CA2172860A1 - Method of Token Verification in a Key Management System - Google Patents

Method of Token Verification in a Key Management System

Info

Publication number
CA2172860A1
CA2172860A1 CA2172860A CA2172860A CA2172860A1 CA 2172860 A1 CA2172860 A1 CA 2172860A1 CA 2172860 A CA2172860 A CA 2172860A CA 2172860 A CA2172860 A CA 2172860A CA 2172860 A1 CA2172860 A1 CA 2172860A1
Authority
CA
Canada
Prior art keywords
master key
token verification
logical
management system
evidence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA2172860A
Other languages
French (fr)
Other versions
CA2172860C (en
Inventor
John F. Braun
Robert A. Cordery
Frank M. D'ippolito
Kathryn V. Lawton
Steven J. Pauly
Leon A. Pintsov
Frederick W. Ryan, Jr.
Monroe A. Weiant, Jr.
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Pitney Bowes Inc
Original Assignee
Pitney Bowes Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pitney Bowes Inc filed Critical Pitney Bowes Inc
Publication of CA2172860A1 publication Critical patent/CA2172860A1/en
Application granted granted Critical
Publication of CA2172860C publication Critical patent/CA2172860C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00741Cryptography or similar special procedures in a franking system using specific cryptographic algorithms or functions
    • G07B2017/00758Asymmetric, public-key algorithms, e.g. RSA, Elgamal
    • G07B2017/00766Digital signature, e.g. DSA, DSS, ECDSA, ESIGN
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00846Key management
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00846Key management
    • G07B2017/00854Key generation
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00846Key management
    • G07B2017/0087Key distribution
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00846Key management
    • G07B2017/0087Key distribution
    • G07B2017/00887Key distribution using look-up tables, also called master tables with pointers
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00846Key management
    • G07B2017/00895Key verification, e.g. by using trusted party
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B17/00Franking apparatus
    • G07B17/00733Cryptography or similar special procedures in a franking system
    • G07B2017/00959Cryptographic modules, e.g. a PC encryption board
    • G07B2017/00967PSD [Postal Security Device] as defined by the USPS [US Postal Service]

Abstract

A method of token verification in a Key Management System provides a logical device identifier and a master key created in a logical security domain to a transaction evidencing device, such as a digital postage meter. The method creates a master key record in a key verification box, securely stores the master key record in a Key Management System archive, and produces in the transaction evidencing device evidence in the logical security domain of transaction information integrity.
The method inputs the evidence of the transaction information integrity to a token verification box, and inputs in the token verification box the master key record from the Key Management System archive. The method determines in the token verification box that the master key is valid in logical security domain, uses in the token verification box the master key to verify the evidence of transaction information integrity, and outputs from the token verification box an indication of the result of the verification of the evidence of transaction information integrity. The master key record includes the logical device identifier, the master key and a digital signature associating the logical device identifier and the master key. The method checks the digital signature to verify the association of the logical device identifier and the master key within the logical security domain.
CA002172860A 1995-03-31 1996-03-28 Method of token verification in a key management system Expired - Fee Related CA2172860C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/414,896 1995-03-31
US08/414,896 US5661803A (en) 1995-03-31 1995-03-31 Method of token verification in a key management system

Publications (2)

Publication Number Publication Date
CA2172860A1 true CA2172860A1 (en) 1996-10-01
CA2172860C CA2172860C (en) 2000-05-16

Family

ID=23643464

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002172860A Expired - Fee Related CA2172860C (en) 1995-03-31 1996-03-28 Method of token verification in a key management system

Country Status (7)

Country Link
US (1) US5661803A (en)
EP (1) EP0735720B1 (en)
JP (1) JP3881055B2 (en)
CN (1) CN1136512C (en)
BR (1) BR9601232A (en)
CA (1) CA2172860C (en)
DE (1) DE69636584T2 (en)

Families Citing this family (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7567669B2 (en) 1996-05-17 2009-07-28 Certicom Corp. Strengthened public key protocol
US5825881A (en) * 1996-06-28 1998-10-20 Allsoft Distributing Inc. Public network merchandising system
US6041123A (en) * 1996-07-01 2000-03-21 Allsoft Distributing Incorporated Centralized secure communications system
US6041317A (en) * 1996-11-19 2000-03-21 Ascom Hasler Mailing Systems, Inc. Postal security device incorporating periodic and automatic self implementation of public/private key pair
US5982896A (en) * 1996-12-23 1999-11-09 Pitney Bowes Inc. System and method of verifying cryptographic postage evidencing using a fixed key set
US6058188A (en) * 1997-07-24 2000-05-02 International Business Machines Corporation Method and apparatus for interoperable validation of key recovery information in a cryptographic system
FR2768534B1 (en) * 1997-09-18 1999-12-10 Neopost Ind METHOD AND DEVICE FOR SECURING POSTAL DATA
WO1999020020A1 (en) 1997-10-14 1999-04-22 Certicom Corp. Key validation scheme
US6233565B1 (en) 1998-02-13 2001-05-15 Saranac Software, Inc. Methods and apparatus for internet based financial transactions with evidence of payment
DE19816344C2 (en) * 1998-04-01 2000-08-10 Francotyp Postalia Gmbh Procedure for secure key distribution
US7215773B1 (en) * 1998-10-14 2007-05-08 Certicom.Corp. Key validation scheme
AU1184499A (en) * 1998-11-10 2000-05-29 Kent Ridge Digital Labs A method of encryption and apparatus therefor
US6343361B1 (en) * 1998-11-13 2002-01-29 Tsunami Security, Inc. Dynamic challenge-response authentication and verification of identity of party sending or receiving electronic communication
US6847951B1 (en) * 1999-03-30 2005-01-25 Pitney Bowes Inc. Method for certifying public keys used to sign postal indicia and indicia so signed
US6704867B1 (en) 1999-03-30 2004-03-09 Bitney Bowes, Inc. Method for publishing certification information representative of selectable subsets of rights and apparatus and portable data storage media used to practice said method
US6738899B1 (en) 1999-03-30 2004-05-18 Pitney Bowes Inc. Method for publishing certification information certified by a plurality of authorities and apparatus and portable data storage media used to practice said method
JP3823599B2 (en) * 1999-04-22 2006-09-20 富士ゼロックス株式会社 Distribution information management apparatus and method
IL130963A (en) * 1999-07-15 2006-04-10 Nds Ltd Key management for content protection
GB2353682B (en) 1999-07-15 2004-03-31 Nds Ltd Key management for content protection
EA003949B1 (en) * 1999-08-23 2003-10-30 Донгшенг Ли A method for the accomplishment secure transaction for electronic bankbook
US6968456B1 (en) * 2000-08-08 2005-11-22 Novell, Inc. Method and system for providing a tamper-proof storage of an audit trail in a database
US7756795B2 (en) 2000-12-27 2010-07-13 Pitney Bowes Inc. Mail piece verification system
US7707124B2 (en) * 2000-08-28 2010-04-27 Pitney Bowes Inc. Mail piece verification system having forensic accounting capability
DE10131254A1 (en) * 2001-07-01 2003-01-23 Deutsche Post Ag Procedure for checking the validity of digital postage indicia
JP2003101523A (en) * 2001-09-21 2003-04-04 Fujitsu Ltd Communication network system and communication method having concealment function
US8132236B2 (en) * 2001-11-12 2012-03-06 Hewlett-Packard Development Company, L.P. System and method for providing secured access to mobile devices
US7561691B2 (en) * 2001-11-12 2009-07-14 Palm, Inc. System and method for providing secured access to mobile devices
US20080148350A1 (en) * 2006-12-14 2008-06-19 Jeffrey Hawkins System and method for implementing security features and policies between paired computing devices
US6996620B2 (en) * 2002-01-09 2006-02-07 International Business Machines Corporation System and method for concurrent security connections
AUPS112202A0 (en) * 2002-03-14 2002-04-18 Commonwealth Scientific And Industrial Research Organisation Semiconductor manufacture
CN101400059B (en) * 2007-09-28 2010-12-08 华为技术有限公司 Cipher key updating method and device under active state
US8214291B2 (en) 2007-10-19 2012-07-03 Ebay Inc. Unified identity verification
US8175276B2 (en) * 2008-02-04 2012-05-08 Freescale Semiconductor, Inc. Encryption apparatus with diverse key retention schemes
CN101335754B (en) * 2008-05-14 2011-09-21 北京深思洛克软件技术股份有限公司 Method for information verification using remote server
EP2128781A1 (en) * 2008-05-27 2009-12-02 Benny Kalbratt Method for authentication
US8838503B2 (en) * 2008-12-08 2014-09-16 Ebay Inc. Unified identity verification
US9264230B2 (en) 2011-03-14 2016-02-16 International Business Machines Corporation Secure key management
US8619990B2 (en) 2011-04-27 2013-12-31 International Business Machines Corporation Secure key creation
US8789210B2 (en) 2011-05-04 2014-07-22 International Business Machines Corporation Key usage policies for cryptographic keys
US8634561B2 (en) * 2011-05-04 2014-01-21 International Business Machines Corporation Secure key management
US8566913B2 (en) 2011-05-04 2013-10-22 International Business Machines Corporation Secure key management
US8755527B2 (en) 2011-05-04 2014-06-17 International Business Machines Corporation Key management policies for cryptographic keys
US9003560B1 (en) * 2012-06-05 2015-04-07 Rockwell Collins, Inc. Secure enclosure with internal security components
US11132685B1 (en) 2020-04-15 2021-09-28 Capital One Services, Llc Systems and methods for automated identity verification

Family Cites Families (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4238853A (en) * 1977-12-05 1980-12-09 International Business Machines Corporation Cryptographic communication security for single domain networks
US4227253A (en) * 1977-12-05 1980-10-07 International Business Machines Corporation Cryptographic communication security for multiple domain networks
US4281216A (en) * 1979-04-02 1981-07-28 Motorola Inc. Key management for encryption/decryption systems
US4578531A (en) * 1982-06-09 1986-03-25 At&T Bell Laboratories Encryption system key distribution method and apparatus
US4590470A (en) * 1983-07-11 1986-05-20 At&T Bell Laboratories User authentication system employing encryption functions
US4972472A (en) * 1985-03-15 1990-11-20 Tandem Computers Incorporated Method and apparatus for changing the master key in a cryptographic system
US4731840A (en) * 1985-05-06 1988-03-15 The United States Of America As Represented By The United States Department Of Energy Method for encryption and transmission of digital keying data
GB8704920D0 (en) * 1987-03-03 1987-04-08 Hewlett Packard Co Secure messaging system
US4850017A (en) * 1987-05-29 1989-07-18 International Business Machines Corp. Controlled use of cryptographic keys via generating station established control values
US4888801A (en) * 1988-05-02 1989-12-19 Motorola, Inc. Hierarchical key management system
US4888802A (en) * 1988-06-17 1989-12-19 Ncr Corporation System and method for providing for secure encryptor key management
US4935961A (en) * 1988-07-27 1990-06-19 Gargiulo Joseph L Method and apparatus for the generation and synchronization of cryptographic keys
US5016277A (en) * 1988-12-09 1991-05-14 The Exchange System Limited Partnership Encryption key entry method in a microcomputer-based encryption system
US5048087A (en) * 1989-02-03 1991-09-10 Racal Data Communications Inc. Key management for encrypted packet based networks
US4965804A (en) * 1989-02-03 1990-10-23 Racal Data Communications Inc. Key management for encrypted packet based networks
US4956863A (en) * 1989-04-17 1990-09-11 Trw Inc. Cryptographic method and apparatus for public key exchange with authentication
US5138712A (en) * 1989-10-02 1992-08-11 Sun Microsystems, Inc. Apparatus and method for licensing software on a network of computers
US5148481A (en) * 1989-10-06 1992-09-15 International Business Machines Corporation Transaction system security method and apparatus
US5029206A (en) * 1989-12-27 1991-07-02 Motorola, Inc. Uniform interface for cryptographic services
US5173938A (en) * 1990-09-27 1992-12-22 Motorola, Inc. Key management system
US5247576A (en) * 1991-02-27 1993-09-21 Motorola, Inc. Key variable identification method
US5214698A (en) * 1991-03-20 1993-05-25 International Business Machines Corporation Method and apparatus for validating entry of cryptographic keys
US5200999A (en) * 1991-09-27 1993-04-06 International Business Machines Corporation Public key cryptosystem key management based on control vectors
US5241599A (en) * 1991-10-02 1993-08-31 At&T Bell Laboratories Cryptographic protocol for secure communications
US5179591A (en) * 1991-10-16 1993-01-12 Motorola, Inc. Method for algorithm independent cryptographic key management
US5265164A (en) * 1991-10-31 1993-11-23 International Business Machines Corporation Cryptographic facility environment backup/restore and replication in a public key cryptosystem
US5245658A (en) * 1992-01-06 1993-09-14 George Bush Domain-based encryption
JPH05281906A (en) * 1992-04-02 1993-10-29 Fujitsu Ltd Cipher key common-used system
US5237611A (en) * 1992-07-23 1993-08-17 Crest Industries, Inc. Encryption/decryption apparatus with non-accessible table of keys
JP2519390B2 (en) * 1992-09-11 1996-07-31 インターナショナル・ビジネス・マシーンズ・コーポレイション DATA COMMUNICATION METHOD AND DEVICE
US5341426A (en) * 1992-12-15 1994-08-23 Motorola, Inc. Cryptographic key management apparatus and method
US5491752A (en) * 1993-03-18 1996-02-13 Digital Equipment Corporation, Patent Law Group System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens
US5390251A (en) * 1993-10-08 1995-02-14 Pitney Bowes Inc. Mail processing system including data center verification for mailpieces
US5454038A (en) * 1993-12-06 1995-09-26 Pitney Bowes Inc. Electronic data interchange postage evidencing system

Also Published As

Publication number Publication date
CA2172860C (en) 2000-05-16
CN1144942A (en) 1997-03-12
BR9601232A (en) 1998-01-06
CN1136512C (en) 2004-01-28
EP0735720A2 (en) 1996-10-02
DE69636584D1 (en) 2006-11-16
EP0735720A3 (en) 2000-05-24
JPH09167186A (en) 1997-06-24
MX9601257A (en) 1997-09-30
JP3881055B2 (en) 2007-02-14
EP0735720B1 (en) 2006-10-04
DE69636584T2 (en) 2007-06-21
US5661803A (en) 1997-08-26

Similar Documents

Publication Publication Date Title
CA2172860A1 (en) Method of Token Verification in a Key Management System
CA2173008A1 (en) Cryptographic Key Management and Validating System
CA2183274A1 (en) Secure User Certification For Electronic Commerce Employing Value Metering System
CA2172861A1 (en) Method of Manufacturing Generic Meters in a Key Management System
CA2222662A1 (en) System and method of verifying cryptographic postage evidencing using a fixed key set
CN100359519C (en) Method and apparatus for establishing usage rights for digital content to be created in future
NZ306846A (en) Digital signing method using partial signatures
EP0829824A3 (en) Electronic data interchange postage evidencing system
CA2392264C (en) System and method for automatically controlling the crossing of a border
CA2193284A1 (en) A method of inhibiting token generation in an open metering system
CA2357003A1 (en) System and method for authentication of network users and issuing a digital certificate
EP0781004A3 (en) Message authorization system for authorizing message for electronic document
AU6057994A (en) Key protection for smart cards
CA2634662A1 (en) Regulating access to digital content
CA2026739A1 (en) Transaction system security method and apparatus
EP0732673A3 (en) Postage meter system and verification of postage charges
ATE242949T1 (en) METHOD FOR SECURING A SYSTEM PROTECTED BY A KEY HIERARCHY
PL326075A1 (en) System for and method of verifying a document
CA2144105A1 (en) Method and System for Detecting Intrusion Into and Misuse of a Data Processing System
CA2256273A1 (en) Postage metering system and method for a stand-alone meter having virtual meter functionality
CA2133679A1 (en) Encryption Key Control System for Mail Processing System Having Data Center Verification
EP0782114A3 (en) System and method for verifying signatures on documents
CA2197367A1 (en) Security Access System
CA2290170C (en) Improved digital signature
CA2173018A1 (en) Method of Manufacturing Secure Boxes in a Key Management System

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed

Effective date: 20130328