The invention relates generally to accessory authentication in personal electronic devices and more specifically to asymmetric cryptographic accessory authentication.BACKGROUND
The use of encryption for authentication of devices is generally known. Conventionally, a message, or “challenge,” is sent from a system or device to an object to be authenticated, and a message-dependent response is sent by the object to the system in reply. The system then evaluates the response to determine whether the response was sufficient to authenticate the object.
Such a method may be used, for example, to verify components of a system or device, including components that are removable, replaceable or available after-market. For example, a battery for an electronic device such as a mobile phone or a camera can be authenticated to determine whether it is an authorized and compatible battery. If the battery is successfully authenticated, normal operation ensues. In an attempted use of a battery that is not successfully authenticated, no operation or only limited operation could be authorized as a result of the failed authentication procedure. For example, charging of the battery could be disabled.
Disadvantageously, conventional authentication methods typically require significant processing and memory resources such that authentication using encryption has not been economically feasible in many small and/or low-cost devices. Further, conventional authentication approaches often use symmetric authentication methodologies. While secure, these methodologies can be complex and also run the risk of the single key being compromised or leaked, a particular problem for widely distributed consumer electronic devices.SUMMARY OF THE INVENTION
Embodiments relate to systems, methods and devices for asymmetric cryptographic authentication. In an embodiment, a system comprises an accessory comprising an authentication chip, the authentication chip comprising a public authentication key, a private authentication key and data signed by a private verification key; and a device comprising a public verification key forming a verification key pair with the private verification key, the device configured to read the data and the public authentication key from the authentication chip, verify the data and the public authentication key using the public verification key, and authenticate the accessory for use with the device using the public authentication key if verified.
In another embodiment, method comprises configuring a first device with an authentication chip having a public authentication key, a private authentication key and data signed by a private verification key; storing a public verification key on a second device; communicatively coupling the first device to the second device; reading the data and the public authentication key from the first device by the second device; determining whether the data and the public authentication key are verified using the public verification key; and determining whether the first device is authenticated for use with the second device using an elliptic curve cryptographic algorithm if the data and the public authentication key are verified.
In a further embodiment, a semiconductor chip is adapted to be embedded in a first device and comprises a memory comprising a private authentication key, a public authentication key, and data signed by a private verification key, wherein the private authentication key is stored in a secure portion of the memory; and a communication interface configured to communicate with a second device comprising a public verification key using an asymmetric cryptographic technique.
In yet another embodiment, a method comprises reading a public authentication key from a first device by a second device; verifying the public authentication key using a public verification key stored on the second device and data stored on the first device and signed by a private verification key; encrypting a challenge with the public authentication by the second device; sending the encrypted challenge to the first device; decrypting the challenge using a private authentication key by the first device; sending a response by the first device to the second device; and evaluating the response by the second device to determine whether the first device is authenticated.BRIEF DESCRIPTION OF THE DRAWINGS
The invention may be more completely understood in consideration of the following detailed description of various embodiments of the invention in connection with the accompanying drawings, in which:
While the invention is amenable to various modifications and alternative forms, specifics thereof have been shown by way of example in the drawings and will be described in detail. It should be understood, however, that the intention is not to limit the invention to the particular embodiments described. On the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention as defined by the appended claims.DETAILED DESCRIPTION
Object 104 is depicted in
Referring also to
In an embodiment, the functionality and features of authentication chip 106 are realized as one or more system on chip components of object 104 to achieve cost or size savings. For example, object 104 can comprise a BLUETOOTH headset, which often is of small size and therefore may not be able to accommodate an additional chip 106. Instead, the features and functionality are integrated on an existing chip in the headset, saving space and possibly also costs. In such an embodiment, a manufacturer of the headset or other device comprising object 104 can be provided with, for example, a VHDL netlist for integration into an existing controller or processor of the headset or other device in place of a discrete authentication chip 106, which little or no change in the features, functions and security thereby provided.
Before using public authentication key 111, however, device 102 determines whether public authentication key 111 is verified or genuine. In a conventional system using global or constant public and private key pairs for devices, verification can be accomplished by simply comparing the global key (public authentication key 111 received from object 104) with the same global key or a hash thereof stored on device 102. Use of global keys, however, does not provide the highest levels of security, as the global keys are vulnerable to hacking or other corruption. In embodiments, therefore, unique public and private keys are used for each device, and this process is described in more detail herein below.
At 302, and after verifying public authentication key 111, device 102 uses public authentication key 111 to encrypt a challenge. In an embodiment, the challenge comprises a random number. In another embodiment, the challenge also includes additional data. In embodiments, the encryption is carried out according to an asymmetric encryption methodology, for example an elliptic curve cryptographic algorithm. In another embodiment, an RSA cryptographic algorithm or some other cryptographic algorithm is used.
At 304, the encrypted challenge is transmitted from device 102 to object 104. In embodiments, the challenge can be transmitted wirelessly, such as by radio frequency (RF), or by wire, such as by a power line or other wire connection between device 102 and object 104. At 306, object 104 decrypts the received encrypted challenge using private authentication key 110. At 308, object 104 sends the decrypted challenge as a response to device 102, and device 102 determines whether the response is appropriate such that object 104 can be authenticated.
After method 300, device 102 can retain both public keys 103 and 111, or device 102 can delete public key 111 that was read from object 104. Retaining both keys can save time and calculations in the future, while deleting one key can free memory space.
In an embodiment, and referring to
Creation of the digest by the certificate authority is shown in more detail in
Digest 508 is signed using private verification key 510 of the certificate holder to create a signature 512. In an embodiment, an elliptic curve cryptographic algorithm is used to sign digest 508. Advantages of an elliptic curve cryptographic algorithm include shorter keys and fewer calculations because of the shorter keys, which can be beneficial in small, low-cost and/or embedded objects having less processing capacity. In another embodiment, an RSA cryptographic algorithm or some other cryptographic algorithm is used.
When object 104 is first attempted to be used with a device 102, device 102 must authenticate object 104 and verify that any data, information, content, media or other quantity originating from object 104, or object 104 itself, are legitimate. Accordingly, device 102 reads signature 512 and other data 520 from object 104 at 406. As part of this read, device 102 receives public authentication key 111 from object 104 as previously described, but device 104 cannot know whether public key 111 is corrupted or has been compromised and thus must verify the key.
This can be done using signature 512. Device 102 first recreates message 507 from data 520 and hashes message 507 according to the same algorithm used to create digest 508, thereby creating digest′ (508′) at 408. At 410, device 102 then extracts the original digest 508 from signature 512 read from object 104 using public verification key 103, which is intended, absent tampering or corruption, to correspond to private verification key 510 used to originally create signature 512. If the extraction is successful, device 102 compares digest′ (508′) with digest 508 at 412. If digest 508 and digest′ (508′) match, device 102 has verified that the data and information received from object 104 is uncorrupted and can use public authentication key 111 received from object 104 to authenticate object 104 according to process 300.
The remainder of the process is the same as or similar to that described above with respect to
Embodiments provide secure authentication of accessories, batteries, parts and other objects at a lower cost suitable for price-sensitive applications. Additionally, embodiments provide recovery action options in the event of hacking or key misuse by key blacklisting. Thus, if hacking of a public key is discovered, that key can be revoked or “blacklisted” and disabled globally, rather than having to block each single key in conventional approaches. This provides enhanced security and more efficient key management. Logistical improvements and efficiencies are also realized in that the device need not be preconfigured with the correct public key for a particular object, as the public key is extracted from the certificate stored in the object upon first use according to an embodiment. The overall security level is thereby enhanced, providing cost-effective authentication.
Various embodiments of systems, devices and methods have been described herein. These embodiments are given only by way of example and are not intended to limit the scope of the invention. It should be appreciated, moreover, that the various features of the embodiments that have been described may be combined in various ways to produce numerous additional embodiments. Moreover, while various materials, dimensions, shapes, implantation locations, etc. have been described for use with disclosed embodiments, others besides those disclosed may be utilized without exceeding the scope of the invention.
Persons of ordinary skill in the relevant arts will recognize that the invention may comprise fewer features than illustrated in any individual embodiment described above. The embodiments described herein are not meant to be an exhaustive presentation of the ways in which the various features of the invention may be combined. Accordingly, the embodiments are not mutually exclusive combinations of features; rather, the invention may comprise a combination of different individual features selected from different individual embodiments, as understood by persons of ordinary skill in the art.
Any incorporation by reference of documents above is limited such that no subject matter is incorporated that is contrary to the explicit disclosure herein. Any incorporation by reference of documents above is further limited such that no claims included in the documents are incorporated by reference herein. Any incorporation by reference of documents above is yet further limited such that any definitions provided in the documents are not incorporated by reference herein unless expressly included herein.
For purposes of interpreting the claims for the present invention, it is expressly intended that the provisions of Section 112, sixth paragraph of 35 U.S.C. are not to be invoked unless the specific terms “means for” or “step for” are recited in a claim.