CA2172860A1 - Method of Token Verification in a Key Management System - Google Patents
Method of Token Verification in a Key Management SystemInfo
- Publication number
- CA2172860A1 CA2172860A1 CA2172860A CA2172860A CA2172860A1 CA 2172860 A1 CA2172860 A1 CA 2172860A1 CA 2172860 A CA2172860 A CA 2172860A CA 2172860 A CA2172860 A CA 2172860A CA 2172860 A1 CA2172860 A1 CA 2172860A1
- Authority
- CA
- Canada
- Prior art keywords
- master key
- token verification
- logical
- management system
- evidence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00741—Cryptography or similar special procedures in a franking system using specific cryptographic algorithms or functions
- G07B2017/00758—Asymmetric, public-key algorithms, e.g. RSA, Elgamal
- G07B2017/00766—Digital signature, e.g. DSA, DSS, ECDSA, ESIGN
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00846—Key management
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00846—Key management
- G07B2017/00854—Key generation
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00846—Key management
- G07B2017/0087—Key distribution
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00846—Key management
- G07B2017/0087—Key distribution
- G07B2017/00887—Key distribution using look-up tables, also called master tables with pointers
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00846—Key management
- G07B2017/00895—Key verification, e.g. by using trusted party
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07B—TICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
- G07B17/00—Franking apparatus
- G07B17/00733—Cryptography or similar special procedures in a franking system
- G07B2017/00959—Cryptographic modules, e.g. a PC encryption board
- G07B2017/00967—PSD [Postal Security Device] as defined by the USPS [US Postal Service]
Abstract
A method of token verification in a Key Management System provides a logical device identifier and a master key created in a logical security domain to a transaction evidencing device, such as a digital postage meter. The method creates a master key record in a key verification box, securely stores the master key record in a Key Management System archive, and produces in the transaction evidencing device evidence in the logical security domain of transaction information integrity.
The method inputs the evidence of the transaction information integrity to a token verification box, and inputs in the token verification box the master key record from the Key Management System archive. The method determines in the token verification box that the master key is valid in logical security domain, uses in the token verification box the master key to verify the evidence of transaction information integrity, and outputs from the token verification box an indication of the result of the verification of the evidence of transaction information integrity. The master key record includes the logical device identifier, the master key and a digital signature associating the logical device identifier and the master key. The method checks the digital signature to verify the association of the logical device identifier and the master key within the logical security domain.
The method inputs the evidence of the transaction information integrity to a token verification box, and inputs in the token verification box the master key record from the Key Management System archive. The method determines in the token verification box that the master key is valid in logical security domain, uses in the token verification box the master key to verify the evidence of transaction information integrity, and outputs from the token verification box an indication of the result of the verification of the evidence of transaction information integrity. The master key record includes the logical device identifier, the master key and a digital signature associating the logical device identifier and the master key. The method checks the digital signature to verify the association of the logical device identifier and the master key within the logical security domain.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/414,896 | 1995-03-31 | ||
US08/414,896 US5661803A (en) | 1995-03-31 | 1995-03-31 | Method of token verification in a key management system |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2172860A1 true CA2172860A1 (en) | 1996-10-01 |
CA2172860C CA2172860C (en) | 2000-05-16 |
Family
ID=23643464
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002172860A Expired - Fee Related CA2172860C (en) | 1995-03-31 | 1996-03-28 | Method of token verification in a key management system |
Country Status (7)
Country | Link |
---|---|
US (1) | US5661803A (en) |
EP (1) | EP0735720B1 (en) |
JP (1) | JP3881055B2 (en) |
CN (1) | CN1136512C (en) |
BR (1) | BR9601232A (en) |
CA (1) | CA2172860C (en) |
DE (1) | DE69636584T2 (en) |
Families Citing this family (44)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7567669B2 (en) | 1996-05-17 | 2009-07-28 | Certicom Corp. | Strengthened public key protocol |
US5825881A (en) * | 1996-06-28 | 1998-10-20 | Allsoft Distributing Inc. | Public network merchandising system |
US6041123A (en) * | 1996-07-01 | 2000-03-21 | Allsoft Distributing Incorporated | Centralized secure communications system |
US6041317A (en) * | 1996-11-19 | 2000-03-21 | Ascom Hasler Mailing Systems, Inc. | Postal security device incorporating periodic and automatic self implementation of public/private key pair |
US5982896A (en) * | 1996-12-23 | 1999-11-09 | Pitney Bowes Inc. | System and method of verifying cryptographic postage evidencing using a fixed key set |
US6058188A (en) * | 1997-07-24 | 2000-05-02 | International Business Machines Corporation | Method and apparatus for interoperable validation of key recovery information in a cryptographic system |
FR2768534B1 (en) * | 1997-09-18 | 1999-12-10 | Neopost Ind | METHOD AND DEVICE FOR SECURING POSTAL DATA |
WO1999020020A1 (en) | 1997-10-14 | 1999-04-22 | Certicom Corp. | Key validation scheme |
US6233565B1 (en) | 1998-02-13 | 2001-05-15 | Saranac Software, Inc. | Methods and apparatus for internet based financial transactions with evidence of payment |
DE19816344C2 (en) * | 1998-04-01 | 2000-08-10 | Francotyp Postalia Gmbh | Procedure for secure key distribution |
US7215773B1 (en) * | 1998-10-14 | 2007-05-08 | Certicom.Corp. | Key validation scheme |
AU1184499A (en) * | 1998-11-10 | 2000-05-29 | Kent Ridge Digital Labs | A method of encryption and apparatus therefor |
US6343361B1 (en) * | 1998-11-13 | 2002-01-29 | Tsunami Security, Inc. | Dynamic challenge-response authentication and verification of identity of party sending or receiving electronic communication |
US6847951B1 (en) * | 1999-03-30 | 2005-01-25 | Pitney Bowes Inc. | Method for certifying public keys used to sign postal indicia and indicia so signed |
US6704867B1 (en) | 1999-03-30 | 2004-03-09 | Bitney Bowes, Inc. | Method for publishing certification information representative of selectable subsets of rights and apparatus and portable data storage media used to practice said method |
US6738899B1 (en) | 1999-03-30 | 2004-05-18 | Pitney Bowes Inc. | Method for publishing certification information certified by a plurality of authorities and apparatus and portable data storage media used to practice said method |
JP3823599B2 (en) * | 1999-04-22 | 2006-09-20 | 富士ゼロックス株式会社 | Distribution information management apparatus and method |
IL130963A (en) * | 1999-07-15 | 2006-04-10 | Nds Ltd | Key management for content protection |
GB2353682B (en) | 1999-07-15 | 2004-03-31 | Nds Ltd | Key management for content protection |
EA003949B1 (en) * | 1999-08-23 | 2003-10-30 | Донгшенг Ли | A method for the accomplishment secure transaction for electronic bankbook |
US6968456B1 (en) * | 2000-08-08 | 2005-11-22 | Novell, Inc. | Method and system for providing a tamper-proof storage of an audit trail in a database |
US7756795B2 (en) | 2000-12-27 | 2010-07-13 | Pitney Bowes Inc. | Mail piece verification system |
US7707124B2 (en) * | 2000-08-28 | 2010-04-27 | Pitney Bowes Inc. | Mail piece verification system having forensic accounting capability |
DE10131254A1 (en) * | 2001-07-01 | 2003-01-23 | Deutsche Post Ag | Procedure for checking the validity of digital postage indicia |
JP2003101523A (en) * | 2001-09-21 | 2003-04-04 | Fujitsu Ltd | Communication network system and communication method having concealment function |
US8132236B2 (en) * | 2001-11-12 | 2012-03-06 | Hewlett-Packard Development Company, L.P. | System and method for providing secured access to mobile devices |
US7561691B2 (en) * | 2001-11-12 | 2009-07-14 | Palm, Inc. | System and method for providing secured access to mobile devices |
US20080148350A1 (en) * | 2006-12-14 | 2008-06-19 | Jeffrey Hawkins | System and method for implementing security features and policies between paired computing devices |
US6996620B2 (en) * | 2002-01-09 | 2006-02-07 | International Business Machines Corporation | System and method for concurrent security connections |
AUPS112202A0 (en) * | 2002-03-14 | 2002-04-18 | Commonwealth Scientific And Industrial Research Organisation | Semiconductor manufacture |
CN101400059B (en) * | 2007-09-28 | 2010-12-08 | 华为技术有限公司 | Cipher key updating method and device under active state |
US8214291B2 (en) | 2007-10-19 | 2012-07-03 | Ebay Inc. | Unified identity verification |
US8175276B2 (en) * | 2008-02-04 | 2012-05-08 | Freescale Semiconductor, Inc. | Encryption apparatus with diverse key retention schemes |
CN101335754B (en) * | 2008-05-14 | 2011-09-21 | 北京深思洛克软件技术股份有限公司 | Method for information verification using remote server |
EP2128781A1 (en) * | 2008-05-27 | 2009-12-02 | Benny Kalbratt | Method for authentication |
US8838503B2 (en) * | 2008-12-08 | 2014-09-16 | Ebay Inc. | Unified identity verification |
US9264230B2 (en) | 2011-03-14 | 2016-02-16 | International Business Machines Corporation | Secure key management |
US8619990B2 (en) | 2011-04-27 | 2013-12-31 | International Business Machines Corporation | Secure key creation |
US8789210B2 (en) | 2011-05-04 | 2014-07-22 | International Business Machines Corporation | Key usage policies for cryptographic keys |
US8634561B2 (en) * | 2011-05-04 | 2014-01-21 | International Business Machines Corporation | Secure key management |
US8566913B2 (en) | 2011-05-04 | 2013-10-22 | International Business Machines Corporation | Secure key management |
US8755527B2 (en) | 2011-05-04 | 2014-06-17 | International Business Machines Corporation | Key management policies for cryptographic keys |
US9003560B1 (en) * | 2012-06-05 | 2015-04-07 | Rockwell Collins, Inc. | Secure enclosure with internal security components |
US11132685B1 (en) | 2020-04-15 | 2021-09-28 | Capital One Services, Llc | Systems and methods for automated identity verification |
Family Cites Families (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4238853A (en) * | 1977-12-05 | 1980-12-09 | International Business Machines Corporation | Cryptographic communication security for single domain networks |
US4227253A (en) * | 1977-12-05 | 1980-10-07 | International Business Machines Corporation | Cryptographic communication security for multiple domain networks |
US4281216A (en) * | 1979-04-02 | 1981-07-28 | Motorola Inc. | Key management for encryption/decryption systems |
US4578531A (en) * | 1982-06-09 | 1986-03-25 | At&T Bell Laboratories | Encryption system key distribution method and apparatus |
US4590470A (en) * | 1983-07-11 | 1986-05-20 | At&T Bell Laboratories | User authentication system employing encryption functions |
US4972472A (en) * | 1985-03-15 | 1990-11-20 | Tandem Computers Incorporated | Method and apparatus for changing the master key in a cryptographic system |
US4731840A (en) * | 1985-05-06 | 1988-03-15 | The United States Of America As Represented By The United States Department Of Energy | Method for encryption and transmission of digital keying data |
GB8704920D0 (en) * | 1987-03-03 | 1987-04-08 | Hewlett Packard Co | Secure messaging system |
US4850017A (en) * | 1987-05-29 | 1989-07-18 | International Business Machines Corp. | Controlled use of cryptographic keys via generating station established control values |
US4888801A (en) * | 1988-05-02 | 1989-12-19 | Motorola, Inc. | Hierarchical key management system |
US4888802A (en) * | 1988-06-17 | 1989-12-19 | Ncr Corporation | System and method for providing for secure encryptor key management |
US4935961A (en) * | 1988-07-27 | 1990-06-19 | Gargiulo Joseph L | Method and apparatus for the generation and synchronization of cryptographic keys |
US5016277A (en) * | 1988-12-09 | 1991-05-14 | The Exchange System Limited Partnership | Encryption key entry method in a microcomputer-based encryption system |
US5048087A (en) * | 1989-02-03 | 1991-09-10 | Racal Data Communications Inc. | Key management for encrypted packet based networks |
US4965804A (en) * | 1989-02-03 | 1990-10-23 | Racal Data Communications Inc. | Key management for encrypted packet based networks |
US4956863A (en) * | 1989-04-17 | 1990-09-11 | Trw Inc. | Cryptographic method and apparatus for public key exchange with authentication |
US5138712A (en) * | 1989-10-02 | 1992-08-11 | Sun Microsystems, Inc. | Apparatus and method for licensing software on a network of computers |
US5148481A (en) * | 1989-10-06 | 1992-09-15 | International Business Machines Corporation | Transaction system security method and apparatus |
US5029206A (en) * | 1989-12-27 | 1991-07-02 | Motorola, Inc. | Uniform interface for cryptographic services |
US5173938A (en) * | 1990-09-27 | 1992-12-22 | Motorola, Inc. | Key management system |
US5247576A (en) * | 1991-02-27 | 1993-09-21 | Motorola, Inc. | Key variable identification method |
US5214698A (en) * | 1991-03-20 | 1993-05-25 | International Business Machines Corporation | Method and apparatus for validating entry of cryptographic keys |
US5200999A (en) * | 1991-09-27 | 1993-04-06 | International Business Machines Corporation | Public key cryptosystem key management based on control vectors |
US5241599A (en) * | 1991-10-02 | 1993-08-31 | At&T Bell Laboratories | Cryptographic protocol for secure communications |
US5179591A (en) * | 1991-10-16 | 1993-01-12 | Motorola, Inc. | Method for algorithm independent cryptographic key management |
US5265164A (en) * | 1991-10-31 | 1993-11-23 | International Business Machines Corporation | Cryptographic facility environment backup/restore and replication in a public key cryptosystem |
US5245658A (en) * | 1992-01-06 | 1993-09-14 | George Bush | Domain-based encryption |
JPH05281906A (en) * | 1992-04-02 | 1993-10-29 | Fujitsu Ltd | Cipher key common-used system |
US5237611A (en) * | 1992-07-23 | 1993-08-17 | Crest Industries, Inc. | Encryption/decryption apparatus with non-accessible table of keys |
JP2519390B2 (en) * | 1992-09-11 | 1996-07-31 | インターナショナル・ビジネス・マシーンズ・コーポレイション | DATA COMMUNICATION METHOD AND DEVICE |
US5341426A (en) * | 1992-12-15 | 1994-08-23 | Motorola, Inc. | Cryptographic key management apparatus and method |
US5491752A (en) * | 1993-03-18 | 1996-02-13 | Digital Equipment Corporation, Patent Law Group | System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens |
US5390251A (en) * | 1993-10-08 | 1995-02-14 | Pitney Bowes Inc. | Mail processing system including data center verification for mailpieces |
US5454038A (en) * | 1993-12-06 | 1995-09-26 | Pitney Bowes Inc. | Electronic data interchange postage evidencing system |
-
1995
- 1995-03-31 US US08/414,896 patent/US5661803A/en not_active Expired - Lifetime
-
1996
- 1996-03-28 CA CA002172860A patent/CA2172860C/en not_active Expired - Fee Related
- 1996-04-01 CN CNB961080647A patent/CN1136512C/en not_active Expired - Lifetime
- 1996-04-01 JP JP11407396A patent/JP3881055B2/en not_active Expired - Fee Related
- 1996-04-01 EP EP96105233A patent/EP0735720B1/en not_active Expired - Lifetime
- 1996-04-01 DE DE69636584T patent/DE69636584T2/en not_active Expired - Lifetime
- 1996-04-01 BR BR9601232A patent/BR9601232A/en not_active Application Discontinuation
Also Published As
Publication number | Publication date |
---|---|
CA2172860C (en) | 2000-05-16 |
CN1144942A (en) | 1997-03-12 |
BR9601232A (en) | 1998-01-06 |
CN1136512C (en) | 2004-01-28 |
EP0735720A2 (en) | 1996-10-02 |
DE69636584D1 (en) | 2006-11-16 |
EP0735720A3 (en) | 2000-05-24 |
JPH09167186A (en) | 1997-06-24 |
MX9601257A (en) | 1997-09-30 |
JP3881055B2 (en) | 2007-02-14 |
EP0735720B1 (en) | 2006-10-04 |
DE69636584T2 (en) | 2007-06-21 |
US5661803A (en) | 1997-08-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2172860A1 (en) | Method of Token Verification in a Key Management System | |
CA2173008A1 (en) | Cryptographic Key Management and Validating System | |
CA2183274A1 (en) | Secure User Certification For Electronic Commerce Employing Value Metering System | |
CA2172861A1 (en) | Method of Manufacturing Generic Meters in a Key Management System | |
CA2222662A1 (en) | System and method of verifying cryptographic postage evidencing using a fixed key set | |
CN100359519C (en) | Method and apparatus for establishing usage rights for digital content to be created in future | |
NZ306846A (en) | Digital signing method using partial signatures | |
EP0829824A3 (en) | Electronic data interchange postage evidencing system | |
CA2392264C (en) | System and method for automatically controlling the crossing of a border | |
CA2193284A1 (en) | A method of inhibiting token generation in an open metering system | |
CA2357003A1 (en) | System and method for authentication of network users and issuing a digital certificate | |
EP0781004A3 (en) | Message authorization system for authorizing message for electronic document | |
AU6057994A (en) | Key protection for smart cards | |
CA2634662A1 (en) | Regulating access to digital content | |
CA2026739A1 (en) | Transaction system security method and apparatus | |
EP0732673A3 (en) | Postage meter system and verification of postage charges | |
ATE242949T1 (en) | METHOD FOR SECURING A SYSTEM PROTECTED BY A KEY HIERARCHY | |
PL326075A1 (en) | System for and method of verifying a document | |
CA2144105A1 (en) | Method and System for Detecting Intrusion Into and Misuse of a Data Processing System | |
CA2256273A1 (en) | Postage metering system and method for a stand-alone meter having virtual meter functionality | |
CA2133679A1 (en) | Encryption Key Control System for Mail Processing System Having Data Center Verification | |
EP0782114A3 (en) | System and method for verifying signatures on documents | |
CA2197367A1 (en) | Security Access System | |
CA2290170C (en) | Improved digital signature | |
CA2173018A1 (en) | Method of Manufacturing Secure Boxes in a Key Management System |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKLA | Lapsed |
Effective date: 20130328 |