[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

SE546290C2 - Applying a server partial secret key conditional on blocked status - Google Patents

Applying a server partial secret key conditional on blocked status

Info

Publication number
SE546290C2
SE546290C2 SE2151304A SE2151304A SE546290C2 SE 546290 C2 SE546290 C2 SE 546290C2 SE 2151304 A SE2151304 A SE 2151304A SE 2151304 A SE2151304 A SE 2151304A SE 546290 C2 SE546290 C2 SE 546290C2
Authority
SE
Sweden
Prior art keywords
partial secret
secret key
server
key
user device
Prior art date
Application number
SE2151304A
Other languages
Swedish (sv)
Other versions
SE2151304A1 (en
Inventor
Adam Augustyn
Andrzej Bohdan Kostyk
Frans Lundberg
Krzysztof Grzegorz Fabjanski
Original Assignee
Assa Abloy Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Assa Abloy Ab filed Critical Assa Abloy Ab
Priority to SE2151304A priority Critical patent/SE546290C2/en
Priority to EP22809434.8A priority patent/EP4423965A1/en
Priority to PCT/EP2022/079976 priority patent/WO2023073040A1/en
Priority to PCT/EP2022/079989 priority patent/WO2023073047A1/en
Priority to EP22809427.2A priority patent/EP4423964A1/en
Publication of SE2151304A1 publication Critical patent/SE2151304A1/en
Publication of SE546290C2 publication Critical patent/SE546290C2/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

It is provided a method for applying a server partial secret key conditional on blocked status, wherein the server partial secret key (10b) and a user partial secret key (10a) form part of a threshold cryptography scheme (11), the method comprises: receiving (40) a request to apply a server partial secret key (10b) for a requested cryptographic operation for a user device (2); determining (42) that the server partial secret key (10b) can validly be applied by determining that the server partial secret key (10b) is not blocked from being applied; and interacting (44) with the user device (2) to perform the requested cryptographic operation, such that the user device (2) applies the user partial secret key (10a) and the validation server applies the server partial secret key (10b).

Description

APPLYING A SERVER PARTIAL SECRET KEY CONDITIONAL ON BLOCKED STATUS TECHNICAL FIELD
[0001] The present disclosure relates to the field of cryptographic operations, and in particular to applying a server partial secret key conditional on blocked status, wherein the server partial secret key and a user partial secret key form part of a threshold cryptography scheme.
BACKGROUND
[0002] As we use more and more digital applications in our lives, cryptography continually increases in popularity and use cases for securing various parts of our digital interaction. There is symmetric and asymmetric cryptography with various advantages. For instance, asymmetric cryptography can be used both for proving identity (using cryptographic signing) and decrypting data addressed to a specific user.
[0003] Traditional asymmetric cryptography is based on a public key and a secret key. The public key is tied to an entity/ user and is shared publicly. The secret key is tied to the same entity, but is kept secret. Using the secret key, the entity can e.g. apply a cryptographic signature that can be verified by anyone using the public key. The secret key can also be used to decrypt data that has been encrypted by someone using the public key.
[0004] Authentication of user devices can be performed in many ways, including asymmetric cryptography. An issue arises if the user device with the secret key is compromised, e.g. lost or stolen. If an attacker manages to get hold of the user device, the attacker may be able to perform illegitimate cryptographic operations. This can lead to serious financial or social implications for the user of the user device.
[0005] The legitimate user may thus want to block the use of the secret key of the device e.g. by invalidating the old key pair and generating a new key pair. However, in order to make this possible, all devices storing the previous public key must be informed of the new public key of the new key pair. This is of course a security risk, since missing only one device storing a previous public key opens up for the use by an attacker of the stolen device.
SUMMARY
[0006] One object is to provide a way to block cryptographic operations by a user device that has been compromised, where no actions are required by devices holding the corresponding public key.
[0007] According to a first aspect, it is provided a method for applying a server partial secret key conditional on blocked status, wherein the server partial secret key and a user partial secret key form part of a threshold cryptography scheme associated with a public key. The method is performed in a validation server. The method comprises: receiving a request to apply a server partial secret key for a requested cryptographic operation for a user device; determining that the server partial secret key can validly be applied by determining that the server partial secret key is not blocked from being applied; and interacting with the user device to perform the requested cryptographic operation, such that the user device applies the user partial secret key and the validation server applies the server partial secret key, wherein a threshold of at least two partial secret keys of the threshold cryptography scheme are required for applying the threshold cryptography scheme for performing the requested cryptographic operation.
[0008] The determining that the server partial secret key can validly be applied may comprise determining that a current time is within a pre-defined validity schedule.
[0009] The determining that the server partial secret key can validly be applied may comprise determining that an application of the cryptographic operation complies with a pre-defines set of valid applications.
[0010] The method may further comprise: receiving a message to block the server partial secret key corresponding to a particular user device; and storing an indication that the server partial secret key corresponding to the particular user device is blocked.
[0011] The method may further comprise: obtaining an updated server partial secret key, corresponding to an updated user partial secret key that collectively form part of the threshold cryptography scheme that, wherein the update in partial secret keys still correspond to the public key.[0012] The obtaining an updated server partial secret key may be performed as a result of receiving a message to block the server partial secret key.
[0013] The obtaining an updated server partial secret key may be performed regularly based on a schedule.
[0014] According to a second aspect, it is provided a validation server for applying a server partial secret key conditional on blocked status, wherein the server partial secret key and a user partial secret key form part of a threshold cryptography scheme associated with a public key. The validation server comprises: a processor; and a memory storing instructions that, when executed by the processor, cause the validation server to: receive a request to apply a server partial secret key for a requested cryptographic operation for a user device; determine that the server partial secret key can validly be applied by determining that the server partial secret key is not blocked from being applied; and interact with the user device to perform the requested cryptographic operation, such that the user device applies the user partial secret key and the validation server applies the server partial secret key, wherein a threshold of two partial secret keys of the threshold cryptography scheme are required for applying the threshold cryptography scheme for performing the requested cryptographic operation.
[0015] The instructions to determine that the server partial secret key can validly be applied may comprise instructions that, when executed by the processor, cause the validation server to determine that a current time is within a pre-defined validity schedule.
[0016] The instructions to determine that the server partial secret key can validly be applied may comprise instructions that, when executed by the processor, cause the validation server to determine that an application of the cryptographic operation complies with a pre-defines set of valid applications.
[0017] The validation server may further comprise instructions that, when executed by the processor, cause the validation server to: receive a message to block the server partial secret key corresponding to a particular user device; and store an indication that the server partial secret key corresponding to the particular user device is blocked.[0018] The validation server may further comprise instructions that, when executed by the processor, cause the validation server to: obtain an updated server partial secret key, corresponding to an updated user partial secret key that collectively form part of the threshold cryptography scheme that, wherein the update in partial secret keys still correspond to the public key.
[0019] The validation server may further comprise instructions that, when executed by the processor, cause the validation server to execute the instructions to obtain an updated server partial secret key are as a result of receiving a message to block the server partial secret key.
[0020] The validation server may further comprise instructions that, when executed by the processor, cause the validation server to execute the instructions to obtain an updated server partial secret key regularly based on a schedule.
[0021] According to a third aspect, it is provided a computer program for applying a server partial secret key conditional on blocked status. The server partial secret key and a user partial secret key form part of a threshold cryptography scheme associated with a public key. The computer program comprises computer program code which, when executed on a validation server causes the validation server to: receive a request to apply a server partial secret key for a requested cryptographic operation for a user device; determine that the server partial secret key can validly be applied by determining that the server partial secret key is not blocked from being applied; and interact with the user device to perform the requested cryptographic operation, such that the user device applies the user partial secret key and the validation server applies the server partial secret key, wherein a threshold of at least two partial secret keys of the threshold cryptography scheme are required for applying the threshold cryptography scheme for performing the requested cryptographic operation.
[0022] According to a fourth aspect, it is provided a computer program product comprising a computer program according to the third aspect and a computer readable means comprising non-transitory memory in which the computer program is stored.
[0023] Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein. All references to "a/ an /the element, apparatus, component, means, step, etc." are to beinterpreted openly as referring to at least one instance of the element, apparatus, component, means, step, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
BRIEF DESCRIPTION OF THE DRAWINGS
[0024] Aspects and embodiments are now described, by way of example, with refer- ence to the accompanying drawings, in which:
[0025] Fig 1 is a schematic diagram illustrating how asymmetric cryptography operations can be performed in the prior art;
[0026] Fig 2 is a schematic diagram illustrating the concept of threshold cryptography;
[0027] Fig 3 is a schematic diagram illustrating an environment in which embodiments presented herein can be applied;
[0028] Fig 4 is a flow chart illustrating embodiments of methods for applying a server partial secret key conditional on blocked status;
[0029] Fig 5 is a schematic diagram illustrating components of the validation server of Fig 3; and
[0030] Fig 6 shows one example of a computer program product comprising computer readable means.
DETAILED DESCRIPTION
[0031] The aspects of the present disclosure will now be described more fully hereinafter with reference to the accompanying drawings, in which certain embodiments of the invention are shown. These aspects may, however, be embodied in many different forms and should not be construed as limiting; rather, these embodiments are provided by way of example so that this disclosure will be thorough and complete, and to fully convey the scope of all aspects of invention to those skilled in the art. Like numbers refer to like elements throughout the description.
[0032] Embodiments presented herein are based on threshold cryptography, where two (i.e. both) of two available partial secret keys are needed for performing a cryptographic operation. One partial secret key is stored in the user device and one partial secret key is stored on a Validation server. If the user device is compromised, the validation server is informed of this and blocks the user of its partial secret key for that user device. In this way, the user device is effectively blocked from any cryptographic operations since it is required that also the validation server applies its partial secret key for the cryptographic operation to occur.
[0033] Fig 1 is a schematic diagram illustrating how asymmetric cryptography operations can be performed in the prior art.
[0034] In traditional asymmetric cryptography there is a key pair 23 consisting of a public key 22 and a secret key 21. The public key 22 is associated with an entity or user and is shared publicly. The secret key 21 is coupled to the public key, but the secret key 21 is kept secret. Using the secret key 21, a user device 2 can perform a cryptographic operation, e.g. cryptographic signing or decryption.
[0035] In the example of Fig 1, a user device 2, such as a smartphone, computer, wearable device, etc., stores the key pair 23 consisting of the public key 22 and the secret key 21. The user device 2 is connected to a communication network 7, such as the Internet. The public key 22 is shared and can thus e.g. be stored in an application server 4, that is also connected to the communication network 7. The application server 4 is any server with which the user device can interact, e.g. using an app (application) in the user device 2 or via a web browser.
[0036] In this way, the user device 2 can perform cryptographic operations, such as cryptographic signing or decryption, in cooperation with the application server 4. The application server 4 can also have its own key pair, consisting of a separate set of a public key and a secret key (not shown).
[0037] As mentioned in the background, this solution is vulnerable if the user device 2 is lost or stolen, in which case an attacker might be able to perform cryptographic operations using the stolen user device[0038] Fig 2 is a schematic diagram illustrating the concept of threshold cryptography. Embodiments presented herein are based on threshold cryptography, which will now be explained with reference to Fig
[0039] A development in asymmetric cryptography, from its original key pair of a secret key and a public key, is threshold cryptography. In threshold cryptography, there is still a single public key 12, but cryptographic operations are achieved by a threshold number of associated partial secret keys 10a-f for respective entities. J ointly, the group of entities computes and communicates to generate the set of partial secret keys and the associated public key. Each entity its partial secret key. It is to be noted that each partial secret key is secret and is only known to the entity itself. There is no need for this partial secret key to be exposed to any other entity, not even in the key creation phase. Hence, there is no need for a central authority that distributes these partial secret keys.
[0040] The threshold condition can be expressed as (t, n), where n denotes the number of available partial secret keys and t denotes the number of partial secret keys that are needed to perform a cryptographic operation (e.g. decryption or signing) corresponding to the (single) public key. For instance, in correspondence with the example of Fig 2, a (3, 6) threshold cryptography scheme requires that at least 3 out of 6 associated partial secret keys 10a-g are applied to perform the cryptographic operation. When at least the threshold number of partial secret keys are applied, this cryptographic operation secured by the threshold cryptography scheme 11 is performed. It does not matter which particular partial secret keys are applied, as long as at least the threshold number of partial secret keys are applied. The threshold cryptography scheme is defined when the partial secret keys are generated.
[0041] Optionally, the partial secret keys can be refreshed. This can be done to limit the lifetime of the partial secret keys, (which makes it even harder for an attacker who needs to compromise at least t parties within a time window defined by the lifetime). The refresh can also be performed done to consolidate the partial secret keys. For instance, if an entity holding a partial secret key is lost, it makes sense to regenerate the partial secret keys, now for the remaining entities of the group. It is to be noted that the refresh does not affect the public key - the same public key that was used prior to the refresh can be used after the refresh. Again, the refresh is performed without sharing any of the partial secret keys while doing the collaborative refresh computation, e.g.based on multi-party computation, known in the art per se, see the Wikipedia article littpsz/ / e11fvvik.ipedia.or9.! wariki/ Secure multfvnarttf coniptltation available at the time that this patent application is filed.
[0042] Using threshold cryptography, a compromise of a single device never least to a compromise of the whole threshold cryptography scheme, significantly increasing security.
[0043] Threshold cryptography can e.g. be implemented using an Elliptic Curve Digital Signature Algorithms (ECDSA). An example implementation is the Binance implementation, available at httns:Å/githrub.coni/binarcice-chain /tss-lib at the time of filing of this patent application.
[0044] Fig 3 is a schematic diagram illustrating an environment in which embodiments presented herein can be applied. The context is similar to that of Fig 1, where a user device 2 interacts with an application server 4 over a communication network 7 to apply a cryptographic operation corresponding to a public key 12 available to the application server 4. Here, however, there is also a validation server 3. There is still a single public key 12, but instead of a single secret key, the secret key operations are performed using a threshold cryptography scheme based on a user partial secret key 10a, stored in the user device 2, and a server partial secret key 10b, stored in the validation server 3. It is to be noted that no single secret key corresponding to the public key 12 exists that could be stolen. Instead, secret cryptographic operations are achieved by separate utilisation of the partial secret keys 10a, 10b of the threshold cryptography scheme.
[0045] For a cryptographic operation to be applied, it is thus required that both partial secret keys 10a, 10b, are applied. In other words, in accordance with the nomenclature established above, a (2, 2) threshold scheme is applied for performing cryptographic operations.
[0046] For this solution, the partial signatures can e.g. be implemented by signing of JWT (J SON (JavaScript Object Notation) Web Token) with JWS (J SON Web Signature). An LDP (Linked Data Platform) server can then validate the signatures against a stored public key obtained during client registration.[0047] Fig 4 is a flow chart illustrating embodiments of methods for applying a server partial secret key conditional on blocked status. The server partial secret key 10b and a user partial secret key 10a form part of a threshold cryptography scheme 11 associated with a public key 12. The method is performed in a validation server 3. It is to be noted that from the perspective of the validation server 3, the method can be performed in parallel for respective user devices. In this case, the validation serverholds separate server partial secret keys for each user device.
[0048] In a receive request step 40, the validation server 3 receives a request to apply a server partial secret key 10b for a requested cryptographic operation for a user device 2. As mentioned above, the cryptographic operation can e.g. be to perform cryptographic signing and/ or decryption, for interacting with the application server, e.g. for authorisation, etc.
[0049] In a conditional valid to apply partial secret key step 42, the validation server 3 evaluates whether the server partial secret key 10b can validly be applied by determining that the server partial secret key 10b is not blocked from being applied. In other words, the validation server 3 actively checks whether the server partial secret key 10b (of the user device for which the method is performed) is blocked from being applied. This validation can be performed in several different ways based on one or more conditions.
[0050] One condition that may need to be true for applying the server partial secret key 10b can be that a current time is within a pre-defined validity schedule. For instance, the partial secret key 10b can be scheduled to be applied only during office hours (e.g. for accessing work documents), weekdays or weekends.
[0051] One condition that may need to be true for applying the server partial secret key 10b can be that an application of the cryptographic operation complies with a pre- defines set of valid applications. Examples of such applications can be payments (lower than a set limit or without any limit), document signing, logging in to a set of preapproved services (e.g. web sites or application (app) services), etc.
[0052] When it is determined that the server partial secret key 10b can validly be applied, the method proceeds to an interact to apply partial secret keys step Otherwise, the method proceeds to the optional receive message to block step 46, the 1O method proceeds the optional obtain updated server partial secret key step 50, or the method ends.
[0053] In the interact to apply partial secret keys step 44, the validation server 3 interacts with the user device 2 to perform the requested cryptographic operation. This makes the user device 2 apply the user partial secret key 10a and the validation server apply the server partial secret key 10b. Threshold cryptography is employed such that at least two partial secret keys 10a-b of the threshold cryptography scheme 11 are required for the requested cryptographic operation. For instance, the threshold can be that two out of two partial secret keys 10a-b need to be applied or three out of three partial secret keys need to be applied. In any case, the threshold scheme is devised such that the server is required to apply its server partial secret key for performing the requested cryptographic operation, thereby forcing the check for potential blocking at the validation server.
[0054] Hence, as long as the validation is positive in step 42, the validation server applies its partial secret key, to support the cryptographic operation. In this way, the validation server 3 provides a conditional approval service for applying the server-side partial secret key for the user device
[0055] In the optional receive message to block step 46, the validation server 3 receives 46 a message to block the server partial secret key 10b corresponding to a particular user device
[0056] In an optional store block indication step 48, the validation server 3 stores 48 an indication that the server partial secret key 10b corresponding to the particular user device 2 is blocked. This indication will then block validation for that user device 2 in a subsequent iteration of step
[0057] Hence, using steps 46 and 48, if the user device 2 is compromised, e.g. stolen or lost, the user can signal (directly or indirectly) to the validation server over a separate channel that the server partial secret key should be blocked for that user device, effectively blocking future validations (verified in step 42) In this way, if an attacker somehow manages to make the compromised user device apply its partial secret key for authentication, this is not sufficient, since the validation server has blocked its approval service for that user device.[0058] In the optional obtain updated server partial secret key step 50, the validation server 3 obtains an updated server partial secret key, corresponding to an updated user partial secret key that collectively form part of the threshold cryptography scheme 11. The update in partial secret keys still correspond (collectively) to the public key 12. This update is also known as refresh (as described above) or key rotation.
[0059] An analogy of how the key rotation is now illustrated with a f1ctive, but easily understood, cryptographic operation of addition of the partial secret keys. In this case, both partial secret keys are added to a data item being a number n. The first partial secret key is denoted k1 and the second partial secret key is denoted k2. The f1ctive cryptographic operation involves respectively adding the partial secret keys to the number, resulting in n + k1 + k2, a result which is verifiable by the public key. When the keys are updated, this can be achieved by adding an offset os to one partial secret key and subtracting the same offset os from the other partial secret key, resulting in updated secret keys (k1 + os) and (k2 - os). When both updated keys are applied to the number n, this results in n + (k1 + os) + (k2 - os) = n + k1 + k2, i.e. the same result as before the update. It is thus clear how that, even after the update, the same public key can be used for verification. Significantly, one original partial secret key cannot be used in conjunction with the other partial secret key after the update, since, e.g. (k1 + os) + k1 42 k1 + k2. In reality, the addition and subtraction can be much more complex operations, but the same principles apply.
[0060] Using the key rotation, only corresponding updated user partial secret keys can be used, effectively invalidating any previous instances of user partial secret keys, e.g. in a compromised user device.
[0061] The obtain updated server partial secret key step 50 can be performed as a result of receiving a message to block the server partial secret key 10b.
[0062] Alternatively, the obtain updated server partial secret key step 50 can be performed regularly based on a schedule, e.g. periodically based on a fixed period.
[0063] It is to be noted that the user partial secret key can, in turn, be based on a threshold scheme, e.g. a (2, 3) scheme of partial secret keys provided to a computer, a phone and a wearable device.[0064] By applying the threshold cryptography scheme, verification of any cryptographic operation based on the public key can be performed as known in the art for a traditional key pair consisting of a public key and a secret key. In other words, no modification is required for verification of partial secret keys of a threshold scheme compared to traditional asymmetric cryptography. Moreover, blocking operations are enabled without the need for any exchange of public keys.
[0065] Fig 5 is a schematic diagram illustrating components of the validation server 3 of Fig 3. A processor 60 is provided using any combination of one or more of a suitable central processing unit (CPU), graphics processing unit (GPU), multiprocessor, microcontroller, digital signal processor (DSP), etc., capable of executing software instructions 67 stored in a memory 64, which can thus be a computer program product. The processor 60 could alternatively be implemented using an application specific integrated circuit (ASIC), field programmable gate array (FPGA), etc. The processorcan be configured to execute the method described with reference to Fig 4 above.
[0066] The memory 64 can be any combination of random-access memory (RAM) and/ or read-only memory (ROM). The memory 64 also comprises non-transitory persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid-state memory or even remotely mounted memory.
[0067] A data memory 66 is also provided for reading and/ or storing data during execution of software instructions in the processor 60. The data memory 66 can be any combination of RAM and/ or ROM.
[0068] The validation server 3 further comprises an I/ O interface 62 for communicating with external and/ or internal entities, such as the user device 2 via the communication network
[0069] Other components of the validation server 3 are omitted in order not to obscure the concepts presented herein.
[0070] Fig 6 shows one example of a computer program product 90 comprising computer readable means. On this computer readable means, a computer programcan be stored, which computer program can cause a processor to execute a methodaccording to embodiments described herein. In this example, the computer program product is in the form of a removable solid-state memory, e.g. a Universal Serial Bus (USB) drive. As explained above, the computer program product could also be embodied in a memory of a device, such as the computer program product 64 of Fig 5. While the computer program 91 is here schematically shown as a section of the removable solid- state memory, the computer program can be stored in any way which is suitable for the computer program product, such as another type of removable solid-state memory, or an optical disc, such as a CD (compact disc), a DVD (digital versatile disc) or a Blu-Ray disc.
[0071] The aspects of the present disclosure have mainly been described above with reference to a few embodiments. However, as is readily appreciated by a person skilled in the art, other embodiments than the ones disclosed above are equally possible within the scope of the invention, as defined by the appended patent claims. Thus, while various aspects and embodiments have been disclosed herein, other aspects and embodiments will be apparent to those skilled in the art. The various aspects and embodiments disclosed herein are for purposes of illustration and are not intended to be limiting, with the true scope and spirit being indicated by the following claims.

Claims (12)

1. A method for applying a server partial secret key conditional on blocked status, wherein the server partial secret key (1ob) and a user partial secret key (10a) form part of a threshold cryptography scheme (11) associated with a public key (12), the method being performed in a validation server (3), the method comprising: receiving (40) a request to apply a server partial secret key (1ob) for a requested cryptographic operation for a user device (2); determining (42) that the server partial secret key (1ob) can validly be applied by determining that the server partial secret key (1ob) is not blocked from being applied; interacting (44) with the user device (2) to perform the requested cryptographic operation, such that the user device (2) applies the user partial secret key (10a) and the validation server applies the server partial secret key (1ob), wherein a threshold of at least two partial secret keys (1oa-b) of the threshold cryptography scheme (11) are required for applying the threshold cryptography scheme (11) for performing the requested cryptographic operation; .~ :ïišsfšífifiššixšïmnå* ii: obtaining (50) an updated server partial secret key, corresponding to an updated user partial secret key that collectively form part of the threshold cryptography scheme wherein the update in partial secret keys still correspond to the public key (12).
2. The method according to claim 1, wherein the determining (42) that the server partial secret key (1ob) can validly be applied comprises determining that a current time is within a pre-defined validity schedule.
3. The method according to any one of the preceding claims, wherein the determining (42) that the server partial secret key (1ob) can validly be applied comprises determining that an application of the cryptographic operation complies with a pre- defines set of valid applications. « v - .~\'_- \»~\-~.-« . v. " xuuskksm; .e .. 1... M t _. Ys-:wqa q, v» \\- v. ._ - _.- . r .- Sesam sk. Aceh-us M.. Wi. \.- '.\.-\.- \.-;..__~ ., u.. ms _ . .«- s, .~ \ ~ _ _ _ ~ .- ~. .~ - vv- ~ .~.>\ .- w »-\.\..-~_« \--.-\- - -~ - _ -- \- \~-«.- -vvvm v k. v »Vw \ -\~ “~-~\.-\.-..«.\.- W-Mw-v =.- \. \.\,~ x .\.\_\\:l¿ \-'-=-\.- 'z :\\.\.\ .\.\.\ « ~\.~:»\ \.~\.~ . « “Axšxs \.«.~\_' \.\,»« i \.~.\ tsmxx e.. (a. n. wdw .x a" f , \... .~ \.- g Å . xsrc- \\.^\,~_\.\\.~.\.\.\¿l¿ \.\.~ _ t. - « t. »šw- -.- “ Ä.- ».~~~~.«\v_~.-\.\~\.-,. ,«_~~ \.\.\\.. vu; ...\.\.-\.\.\:.\.\ why-r \.\\.~ .' .\\.. . \.~:. Ihe method according to where1n \ obtaining (50) an updated server partial secret key is performed as a result of receiving a message to block the server partial secret key (1ob). The method according to any one of the preceding claims, wherein the obtaining (50) an updated server partial secret key is performed regularly based on a schedule. A validation server (3) for applying a server partial secret key conditional on blocked status, wherein the server partial secret key (1ob) and a user partial secret key (1oa) form part of a threshold cryptography scheme (11) associated with a public key (12), the validation server (3) comprising: a processor (6o); and a memory (64) storing instructions (67) that, when executed by the processor, cause the validation server (3) to: receive a request to apply a server partial secret key (1ob) for a requested cryptographic operation for a user device (2); determine that the server partial secret key (1ob) can validly be applied by determining that the server partial secret key (1ob) is not blocked from being applied; interact with the user device (2) to perform the requested cryptographic operation, such that the user device (2) applies the user partial secret key (1oa) and the validation server (3) applies the server partial secret key (1ob), wherein a threshold of two partial secret keys (1oa-b) of the threshold cryptography scheme (11) are required for applying the threshold cryptography scheme (11) for performing the requested cryptographic operation; obtain an updated server partial secret key, corresponding to an updated user partial secret key that collectively form part of the threshold cryptography scheme (11) wherein the update in partial secret keys still correspond to the public key (12).The validation server (3) according to claim wherein the instructions to determine that the server partial secret key (1ob) can validly be applied comprise instructions (67) that, when executed by the processor, cause the validation server (3) to determine that a current time is within a pre-defined validity schedule. The validation server (3) according to any one of claims wherein the instructions to determine that the server partial secret key (1ob) can validly be applied comprise instructions (67) that, when executed by the processor, cause the validation server (3) to determine that an application of the cryptographic operation complies with a pre-defines set of valid applications.»we .,_«0._.§__ w ., ._ _ , e, v .-\\ age. “wee-ve-
4. .. . v. _. :_ fä.. we .~\ sem. e. .e e, e .e .eee . 'e.x..e\e\:.e\.\ .~.e.e e.\,-.e e .ex \_ \\_ 'e :.e.-e1e.-.\ e.e.e.\.\\;_l¿ (ene .' ~e_-.e.\ . \.~ s. \.-.\:.e.\: ..e\ ' \\ “pe xxe e \ ee \ \ _. e e _ ï- \. \. \-.-~ V. _.-~ ~»-«.~;~~\«~->-.~\\'~ vw w e' e »Ä +W .~ + - W» e-e .~- .~.»~.~\\~»»-« -\ \~-~ -s vš-w - ~~.- -x- wv-»e ~> v» w-wx vš-w -xew-:šf \~\ ~ >~.~\ e~~.-.\-“ ~ n \ .\.\_Ä\.\.\ \e\\.-\.e\.~ß.eree \\-' g' 5 memåle eq \' '.\.\- .~.\..\ \.~z'\\r\<-\-.\L~ å. .\! Y \.\.\~ .~ (VAA \.\- «~e-e.\.\.'e .j \.-\'§e\-\~. n» \.\.\- .~ \' i.\.\e\.\åee\.\\.'e e e.\_~e e \.-.\ \\\ _.) š- m “efešs e .We ïw ~ \ e WU- l “e l, -e-z -f É- \ -\.~ e Ä «-.-\ _. \\ v \\:e,e \ee\\ m. \ e e e e e \.-e \ x (x ex e.e\ .e e x eee e .y \.ee.-e.- e.»\.~\ ,¿~\ \\\ e_e\ \\: se » \« q .- « ven we; f”. we-ee _. .m- »e fe, »fe ,\.-\ » ,-\\. ne, .\ \\.~e.\.\.e.e\.-\~\.\e,\:. :,.=,.\.~.e \_\e_. v .\.e.-e.^ \\<:._:; Lexßee « .Äï-M-e-fl-Z- w :i .- 4- -ß- -e- - i e ~ _« .~~-i.- Ä .em-w Ä,- ï \ ee-e - e ï ß-ï-Ue e ßeexeexeerex ße.~.\.\ \..e.e:ee\ ee.. - :_- f. ' e-e še-'tees tesLeA :e- f .Aeee see \ \\ \ _: \.~\.^ eee-ets ee eçee eesßee- e Û.-\ Jše, \,e\.~ .i The validation server (3) according to further comprising instructions (67) that, when executed by the processor, cause the validation server (3) to execute the instructions to obtain an updated server partial secret key are as a result of receiving a message to block the server partial secret key (1ob). validation server (3) according to any one of claims further comprising instructions (67) that, when executed by the processor, cause the validation server (3) to execute the instructions to obtain an updated server partial secret key regularly based on a schedule. A computer program (67, 91) for applying a server partial secret key conditional on blocked status, wherein the server partial secret key (1ob) and a user partial secret key (1oa) form part of a threshold cryptography scheme (11) associated with a public key (12), the computer program comprising computer program code which, when executed on a validation server (3) causes the validation server (3) to: receive a request to apply a server partial secret key (1ob) for a requested cryptographic operation for a user device (2); determine that the server partial secret key (1ob) can validly be applied bydetermining that the server partial secret key (1ob) is not blocked from being applied; interact with the user device (2) to perform the requested cryptographic operation, such that the user device (2) applies the user partial secret key (1oa) and the validation server (3) applies the server partial secret key (1ob), wherein a threshold of at least two partial secret keys (1oa-b) of the threshold cryptography scheme (11) are required for applying the threshold cryptography scheme (11) for performing the requested cryptographic operation; ' l -~\-.~\~ .~~ '.- \\-~ -\»«»\.- rose: tftexftcf: is and obtain an updated server partial secret key, corresponding to an updated user partial secret key that collectively form part of the threshold cryptography scheme (11) wherein the update in partial secret keys still correspond to the public key (12). A computer program product (64, 90) comprising a computer program according to claim and a computer readable means comprising non-transitory memory in which the computer program is stored.
SE2151304A 2021-10-26 2021-10-26 Applying a server partial secret key conditional on blocked status SE546290C2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
SE2151304A SE546290C2 (en) 2021-10-26 2021-10-26 Applying a server partial secret key conditional on blocked status
EP22809434.8A EP4423965A1 (en) 2021-10-26 2022-10-26 Applying a server partial secret key conditional on blocked status
PCT/EP2022/079976 WO2023073040A1 (en) 2021-10-26 2022-10-26 Authenticating an electronic device
PCT/EP2022/079989 WO2023073047A1 (en) 2021-10-26 2022-10-26 Applying a server partial secret key conditional on blocked status
EP22809427.2A EP4423964A1 (en) 2021-10-26 2022-10-26 Authenticating an electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
SE2151304A SE546290C2 (en) 2021-10-26 2021-10-26 Applying a server partial secret key conditional on blocked status

Publications (2)

Publication Number Publication Date
SE2151304A1 SE2151304A1 (en) 2023-04-27
SE546290C2 true SE546290C2 (en) 2024-09-24

Family

ID=86381905

Family Applications (1)

Application Number Title Priority Date Filing Date
SE2151304A SE546290C2 (en) 2021-10-26 2021-10-26 Applying a server partial secret key conditional on blocked status

Country Status (1)

Country Link
SE (1) SE546290C2 (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9032212B1 (en) * 2013-03-15 2015-05-12 Emc Corporation Self-refreshing distributed cryptography
US20170103228A1 (en) * 2014-06-02 2017-04-13 Attila Altay Yavuz System and method for secure review of audit logs
US9813244B1 (en) * 2015-12-30 2017-11-07 EMC IP Holding Company LLC Distributed proactive password-based secret sharing
US20190034936A1 (en) * 2017-12-29 2019-01-31 Intel Corporation Approving Transactions from Electronic Wallet Shares
EP3496331A1 (en) * 2017-12-08 2019-06-12 Koninklijke Philips N.V. Two-party signature device and method
US20190229929A1 (en) * 2014-03-28 2019-07-25 International Business Machines Corporation Production of cryptographic signatures
WO2021130748A1 (en) * 2019-12-23 2021-07-01 Kzen Networks Ltd. System and method of management of a shared cryptographic account
US20210314142A1 (en) * 2020-03-31 2021-10-07 Friedrich-Alexander-Universität Erlangen-Nürnberg Methods for threshold password-hardened encryption and decryption

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9032212B1 (en) * 2013-03-15 2015-05-12 Emc Corporation Self-refreshing distributed cryptography
US20190229929A1 (en) * 2014-03-28 2019-07-25 International Business Machines Corporation Production of cryptographic signatures
US20170103228A1 (en) * 2014-06-02 2017-04-13 Attila Altay Yavuz System and method for secure review of audit logs
US9813244B1 (en) * 2015-12-30 2017-11-07 EMC IP Holding Company LLC Distributed proactive password-based secret sharing
EP3496331A1 (en) * 2017-12-08 2019-06-12 Koninklijke Philips N.V. Two-party signature device and method
US20190034936A1 (en) * 2017-12-29 2019-01-31 Intel Corporation Approving Transactions from Electronic Wallet Shares
WO2021130748A1 (en) * 2019-12-23 2021-07-01 Kzen Networks Ltd. System and method of management of a shared cryptographic account
US20210314142A1 (en) * 2020-03-31 2021-10-07 Friedrich-Alexander-Universität Erlangen-Nürnberg Methods for threshold password-hardened encryption and decryption

Also Published As

Publication number Publication date
SE2151304A1 (en) 2023-04-27

Similar Documents

Publication Publication Date Title
US11799656B2 (en) Security authentication method and device
CN109728914B (en) Digital signature verification method, system, device and computer readable storage medium
CN111835774B (en) Data processing method, device, equipment and storage medium
CN112232814B (en) Encryption and decryption methods of payment key, payment authentication method and terminal equipment
CN110390212B (en) Supply monitoring method based on block chain and node device
US20070174618A1 (en) Information security apparatus and information security system
CN106452775A (en) Method and apparatus for accomplishing electronic signing and signing server
CN109711841B (en) Data transaction method and system, platform and storage medium
CN113169866A (en) Techniques to prevent collusion using simultaneous key distribution
CN105553654A (en) Key information query processing method and device and key information management system
CN112187741B (en) Login authentication method and device based on operation and maintenance audit system and electronic device
CN106470103B (en) Method and system for sending encrypted URL request by client
CN112241527B (en) Secret key generation method and system of terminal equipment of Internet of things and electronic equipment
US8774400B2 (en) Method for protecting data against differntial fault analysis involved in rivest, shamir, and adleman cryptography using the chinese remainder theorem
CN106656955A (en) Communication method and system and user terminal
CN110798322B (en) Operation request method, device, storage medium and processor
CN111667268B (en) Transaction method, node and system based on blockchain
CN112713989B (en) Decryption method and device
SE546290C2 (en) Applying a server partial secret key conditional on blocked status
CN110708155A (en) Copyright information protection method, copyright information protection system, copyright confirming method, copyright confirming device, copyright confirming equipment and copyright confirming medium
CN108550036B (en) Method, terminal and device for establishing security infrastructure
CN113315749B (en) User data uplink, user data using method, anonymous system and storage medium
Fugkeaw et al. Proxy-assisted digital signing scheme for mobile cloud computing
WO2023073041A1 (en) Hardware integrity control of an electronic device
CN117692137A (en) Dynamic key generation method and device and access method, device and system thereof