[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

US20080189554A1 - Method and system for securing communication between a host computer and a secure portable device - Google Patents

Method and system for securing communication between a host computer and a secure portable device Download PDF

Info

Publication number
US20080189554A1
US20080189554A1 US11/948,758 US94875807A US2008189554A1 US 20080189554 A1 US20080189554 A1 US 20080189554A1 US 94875807 A US94875807 A US 94875807A US 2008189554 A1 US2008189554 A1 US 2008189554A1
Authority
US
United States
Prior art keywords
instructions
agent
secure
host
host computer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/948,758
Inventor
Asad Ali
HongQian Karen Lu
Michael Montgomery
Apostol Vassilev
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales DIS USA Inc
Original Assignee
Gemalto Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemalto Inc filed Critical Gemalto Inc
Priority to US11/948,758 priority Critical patent/US20080189554A1/en
Assigned to GEMALTO INC reassignment GEMALTO INC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MONTGOMERY, MICHAEL, VASSILEV, APOSTOL, ALI, ASAD, LU, HONGQIAN KAREN
Publication of US20080189554A1 publication Critical patent/US20080189554A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/10Program control for peripheral devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB

Definitions

  • the present invention relates generally to provision of security services to Internet applications and more particularly to ensuring the security of communication between a secure portable device and a host computer wherein the secure portable device is engaged in communication with a remote server via the host computer.
  • Co-pending patent application Ser. No. 11/564,121 describes a system and method for providing secure communication between the secure portable device and a remote server.
  • the secure portable device is connected to a host computer.
  • the secure portable device for example, in non-volatile memory contains a card agent and a host agent.
  • the card agent and host agent is both a division of labor of security functionality, e.g., cryptography services, between the secure portable device and the host computer, and a mechanism for providing security in the communication to the remote server.
  • the level of security and efficiency are trade-offs in determining how to divide responsibilities between the card agent and host agent.
  • the more tasks that are placed on the host agent, which is executing on the host computer the higher the performance, but the lower the security as the host computer typically is not as secure as a secure device, but usually provides much more computing power and hence higher performance.
  • the card agent performs cryptography services such as digest computation and HMAC computation during security protocol handshake operations and application data exchange.
  • cryptography services such as digest computation and HMAC computation during security protocol handshake operations and application data exchange.
  • the security of the solution may be compromised if the host agent is compromised.
  • the security of the host agent and the way the host agent communicates with the secure portable device determines, to a significant extent, the security of the overall architecture.
  • the security of the host agent includes authenticity, integrity, and confidentiality of its runtime code.
  • the host agent runs in an insecure host computer environment, theoretically, while the host agent is loaded into the host computer from the secure device, after loading, the host agent may be compromised by being modified in the memory of the host computer. Because the secure communication between the host agent and card agent could be compromised by such tampering, it is desirable to avoid communication with a compromised host agent.
  • FIG. 1 is a block diagram illustrating an example scenario in which a smart card is used to access services on a remote server.
  • FIG. 2 is a block diagram illustrating a high-level view of the architecture of a smart card of FIG. 1 .
  • FIG. 3 is a block diagram illustrating the architectural organization of programs over the hardware components of the smart card FIG. 2 , including illustrating a host agent and card agent both stored in memory of the smart card.
  • FIG. 4 is a block diagram illustrating the loading of the host agent of FIG. 3 into Random Access Memory (RAM) of the host computer to which the smart card is connected.
  • RAM Random Access Memory
  • FIG. 5 is a block diagram illustrating logic modules of the card agent and host agent as stored on a smart card of FIG. 1 pertinent to securing the communication between the card agent and host agent.
  • FIG. 6 is a block diagram of the logic modules of a host agent and ancillary modules executing on the host computer pertinent to securing the communication between the card agent and host agent.
  • FIG. 7 is an exemplary memory layout illustrating embedding of a key in the host agent code and the memory values used to calculate a thumbprint of the host agent code.
  • FIG. 8 is a flow chart illustrating an example of the calculation of an initial session key (K SS ) and master secret key (K M ) and the spreading out those keys over specific locations in the host agent code.
  • FIG. 9 is a flow chart illustrating the recovery of the initial session key (K SS ) and master secret key (K M ) as stored in the host agent according to the figure of FIG. 8 .
  • FIG. 10 is a timing sequence diagram illustrating the message flow between the host agent and the card agent to verify the authenticity and integrity of the host agent, and to generate a new session key, K S .
  • FIG. 11 is an exemplary database table illustrating pre-stored expected thumbprint values for the host agent.
  • the database table is used by one embodiment of the card agent for storing expected thumbprint values and parameters used to calculate the expected thumbprint values.
  • a security device as described in co-pending patent application Ser. No. 11/564,121 provides a self-contained infrastructure that is automatically shared with a host computer to which the security device is connected.
  • the security device hereinafter, for illustrative purposes, a smart card, is configured to be connected, to a host computer using a standard peripheral connection and to behave as a device normally connected to such a standard peripheral connection.
  • the smart card communicates with the host computer using the communications protocol associated with the standard peripheral connection.
  • that connection is a Universal Serial Bus (USB) connection and the smart card appears to the host computer as a USB mass storage device.
  • the smart card communicates with the host computer using communications protocol such as the USB mass storage protocol.
  • communications protocol such as the USB mass storage protocol.
  • the card agent Upon connecting the security device to a host computer, a special program used for communication with the host computer, the card agent starts executing on the smart card.
  • the host agent stored on the smart card, is automatically launched on the host computer.
  • the host agent and card agent communicate over a special communications protocol for providing secure communications there between.
  • that special communications protocol is carried over the USB mass storage protocol.
  • USB mass storage protocol other communications protocols are possible alternatives for alternative embodiments.
  • Some examples include, but is not limited to APDU (as described in the ISO-7816 standard for communication between smart cards and other devices) including middleware stored on the host computer, Chip Card Interface Device (CCID) protocol with a CCID driver on the host computer, USB Human Interface Device (HID) protocol, and TCP/IP
  • a smart card By providing a standard hardware interface, one that is available on virtually every modern computer, and by communicating over a standard protocol, while providing the host agent and card agent functionality, a smart card according to the invention, may provide a hitherto unavailable advantage of providing the security functionality of a smart card without requiring any special hardware or software on the host computer.
  • a person carrying such a smart card may achieve the hitherto unavailable advantage of connecting that smart card to virtually any computer, e.g., one provided in a public place, a friend or co-worker's computer, or even, a totally untrusted computer, and achieve a secure communication between the smart card and a remote service.
  • Availability of such smart cards makes new uses of smart cards possible because there is no longer a requirement of a special card reader or middleware.
  • the card agent ensures the authenticity and integrity of the host agent, by periodically, for example, during key diversification, checking a thumbprint of a section of the host agent code, e.g., a hash computed over a specified section of host agent code.
  • FIG. 1 is a block diagram illustrating an example scenario in which a smart card is used to access services on a remote server.
  • a smart card 101 is connected to a host computer 103 using a standard connector 105 .
  • the host computer 103 is connected to a network 107 , e.g., the Internet.
  • a server computer 109 is connected.
  • a user 111 for example, the owner of the smart card 101 , wishes to access a service 113 provided by the server 109 .
  • the service 113 requires the user 111 to identify himself using a PIN.
  • the user 111 (or a service provider) has previously stored the user's PIN on the smart card 101 .
  • the user 111 cannot trust the host computer 103 , there is a risk that the host computer 103 would capture the PIN, if the user 111 merely types in the PIN using the keyboard of the computer 103 .
  • the user 111 can direct the smart card 101 to transmit the PIN directly to the remote service 113 . That is also problematic. Malware installed on the host computer 103 or elsewhere on the path between the smart card 101 and the remote service 113 may capture the PIN by snooping on the communication.
  • the PIN is securely transmitted to the remote service 113 over a secure communications channel, without requiring special hardware or software to be preinstalled on the remote server 109 , the host computer 103 , or anywhere along the path between the smart card 101 and the remote service 113 .
  • the smart card 101 may be a SIM card used in a mobile telephone; in which case, the host computer 103 would be such a mobile telephone.
  • the smart card 101 may also be substituted with other forms of secure portable devices, e.g., a USB token with a memory card and secure integrated circuit.
  • FIG. 1 shows a USB dongle form factor for the smart card 101 and corresponding interface device, that is also only for the purpose of illustration.
  • the embodiments described herein are applicable to any other smart card or secure memory form factor and corresponding interface devices, e.g., but not limited to, the traditional credit card sized smart card form factor used in conjunction with a smart card reader.
  • FIG. 2 is a block diagram illustrating a high-level view of the architecture of a smart card 101 .
  • the smart card 101 is equipped with a standard peripheral hardware connector 105 , e.g., a USB connector.
  • the smart card 101 contains a central processing unit 201 , a RAM 203 , and a non-volatile memory 205 . These components are connected via a bus 207 .
  • Also connected to the bus 207 are a communications hardware interface 209 for providing a connection between the bus 207 , and consequently, the CPU 201 , RAM 203 , and non-volatile memory 205 , and the connector 105 .
  • FIG. 3 is a block diagram illustrating the architectural organization of programs over the hardware components of the smart card 101 .
  • the hardware connection between the smart card 101 and the host computer 103 is achieved using the hardware connector 105 .
  • the communication on the hardware connection uses the USB mass storage protocol.
  • the CPU 201 executing an interface firmware module 227 , which is stored as firmware on the smart card 101 , manages that communication.
  • the interface firmware module 227 is located in the non-volatile memory 205 or in Read Only Memory (ROM).
  • ROM Read Only Memory
  • the interface firmware module 227 implements the USB mass storage protocol such that the host computer 103 perceives the smart card 101 to be a USB mass storage device.
  • the communication between the smart card 101 and the host computer 103 is performed according to other communications protocols.
  • the smart card 101 may enumerate at start up as another type of peripheral device, e.g., a CD ROM, in which case the interface firmware module 227 implements the appropriate communications protocol.
  • the non-volatile memory 205 of the smart card 101 contains three areas: a mass storage read-only partition 221 , a mass storage read-write partition 223 , and a secure read/write memory 225 .
  • the mass storage read-only partition 221 and the mass storage read-write partition 223 are accessible from external devices, e.g., the host computer 103 .
  • external devices e.g., host computer 103
  • the read-only partition may be written to by the CPU 201 of the smart card 101 , i.e., the read-only partition 203 is read-only with respect to external devices, but not necessarily to the smart card 101 .
  • the secure read/write memory 225 may not be accessed directly from external devices for either read or write operations. Because all interactions are managed by the interface firmware 227 , the interface firmware 227 can control access to various parts of the non-volatile memory 205 or files stored in the non-volatile memory 205 so that, for example, only the card agent 213 can access the secure data 215 (described herein below).
  • the mass storage read-only partition 221 contains public data 209 that may be accessed from any host computer 103 to which the smart card 101 may be connected.
  • the mass storage read-only partition 221 also contains a program, the host agent 211 , which is auto-launched on the host computer 103 when the smart card 101 is connected to the host computer 103 via the hardware connection 105 .
  • the USB mass storage standard provides that a USB mass storage device may include a trigger file called autorun.inf that is a script that automatically is executed when the device is connected to a host computer 103 .
  • the host agent 211 is visible from the file browser of the host computer's 103 operating system.
  • a user 111 launches the host agent 211 manually, for example, by clicking on the icon corresponding to the host agent 211 in the file browser.
  • Table I is a code example of one possible autorun.inf file to launch the host agent 211 on the Microsoft Windows Application Program Interface known as Win32:
  • the operating system e.g., Microsoft Windows
  • the secure read/write memory 225 contains a module called the card agent 213 .
  • the smart card 101 is configured such that, when the smart card 101 is connected to a host computer 103 , i.e., when a USB connection has been established between the smart card 101 and the host computer 103 , the CPU 201 launches (i.e., executes) the card agent 213 .
  • the card agent 213 is the only program through which certain secure data 215 may be accessed.
  • USB mass storage device is used to store data files.
  • USB memory sticks are one example of a USB mass storage device.
  • a USB memory stick functions as a very compact and easily transportable non-volatile storage device. A user uses such a device to store data files.
  • the mass storage files are files with public access that are exposed by the smart card 101 and accessible from the host computer 103 .
  • the host agent 211 has direct access to these files. Examples of these files can be HTML, image, JavaScript, CSS files, as well as public key certificates. All files accessible through the mass storage interface are read-only files for the host computer 103 .
  • the only exception is a set of communications files 217 in the mass storage read-write partition 223 ; for example, according to one embodiment of the invention, the communication channel between the host agent 211 and the card agent 213 is based on mass storage files. These files are read-write files.
  • the card agent 213 and host agent 211 when the host agent 211 is executing on the host computer 103 , the card agent 213 and host agent 211 writes communication data files 217 in the mass storage read-write partition 223 .
  • the nature of that communication is described in greater detail herein below.
  • FIG. 4 is a block diagram illustrating the loading of the host agent 211 into the RAM 403 of the host computer 103 .
  • the CPU 401 of the host computer 103 then executes the host agent 211 .
  • the host agent 211 communicates with the card agent 213 , which is loaded in the RAM 203 of the smart card 101 and executed by the CPU 201 of the smart card 101 .
  • the card agent 213 has access to private files 215 for certain calculations, providing services to the host agent 211 . Communication between the host agent 211 and the card agent 213 is performed via the host-side USB mass storage interface 405 a and the smart card-side USB mass storage interface 405 b (collectively, 405 ).
  • the architecture illustrated in FIGS. 1-4 provides a framework in which a smart card 101 can provide security and convenience of services for Internet applications.
  • the components involved rely solely on the USB mass storage interface for connectivity and do not require the smart card 101 to implement networking protocols, such as TCP/IP, DHCP server, or DNS server, in order to provide services.
  • the architecture avoids the burden of implementing a network communications stack, DHCP server, or a DNS server on the smart card 101 .
  • the smart card 101 may include the following components:
  • the smart card 101 enumerates as a USB mass storage device and contains a private file system 215 .
  • the components used for providing security services may be split between the host computer 103 and the smart card 101 . These components are divided between the smart card 101 and the host computer 103 into two main logical pieces, namely, those provided by the host agent 211 and those provided by the card agent 213 . All functionality provided by connecting the smart card 101 is contained in these two main components, divided judiciously to suit a particular preference for security vs. performance trade-off.
  • the host agent 211 and the card agent 213 communicate with each other using a mass storage interface as an I/O channel. In one embodiment, the communication is encrypted by the host agent 211 and the card agent 213 to prevent access by a third party along a communications path from the smart card 101 to the host computer 103 or a remote server 109 .
  • the actual division of workload between host agent 211 and card agent 213 is driven by the security versus performance considerations.
  • the card agent 213 contains implementation of all the security components provided through the smart card 101 and the host agent 211 merely acts as a thin proxy. That solution is a very secure solution but may not have acceptable performance for certain classes of applications.
  • the host computer 103 On the other end of the spectrum all features are run on the host computer 103 . That solution has excellent performance characteristics but offers little in way of security.
  • the architecture provided herein offers flexibility in defining the right balance between security and performance.
  • One embodiment is described herein below as one possible example of a division of tasks between the card agent 213 and the host agent 211 where performance is significantly improved with very little compromise in regard to security.
  • the communication between the host agent 211 and the card agent 213 is secured by a shared session key, K S .
  • the shared session key, K S is initialized from an initial shared session key, K SS , or shared master secret key, K M .
  • FIG. 5 is a block diagram illustrating the architectural arrangement of various modules stored in the smart card NVM 205 .
  • the host agent 211 is stored in the NVM 205 and is loaded by the host computer 103 from the mass storage portion 221 of the smart card 101 .
  • the smart card processor On each read access by a host computer 103 of the host agent 211 binary from the mass storage partition 221 of the smart card 101 , the smart card processor generates a random key, shared master secret key, K M , of desired length and writes to a specific NVM 205 memory location allocated for this purpose inside the host agent binary 211 . Because the host agent 211 is stored in the NVM 205 of the smart card 101 it is possible to write the master secret key, K M , into the host agent 211 even though the host agent 211 is actually executed by the host computer 103 .
  • the master secret key, K M may be used as an initial value of a session key, K S .
  • two random numbers, an initial session key, K SS , and the master secret key, K M may be generated and written into the host agent 211 code.
  • the second alternative (with a separate master secret key, K M , and an initial session key, K SS ) is primarily described herein.
  • the initial keys, master secret key, K M , or K M and the initial session key, K SS are generated on each smart card 101 reset, typically occurring on each power up, e.g., on smart card 101 insertion.
  • the card agent 213 includes a start-up module 501 that is executed upon each power up of the token.
  • the start-up module 501 includes a master key generator 503 that computes a random key of desired length and a master key embeddor module 505 that writes the master secret key, K M , into the appropriate location 507 in the host agent code 211 .
  • the start-up module 501 also generates the initial session key, K SS
  • the embeddor module 505 also writes the initial session key, K SS , into an appropriate location 508 in the host agent 213 code.
  • the master key generator 503 may simply be a call in the start up module 501 to an external function, e.g., a function of the crypto services module 509 or the smart card 101 .
  • the master key generator 503 also may call upon the crypto services module 509 to store the master secret key, K M , and session key, K S , in memory locations 511 and 513 that are under control of the crypto services module 509 .
  • the communication between the host agent 211 and the card agent 213 is further secured by periodically refreshing the session key, K S , through a process known as key diversification.
  • Key diversification is a process in which a new key is generated from the master secret key, K M , and a random number, and in one embodiment is performed by a key diversification module 515 .
  • the key diversification process uses message transmission between the host agent 211 executing on the host computer 103 and the card agent 213 executing on the smart card 101 .
  • the smart card NVM 205 includes some I/O services 517 for receiving and sending messages.
  • the card agent 213 may include modules or other code for managing the reception of messages, e.g., a message receiver module 519 , and for transmitting messages, e.g., a message transmitter module 521 .
  • the receiver module 519 may simply be logic to determine that nature of an incoming message and logic to route the message internally for appropriate processing, e.g., key diversification.
  • the card agent 213 and host agent 211 use hmac_SHA1 to compute the new key from the master secret key, K M , and additional random data.
  • the master secret key, K M is the key for hmac_SHA1 whereas the random value is the input text.
  • the message can carry information needed by the encryption algorithm used to secure communication between the smart card 101 and the host computer 103 , e.g., for the DES CBC algorithm an initialization vector is carried as the message text. In that example, the resulting 20 bytes, the first 8 bytes form the new key and the second 8 bytes form the initialization vector (IV) for the DES CBC algorithm.
  • the session key, K S is diversified while the smart card 101 is in use. Key diversification prevents the session key, K S , from being stale and susceptible to brute force attacks.
  • the negotiation of an update of the session key, K S uses knowledge of the master secret key, K M , which is shared between the card agent 213 and host agent 211 through a secret obfuscation technique described in greater detail below.
  • the master secret key, K M persists only for one token-insertion session and is used only for session key, K S , update.
  • K S protects the information stored on the smart card 101 from third party impostors because even if a malicious third party breaks the secure connection between host agent 211 and card agent 213 , the third party's success is of limited risk to the smart card 101 security because the third party cannot gain advantage in guessing the next session key K S .
  • the card agent 213 initiates key diversification.
  • the host agent 211 triggers the key renewal sequence with a RenewKey request.
  • the host agent 211 determines a desire to update the session key, K S , the host agent 211 transmits a request to that effect to the card agent 213 .
  • one aspect of key diversification 515 includes checking a thumbprint of the host agent 211 code.
  • the card agent 213 includes a thumbprint checker 523 that requests thumbprints 525 , verifies the thumbprint against a thumbprint database 527 , and controls access 531 based on the result of the verification. The operations of these modules or the logic to perform these functions are described below.
  • FIG. 6 is a block diagram illustrating one possible architecture for the host agent 211 and host computer 103 services that the host agent 211 uses.
  • the host agent 211 has an analogous architecture to that of the card agent 213 . While the card agent 213 has modules to generate and store a master secret key, K M , in the host agent 211 , the host agent 211 has corresponding code to extract the master secret key, K M , e.g., a master key extractor module 601 , code to compute a specified thumbprint over the code of the host agent 211 , e.g., a thumbprint calculator 603 , and code to calculate a new session key, K S , based on input received from the card agent 213 .
  • K M master secret key
  • the master key extractor 601 in one embodiment, relies on the crypto services 607 of the host computer 103 , to store the master secret key, K M , and the session key, K S , in memory locations 609 and 611 that are managed by the crypto services 607 .
  • the host agent 211 may have code for receiving and transmitting messages, e.g., message receiver 613 and message transmitter 615 , respectively, via the I/O services 617 provided by the host computer 103 .
  • K M the card agent 211 and host agent 213 may employ various obfuscation techniques.
  • the card and host agents 213 and 211 must utilize redundancy and thereby secrecy in exchanging session key, K S , and master secret key, K M , through the NVM of the executable code of the host agent 211 . If the session key, K S , and master secret key, K M , are N-bytes long, the smart card 101 must update a buffer B of M-bytes in the executable code, where
  • the information about the real N-bytes of initial session key, K SS , and master secret key, K M is encoded in the M-bytes and in the logic of an algorithm capable of restoring initial session key, K SS , and master secret key, K M , from B.
  • the algorithm must be secret and its implementation obfuscated. In one embodiment, the value of M should be on the order of
  • the smart card 101 should fill it up with random data and then overwrite the initial session key, K SS , and master secret key, K M , bytes as indicated below.
  • the host agent 211 starts master secret key, K M , recovery at an offset from the beginning of B determined by the first byte.
  • the host agent 211 reads every i-th byte, starting at the offset specified by the first byte in B.
  • i is a step increment determined by the last byte in B.
  • increment k is likely also to be a small number. If q is the number of bits needed to encode it, the remaining 8-q bits in the last byte should be set to random values.
  • the card agent 213 may spread out the master secret key, K M , over a block of the host agent 211 binary code starting at a particular location of the host agent 211 binary code so that only every i-th byte of that block of code actually is used to store master secret key, K M , e.g., every-other byte or every fifth byte in a block of memory.
  • the actual number of bytes may also be a variable parameter defining the master secret key, K M .
  • the card agent 213 may write the master secret key, K M , as every-other byte for a total of 8 bytes starting at memory location 0020 .
  • FIG. 7 is an exemplary memory layout of the host agent code 211 .
  • the example of FIG. 7 is not an actual example of host agent 211 code. Rather FIG. 7 presents randomly selected hexadecimal values in the various memory locations for purposes of illustration. Furthermore, the example code illustrated in FIG. 7 is very short in comparison to what one would expect of an actual implementation of the host agent 211 .
  • the master secret key, K M starts at memory location 0020 , has a length of 8 bytes, and is written as every-other byte, i.e., the increment i is 2.
  • the master secret key, K M , 507 has the value FA021787141670CA.
  • the starting location of the master secret key, K M , and the increment i may be obscured by not writing their full information in the memory locations that define these parameters. For example, if the offset at which the master secret key, K M , is known to not exceed 31 (0x1F) the offset could be written over five bits the remaining three bits random. Similarly, if the increment i is known to never exceed the value 7 only three bits are required to encode this information. The remaining bits of the bytes in which the offset and the increment i are stored may be randomized. Thus, if the last five bits of the first are used for storing the offset 0020 (of the example of FIG. 7 ), for example, the values 0x14 (0x0001 0100), 0x54 (0x0101 0100), and 0xF4 (0b1111 0100) could be used to store the offset value of 20.
  • the last byte should have a value that fits the pattern 0brrrr r010 so that the last three bits have the value 2.
  • One possible value is 0xFE (0b1111 1010).
  • K SS initial session key
  • K M master secret key
  • K M initial master secret key
  • K SS initial session key
  • FIG. 8 is a flow chart illustrating the steps of writing the initial session key, K SS and master secret key, K M , into the host agent 211 code.
  • the buffer B that may hold the initial session key, K SS , and the master secret key, K M , is initialized with random data, step 801 .
  • the card agent 213 e.g., the master key generator code 503 , generates a master secret key, K M , value to be used during the current session, step 803 .
  • the host agent 211 is reloaded into the host computer 103 memory on each new session, e.g., on each new insertion of the smart card 101 into the host computer 103 .
  • a new master secret key, K M (and initial session key, K SS ) is generated for each such session.
  • the initial value for the initial session key, K SS is then written into the buffer B at a specific offset O and spread out by an increment k, step 805 .
  • the master secret key, K M is written beginning at a specific offset C and spread out by an increment i, step 807 .
  • FIG. 9 is a flow-chart illustrating the converse steps taken by the host agent 211 , e.g., master key extractor 601 , to recover the initial session key, K SS , and the value for master secret key, K M .
  • the host agent 211 e.g., master key extractor 601
  • the initial session key, K SS is read by reading every k-th byte in B beginning at the offset O, step 903 .
  • the master secret key, K M is read by reading every i-th byte in B beginning at the offset C, step 905 .
  • the initial value for initial session key, K SS is the value master secret key, K M , in which case steps 805 and 903 are not performed.
  • FIG. 10 is a timing sequence diagram illustrating the steps of performing the key diversification in the context of a communications session between the host computer 103 and the smart card 101 .
  • the start up module 501 of the card agent 213 embeds master secret key, K M , and an initial value for session key, K S into the host agent 211 code as described herein above in conjunction with FIGS. 7 and 8 .
  • the host agent 211 may be transmitted to the host computer 103 , step 153 . This would usually be performed by executing the host agent 211 from the memory of the smart card 101 because the smart card 101 has enumerated itself as a USB mass storage device.
  • the smart card 101 is like any other USB mass storage device and the host computer 103 may execute programs stored thereon.
  • the host agent 211 extracts the master secret key, K M , and initial session key, K SS , from the host agent 211 code, step 155 , in the manner discussed in conjunction with FIG. 9 , and uses the initial session key, K SS , to initialize the session key, K S .
  • the communication between the smart card 101 and the host computer 103 can now be secured using the session key, K S .
  • the communication of messages between the smart card 101 and the host computer 103 are encrypted using session key, K S .
  • the host agent 211 may request that session key, K S be updated. This may be triggered by any number of events, e.g., time-based, particular instructions or operations attempted, step 157 .
  • the host agent 211 then transmits a request for a new session key, K S , value to the card agent 213 , step 159 .
  • the message notation sent with the request contains no data.
  • the card agent 213 initiates the exchange of a new session key, K S .
  • the card agent To compute a new session key, K S , the card agent performs a series of steps 161 :
  • the AskThumb request bearing the random number and the index is transmitted by the card agent 213 to the host agent 211 , step 163 .
  • steps 165 In response the host agent 211 performs a number of steps to transmit the requested thumbprint of the host agent 211 code, steps 165 :
  • Computing a thumbprint may be performed in several different ways.
  • One way is to use a specific function, e.g., SHA-1.
  • Another is to have a number of different functions. In the latter case, the message may indicate a function number to use to calculate the thumbprint.
  • the card agent 213 may have several different thumbprints for the host agent 211 stored in a thumbprint database 527 .
  • a sample thumbprint database 527 is illustrated in FIG. 11 .
  • Each row in the table represents a different thumbprint taken on the host agent 211 code.
  • the table contains a thumbprint number to index in the table 527 .
  • Each row also contains an index field to indicate an offset in the host agent 211 code to begin the thumbprint computation, a length over which the thumbprint is to be computed, the function to use to compute the thumbprint on the data found at the offset given the length, and finally, the expected value for the thumbprint.
  • the index is 10
  • the function is function number 1
  • the expected result is A3F0.
  • the actual length of the thumbprint depends on the algorithm used and generally would be longer than two bytes.
  • the card agent 213 has transmitted an indication to start a SHA-1 computation on the host agent 211 code the 16 bytes beginning at byte 0004 and ending at byte 0013 , the host agent 211 would perform the SHA-1 computation 701 over those bytes and produce a result 703 .
  • the host agent 211 encrypts the thumbprint with the host agent new key K′ new , step 167 , and transmits that result to the card agent 213 , step 169 .
  • the card agent 213 When the card agent 213 receives the TellThumb message from the host agent 211 , the card agent 213 computes the received thumbprint (Thumb) by decrypting the received message using the new symmetric key as computed by the card agent 213 , i.e., K new , step 171 .
  • the card agent 213 Having decrypted the thumbprint (Thumb), the card agent 213 compares this thumbprint with a pre-computed value stored in a thumbprint table at the offset Idx, step 173 . If this check verifies that the computed thumbprint received from the host agent 211 matches the expected thumbprint, the card agent 213 validates both the thumbprint and that the host agent 211 and the card agent 213 new keys are consistent and the card agent 213 sets session key, K S to equal K new . If thumbprint check fails, in one embodiment no diagnostics are performed as doing so may cause other security issues.
  • the card agent 213 sends an OK status to the host agent 211 or in the case the thumbprint check fails, the card agent 213 only sends a KO status to the host agent, message 175 . In both case, all internal state variables used in the key renewal sequence are cleared.
  • the host agent 211 If the host agent 211 receives an OK status, the host agent 211 also replaces the old session key, K S , with its new one, step 177 . If the host agent 211 receives a KO status, the host agent 211 does not replace the value of session key, K S . Rather, communication with the smart card 101 has been terminated and, in one embodiment, an appropriate message is transmitted to the calling function, e.g., a host computer 103 application program that is accessing the smart card 101 .
  • the calling function e.g., a host computer 103 application program that is accessing the smart card 101 .
  • the host agent 211 clears all internal state variables used in the key renewal sequence.
  • a certain number of retries are allowed by the card agent 213 after which the communication is terminated.
  • the request for and computation of a thumbprint of the host agent 211 further ensures the authenticity and integrity of the host agent 211 thereby improving the security aspects of the use of a smart card 101 as described herein.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Systems (AREA)
  • Bus Control (AREA)
  • Storage Device Security (AREA)

Abstract

A secure portable electronic device for providing secure services when used in conjunction with a host computer having a central processing unit. The secure portable device communicates with the host computer via a host agent program executing on the host computer from the secure portable device. Periodically, the host agent and a corresponding program executing on the secure portable device, cooperate to verify the integrity and authenticity of the host agent program, for example, in conjunction with exchanging a new session key. Other systems and methods are disclosed.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application is a non-provisional application claiming priority from provisional application 60/888,288 filed on Feb. 5, 2007 the teachings of which are incorporated by reference herein as if reproduced in full below. This application is related to U.S. patent application Ser. No. 11/564,121 filed on Nov. 28, 2006
    • BACKGROUND OF THE INVENTION
  • The present invention relates generally to provision of security services to Internet applications and more particularly to ensuring the security of communication between a secure portable device and a host computer wherein the secure portable device is engaged in communication with a remote server via the host computer.
  • Co-pending patent application Ser. No. 11/564,121 describes a system and method for providing secure communication between the secure portable device and a remote server. In that system the secure portable device is connected to a host computer. The secure portable device, for example, in non-volatile memory contains a card agent and a host agent. The card agent and host agent is both a division of labor of security functionality, e.g., cryptography services, between the secure portable device and the host computer, and a mechanism for providing security in the communication to the remote server.
  • The level of security and efficiency are trade-offs in determining how to divide responsibilities between the card agent and host agent. The more tasks that are placed on the card agent, which is executing on the secure device, the higher the security but the lower the performance as typically secure devices are more secure than host computers but do not provide as high performance. On the other hand, the more tasks that are placed on the host agent, which is executing on the host computer, the higher the performance, but the lower the security as the host computer typically is not as secure as a secure device, but usually provides much more computing power and hence higher performance.
  • Therefore, in one division of labor between the card agent and host agent, the latter performs cryptography services such as digest computation and HMAC computation during security protocol handshake operations and application data exchange. This is a performance gain over performing these operations on the secure device in that secure portable devices, e.g., smart cards, typically do not have crypto accelerators for hashing.
  • However, placing any of the security operations on the host computer via the host agent increases the security risk. The security of the solution may be compromised if the host agent is compromised. The security of the host agent and the way the host agent communicates with the secure portable device determines, to a significant extent, the security of the overall architecture. The security of the host agent includes authenticity, integrity, and confidentiality of its runtime code.
  • Because the host agent runs in an insecure host computer environment, theoretically, while the host agent is loaded into the host computer from the secure device, after loading, the host agent may be compromised by being modified in the memory of the host computer. Because the secure communication between the host agent and card agent could be compromised by such tampering, it is desirable to avoid communication with a compromised host agent.
  • From the foregoing it will be apparent that there is a need for an improved method to ensure the integrity and authenticity of the host agent as the host agent participates in providing secure communication between a secure portable device and remote servers over a computer network.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a block diagram illustrating an example scenario in which a smart card is used to access services on a remote server.
  • FIG. 2 is a block diagram illustrating a high-level view of the architecture of a smart card of FIG. 1.
  • FIG. 3 is a block diagram illustrating the architectural organization of programs over the hardware components of the smart card FIG. 2, including illustrating a host agent and card agent both stored in memory of the smart card.
  • FIG. 4 is a block diagram illustrating the loading of the host agent of FIG. 3 into Random Access Memory (RAM) of the host computer to which the smart card is connected.
  • FIG. 5 is a block diagram illustrating logic modules of the card agent and host agent as stored on a smart card of FIG. 1 pertinent to securing the communication between the card agent and host agent.
  • FIG. 6 is a block diagram of the logic modules of a host agent and ancillary modules executing on the host computer pertinent to securing the communication between the card agent and host agent.
  • FIG. 7 is an exemplary memory layout illustrating embedding of a key in the host agent code and the memory values used to calculate a thumbprint of the host agent code.
  • FIG. 8 is a flow chart illustrating an example of the calculation of an initial session key (KSS) and master secret key (KM) and the spreading out those keys over specific locations in the host agent code.
  • FIG. 9 is a flow chart illustrating the recovery of the initial session key (KSS) and master secret key (KM) as stored in the host agent according to the figure of FIG. 8.
  • FIG. 10 is a timing sequence diagram illustrating the message flow between the host agent and the card agent to verify the authenticity and integrity of the host agent, and to generate a new session key, KS.
  • FIG. 11 is an exemplary database table illustrating pre-stored expected thumbprint values for the host agent. The database table is used by one embodiment of the card agent for storing expected thumbprint values and parameters used to calculate the expected thumbprint values.
    •  DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • In the following detailed description, reference is made to the accompanying drawings that show, by way of illustration, specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention. It is to be understood that the various embodiments of the invention, although different, are not necessarily mutually exclusive. For example, a particular feature, structure, or characteristic described herein in connection with one embodiment may be implemented within other embodiments without departing from the spirit and scope of the invention. In addition, it is to be understood that the location or arrangement of individual elements within each disclosed embodiment may be modified without departing from the spirit and scope of the invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is defined only by the appended claims, appropriately interpreted, along with the full range of equivalents to which the claims are entitled. In the drawings, like numerals refer to the same or similar functionality throughout the several views.
  • A security device as described in co-pending patent application Ser. No. 11/564,121. Ser. No. 11/564,121 provides a self-contained infrastructure that is automatically shared with a host computer to which the security device is connected. The security device, hereinafter, for illustrative purposes, a smart card, is configured to be connected, to a host computer using a standard peripheral connection and to behave as a device normally connected to such a standard peripheral connection. The smart card communicates with the host computer using the communications protocol associated with the standard peripheral connection.
  • In one embodiment, that connection is a Universal Serial Bus (USB) connection and the smart card appears to the host computer as a USB mass storage device. As such, the smart card communicates with the host computer using communications protocol such as the USB mass storage protocol. Upon connecting the security device to a host computer, a special program used for communication with the host computer, the card agent starts executing on the smart card. Next, another special program, the host agent, stored on the smart card, is automatically launched on the host computer. The host agent and card agent communicate over a special communications protocol for providing secure communications there between. In one embodiment, that special communications protocol is carried over the USB mass storage protocol.
  • While the communication between a host computer and a smart card is described herein using the USB mass storage protocol other communications protocols are possible alternatives for alternative embodiments. Some examples include, but is not limited to APDU (as described in the ISO-7816 standard for communication between smart cards and other devices) including middleware stored on the host computer, Chip Card Interface Device (CCID) protocol with a CCID driver on the host computer, USB Human Interface Device (HID) protocol, and TCP/IP
  • By providing a standard hardware interface, one that is available on virtually every modern computer, and by communicating over a standard protocol, while providing the host agent and card agent functionality, a smart card according to the invention, may provide a hitherto unavailable advantage of providing the security functionality of a smart card without requiring any special hardware or software on the host computer. Thus, a person carrying such a smart card may achieve the hitherto unavailable advantage of connecting that smart card to virtually any computer, e.g., one provided in a public place, a friend or co-worker's computer, or even, a totally untrusted computer, and achieve a secure communication between the smart card and a remote service. Availability of such smart cards makes new uses of smart cards possible because there is no longer a requirement of a special card reader or middleware.
  • Security of the overall solution is further enhanced by ensuring the authenticity and integrity of the host agent. The card agent ensures the authenticity and integrity of the host agent, by periodically, for example, during key diversification, checking a thumbprint of a section of the host agent code, e.g., a hash computed over a specified section of host agent code.
    • 1. Introduction
  • FIG. 1 is a block diagram illustrating an example scenario in which a smart card is used to access services on a remote server. A smart card 101 is connected to a host computer 103 using a standard connector 105. The host computer 103, in turn, is connected to a network 107, e.g., the Internet. At a remote location on the network 107, a server computer 109 is connected. A user 111, for example, the owner of the smart card 101, wishes to access a service 113 provided by the server 109. Consider, as an example, that the service 113 requires the user 111 to identify himself using a PIN. The user 111 (or a service provider) has previously stored the user's PIN on the smart card 101. If the user 111 cannot trust the host computer 103, there is a risk that the host computer 103 would capture the PIN, if the user 111 merely types in the PIN using the keyboard of the computer 103. Alternatively, the user 111 can direct the smart card 101 to transmit the PIN directly to the remote service 113. That is also problematic. Malware installed on the host computer 103 or elsewhere on the path between the smart card 101 and the remote service 113 may capture the PIN by snooping on the communication.
  • As will be discussed in greater detail below, in one embodiment of the invention, the PIN is securely transmitted to the remote service 113 over a secure communications channel, without requiring special hardware or software to be preinstalled on the remote server 109, the host computer 103, or anywhere along the path between the smart card 101 and the remote service 113.
  • While the discussion herein, for purposes of providing an illustrative example, is directed to the use of a smart card 101 with a host computer 103, many alternatives exist. For example the smart card 101 may be a SIM card used in a mobile telephone; in which case, the host computer 103 would be such a mobile telephone. The smart card 101 may also be substituted with other forms of secure portable devices, e.g., a USB token with a memory card and secure integrated circuit. It should also be noted that while the illustration of FIG. 1 shows a USB dongle form factor for the smart card 101 and corresponding interface device, that is also only for the purpose of illustration. The embodiments described herein are applicable to any other smart card or secure memory form factor and corresponding interface devices, e.g., but not limited to, the traditional credit card sized smart card form factor used in conjunction with a smart card reader.
  • FIG. 2 is a block diagram illustrating a high-level view of the architecture of a smart card 101. As illustrated in FIG. 1, the smart card 101 is equipped with a standard peripheral hardware connector 105, e.g., a USB connector. The smart card 101 contains a central processing unit 201, a RAM 203, and a non-volatile memory 205. These components are connected via a bus 207. Also connected to the bus 207 are a communications hardware interface 209 for providing a connection between the bus 207, and consequently, the CPU 201, RAM 203, and non-volatile memory 205, and the connector 105.
  • FIG. 3 is a block diagram illustrating the architectural organization of programs over the hardware components of the smart card 101. The hardware connection between the smart card 101 and the host computer 103 is achieved using the hardware connector 105. The communication on the hardware connection uses the USB mass storage protocol. The CPU 201, executing an interface firmware module 227, which is stored as firmware on the smart card 101, manages that communication. As such, the interface firmware module 227 is located in the non-volatile memory 205 or in Read Only Memory (ROM). The interface firmware module 227 implements the USB mass storage protocol such that the host computer 103 perceives the smart card 101 to be a USB mass storage device.
  • In alternative embodiments, the communication between the smart card 101 and the host computer 103 is performed according to other communications protocols. For example, the smart card 101 may enumerate at start up as another type of peripheral device, e.g., a CD ROM, in which case the interface firmware module 227 implements the appropriate communications protocol.
  • The non-volatile memory 205 of the smart card 101 contains three areas: a mass storage read-only partition 221, a mass storage read-write partition 223, and a secure read/write memory 225. The mass storage read-only partition 221 and the mass storage read-write partition 223 are accessible from external devices, e.g., the host computer 103. However, while external devices, e.g., host computer 103, can write to the read-write partition 205, in one embodiment, the read-only partition may be written to by the CPU 201 of the smart card 101, i.e., the read-only partition 203 is read-only with respect to external devices, but not necessarily to the smart card 101. Conversely, the secure read/write memory 225 may not be accessed directly from external devices for either read or write operations. Because all interactions are managed by the interface firmware 227, the interface firmware 227 can control access to various parts of the non-volatile memory 205 or files stored in the non-volatile memory 205 so that, for example, only the card agent 213 can access the secure data 215 (described herein below).
  • The mass storage read-only partition 221 contains public data 209 that may be accessed from any host computer 103 to which the smart card 101 may be connected. The mass storage read-only partition 221 also contains a program, the host agent 211, which is auto-launched on the host computer 103 when the smart card 101 is connected to the host computer 103 via the hardware connection 105. The USB mass storage standard provides that a USB mass storage device may include a trigger file called autorun.inf that is a script that automatically is executed when the device is connected to a host computer 103. Alternatively, the host agent 211 is visible from the file browser of the host computer's 103 operating system. A user 111 launches the host agent 211 manually, for example, by clicking on the icon corresponding to the host agent 211 in the file browser. Table I is a code example of one possible autorun.inf file to launch the host agent 211 on the Microsoft Windows Application Program Interface known as Win32:
  • TABLE 1
    Example Autorun.inf to launch the host agent 211.
    [autorun]
    shellexecute=hagent_r.exe
    action=Launch the Network Card Host Agent
    label=NetCard Host
    UseAutoPlay=0
  • When a user 111 inserts the smart card 101 into the appropriate slot on a host computer 103, the operating system (e.g., Microsoft Windows) displays a dialog box allowing the user 111 to select the action “Launch the Network Card Host Agent”. If the user 111 accepts that action, the host agent 211 (“hagent_r.exe” in the example code) is executed by the host computer 103.
  • The secure read/write memory 225 contains a module called the card agent 213. The smart card 101 is configured such that, when the smart card 101 is connected to a host computer 103, i.e., when a USB connection has been established between the smart card 101 and the host computer 103, the CPU 201 launches (i.e., executes) the card agent 213. As described in greater detail below, in one embodiment, the card agent 213 is the only program through which certain secure data 215 may be accessed.
  • Typically a USB mass storage device is used to store data files. USB memory sticks are one example of a USB mass storage device. A USB memory stick functions as a very compact and easily transportable non-volatile storage device. A user uses such a device to store data files.
  • The mass storage files are files with public access that are exposed by the smart card 101 and accessible from the host computer 103. The host agent 211 has direct access to these files. Examples of these files can be HTML, image, JavaScript, CSS files, as well as public key certificates. All files accessible through the mass storage interface are read-only files for the host computer 103. The only exception is a set of communications files 217 in the mass storage read-write partition 223; for example, according to one embodiment of the invention, the communication channel between the host agent 211 and the card agent 213 is based on mass storage files. These files are read-write files.
  • Thus, to achieve a communication according to the USB mass storage protocol between the card agent 213 and the host agent 211, when the host agent 211 is executing on the host computer 103, the card agent 213 and host agent 211 writes communication data files 217 in the mass storage read-write partition 223. The nature of that communication is described in greater detail herein below.
  • FIG. 4 is a block diagram illustrating the loading of the host agent 211 into the RAM 403 of the host computer 103. The CPU 401 of the host computer 103, then executes the host agent 211. The host agent 211 communicates with the card agent 213, which is loaded in the RAM 203 of the smart card 101 and executed by the CPU 201 of the smart card 101. The card agent 213 has access to private files 215 for certain calculations, providing services to the host agent 211. Communication between the host agent 211 and the card agent 213 is performed via the host-side USB mass storage interface 405 a and the smart card-side USB mass storage interface 405 b (collectively, 405).
  • The architecture illustrated in FIGS. 1-4 provides a framework in which a smart card 101 can provide security and convenience of services for Internet applications. In one embodiment, the components involved rely solely on the USB mass storage interface for connectivity and do not require the smart card 101 to implement networking protocols, such as TCP/IP, DHCP server, or DNS server, in order to provide services. The architecture avoids the burden of implementing a network communications stack, DHCP server, or a DNS server on the smart card 101. In one class of solutions using a smart card 101, as described herein, dealing with authentication and secure Internet access, the smart card 101 may include the following components:
      • An interface capable of enumerating as a USB mass storage device and an internal secure file system.
      • SSL/TLS library, in client and server mode
      • OATH, etc. for OTP
      • HTTPS web server
      • HTTPS agent
      • Application programs
  • The smart card 101 enumerates as a USB mass storage device and contains a private file system 215. The components used for providing security services may be split between the host computer 103 and the smart card 101. These components are divided between the smart card 101 and the host computer 103 into two main logical pieces, namely, those provided by the host agent 211 and those provided by the card agent 213. All functionality provided by connecting the smart card 101 is contained in these two main components, divided judiciously to suit a particular preference for security vs. performance trade-off. The host agent 211 and the card agent 213 communicate with each other using a mass storage interface as an I/O channel. In one embodiment, the communication is encrypted by the host agent 211 and the card agent 213 to prevent access by a third party along a communications path from the smart card 101 to the host computer 103 or a remote server 109.
  • The actual division of workload between host agent 211 and card agent 213 is driven by the security versus performance considerations. On one end of the security/performance spectrum, the card agent 213 contains implementation of all the security components provided through the smart card 101 and the host agent 211 merely acts as a thin proxy. That solution is a very secure solution but may not have acceptable performance for certain classes of applications. On the other end of the spectrum all features are run on the host computer 103. That solution has excellent performance characteristics but offers little in way of security. The architecture provided herein offers flexibility in defining the right balance between security and performance. One embodiment is described herein below as one possible example of a division of tasks between the card agent 213 and the host agent 211 where performance is significantly improved with very little compromise in regard to security.
  • As is described in the co-pending patent application Ser. No. 11/564,121, the communication between the host agent 211 and the card agent 213 is secured by a shared session key, KS. The shared session key, KS, is initialized from an initial shared session key, KSS, or shared master secret key, KM.
  • FIG. 5 is a block diagram illustrating the architectural arrangement of various modules stored in the smart card NVM 205. As discussed hereinabove and described in the co-pending patent application Ser. No. 11/564,121, the host agent 211 is stored in the NVM 205 and is loaded by the host computer 103 from the mass storage portion 221 of the smart card 101.
  • On each read access by a host computer 103 of the host agent 211 binary from the mass storage partition 221 of the smart card 101, the smart card processor generates a random key, shared master secret key, KM, of desired length and writes to a specific NVM 205 memory location allocated for this purpose inside the host agent binary 211. Because the host agent 211 is stored in the NVM 205 of the smart card 101 it is possible to write the master secret key, KM, into the host agent 211 even though the host agent 211 is actually executed by the host computer 103. The master secret key, KM, may be used as an initial value of a session key, KS. Alternatively, two random numbers, an initial session key, KSS, and the master secret key, KM, may be generated and written into the host agent 211 code. For sake of simplifying the discussion, the second alternative (with a separate master secret key, KM, and an initial session key, KSS) is primarily described herein. For either alternative, in a preferred embodiment, the initial keys, master secret key, KM, or KM and the initial session key, KSS are generated on each smart card 101 reset, typically occurring on each power up, e.g., on smart card 101 insertion.
  • Thus, in one embodiment, the card agent 213 includes a start-up module 501 that is executed upon each power up of the token. The start-up module 501 includes a master key generator 503 that computes a random key of desired length and a master key embeddor module 505 that writes the master secret key, KM, into the appropriate location 507 in the host agent code 211. In the alternative embodiment wherein both the master secret key, KM, and the initial session key, KSS, are generated, the start-up module 501 also generates the initial session key, KSS, and the embeddor module 505 also writes the initial session key, KSS, into an appropriate location 508 in the host agent 213 code.
  • To generate the master secret key, KM, and the initial session key, KSS, the master key generator 503 may simply be a call in the start up module 501 to an external function, e.g., a function of the crypto services module 509 or the smart card 101. The master key generator 503 also may call upon the crypto services module 509 to store the master secret key, KM, and session key, KS, in memory locations 511 and 513 that are under control of the crypto services module 509.
  • The communication between the host agent 211 and the card agent 213 is further secured by periodically refreshing the session key, KS, through a process known as key diversification. Key diversification is a process in which a new key is generated from the master secret key, KM, and a random number, and in one embodiment is performed by a key diversification module 515.
  • As is discussed in greater detail below, the key diversification process uses message transmission between the host agent 211 executing on the host computer 103 and the card agent 213 executing on the smart card 101. Thus, the smart card NVM 205 includes some I/O services 517 for receiving and sending messages. The card agent 213 may include modules or other code for managing the reception of messages, e.g., a message receiver module 519, and for transmitting messages, e.g., a message transmitter module 521. In some implementations, the receiver module 519 may simply be logic to determine that nature of an incoming message and logic to route the message internally for appropriate processing, e.g., key diversification.
  • In a preferred embodiment, the card agent 213 and host agent 211 use hmac_SHA1 to compute the new key from the master secret key, KM, and additional random data. The master secret key, KM, is the key for hmac_SHA1 whereas the random value is the input text. The message can carry information needed by the encryption algorithm used to secure communication between the smart card 101 and the host computer 103, e.g., for the DES CBC algorithm an initialization vector is carried as the message text. In that example, the resulting 20 bytes, the first 8 bytes form the new key and the second 8 bytes form the initialization vector (IV) for the DES CBC algorithm.
  • The session key, KS, is diversified while the smart card 101 is in use. Key diversification prevents the session key, KS, from being stale and susceptible to brute force attacks. The negotiation of an update of the session key, KS, uses knowledge of the master secret key, KM, which is shared between the card agent 213 and host agent 211 through a secret obfuscation technique described in greater detail below. The master secret key, KM, persists only for one token-insertion session and is used only for session key, KS, update. Using this technique of securing the session key, KS, protects the information stored on the smart card 101 from third party impostors because even if a malicious third party breaks the secure connection between host agent 211 and card agent 213, the third party's success is of limited risk to the smart card 101 security because the third party cannot gain advantage in guessing the next session key KS.
  • While it is important to ensure that the new session key, KS, is consistent across the host computer 103 and the smart card 101 and that no one else knows the session key, KS. However, if something fails during the sequence, the fact that the sequence fails is the only information that is relevant. Therefore, in one embodiment, no failure diagnostics are provided.
  • In one embodiment, the card agent 213, initiates key diversification. In another embodiment, the host agent 211 triggers the key renewal sequence with a RenewKey request. Thus, when the host agent 211 determines a desire to update the session key, KS, the host agent 211 transmits a request to that effect to the card agent 213.
  • As is discussed in greater detail below, one aspect of key diversification 515 includes checking a thumbprint of the host agent 211 code. Thus, the card agent 213 includes a thumbprint checker 523 that requests thumbprints 525, verifies the thumbprint against a thumbprint database 527, and controls access 531 based on the result of the verification. The operations of these modules or the logic to perform these functions are described below.
  • FIG. 6 is a block diagram illustrating one possible architecture for the host agent 211 and host computer 103 services that the host agent 211 uses. The host agent 211 has an analogous architecture to that of the card agent 213. While the card agent 213 has modules to generate and store a master secret key, KM, in the host agent 211, the host agent 211 has corresponding code to extract the master secret key, KM, e.g., a master key extractor module 601, code to compute a specified thumbprint over the code of the host agent 211, e.g., a thumbprint calculator 603, and code to calculate a new session key, KS, based on input received from the card agent 213. The master key extractor 601, in one embodiment, relies on the crypto services 607 of the host computer 103, to store the master secret key, KM, and the session key, KS, in memory locations 609 and 611 that are managed by the crypto services 607.
  • Like the card agent 213, the host agent 211 may have code for receiving and transmitting messages, e.g., message receiver 613 and message transmitter 615, respectively, via the I/O services 617 provided by the host computer 103.
  • To further secure the master secret key, KM, the card agent 211 and host agent 213 may employ various obfuscation techniques.
  • The card and host agents 213 and 211 must utilize redundancy and thereby secrecy in exchanging session key, KS, and master secret key, KM, through the NVM of the executable code of the host agent 211. If the session key, KS, and master secret key, KM, are N-bytes long, the smart card 101 must update a buffer B of M-bytes in the executable code, where

  • M>>2N.
  • if both the initial session key, KSS and master secret key, KM, are initially written to the host agent 211 code.
  • The information about the real N-bytes of initial session key, KSS, and master secret key, KM, is encoded in the M-bytes and in the logic of an algorithm capable of restoring initial session key, KSS, and master secret key, KM, from B. The algorithm must be secret and its implementation obfuscated. In one embodiment, the value of M should be on the order of

  • M˜m*2N, where m>5.
  • To populate B, the smart card 101 should fill it up with random data and then overwrite the initial session key, KSS, and master secret key, KM, bytes as indicated below.
  • In one embodiment, the host agent 211 starts master secret key, KM, recovery at an offset from the beginning of B determined by the first byte. The host agent 211 reads every i-th byte, starting at the offset specified by the first byte in B. Here, i is a step increment determined by the last byte in B.
  • Since the offset from the start of B is likely to be sufficiently small, not all bits in the first byte may be needed to encode it. Consequently, if only p bits are needed, the remaining 8-p most significant bits should be set to random values to obscure the logic.
  • Similarly, the increment k is likely also to be a small number. If q is the number of bits needed to encode it, the remaining 8-q bits in the last byte should be set to random values.
  • The values of p and q must be agreed upon beforehand and used by the host 211 and card 213 agents.
  • For example, the card agent 213 may spread out the master secret key, KM, over a block of the host agent 211 binary code starting at a particular location of the host agent 211 binary code so that only every i-th byte of that block of code actually is used to store master secret key, KM, e.g., every-other byte or every fifth byte in a block of memory. Similarly, the actual number of bytes may also be a variable parameter defining the master secret key, KM. Thus, for example, the card agent 213 may write the master secret key, KM, as every-other byte for a total of 8 bytes starting at memory location 0020.
  • FIG. 7 is an exemplary memory layout of the host agent code 211. The example of FIG. 7 is not an actual example of host agent 211 code. Rather FIG. 7 presents randomly selected hexadecimal values in the various memory locations for purposes of illustration. Furthermore, the example code illustrated in FIG. 7 is very short in comparison to what one would expect of an actual implementation of the host agent 211.
  • In the example of FIG. 7, the master secret key, KM, starts at memory location 0020, has a length of 8 bytes, and is written as every-other byte, i.e., the increment i is 2. Thus, in the example, the master secret key, KM, 507 has the value FA021787141670CA.
  • The starting location of the master secret key, KM, and the increment i may be obscured by not writing their full information in the memory locations that define these parameters. For example, if the offset at which the master secret key, KM, is known to not exceed 31 (0x1F) the offset could be written over five bits the remaining three bits random. Similarly, if the increment i is known to never exceed the value 7 only three bits are required to encode this information. The remaining bits of the bytes in which the offset and the increment i are stored may be randomized. Thus, if the last five bits of the first are used for storing the offset 0020 (of the example of FIG. 7), for example, the values 0x14 (0x0001 0100), 0x54 (0x0101 0100), and 0xF4 (0b1111 0100) could be used to store the offset value of 20.
  • If the buffer B consists of the code section illustrated in FIG. 7 and the last byte of the buffer B is used to store the increment, which in the example has the value 2, and only 3 bits are used to store the increment (i.e., q=3), the last byte should have a value that fits the pattern 0brrrr r010 so that the last three bits have the value 2. One possible value is 0xFE (0b1111 1010).
  • By randomizing the unused bits in the code used to encode the offset, the increment and the length of the master secret key, KM, it becomes very difficult to determine which bytes are used for encoding these items.
  • If a separate initial session key, KSS, and master secret key, KM, are both stored in the host agent 211 code, a similar approach is used to encode the initial session key, KSS, e.g., using the second byte in the buffer B to include its offset.
  • There are many different possible approaches to spreading out the initial master secret key, KM, and the initial session key, KSS all of which must be considered as equivalent to the specific techniques described herein. For example, with one such alternative a function is used to determine the location from which to retrieve the next portion of the key.
  • FIG. 8 is a flow chart illustrating the steps of writing the initial session key, KSS and master secret key, KM, into the host agent 211 code.
  • As a first step, the buffer B that may hold the initial session key, KSS, and the master secret key, KM, is initialized with random data, step 801.
  • Next the card agent 213, e.g., the master key generator code 503, generates a master secret key, KM, value to be used during the current session, step 803. Note that in a preferred embodiment, the host agent 211 is reloaded into the host computer 103 memory on each new session, e.g., on each new insertion of the smart card 101 into the host computer 103. Thus, a new master secret key, KM, (and initial session key, KSS) is generated for each such session.
  • The initial value for the initial session key, KSS, is then written into the buffer B at a specific offset O and spread out by an increment k, step 805. Similarly, the master secret key, KM, is written beginning at a specific offset C and spread out by an increment i, step 807.
  • Finally, the offsets and increments are written into locations known to hold those values in a subset of the bits found at those locations, respectively, step 809.
  • FIG. 9 is a flow-chart illustrating the converse steps taken by the host agent 211, e.g., master key extractor 601, to recover the initial session key, KSS, and the value for master secret key, KM.
  • First the offsets for initial session key, KSS, and master secret key, KM, are read from specific locations of B used for storing KSS and KM by only reading those bits of the bytes at those locations, respectively, that are used for storing KSS and KM. In other words, if only 3 bits of the last byte of B is used to store the increment i, then only those three bits are read step 901.
  • Next, the initial session key, KSS, is read by reading every k-th byte in B beginning at the offset O, step 903.
  • Finally, the master secret key, KM, is read by reading every i-th byte in B beginning at the offset C, step 905.
  • Note: in one embodiment described herein above, the initial value for initial session key, KSS, is the value master secret key, KM, in which case steps 805 and 903 are not performed.
  • During a session, the host agent 211 and card agent 213 refresh the value of session key, KS, i.e., key diversification is performed. FIG. 10 is a timing sequence diagram illustrating the steps of performing the key diversification in the context of a communications session between the host computer 103 and the smart card 101.
  • Upon startup of a session, the start up module 501 of the card agent 213 embeds master secret key, KM, and an initial value for session key, KS into the host agent 211 code as described herein above in conjunction with FIGS. 7 and 8. Once that is completed, the host agent 211 may be transmitted to the host computer 103, step 153. This would usually be performed by executing the host agent 211 from the memory of the smart card 101 because the smart card 101 has enumerated itself as a USB mass storage device. Thus, to the host computer 103, the smart card 101 is like any other USB mass storage device and the host computer 103 may execute programs stored thereon.
  • Next the host agent 211 extracts the master secret key, KM, and initial session key, KSS, from the host agent 211 code, step 155, in the manner discussed in conjunction with FIG. 9, and uses the initial session key, KSS, to initialize the session key, KS.
  • The communication between the smart card 101 and the host computer 103 can now be secured using the session key, KS. The communication of messages between the smart card 101 and the host computer 103 are encrypted using session key, KS.
  • During a session, the host agent 211 may request that session key, KS be updated. This may be triggered by any number of events, e.g., time-based, particular instructions or operations attempted, step 157.
  • The host agent 211 then transmits a request for a new session key, KS, value to the card agent 213, step 159. The message notation sent with the request contains no data. Alternatively, the card agent 213 initiates the exchange of a new session key, KS.
  • To compute a new session key, KS, the card agent performs a series of steps 161:
      • The card agent 213 generates a random string R.
      • Then it uses this string and the master secret key, KM, to generate the new value for session key, KS, Knew.
      • It also picks a random index from a finite list. This index will be used to retrieve a thumbprint value of the host agent 211 memory.
      • Then it issues the AskThumb request, which sends the random string R and the thumbprint index Idx encrypted together with the current session key, KS, which is known by the host agent 211.
  • The AskThumb request bearing the random number and the index is transmitted by the card agent 213 to the host agent 211, step 163.
  • In response the host agent 211 performs a number of steps to transmit the requested thumbprint of the host agent 211 code, steps 165:
      • The host agent 211 decrypts the message within the AskThumb request using the current session key, KS, and thereby recovers the random string R′ and the thumbprint Idx′. If the host agent 211 has successfully decrypted the message R′=R and Idx′=Idx.
      • Then the host agent 211 uses the R′ string and the shared secret master secret key Km to generate its new Key K′new. Again, if the host agent 211 has successfully decrypted the message K′new=Knew.
      • It also compute a thumbprint of its own memory doing a HMAC at the offset indicated by Idx′.
  • Computing a thumbprint may be performed in several different ways. One way is to use a specific function, e.g., SHA-1. Another is to have a number of different functions. In the latter case, the message may indicate a function number to use to calculate the thumbprint.
  • The card agent 213 may have several different thumbprints for the host agent 211 stored in a thumbprint database 527. A sample thumbprint database 527 is illustrated in FIG. 11. Each row in the table represents a different thumbprint taken on the host agent 211 code. For each row, the table contains a thumbprint number to index in the table 527. Each row also contains an index field to indicate an offset in the host agent 211 code to begin the thumbprint computation, a length over which the thumbprint is to be computed, the function to use to compute the thumbprint on the data found at the offset given the length, and finally, the expected value for the thumbprint. For example, for thumbprint 1, the index is 10, the length 128 bytes, the function is function number 1, and the expected result is A3F0. The actual length of the thumbprint depends on the algorithm used and generally would be longer than two bytes.
  • Considering the code example of FIG. 7, if the card agent 213 has transmitted an indication to start a SHA-1 computation on the host agent 211 code the 16 bytes beginning at byte 0004 and ending at byte 0013, the host agent 211 would perform the SHA-1 computation 701 over those bytes and produce a result 703.
  • Having computed the requested thumbprint, e.g., thumbprint 703, the host agent 211 encrypts the thumbprint with the host agent new key K′new, step 167, and transmits that result to the card agent 213, step 169.
  • If the host agent 211 code has not been tampered with, the host agent 211 should have computed the expected thumbprint. If the host agent 211 has successfully computed the new session key, KS, e.g., K′new=Knew, then the host agent 211 should have also encrypted the thumbprint in a manner that the card agent 213 can decrypt.
  • When the card agent 213 receives the TellThumb message from the host agent 211, the card agent 213 computes the received thumbprint (Thumb) by decrypting the received message using the new symmetric key as computed by the card agent 213, i.e., Knew, step 171.
  • Having decrypted the thumbprint (Thumb), the card agent 213 compares this thumbprint with a pre-computed value stored in a thumbprint table at the offset Idx, step 173. If this check verifies that the computed thumbprint received from the host agent 211 matches the expected thumbprint, the card agent 213 validates both the thumbprint and that the host agent 211 and the card agent 213 new keys are consistent and the card agent 213 sets session key, KS to equal Knew. If thumbprint check fails, in one embodiment no diagnostics are performed as doing so may cause other security issues. In case of success, the card agent 213 sends an OK status to the host agent 211 or in the case the thumbprint check fails, the card agent 213 only sends a KO status to the host agent, message 175. In both case, all internal state variables used in the key renewal sequence are cleared.
  • If the host agent 211 receives an OK status, the host agent 211 also replaces the old session key, KS, with its new one, step 177. If the host agent 211 receives a KO status, the host agent 211 does not replace the value of session key, KS. Rather, communication with the smart card 101 has been terminated and, in one embodiment, an appropriate message is transmitted to the calling function, e.g., a host computer 103 application program that is accessing the smart card 101.
  • In both case, i.e., regardless of whether an OK or a KO is received from the card agent 213, the host agent 211 clears all internal state variables used in the key renewal sequence.
  • In an alternative embodiment, a certain number of retries are allowed by the card agent 213 after which the communication is terminated.
  • From the foregoing it will be appreciated that the request for and computation of a thumbprint of the host agent 211 further ensures the authenticity and integrity of the host agent 211 thereby improving the security aspects of the use of a smart card 101 as described herein.
  • From the foregoing it will be appreciated that the aforementioned improvements to the state of the art allow for a more secure communication between a smart card 101 and a host computer 103 to which the smart card 101 is connected. In particular, in a system using a host agent 211 program that is stored on the smart card 101 the aforementioned techniques ensure against tampering of the host agent 211 and ensures the authenticity of the host agent 211.
  • Although specific embodiments of the invention have been described and illustrated, the invention is not to be limited to the specific forms or arrangements of parts so described and illustrated. The invention is limited only by the claims.

Claims (19)

1. A secure portable electronic device for providing secure services when used in conjunction with a host computer having a central processing unit of a first type, the secure portable electronic device having a central processing unit of a second type, wherein a secure service is provided by executing an application in a flexible distributed fashion among the host computer and the secure portable electronic device, comprising:
a read-only memory partition, a read/write memory partition, and a secure memory partition;
a communications interface for securely transmitting and receiving data between the host computer and the secure portable electronic device using a communications protocol over the communications interface, wherein communications between secure portable device and the host computer are secured by encryption using a symmetric key;
instructions stored in the read-only partition, wherein the instructions comprise:
a host agent containing instructions executable by a central processing unit of the first type;
private information stored in the secure memory partition; and
instructions stored in the secure memory partition, comprising:
a card agent containing instructions executable by central processing units of the second type, the instructions including instructions to cause the secure device to:
receive a message from a host agent executing on the host computer requesting to diversify the symmetric key established to secure communication between the host agent executing on the host computer and the card agent executing on the secure device to establish a replacement value for the symmetric key;
in response to receiving a key diversification request, transmit a message to request a thumbprint of the host agent instructions executing on the host computer;
receive a message containing a thumbprint from the host computer;
compare the received thumbprint against a known-to-be-correct thumbprint;
prevent further access to secure data stored on the secure device by the host computer if the received thumbprint does not match the known-to-be-correct thumbprint; and
continue key diversification operations if the received thumbprint matches the known-to-be-correct thumprint;
the host agent comprising instructions including instructions to:
compute a thumbprint; and
transmit the computed thumbprint to the secure device.
2. The secure portable electronic device of claim 1, wherein the thumbprint request comprises an offset; and wherein the host agent comprises thumbprint computation instructions to cause the host computer compute the thumbprint over the host agent instruction code executing on the host computer starting at the offset.
3. The secure portable electronic device of claim 1 wherein the thumbprint request comprises a length parameter and wherein the thumbprint computation instructions further comprise instructions to cause the host computer to compute the thumbprint over a section of the host agent instruction code executing on the host computer and equal in size to the length parameter.
4. The secure portable electronic device of claim 1 wherein the thumbprint request comprises an algorithm indicator and wherein the thumbprint computation instructions further comprise instructions to cause the host computer to compute the thumbprint over a section of the host agent instruction code using an algorithm corresponding to the algorithm indicator.
5. The secure portable electronic device of claim 1 wherein the thumbprint computation instructions comprise instructions to cause the host computer to compute the thumbprint over a section of the host agent instruction code using a hashing algorithm.
6. The secure portable electronic device of claim 1 wherein the card agent further comprises instructions to compute the known-to-correct thumbprint over a section of the host agent instruction code using a hashing algorithm.
7. The secure portable electronic device of claim 1 wherein the card agent further comprises a table of known-to-correct thumbprints each corresponding to thumbprints computed over a particular section of the host agent instruction code.
8. The secure portable electronic device of claim 1 further comprising key obfuscation instructions including instructions to cause the secure device to generate the symmetric key and to write the symmetric key at specified locations in the host agent code.
9. The secure portable electronic device of claim 8 wherein the key obfuscation instructions further comprise instructions to cause the secure device to generate the symmetric key and to write the symmetric key at specified locations in the host agent code at start up of the secure device.
10. The secure portable electronic device of claim 8 the key obfuscation instructions further comprise instructions wherein the instructions to write the symmetric key at specified locations in the host agent code writes the symmetric key beginning at an offset and distributed over the host agent code.
11. The secure portable electronic device of claim 10 the key obfuscation instructions further comprise instructions to cause the secure device to distribute the symmetric key over the host agent code according to a specified increment.
12. The secure portable electronic device of claim 11 wherein the key obfuscation instructions further comprise instructions to cause the secure device to write at least one of the offset and increment into the host agent in a subset of bits of a memory location and randomizing the remaining bits of the memory location.
13. The secure portable electronic device of claim 8 further comprising key recovery instructions in the host agent code to cause the host computer executing the host agent to recover the symmetric key from locations in the host agent code where the secure device has written the symmetric key according to the key obfuscation instructions.
14. The secure portable electronic device of claim 13 wherein the host agent code further comprises instructions to cause the host computer to write the recovered symmetric key into a cryptography key management system of the host computer.
15. The secure portable electronic device of claim 14 wherein host computer includes a Crypto Services API, and the instructions to cause the host computer to write the recovered symmetric key into the cryptography key management system includes calls to the Crypto Services API.
16. The secure portable electronic device of claim 1 wherein the card agent and host agent each further comprise instructions to cause the secure device and the host computer, respectively, to negotiate a replacement value for the symmetric key.
17. The secure portable electronic device of claim 16 wherein the instructions to negotiate a replacement value for the symmetric key comprises using a known shared master secret and a random string to generate the replacement value for the symmetric key.
18. The secure portable electronic device of claim 17
wherein the instructions to negotiate a replacement value for the symmetric key comprises instructions in the card agent to cause the secure device to:
generate the random string;
compute the replacement value for the symmetric key using the master shared secret and the random string;
encrypt the random string using the symmetric key; and
transmit the encrypted random string to the host computer; and
wherein the instructions of negotiate a replacement value for the symmetric key comprises instructions in the host agent to cause the host computer to:
receive the encrypted random string;
decrypt the encrypted random string using the symmetric key; and
compute the replacement value for symmetric key from the master shared secret and the random string.
19. The secure portable electronic device of claim 18
wherein the instructions to negotiate a replacement value for the symmetric key comprises instructions in the card agent to request the host agent to compute the thumbprint according to a specification;
wherein the instructions to negotiate a replacement value for the symmetric key comprises instructions in the host agent to cause the host computer to compute and to encrypt the thumbprint using the replacement value for the symmetric key; and
wherein the instructions to negotiate a replacement value for the symmetric key comprises instructions in the card agent to cause the secure device to decrypt the thumb print using the replacement value for the symmetric key.
US11/948,758 2007-02-05 2007-11-30 Method and system for securing communication between a host computer and a secure portable device Abandoned US20080189554A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/948,758 US20080189554A1 (en) 2007-02-05 2007-11-30 Method and system for securing communication between a host computer and a secure portable device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US88828807P 2007-02-05 2007-02-05
US11/948,758 US20080189554A1 (en) 2007-02-05 2007-11-30 Method and system for securing communication between a host computer and a secure portable device

Publications (1)

Publication Number Publication Date
US20080189554A1 true US20080189554A1 (en) 2008-08-07

Family

ID=39361476

Family Applications (2)

Application Number Title Priority Date Filing Date
US11/948,758 Abandoned US20080189554A1 (en) 2007-02-05 2007-11-30 Method and system for securing communication between a host computer and a secure portable device
US12/525,625 Expired - Fee Related US8560852B2 (en) 2007-02-05 2008-02-01 Method and system for communication between a USB device and a USB host

Family Applications After (1)

Application Number Title Priority Date Filing Date
US12/525,625 Expired - Fee Related US8560852B2 (en) 2007-02-05 2008-02-01 Method and system for communication between a USB device and a USB host

Country Status (3)

Country Link
US (2) US20080189554A1 (en)
EP (1) EP2109842A2 (en)
WO (1) WO2008096220A2 (en)

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080247546A1 (en) * 2007-04-06 2008-10-09 Samsung Electronics Co., Ltd. Method and apparatus for protecting digital content stored in usb mass storage device using time information
CN102043745A (en) * 2009-10-20 2011-05-04 精工爱普生株式会社 Usb device
US20110264922A1 (en) * 2008-12-24 2011-10-27 The Commonwealth Of Australia Digital video guard
KR101089405B1 (en) * 2009-11-13 2011-12-07 에스케이씨앤씨 주식회사 Content Transmission Method from Mobile Terminal to HD-USIM based SMART Card
EP2407880A1 (en) * 2010-07-12 2012-01-18 Gemalto SA Method for managing a communication between a host machine and a peripheral device in a cloud environment
CN102768851A (en) * 2011-05-02 2012-11-07 三星电子株式会社 Data storage device authentication apparatus and data storage device including connector
US20130046981A1 (en) * 2011-08-17 2013-02-21 Vixs Systems, Inc. Secure provisioning of integrated circuits at various states of deployment, methods thereof
US8458788B2 (en) 2010-05-04 2013-06-04 Synaptics Incorporated System and method for authentication of input devices
CN101751986B (en) * 2008-12-11 2013-09-25 群联电子股份有限公司 Flash memory storing system and controller thereof, and data alteration resistant method
WO2014086652A1 (en) * 2012-12-07 2014-06-12 Gemalto Sa Method of allowing communication between a secure element and a server
US8867743B1 (en) * 2013-11-13 2014-10-21 MGM Resorts International Encryption of large amounts of data using secure encryption methods
US20150040206A1 (en) * 2008-03-04 2015-02-05 Microsoft Corporation Systems for finding a lost transient storage device
EP2634703A4 (en) * 2010-10-28 2015-06-03 China Unionpay Co Ltd Removable storage device, and data processing system and method based on the device
US20150326605A1 (en) * 2012-07-31 2015-11-12 At&T Intellectual Property I, L.P. Method and apparatus for providing notification of detected error conditions in a network
EP2953290A1 (en) * 2014-06-06 2015-12-09 Gemalto SA Management of high number of unique keys by a secure element
CN105979256A (en) * 2016-06-30 2016-09-28 深圳市九洲电器有限公司 Set top box test method and system
US9503428B2 (en) 2014-10-10 2016-11-22 Zanguli Llc Secure device and proxy for secure operation of a host data processing system
WO2017012126A1 (en) * 2015-07-23 2017-01-26 Qualcomm Technologies International, Ltd. Fast authentication of code in a low-power system
US20180176211A1 (en) * 2015-06-02 2018-06-21 Gemalto Sa Method for managing a secure channel between a server and a secure element
CN108234461A (en) * 2017-12-22 2018-06-29 中国电子科技集团公司第三十研究所 A kind of encrypted blinded communication system and method based on USB pairings
US10185670B2 (en) 2015-09-15 2019-01-22 Gatekeeper Ltd. System and method for securely connecting to a peripheral device
US10291398B2 (en) * 2008-05-13 2019-05-14 Sony Corporation Communication device, communication method, reader/writer, and communication system
US20200065491A1 (en) * 2017-05-11 2020-02-27 Antique Books, Inc. Attached storage device for enhanced data and program protection
US10645078B2 (en) * 2017-05-01 2020-05-05 Microsoft Technology Licensing, Llc Smart card thumb print authentication
CN112400294A (en) * 2018-06-19 2021-02-23 赛普拉斯半导体公司 Secure communications from within a non-volatile memory device
US11228421B1 (en) * 2017-02-03 2022-01-18 Apple Inc. Secure secrets to mitigate against attacks on cryptographic systems
US20230099755A1 (en) * 2021-09-24 2023-03-30 Sap Se Sql extension to key transfer system with authenticity, confidentiality, and integrity

Families Citing this family (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100485681C (en) * 2006-03-23 2009-05-06 北京握奇数据系统有限公司 Smart card storage system and managing method for file creation in the system
US8836960B1 (en) 2007-01-03 2014-09-16 Marvell International Ltd. Storing device drivers in imaging devices
JP2009205189A (en) * 2008-02-26 2009-09-10 Buffalo Inc Folder management method
CN101286809A (en) * 2008-05-07 2008-10-15 中兴通讯股份有限公司 Method and device for conditional receiving update of plug-in by multimedia broadcast
US8260978B1 (en) 2008-05-28 2012-09-04 Marvell International Ltd. Installation of a device driver
US8244894B1 (en) 2008-06-05 2012-08-14 Marvell International Ltd. Detach mechanisms for host-based mobility protocols
US9354898B1 (en) 2008-07-21 2016-05-31 Marvell International Ltd. Detection of a USB OS descriptor request to facilitate installation of a device driver
US8713209B2 (en) * 2009-01-13 2014-04-29 Qualcomm Incorporated System, apparatus, and method for fast startup of USB devices
WO2010087827A1 (en) * 2009-01-29 2010-08-05 Hewlett-Packard Development Company, L.P. Providing an indication of change at a user interface device over a network between computers
DE102009008991A1 (en) * 2009-02-14 2010-08-19 Austria Card Gmbh Chip card for managing data in high-security environment, has auto-run function execution unit automatically informing computing unit of user about auto-run function by chip card-reader after initial operation of chip card
US20100240413A1 (en) * 2009-03-21 2010-09-23 Microsoft Corporation Smart Card File System
EP2273748A1 (en) * 2009-07-09 2011-01-12 Gemalto SA Method of managing an application embedded in a secured electronic token
US8276188B2 (en) * 2009-12-03 2012-09-25 Condel International Technologies Inc. Systems and methods for managing storage devices
US9092597B2 (en) * 2009-12-09 2015-07-28 Sandisk Technologies Inc. Storage device and method for using a virtual file in a public memory area to access a plurality of protected files in a private memory area
CN101827281B (en) * 2010-03-30 2012-11-21 福建新大陆通信科技股份有限公司 Method for detecting conditional access intelligent card slot of STB (Set Top Box)
GB2483167B (en) 2010-08-27 2013-05-29 Fxi Technologies As Storage device with separate application and interface processors
US20120204254A1 (en) * 2011-02-04 2012-08-09 Motorola Mobility, Inc. Method and apparatus for managing security state transitions
US9619417B2 (en) * 2011-06-17 2017-04-11 Alcatel Lucent Method and apparatus for remote delivery of managed USB services via a mobile computing device
US8473666B2 (en) * 2011-06-27 2013-06-25 Schneider Electric It Corporation Systems and methods for driverless operation of USB device
US10635393B2 (en) 2012-03-29 2020-04-28 Intel Corporation Buffer-related USB communication
US20140095822A1 (en) * 2012-10-01 2014-04-03 Trend Micro Incorporated Secure removable mass storage devices
US9654604B2 (en) * 2012-11-22 2017-05-16 Intel Corporation Apparatus, system and method of controlling data flow over a communication network using a transfer response
US9589010B2 (en) 2013-03-07 2017-03-07 Microsoft Technology Licensing, Llc Systems and methods for host detection of USB asynchronous notification capability
US9531541B2 (en) 2013-09-12 2016-12-27 Carl BEAME Cryptographic storage device controller
CN103544037B (en) * 2013-10-29 2016-08-17 飞天诚信科技股份有限公司 The implementation method that a kind of software and hardware supporting OpenSC drives
US9311504B2 (en) 2014-06-23 2016-04-12 Ivo Welch Anti-identity-theft method and hardware database device
US10042784B2 (en) * 2014-10-13 2018-08-07 Microchip Technology Incorporated Side channel access through USB streams
US10171496B2 (en) * 2016-01-19 2019-01-01 Cisco Technology, Inc. Beacon spoofing prevention
US10127405B2 (en) * 2016-05-10 2018-11-13 Qualcomm Incorporated Techniques for determining an anti-replay counter for preventing replay attacks
WO2018019838A1 (en) * 2016-07-25 2018-02-01 Telefonaktiebolaget Lm Ericsson (Publ) Proof-of-presence indicator
WO2018027059A1 (en) 2016-08-03 2018-02-08 KryptCo, Inc. Systems and methods for delegated cryptography
RU2633186C1 (en) * 2016-12-28 2017-10-11 Закрытое акционерное общество "Аладдин Р.Д." Personal device for authentication and data protection
SG11202012477PA (en) * 2018-06-29 2021-01-28 Visa Int Service Ass Chip card socket communication
EP3987731A4 (en) 2019-06-18 2022-05-18 Razer (Asia-Pacific) Pte. Ltd. Method and apparatus for optimizing input latency in a wireless human interface device system
US11886605B2 (en) * 2019-09-30 2024-01-30 Red Hat, Inc. Differentiated file permissions for container users

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020007456A1 (en) * 1999-03-27 2002-01-17 Marcus Peinado Secure processor architecture for use with a digital rights management (DRM) system on a computing device
US20020078367A1 (en) * 2000-10-27 2002-06-20 Alex Lang Automatic configuration for portable devices
US20050108571A1 (en) * 2003-09-29 2005-05-19 Axalto Inc. Secure networking using a resource-constrained device
US20060242068A1 (en) * 2004-12-21 2006-10-26 Fabrice Jogand-Coulomb Method forversatile content control
US20080022380A1 (en) * 2006-05-25 2008-01-24 Gemalto, Inc. Method of patching applications on small resource-constrained secure devices

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19708755A1 (en) * 1997-03-04 1998-09-17 Michael Tasler Flexible interface
US6065120A (en) * 1997-12-09 2000-05-16 Phone.Com, Inc. Method and system for self-provisioning a rendezvous to ensure secure access to information in a database from multiple devices
CN1262485A (en) * 1998-11-10 2000-08-09 阿拉丁知识系统有限公司 User-computer interactive method for group capable of flexible connecting of computer system
US6263392B1 (en) * 1999-01-04 2001-07-17 Mccauley Jack J. Method and apparatus for interfacing multiple peripheral devices to a host computer
KR100505103B1 (en) * 1999-10-11 2005-07-29 삼성전자주식회사 Memory stick for universal serial bus
EP2302507A1 (en) * 2002-03-01 2011-03-30 Seiko Epson Corporation Image output system including a plurality of units connected by communication with master-slave relation
US7054980B2 (en) * 2002-05-02 2006-05-30 Standard Microsystems Corporation Multiple drive controller
US20040139021A1 (en) 2002-10-07 2004-07-15 Visa International Service Association Method and system for facilitating data access and management on a secure token
US7069373B2 (en) * 2002-11-07 2006-06-27 Nec Electronics America, Inc. USB endpoint controller flexible memory management
US20040098596A1 (en) * 2002-11-15 2004-05-20 Rainbow Technologies, Inc. Driverless USB security token
JP4554598B2 (en) * 2003-03-27 2010-09-29 サンディスク アイエル リミテッド A data storage device that is fully accessible by all users
US7181649B2 (en) * 2003-05-09 2007-02-20 Stmicroelectronics, Inc. Universal serial bus (USB) smart card having enhanced testing features and related system, integrated circuit, and methods
US7010638B2 (en) * 2003-08-29 2006-03-07 Texas Intruments Incorporated High speed bridge controller adaptable to non-standard device configuration
SG123627A1 (en) * 2004-12-20 2006-07-26 Trek 2000 Int Ltd Method for overcoming system administration blockage
US8700729B2 (en) * 2005-01-21 2014-04-15 Robin Dua Method and apparatus for managing credentials through a wireless network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020007456A1 (en) * 1999-03-27 2002-01-17 Marcus Peinado Secure processor architecture for use with a digital rights management (DRM) system on a computing device
US20020078367A1 (en) * 2000-10-27 2002-06-20 Alex Lang Automatic configuration for portable devices
US20050108571A1 (en) * 2003-09-29 2005-05-19 Axalto Inc. Secure networking using a resource-constrained device
US20060242068A1 (en) * 2004-12-21 2006-10-26 Fabrice Jogand-Coulomb Method forversatile content control
US20080022380A1 (en) * 2006-05-25 2008-01-24 Gemalto, Inc. Method of patching applications on small resource-constrained secure devices

Cited By (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080247546A1 (en) * 2007-04-06 2008-10-09 Samsung Electronics Co., Ltd. Method and apparatus for protecting digital content stored in usb mass storage device using time information
US9503429B2 (en) * 2008-03-04 2016-11-22 Microsoft Technology Licensing, Llc Systems for finding a lost transient storage device
US20150040206A1 (en) * 2008-03-04 2015-02-05 Microsoft Corporation Systems for finding a lost transient storage device
US10291398B2 (en) * 2008-05-13 2019-05-14 Sony Corporation Communication device, communication method, reader/writer, and communication system
CN101751986B (en) * 2008-12-11 2013-09-25 群联电子股份有限公司 Flash memory storing system and controller thereof, and data alteration resistant method
US20110264922A1 (en) * 2008-12-24 2011-10-27 The Commonwealth Of Australia Digital video guard
US8572403B2 (en) * 2008-12-24 2013-10-29 The Commonwealth Of Australia Digital video guard
CN102043745A (en) * 2009-10-20 2011-05-04 精工爱普生株式会社 Usb device
KR101089405B1 (en) * 2009-11-13 2011-12-07 에스케이씨앤씨 주식회사 Content Transmission Method from Mobile Terminal to HD-USIM based SMART Card
US8458788B2 (en) 2010-05-04 2013-06-04 Synaptics Incorporated System and method for authentication of input devices
WO2012007225A1 (en) * 2010-07-12 2012-01-19 Gemalto Sa Method for managing a communication between a host machine and a peripheral device in cloud environment
EP2407880A1 (en) * 2010-07-12 2012-01-18 Gemalto SA Method for managing a communication between a host machine and a peripheral device in a cloud environment
EP2634703A4 (en) * 2010-10-28 2015-06-03 China Unionpay Co Ltd Removable storage device, and data processing system and method based on the device
US20120284772A1 (en) * 2011-05-02 2012-11-08 Samsung Electronics Co., Ltd. Data storage device authentication apparatus and data storage device including authentication apparatus connector
CN102768851A (en) * 2011-05-02 2012-11-07 三星电子株式会社 Data storage device authentication apparatus and data storage device including connector
US20130046981A1 (en) * 2011-08-17 2013-02-21 Vixs Systems, Inc. Secure provisioning of integrated circuits at various states of deployment, methods thereof
US9203617B2 (en) * 2011-08-17 2015-12-01 Vixs Systems, Inc. Secure provisioning of integrated circuits at various states of deployment, methods thereof
US20180007083A1 (en) * 2012-07-31 2018-01-04 At&T Intellectual Property I, L.P. Method and apparatus for providing notification of detected error conditions in a network
US20150326605A1 (en) * 2012-07-31 2015-11-12 At&T Intellectual Property I, L.P. Method and apparatus for providing notification of detected error conditions in a network
US10397268B2 (en) 2012-07-31 2019-08-27 At&T Intellecutal Property I, L.P. Method and apparatus for providing notification of detected error conditions in a network
US9769196B2 (en) * 2012-07-31 2017-09-19 At&T Intellectual Property I, L.P. Method and apparatus for providing notification of detected error conditions in a network
US11159361B2 (en) * 2012-07-31 2021-10-26 At&T Intellectual Property I, L.P. Method and apparatus for providing notification of detected error conditions in a network
US20190387018A1 (en) * 2012-07-31 2019-12-19 At&T Intellectual Property I, L.P. Method and apparatus for providing notification of detected error conditions in a network
WO2014086652A1 (en) * 2012-12-07 2014-06-12 Gemalto Sa Method of allowing communication between a secure element and a server
US8867743B1 (en) * 2013-11-13 2014-10-21 MGM Resorts International Encryption of large amounts of data using secure encryption methods
WO2015185331A1 (en) * 2014-06-06 2015-12-10 Gemalto Sa Management of high number of unique keys by a secure element
EP2953290A1 (en) * 2014-06-06 2015-12-09 Gemalto SA Management of high number of unique keys by a secure element
US9503428B2 (en) 2014-10-10 2016-11-22 Zanguli Llc Secure device and proxy for secure operation of a host data processing system
US9819646B2 (en) 2014-10-10 2017-11-14 Zanguli Llc Secure device and proxy for secure operation of a host data processing system
US10250563B2 (en) 2014-10-10 2019-04-02 Zanguli Llc Secure device and proxy for secure operation of a host data processing system
US10812467B2 (en) * 2015-06-02 2020-10-20 Thales Dis France Sa Method for managing a secure channel between a server and a secure element
US20180176211A1 (en) * 2015-06-02 2018-06-21 Gemalto Sa Method for managing a secure channel between a server and a secure element
WO2017012126A1 (en) * 2015-07-23 2017-01-26 Qualcomm Technologies International, Ltd. Fast authentication of code in a low-power system
EP3531321A1 (en) 2015-09-15 2019-08-28 Gatekeeper Ltd. System and method for securely connecting to a peripheral device
US12032495B2 (en) 2015-09-15 2024-07-09 Gatekeeper Ltd. System and method for securely connecting to a peripheral device
US11537533B2 (en) 2015-09-15 2022-12-27 Gatekeeper Ltd. System and method for securely connecting to a peripheral device
US10733116B2 (en) 2015-09-15 2020-08-04 Gatekeeper Ltd. System and method for securely connecting to a peripheral device
US10185670B2 (en) 2015-09-15 2019-01-22 Gatekeeper Ltd. System and method for securely connecting to a peripheral device
EP3742324A1 (en) 2015-09-15 2020-11-25 Gatekeeper Ltd. System and method for securely connecting to a peripheral device
CN105979256A (en) * 2016-06-30 2016-09-28 深圳市九洲电器有限公司 Set top box test method and system
US11228421B1 (en) * 2017-02-03 2022-01-18 Apple Inc. Secure secrets to mitigate against attacks on cryptographic systems
US10645078B2 (en) * 2017-05-01 2020-05-05 Microsoft Technology Licensing, Llc Smart card thumb print authentication
US11720677B2 (en) * 2017-05-11 2023-08-08 Antique Books, Inc. Attached storage device for enhanced data and program protection
US20200065491A1 (en) * 2017-05-11 2020-02-27 Antique Books, Inc. Attached storage device for enhanced data and program protection
CN108234461A (en) * 2017-12-22 2018-06-29 中国电子科技集团公司第三十研究所 A kind of encrypted blinded communication system and method based on USB pairings
CN112400294A (en) * 2018-06-19 2021-02-23 赛普拉斯半导体公司 Secure communications from within a non-volatile memory device
US20230099755A1 (en) * 2021-09-24 2023-03-30 Sap Se Sql extension to key transfer system with authenticity, confidentiality, and integrity

Also Published As

Publication number Publication date
US20100146279A1 (en) 2010-06-10
EP2109842A2 (en) 2009-10-21
US8560852B2 (en) 2013-10-15
WO2008096220A2 (en) 2008-08-14
WO2008096220A3 (en) 2008-10-16

Similar Documents

Publication Publication Date Title
US20080189554A1 (en) Method and system for securing communication between a host computer and a secure portable device
KR100436377B1 (en) Method and system for securely handling information between two information processing devices
RU2399087C2 (en) Safe data storage with integrity protection
US9760721B2 (en) Secure transaction method from a non-secure terminal
Kim et al. Predictability of Android OpenSSL's pseudo random number generator
JP4668619B2 (en) Device key
US9092635B2 (en) Method and system of providing security services using a secure device
US20080022380A1 (en) Method of patching applications on small resource-constrained secure devices
US20090249492A1 (en) Fabrication of computer executable program files from source code
US7095859B2 (en) Managing private keys in a free seating environment
US8484449B2 (en) Program, communication device, data processing method, and communication system
US20080022099A1 (en) Information transfer
EP2064648A1 (en) Fabrication of computer executable program files from source code
CN110334531B (en) Virtual machine key management method, master node, system, storage medium and device
US20160204933A1 (en) Personal information management system, method and service
EP1022638A2 (en) Method and system for securely handling information between two information processing devices
CN112787813A (en) Identity authentication method based on trusted execution environment
CN117240625A (en) Tamper-resistant data processing method and device and electronic equipment
CN112069535B (en) Dual-system safety intelligent terminal architecture based on access partition physical isolation
Lu et al. Communication security between a computer and a hardware token
JP4052158B2 (en) IC card system and IC card issuing method
CN109684852B (en) Guiding device and method for data exchange
US20120072994A1 (en) Method to produce securing data, corresponding device and computer program
CN115865369B (en) Identity authentication method and device
CN112631735B (en) Virtual machine authorization management method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
AS Assignment

Owner name: GEMALTO INC, TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ALI, ASAD;LU, HONGQIAN KAREN;VASSILEV, APOSTOL;AND OTHERS;REEL/FRAME:020533/0598;SIGNING DATES FROM 20071212 TO 20080110

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION