Browse Prior Art Database

Efficient Provisioning of Complex Structures over Unsecured Channels Disclosure Number: IPCOM000215433D
Original Publication Date: 2012-Feb-27
Included in the Prior Art Database: 2012-Feb-27

Publishing Venue

Linux Defenders

Related People

Anders Rundgren: AUTHOR


The document describes how you by combining MAC (Message Authencation Code) operations with a virtual name-space can provision cryptographic keys in a secure and efficient way over an unsecure channel.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 16% of the total text.

Page 01 of 10

This invention is hereby placed in the Public Domain

Efficient Provisioning of Complex Structures over Unsecured Channels

Background to the Invention

This invention is an intrinsic part of a scheme called SKS/KeyGen2 where SKS represent a comparatively simple (but secure) electronic device that can hold cryptographic keys (e.g. "smart card") which can be use for authentication etc. KeyGen2 is a matching high-level protocol for provisioning an SKSdevice with such keys.

Since the provisioning may take place over the Internet an issuer of keys like a bank, government agency, employer etc., do usually not have a particularly good control over the security in the computer to which keys are to be provisioned to.

To make this process more trustworthy the SKS has been equipped with a built-in key which can be used for vouching the brand and even the individual serial number of the SKS to the issuer. This enables an issuer toat least determine if keys will be stored ina trustworthy key-container or in a container having unknown characteristics.

However, this is not enough because a provisioning session consists of multiple steps and an adversary ("man-in-the-middle") could modify and/or redirect the information flow after the initial authentication. Although TLS (Transport Level Security) could be used to address this problem, TLS would greatly complicate both the design and administration of an SKS. In addition, the use of TLS would effectively disable the ability letting a user define a PIN-code associated with a key to be provisioned unless the SKS also have a built-in user-interface.

Due to this, many existing key-provisioning systems rather relyon adding MAC (Message Authentication Code) checksums to each message interchange. Sensitive data is usually encrypted using a key derived fromthe same key that is used for MACs.

This document describes how you by combining MACs with a virtual name-space can create complex structures in an SKS not only in a secure manner but efficiently as well


Page 02 of 10

SKS/KeyGen2 Architecture

The figure below shows the components involved in this description. The parts of SKS that deal with the actual usage of cryptographic keys (in the upper left corner of the picture) are not elaborated on here because they are more or less "standard".

Issuer (CA)

Applications Using Cryptographic Keys


JCE (Java)

End-To-End Security (E2ES) protocol where the issuer and the SKS exploit a cooperatively created shared secret


PKCS #11

Provisioning Proxy

SKS Native API


XML Processing

Content Aggregation

User Interaction

  Embedded or Connected Device

SKS - Secure Key Store

 Device Certificate

Attestation Private Key



Crypto Engine

Client Platform

The Device Certificateand Attestation Private Keyare built-in objects having a single task: vouching for the authenticity of the SKS device during provisioning sessions. The Credential Databasestores keys and associ...