Browse Prior Art Database

Integrated Key Server Applet Fix Process Which Updates a Smart Card while Preserving Encryption Keys

IP.com Disclosure Number: IPCOM000215749D
Publication Date: 2012-Mar-08
Document File: 3 page(s) / 79K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a process to install a fixed/enhanced applet that resides on a smart card while preserving the encryption key. The invention assumes an environment in which there are two or more computers. All of the computers in the environment have a file consisting of the same flash-backed DRAM encryption key, but encrypted under unique asymmetric identities provided by each computer's tightly coupled smart card.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 48% of the total text.

Page 01 of 3

Integrated Key Server Applet Fix Process Which Updates a Smart Card while Preserving Encryption Keys

A symmetric encryption key protects data written to flash-backed Dynamic Random-Access Memory (DRAM) during power outages or other down times. This encryption key most likely resides in an encrypted file on a computer. In the context of this invention, the encryption key is created by a smart card tightly coupled with the computer on which the encrypted file resides. The smart card contains an asymmetric key (either the RSA algorithm or Elliptic Curve Cryptography (ECC)) which is used to encrypt the file. The asymmetric key (i.e., identity, as it is called henceforth in this disclosure) provides the tight coupling to the computer. The code that creates the encryption key and encrypts that key with the asymmetric identity is an applet that resides on the smart card. If this applet is subject to fixes or enhancements, the fixed/enhanced applet must be loaded on to the smart card, erasing any previous version of the applet along with the smart card's asymmetric identify. This process has the potential to make the encryption key unusable.

     This disclosure describes a process to install the fixed/enhanced applet while preserving the encryption key. The invention assumes an environment in which there are two or more computers. All of the computers in the environment have a file consisting of the same flash-backed DRAM encryption key, but encrypted under unique asymmetric identities provided by each computer's tightly coupled smart card.

     When an applet fix is installed on the smart card associated with one computer in the environment, the process erases all previous information about that smart card's asymmetric identity. A new asymmetric identity is created; however, the encryption key file on that computer is now useless because it is encrypted under the smart card's previous asymmetric identity.

     To resolve this problem, the computer whose smart card undergoes an applet fix will initiate a secure protocol between itself and one of the other computers in the same environment to retrieve the flash-backed DRAM encryption key from the other computer without having to know the other computer's associated smart card asymmetric identity. The method then repeats this process as each tightly-coupled computer-smart card in that environment goes through the applet fix installation. This protocol results in preservation and redundancy of the flash-backed DRAM encryption key across all computers in the environment. The invention works according to the following protocol (described here at a high level):

1. An applet fix process completely erases a smart card that protects a symmetric key without compromising or destroying that symmetric key. The process is described below using the descriptive methods of initKeyOther(), retrieveKEKAndKey(), and storeKEKAndKey().

A. As the result of a defect or enhancement, the applet code on a smart card that is tig...