.
[0051] The security module 320 then sends its X509v3 certificate 325 to the descrambler 314 in message 334. In step 336, the descrambler 314 extracts the Diffie-Hellman 1024-bit public key g' and the 64-bit identity IDs from the received certificate 325, and verifies the certificate 325 using the RSASSA-PSS-VERIFY signature verification algorithm with the root authority RSA 1024-bit public key P. If the certificate 325 is not valid, the descrambler 314 aborts the protocol.
[0052] The descrambler 314 and the security module 320 compute the Diffie-Hellman permanent key Kperm = gdS in steps 338 and 339, respectively.
[0053] The second stage is executed upon successful execution of the first stage or when an event, such as a freshness trigger, instructs either the descrambler 314 or the security module 320 to renew the session key. In the description hereinafter, the security module 320 starts the second stage, but it should be understood that, since the protocol is symmetric, it may just as well be the descrambler 314 that starts the second stage.
[0054] In step 340, the security module 320 verifies the descrambler certificate 3143. If the verification is successful, then the security module 320 chooses a random 1024 bit ephemeral Diffie-Hellman private key x, calculates the corresponding ephemeral Diffie-Hellman public key gx, step 342, and sends the ephemeral public key le to the descrambler 314 in message 344.
[0055] Upon reception of the message 344, the descrambler 314 first verifies the security module certificate 325 as previously described (and aborts if the verification is not successful), step 346, and chooses a random 1024 bit ephemeral Diffie-Hellman private key y and calculates the corresponding ephemeral Diffie-Hellman public key gY, step 348. In step 350, the descrambler 314 calculates the ephemeral shared key Keph =
g" and the digest H1 of the string comprising gY, Keph, Kpermr and IDd using the hash algorithm SHA-1. gY and H1 are sent to the security module 320 in message 352.
[0056] Figure 5B illustrates the continuation of Figure 5A.
Upon reception of message 352, the security module 320 calculates the ephemeral shared key Keph and verifies the received digest H1, step 354. If the received digest does not equal the digest calculated by the security module 320, then the protocol is aborted. However, if the received digest is verified, then, in step 356, the security module 320 calculates the digest H2 of the string comprising gx, Keph, Kperm, and ID, using the hash algorithm SHA-1. H2 is then sent to the descrambler 314 in message 358.
[0057] Upon reception of message 358, the descrambler 314 verifies the received digest H2, step 360. If the received digest is not verified, then the protocol is aborted. However, if the received digest H2 is verified, then, in step 362, the descrambler 314 calculates the session key Ksessr which is the digest of the string comprising Keph.
[0058] In step 364, the security module 320 calculates the session key Ksess in the same way.
[0059] Now that both the descrambler 314 and the security module 320 possess the session key Ksessr they can go to a third stage in which ECMs are communicated over the Secure Authenticated Channel 370. ECMs are extracted by the demultiplexer (313 in Fig. 4) and passed to the descrambler 314 that forwards them via the security module interface (317 in Fig. 4) to the security module 320 that decrypts them, as is known in the art. The security module 320 then encrypts the ECMs with the session key Ksess and sends them, via the security module interface, to the descrambler 314 that decrypts the ECMs with the session key Ksess and uses the decrypted ECMs to decrypt digital content.
[0060] It should be noted that where this description makes reference to random numbers, these numbers are often in practice pseudo-random.
[0061] The expression "security module" encompasses any kind of security module, portable or stationary, that comprises a processor and can be used to establish a secure authenticated channel according to the invention, such as for example smart cards, PC cards (formerly known as PCMCIA cards), and integrated circuits soldered to the Printed Circuit Board of an apparatus such as a television.
[0062] While the preferred embodiment refers to a digital television set and a security module, a person skilled in the art will appreciate that the protocol for establishing a secure authenticated channel may be implemented and used by any kind of device with the necessary resources, i.e. a processor and preferably a memory storing the necessary information as detailed hereinbefore. Non-limitative examples of other devices are DVD players, computers interacting with external accessories, and Automatic Teller Machines (ATMs) and bank cards.

Claims (15)

1. A
method of calculating a session key shared by a first and a second device, the first device having knowledge of an identity corresponding to itself and an identity corresponding to the second device, and an agreed key common to both devices, the second device having knowledge of an identity corresponding to itself and an identity corresponding to the first device, and the agreed key common to both devices, the method comprising the steps of:
at the first device:
- choosing a first ephemeral private key;
- calculating a first ephemeral public key;
- sending the first ephemeral public key to the second device;
at the second device:
- receiving the first ephemeral public key;
- choosing a second ephemeral private key;
- calculating a second ephemeral public key;
- calculating an ephemeral shared key from the first ephemeral public key and the second ephemeral private key;
- calculating a first value from the second ephemeral public key, the ephemeral shared key, the agreed key, and the identity corresponding to itself;
- sending the second ephemeral public key and the first value to the first device;

at the first device:
- receiving the second ephemeral public key and the first value from the second device;
- calculating the ephemeral shared key from the second ephemeral public key and the first ephemeral private key;
- verifying the first value;
- calculating a second value from the first ephemeral public key, the ephemeral shared key, the agreed key, and the identity corresponding to itself;
- sending the second value to the second device;
- calculating a session key as a function of the ephemeral shared key; and at the second device:
- receiving the second value;
- verifying the second value; and - calculating the session key as a function of the ephemeral shared key.
2. The method according to claim 1, further comprising the step of aborting the method if a verification fails.
3. The method according to claim 1 or 2, wherein the first value, the second value, and the session key are calculated using hash functions.
4. The method according to claim 3, wherein the hash functions used to calculate the first value, the second value, and the session key are the same.
5. A first device for participating, with a second device, in the calculation of a shared session key, the first device having knowledge of an identity corresponding to itself and an identity corresponding to the second device, and an agreed key common to both devices, the first device comprising a processor for:
- choosing an ephemeral private key;
- calculating a first ephemeral public key;
- sending the first ephemeral public key to the second device;
- receiving a second ephemeral public key and a first value calculated from the second ephemeral public key, an ephemeral shared key, the agreed key, and the identity corresponding to the second device from the second device;
- calculating the ephemeral shared key from the ephemeral private key and the second ephemeral public key;
- verifying the first value;
- calculating a second value from the first ephemeral public key, the ephemeral shared key, the agreed key, and the identity corresponding to the first device;
- sending the second value to the second device; and - calculating a session key as a function of the ephemeral shared key.
6. A second device for participating, with a first device, in the calculation of a shared session key, the second device having knowledge of an identity corresponding to itself and an identity corresponding to the first device, and an agreed key common to both devices, the second device comprising a processor for:
- receiving from the first device a first ephemeral public key;

- choosing an ephemeral private key;
- calculating a second ephemeral public key;
- calculating an ephemeral shared key;
- calculating a first value from the second ephemeral public key, the ephemeral shared key, the agreed key, and the identity corresponding to the second device;
- sending the second ephemeral public key and the first hash value to the first device;
- receiving a second value calculated from the first ephemeral public key, the ephemeral shared key, the agreed key, and the identity corresponding to the first device from the first device;
- verifying the second value; and - calculating a session key as a function of the ephemeral shared key.
7. A device according to claim 5 or 6, wherein the processor further aborts the calculation if a hash value is not successfully verified.
8. A method of calculating a session key shared by a first and a second device, the first device having a certificate comprising a public key and an identity corresponding to itself, and knowledge of the identity corresponding to itself, a private key, and the public key, the second device having a certificate comprising a public key and an identity corresponding to itself, and knowledge of the identity corresponding to itself, a private key, and the public key, the method comprising the steps of:
at the first device:

- choosing a first ephemeral private key;
- calculating a first ephemeral public key;
- sending its certificate and the first ephemeral public key to the second device;
at the second device:
- receiving the certificate of the first device and the first ephemeral public key;
- verifying the certificate of the first device;
- choosing a second ephemeral private key;
- calculating a second ephemeral public key;
- calculating an ephemeral shared key from the first ephemeral public key and the second ephemeral private key;
- calculating a permanent key from the public key of the first device and its own private key;
- calculating a first value from the second ephemeral public key, the ephemeral shared key, the permanent key, and the identity corresponding to itself;
- sending its certificate, the second ephemeral public key and the first value to the first device;
at the first device:
- receiving the certificate of the second device, the second ephemeral public key and the first value from the second device;
- verifying the certificate of the second device;
- calculating the ephemeral shared key from the second ephemeral public key and the first ephemeral private key;

- calculating the permanent key from the public key of the first device and its own private key;
- verifying the first value;
- calculating a second value from the first ephemeral public key, the ephemeral shared key, the permanent key, and the identity corresponding to itself;
- sending the second value to the second device;
at the second device:
- receiving the second value;
- verifying the second value; and - calculating a session key as a function of the ephemeral shared key; and at the first device:
- calculating the session key as a function of the ephemeral shared key.
9. A first device for participating, with a second device, in the calculation of a shared session key, the first device having a certificate comprising a public key and an identity corresponding to itself, and knowledge of the identity corresponding to itself, a private key, and the public key, the first device comprising a processor for:
- choosing an ephemeral private key;
- calculating a first ephemeral public key;
- sending its certificate and the first ephemeral public key to the second device;
- receiving a certificate of the second device, a second ephemeral public key and a first value from the second device, the certificate comprising a public key and an identity of the second device, and the first value being calculated from the second ephemeral public key, an ephemeral shared key, a permanent key, and the identity corresponding to the second device;
- verifying the certificate of the second device;
- calculating the ephemeral shared key from the second ephemeral public key and the ephemeral private key;
- calculating the permanent key from the public key of the first device and its own private key;
- verifying the first value;
- calculating a second value from the first ephemeral public key, the ephemeral shared key, the permanent key, and the identity corresponding to itself;
- sending the second value to the second device; and - calculating a session key as a function of the ephemeral shared key.
10. A second device for participating, with a first device, in the calculation of a shared session key, the second device having a certificate comprising a public key and an identity corresponding to itself, and knowledge of the identity corresponding to itself, a private key, and the public key, the second device comprising a processor for:
- receiving a certificate of the first device and a first ephemeral public key, the certificate comprising a public key and an identity of the first device;
- verifying the certificate of the first device;
- choosing an ephemeral private key;
- calculating a second ephemeral public key;
- calculating an ephemeral shared key from the first ephemeral public key and the ephemeral private key;

- calculating a permanent key from the public key of the first device and its own private key;
- calculating a first value from the second ephemeral public key, the ephemeral shared key, the permanent key, and the identity corresponding to itself;
- sending its certificate, the second ephemeral public key and the first value to the first device;
- receiving a second value from the first device, the second value being calculated from the first ephemeral public key, the ephemeral shared key, the permanent key, and the identity corresponding to the first device;
- verifying the second value; and - calculating the session key as a function of the ephemeral shared key.
11. A
first device adapted to verify a hash value, the first device having a certificate comprising a public key and an identity corresponding to itself, and knowledge of the identity corresponding to itself, a private key, and the public key, the first device comprising a processor for:
- choosing an ephemeral private key;
- calculating a first ephemeral public key;
- sending its certificate and the first ephemeral public key to a second device;
- receiving a certificate of the second device, a second ephemeral public key and a first hash value from the second device, the certificate comprising a public key and an identity of the second device, and the first hash value being calculated from the second ephemeral public key, an ephemeral shared key, a permanent key, and the identity corresponding to the second device;
- verifying the certificate of the second device;

- calculating the ephemeral shared key from the second ephemeral public key and the ephemeral private key;
- calculating the permanent key from the public key of the second device and its own private key; and - verifying the first hash value.
12. The first device of claim 11, wherein the processor is further for:
- calculating a second hash value from the first ephemeral public key, the ephemeral shared key, the permanent key, and the identity corresponding to itself; and - sending the second hash value to the second device.
13. A second device adapted to verify a hash value, the second device having a certificate comprising a public key and an identity corresponding to itself, and knowledge of the identity corresponding to itself, a private key, and the public key, the second device comprising a processor for:
- receiving from a first device a certificate of the first device and a first ephemeral public key, the certificate comprising a public key and an identity of the first device;
- verifying the certificate of the first device;
- choosing an ephemeral private key;
- calculating a second ephemeral public key;
- calculating an ephemeral shared key from the first ephemeral public key and the ephemeral private key;
- calculating a permanent key from the public key of the first device and its own private key;

- calculating a first hash value from the second ephemeral public key, the ephemeral shared key, the permanent key, and the identity corresponding to itself;
- sending its certificate, the second ephemeral public key and the first hash value to the first device;
- receiving a second hash value from the first device, the second value being calculated from the first ephemeral public key, the ephemeral shared key, the permanent key, and the identity corresponding to the first device;
and - verifying the second hash value.
14. A method for verifying a hash value, the being performed by a first device having a certificate comprising a public key and an identity corresponding to itself, and knowledge of the identity corresponding to itself, a private key, and the public key, the method comprising the steps of:
- choosing an ephemeral private key;
- calculating a first ephemeral public key;
- sending its certificate and the first ephemeral public key to a second device;
- receiving a certificate of the second device, a second ephemeral public key and a first hash value from the second device, the certificate comprising a public key and an identity of the second device, and the first hash value being calculated from the second ephemeral public key, an ephemeral shared key, a permanent key, and the identity corresponding to the second device;
- verifying the certificate of the second device;
- calculating the ephemeral shared key from the second ephemeral public key and the ephemeral private key;

- calculating the permanent key from the public key of the second device and its own private key; and - verifying the first hash value.
15. A
method for verifying a hash value, the method being performed by a second device having a certificate comprising a public key and an identity corresponding to itself, and knowledge of the identity corresponding to itself, a private key, and the public key, the method comprising the steps of:
- receiving from a first device a certificate of the first device and a first ephemeral public key, the certificate comprising a public key and an identity of the first device;
- verifying the certificate of the first device;
- choosing an ephemeral private key;
- calculating a second ephemeral public key;
- calculating an ephemeral shared key from the first ephemeral public key and the ephemeral private key;
- calculating a permanent key from the public key of the first device and its own private key;
- calculating a first hash value from the second ephemeral public key, the ephemeral shared key, the permanent key, and the identity corresponding to itself;
- sending its certificate, the second ephemeral public key and the first hash value to the first device;
- receiving a second hash value from the first device, the second value being calculated from the first ephemeral public key, the ephemeral shared key, the permanent key, and the identity corresponding to the first device;
and - verifying the second hash value.
CA 2486267 2004-10-29 2004-10-29 Secure authenticated channel Expired - Fee Related CA2486267C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CA 2486267 CA2486267C (en) 2004-10-29 2004-10-29 Secure authenticated channel

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CA 2486267 CA2486267C (en) 2004-10-29 2004-10-29 Secure authenticated channel

Publications (2)

Publication Number Publication Date
CA2486267A1 CA2486267A1 (en) 2006-04-29
CA2486267C true CA2486267C (en) 2014-09-30

Family

ID=36242656

Family Applications (1)

Application Number Title Priority Date Filing Date
CA 2486267 Expired - Fee Related CA2486267C (en) 2004-10-29 2004-10-29 Secure authenticated channel

Country Status (1)

Country Link
CA (1) CA2486267C (en)

Also Published As

Publication number Publication date
CA2486267A1 (en) 2006-04-29

Similar Documents

Publication Publication Date Title
US7545932B2 (en) Secure authenticated channel
US10003604B2 (en) Authenticated communication between security devices
EP1805929B1 (en) Secure authenticated channel
US20070083766A1 (en) Data transmission links
US20030210789A1 (en) Data transmission links
EP2362573A1 (en) Device and method for establishing secure trust key
JP2005515701A6 (en) Data transmission link
EP1906587A2 (en) Secure authenticated channel
US9876774B2 (en) Communication security system and method
CA2486267C (en) Secure authenticated channel
JP5478364B2 (en) Authentication system, terminal device, IC card, computer program, authentication method, and command transmission method
CN114297355A (en) Method and system for establishing secure session, solid state disk and terminal equipment
JP5354656B2 (en) Cryptographic communication system, cryptographic communication method, transmitting apparatus and receiving apparatus
EP2362574A1 (en) Key correspondence verification in device-smart card systems
AU2008201456B2 (en) Secure authenticated channel
JP2005236505A (en) Contents distribution system
CN116415268A (en) Data processing method, device, equipment and medium
JP5238045B2 (en) Secure authentication channel
Yoon et al. Strong Authentication Scheme for Remote Autonomous Object
JP2001075474A (en) Device and method for escrow ciphering without key exchange

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed

Effective date: 20201029