US008701169B2

(12) United States Patent (10) Patent No.: US 8,7011699 9 B2 Campagna et al. (45) Date of Patent: Apr. 15, 2014

(54) USING ASINGLE CERTIFICATE REQUEST USPC ...... 713/156, 175; 726/6, 10, 18; 380/30 TO GENERATE CREDENTIALS WITH See application file for complete search history. MULTIPLE ECQV CERTIFICATES (56) References Cited (75) Inventors: Matthew John Campagna, Ridgefield, U.S. PATENT DOCUMENTS CT (US); Robert John Lambert, Cambridge (CA); James Robert Alfred, 5,610,982 A * 3/1997 Micali...... 713/157 Mississauga (CA) 6,675.296 B1* 1/2004 Boeyen et al...... T13,156 6,792,530 B1 9/2004 Quetal. (73) Assignee: Certicom Corp., Mississauga (CA) (Continued) (*) Notice: Subject to any disclaimer, the term of this FOREIGN PATENT DOCUMENTS patent is extended or adjusted under 35 U.S.C. 154(b) by 107 days. WO 99.49612 A1 9, 1999 WO 03/009.561 A2 1, 2003 WO O3,O79627 A2 9, 2003 (21) Appl. No.: 13/370,764 WO WO 2010 129694 A1 * 11, 2010 (22) Filed: Feb. 10, 2012 OTHER PUBLICATIONS O O Sans. “Key and Certificate Management in Public Key Infrastructure (65) Prior Publication Data Technology”, Aug. 2001.* US 2013/OO46972A1 Feb. 21, 2013 Certicom Corp., Standards for Efficient Cryptography, SEC 1: Ellip s tic Curve Cryptography, version 1.0, Sep. 20, 2000. (30) Foreign Application Priority Data (Continued) Feb. 11, 2011 (WO)...... PCT/US2011/024505 Primary Examiner — Michael Simitoski (74) Attorney, Agent, or Firm — Oblon, Spivak, (51) Int. Cl. McClelland, Maier & Neustadt, L.L.P. G06F 7/04 (2006.01) HD4L 29/06 (2006.01) (57) ABSTRACT H04L 9M32 (2006.01) A method and apparatus are disclosed for using a single H04L 9/08 (2006.01) credential request (e.g., registered public key or ECOV cer GO6F 17/30 (2006.01) tificate) to obtain a plurality of credentials in a secure digital (52) U.S. Cl. communication system having a plurality of trusted certifi CPC ...... H04L 9/3263 (2013.01); H04L 63/0823 cate authority CA entities and one or more subscriber entities (2013.01): HO4L 29/06 (2013.6). H04L 9/083 A. In this way, entity A can be provisioned OntO multiple PKI s (2013.01); H04L 9v086I (2013.01) networks by leveraging a single registered public key or USPC ...... 726/6. 7375. 713/156: 726/10. implicit certificate as a credential request to one or more CA s s s 38030 entities to obtain additional credentials, where each addi (58) Field of Classification Search tional credential can be used to derive additional public key CPC ...... H04L 29/06; H04L 9/083; H04L 9/0861; private key pairs for the entity A. H04L 9/3263; H04L 9/3252: H04L 63/0823 24 Claims, 6 Drawing Sheets

100 y CA3) Memory Hardware 31 du Q) kcal, Qcal Werify Generate {A32 ID 33 Key:ICisTransformation 34 G User AO 1. A. ICats Memory Hardware idAGA A1 Processors6 iO3: FCs), st iCa2,5: Cas ICKey Werification Transformation 12 kataka: Qakai, Q N CA40 Memory Hardware 41 Processor 4 IC YN I dy, Q, I kca, Qcay Werify Generate IC G42 IDA43 (- Channel 19 Key:Is Transformation 4 ICA, si

UserB20 Fiocessor ISO4. Memory:Hardware 2 Parseiverifs Ic22 ICKey Transformation 24 Qai

LiO2 US 8,701,169 B2 Page 2

(56) References Cited OTHER PUBLICATIONS Certicom Corp., Standards for Efficient Cryptography, SEC 4: Ellip U.S. PATENT DOCUMENTS tic Curve Cryptography, Working Draft, version 1.1r1, Jun. 9, 2006. Certicom Corp., Standards for Efficient Cryptography, SEC 1: Ellip 7,237,114 B1* 6/2007 Rosenberg ...... 713, 176 2002, 0046340 A1* 4/2002 Fujishiro et al. ... 713,171 tic Curve Qu-Vanstone Implicit Certificate Scheme (ECQV), Work 2002/0108041 A1* 8, 2002 Watanabe et al...... 713, 175 ing Draft, version 0.91, Oct. 17, 2008. 2002/0116611 A1 8/2002 Zhou et al...... T13,156 Rene Struik, Certicom Corp., IEEE P802.15 Working Group for 2003, OO18913 A1 1/2003 Brezak et al...... T13 201 Wireless Personal Area Networks (WPANs). Mandatory ECC Secu 2005/0076205 A1 4/2005 Thornton rity Algorithm Suite, Aug. 2, 2002. 2005/0O81025 A1 4/2005 Thornton et al...... 713,155 International Search Report and Written Opinion for PCT Applica 2005/009 1484 A1 4/2005 Thornton et al. .. 2005, 0108575 A1* 5/2005 Yung ...... 2 tion No. PCT/US2011/024505, dated Oct. 18, 2011. 2005/011.4651 2. Office Action mailed on Sep. 18, 2013, in European Application No. A1* 5/2005 Quet al...... 2007/0192843 A1* 8, 2007 Peterson et al. T26/10 11704390.1-1860. 2007/0226785 A1* 9, 2007 Chow et al...... 7268 2011/OO87883 A1* 4/2011 Campagna et al. ... T13,156 * cited by examiner U.S. Patent Apr. 15, 2014 Sheet 1 of 6 US 8,701,169 B2

100 y Memory/Hardware 31 Secure di. Qi kCA1, QCA Channel 17 Verify Generate GA 32 IDA 33

ur Kcy/IC's Transformation 34 User A1 O GA 1. ICA1, S1 Memory/Hardware 11 1. ICA, Sl real or ICA1, S1 Secure Channel IC/Key Verification/ 18 Transformation 12 kA. QA N GA N Memory/Hardware 41 Processor 14 Ys ICA, S, di, Q, Verify Generate ICA, GAAa. 42 IDA,Ali 43 -- Channel 19 Key/IC/s Transformation 44

Memory/Hardware 21 Parse/Verify ICA, 22

IC/Key Transformation 24

Processor 26 I/O 27 Figure 1 U.S. Patent Apr. 15, 2014 Sheet 2 of 6 US 8,701,169 B2

200

User A 201 Generate dA, GA204

Send Certificate Request to CA206 Parse Request and Verify GA256

Generate Identity and Validity Information IDA for User A258

Generate Ephermal Key Pair (d, Q)260

Compute BA = Q, + GA262

Format implicit Certificate (ICA, = f(BA, IDA) for User A264

Compute e = Hash(ICA) and SAIF edit KCA (mod n) 266

Parse ICA and Verify BA and IDA. 208 Return CA; and SA,268

Store ICA; and SA 210 User B 381

Send ICA to User B212 Parse ICA and Verify IDA and BA384

Compute e = Hash(ICA) 21 Compute e = Hash(ICA)386

Compute kA = edA + SA (mod n) 216 Compute QA = eBA + QCA388

Compute QA = eBA + QCA. 218 Figure 2 U.S. Patent Apr. 15, 2014 Sheet 3 of 6 US 8,701,169 B2

300

Memory/Hardware 51 1. civil 58 IC/s/Key Transformation 54

kAi QA Memory/Hardware 71 di. Q, kCAj, QCA Parse/Verify ICA72 IC/Key Transformation 73 New IDA74 CAi -- Channel 59 v Key/ICA/s:Transformation 75

ICA, Si User FB 60 Memory/Hardware 61 Processor 76 I/O 77 Parse/Verify ICA, 62 90 IC/Key Transformation 64

QAi

Figure 3 U.S. Patent Apr. 15, 2014 Sheet 4 of 6 US 8,701,169 B2

400

User A401 CA i451 Generate and Store dA, GA, ICA and SA 402 KCA, QCA452

Send Certificate Request (ICA) to CA404 o Parse Request and Verify BA and IDA454

Compute e = Hash(ICA) and QAF eBA + QCA456 Generate Ephermal Key Pair (d, Q)458

Compute BAi=Q+ QA 460

Generate New Identity and Validity Information IDA for User A 462

Format implicit Certificate (ICA = f(BA, IDA) for User A464 Compute e = Hash(ICA) and SA = ed. + kCA (mod n)466

Parse ICA, and Verify BA and IDA406 Return ICA and SA, 468

Compute ei= Hash(ICA) 408

Store ICA and SA 410

Send ICA to User B412 Parse ICA and Verify IDA and BA, 482

Compute KA = edA + SA (mod n)414 Compute e = Hash(ICA) 484

Compute QA = eBA + QCA 416 Compute QA = eBA + QcA486

Figure 4 U.S. Patent Apr. 15, 2014 Sheet 5 of 6 US 8,701,169 B2

500 N I/O 502

Secondary Storage 508 ROM 512

application management Services 606 operating system (drivers) 604 U.S. Patent Apr. 15, 2014 Sheet 6 of 6 US 8,701,169 B2

734 -. w --

726 728 732 730

OPERATING SRR SIR/RUIM BAERY SYSE INTSRFACE SCFARE COA.FONES ISRAY AXARY O

MESSAGE APPCAON w 708 712 714 740 AA PORT 738 '' FLASH MEMORY - AN DECE SAE RRCCESSOR KEYBOARD MiCLE RAM 702 716

718 SR-AKER COM, NICATION

JROPHONE CC&NECT S3BSYSE OLE N 7:6 72 744 ---- IT POLICY NETWORK Cit s A | SHORTRANGE || OTHER DEVICE -- |COMMUNICATIONS SBSYSTEMS 738 722 724

Figure 7 US 8,701,169 B2 1. 2 USING ASINGLE CERTIFICATE REQUEST lowing detailed description is considered in conjunction with TO GENERATE CREDENTIALS WITH the following drawings, in which: MULTIPLE ECQV CERTIFICATES FIG. 1 is a schematic representation of a first system con figuration in which a public key is used to obtain a plurality of BACKGROUND OF THE INVENTION credentials from different certificate authorities; FIG. 2 depicts in flow chart form a procedure for obtaining 1. Field of the Invention a plurality of credentials from a single public key: The present invention is directed in general to implicit FIG. 3 is a schematic representation of a second system certificate systems and methods for operating same. In one configuration in which an existing implicit certificate is used aspect, the present invention relates to the methods, systems 10 to obtain a plurality of credentials from different certificate and devices for generating credentials and certificates for authorities; implicitly verifying a public key. FIG. 4 depicts in flow chart form a procedure for obtaining 2. Description of the Related Art a plurality of credentials from a single implicit certificate; In electronic commerce or other information transactions FIG. 5 illustrates an example computer system that may be 15 Suitable for implementing the credential processing at a user over the Internet and other secure infrastructure, there are device or certificate authority; increasing security requirements for participating or other FIG. 6 is a diagram of a software environment that may be wise provisioning secure hardware which require expensive implemented on a user agent and/or certificate authority oper control processes to uniquely identify and provide the neces able for some of the various embodiments of the disclosure; sary credential to the participants or hardware. To meet this and need, systems have been developed for providing large-scale FIG. 7 is a schematic block diagram illustrating exemplary distribution of public keys and public key certificates. Public components of a mobile wireless communications device key certificates are a vehicle by which public keys may be which may be used with selected embodiments of the present stored, distributed or forwarded over unsecured media with invention. out danger of undetectable manipulation so at to make one 25 party's public key available to others such that its authenticity DETAILED DESCRIPTION and validity are verifiable. Public-key certificates use a data structure consisting of a data part and a signature part. The A method, system and device are provided for generating a data part contains cleartext data including, as a minimum, a plurality of public key pairs from a single private key in a public key and a string identifying the party to be associated 30 secure digital communication system having a plurality of therewith. The signature part consists of the digital signature trusted entities or certificate authorities (CA) and subscriber of a certification authority (CA) over the data part, thereby entities. In selected embodiments, a subscriber entity A uses binding the entities identity to the specified public key. With a single key pair to generate multiple requests to a plurality of this arrangement, the CA is a trusted third party whose sig different certificate authorities to provide a plurality of cre nature on the certificate vouches for the authenticity of the 35 dentials or implicit certificates, such as Elliptic Curve Qu public key bound to the subject entity. One approach for Vanstone (ECOV) implicit certificates or ECQV-based cre distributing public keys involves implicitly-certified public dentials. To this end, the subscriber entity may use an initial key Schemes where an explicit user public key is recon registered public key to make multiple certificate requests to structed rather than transported by public-key certificates as different certificate authorities to obtain multiple ECQV cer in certificate-based systems. An example of an implicitly 40 tificates as a means to accept registration of a Subscriber entity certified public key mechanism is the original Elliptic Curve device into a subsequent Public Key Infrastructure (PKI) Qu-Vanstone Certificate (ECOV) scheme presented in “SEC transaction. As a result, a single public key is used to generate 4: Elliptic Curve Cryptography Working Draft' which con two or more certificates in different certificate authority tains a method for creating implicit certificates which provide domains without the registration costs that would otherwise implicit authentication when the certificate is used in con 45 be required to provision additional credentials onto the net junction with an operation requiring the sender to use the work. In other embodiments, the subscriber entity uses an private key, such as in an ECDH, ECMQV or ECDSA opera initial implicit certificate, such as an ECQV certificate, to tion. ECQV Certificates are generated between a requestor make multiple certificate requests to different certificate and a certificate authority (CA). Under the ECQV scheme, authorities such that the initial implicit certificate is used to when a user requests an implicit certificate for a public key 50 validate one or more certificate requests for one or more from a CA, this public key (and the private key) is a random additional ECQV certificates. In addition to reducing regis result of the computations made by the user and the CA. This tration costs for provisioning additional credentials, the dis has the direct consequence that once a ECQV implicit certifi closed schemes allow a plurality of private keys to be derived cate is issued, one cannot get another ECQV implicit certifi from a single private key. cate for the same public key from a different CA. 55 Various illustrative embodiments of the present invention Accordingly, a need exists for an improved method, system will now be described in detail with reference to the accom and device for providing credentials to overcome the prob panying figures. While various details are set forth in the lems in theart, such as outlined above. Further limitations and following description, it will be appreciated that the present disadvantages of conventional processes and technologies invention may be practiced without these specific details, and will become apparent to one of skill in the art after reviewing 60 that numerous implementation-specific decisions may be the remainder of the present application with reference to the made to the invention described herein to achieve the device drawings and detailed description which follow. designer's specific goals, such as compliance with commu nication system limits or design-related constraints, which BRIEF DESCRIPTION OF THE DRAWINGS will vary from one implementation to another. While such a 65 development effort might be complex and time-consuming, it The present invention may be understood, and its numer would nevertheless be a routine undertaking for those of ous objects, features and advantages obtained, when the fol ordinary skill in the art having the benefit of this disclosure. US 8,701,169 B2 3 4 For example, selected aspects are shown in block diagram Once the long-term key pair (d, G ) is generated at the form, rather than in detail, in order to avoid limiting or obscur first device 10, the public key G is included in a registered or ing the present invention. In addition, some portions of the otherwise controlled public key database using any desired detailed descriptions provided herein are presented in terms registration process. Using the registered public key G as of algorithms and instructions that operate on data that is credential request to two or more different certificate authori stored in a computer memory. Such descriptions and repre ties 30, 40, the device 10 can be provisioned onto a plurality sentations are used by those skilled in the art to describe and of networks by leveraging the controlled initial registration to convey the substance of their work to others skilled in the art. issue additional credentials, possibly in a push transaction. In general, analgorithm refers to a self-consistent sequence of This process is initiated when the first device 10 sends the steps leading to a desired result, where a “step’ refers to a 10 same public key G as credential request over the secure manipulation of physical quantities which may, though need channels 17, 18 using appropriate input/output circuitry 15 to not necessarily, take the form of electrical or magnetic signals first and second certificate authorities CA, CA, 30, 40. In capable of being stored, transferred, combined, compared, response, each certificate authority associates the first device and otherwise manipulated. It is common usage to refer to 10 with a new credential (e.g., an ECQV certificate) for an these signals as bits, values, elements, symbols, characters, 15 associated secure PKI infrastructure. terms, numbers, or the like. These and similar terms may be To this end, each of the certificate authorities 30, 40 is associated with the appropriate physical quantities and are configured to transform a single public key G. credential merely convenient labels applied to these quantities. Unless request into a unique implicit certificate using one or more specifically stated otherwise as apparent from the following processors 36 that run one or more Software programs embod discussion, it is appreciated that, throughout the description, ied in non-transitory storage media device(s) (e.g., RAM, discussions using terms such as “processing or “computing ROM, flash memory, etc.) or otherwise control dedicated or “calculating or “determining or “displaying or the like, hardware circuits in the memory/hardware module 31. At the refer to the action and processes of a computer system, or first certificate authority CA 30, the credential request is similar electronic computing device, that manipulates and received with appropriate input/output circuitry 37. The transforms data represented as physical (electronic) quanti 25 received credential request is then processed with the CA's ties within the computer system's registers and memories into key pair (k, Q) by first authenticating the received other data similarly represented as physical quantities within public key G in the credential request. In selected embodi the computer system memories or registers or other Such ments, the verification module 32 shown in FIG. 1 may be information storage, transmission or display devices. used to verify the public key in the initial controlled database. Referring now to FIG. 1, there is depicted a schematic 30 If any identification information for the first device 10 is representation of a first system 100 in which a public key received as part of the credential request, this information associated with a first device 10 is used to obtain a plurality of may also be verified. If any information is not verified, the credentials from different certificate authorities 20, 30 for certificate authority CA30 returns a message indicating veri implicitly certifying a plurality of public keys. The depicted fication failure to the first device 10. system 100 includes at least a pair of first and second corre 35 To transform the public key G into a unique credential for spondents (A, B) 10, 20 and a plurality of trusted third parties the first device 10, the certificate authority CA 30 generates (CA-CA) 30, 40. The correspondents A and B exchange an ephemeral key pair by selecting a random integerd as a information over a communication channel 19 by using soft private key, and then computing a public key Q, using any ware and/or hardware to perform cryptographic functions for desired key pair computation algorithm, including but not transmitting, receiving, encrypting, decrypting and Verifying 40 limited to elliptic curve key generation algorithms known to exchanged information messages. To this end, each of the those skilled in the art. In addition, the certificate authority correspondents A and B includes, among other components, CA 30 constructs identity and validity information ID for hardware and/or software executed by one or more processor the first device 10. In selected embodiments, the ID genera elements for generating and applying encryption keys, as well tion module 33 shown in FIG. 1 may be used to generate as generating and processing credentials and credential 45 identity information by choosing a unique distinguished requests. name or identity ID (e.g., name, address, phone number, As described herein, the first correspondent or device 10 email address, MAC address) for the first device 10 or its (User A) can be any component or item that is capable of associated User A. The certificate authority CA 30 also com registering into a PKI transaction, and may represent, for bines or otherwise transforms the public keys G and Q to example, a chip, circuit board, electronic consumer device, 50 generate a public reconstruction value B, such as by using computer, processor, memory, etc. To this end, the first cor the key transformation module 34 to compute B G +Q. respondent or device 10 is configured to transform a single The value pair (ID, B) serves as an implicit certificate key pair into a plurality of implicit credentials using one or IC for the first device 10. Finally, the certificate authority more processors 14 that run one or more Software programs CA 30 computes associated private key contribution datas embodied in non-transitory storage media device(s) (e.g., 55 using trusted routines. In selected embodiments, the key/s RAM, ROM, flash memory, etc.) or otherwise control dedi transformation module 34 shown in FIG. 1 may be used to cated hardware circuits in the memory/hardware module 11. compute the private key contribution data s by first comput For example, the first device 10 may include an asset control ing the hash value e-Hash (IC) using a predetermined hash core (ACC) as an efficient cryptographic security engine that function, and then computing the integers ed+k (mod is integrated into a chip's design and used to generate and 60 n) as the private key contribution data, where d is CAS store a long-term key pair (d. G) during a controlled manu ephemeral private key and k is CA’s secret private key. facturing process and register the public key as part of the The implicit certificate IC and private key contribution data device's unique identification. While the public key pair may s are then securely returned to the first device 10 over secure be stored in memory 11 using elliptic curve domain param channel 17 to provide CA's signature on the identity infor eters T=(p.a,b.G.n.h), it will be appreciated that other public 65 mation ID, as an implicit certificate for the first device 10. key protocol domains may be used to define and process the In similar fashion, additional credentials can be generated public key pair. from the public key G. by one or more additional certificate US 8,701,169 B2 5 6 authorities (e.g., CA, 40) configured to transform the single and private key contribution data (IC1, S1). (IC, S2). . . . . public key G. credential request into a unique implicit cer (IC, s). Alternatively, the first device 10 can store the tificate using one or more processors 46 that run one or more received credentials IC, and associated private key contribu Software programs embodied in non-transitory storage media tion datas, in memory along with the pre-computed the hash device(s) (e.g., RAM, ROM, flash memory, etc.) or otherwise value e, as a triple value (e., S, IC) and then reconstruct the control dedicated hardware circuits in the memory/hardware private key k, associated with certificate IC, when needed. module 41. Thus, the received credential request is processed This approach allows the long term private key d to be stored with the CA's key pair (k, Q) by verifying the received in secure memory storage that requires confidentiality and public key G in the credential request and any other identi data integrity, while a second memory storage that requires fication information with verification module 42. Once veri 10 only data integrity is used to store a plurality of credentials fied, the public key G is then transformed by the additional ((e1, S1, ICAI), (e2, S2, IC 12), ... (e, S, IC1,)). Thus, whenever certificate authority CA, 40 into a unique credential for the the first device 10 needs to authenticate within a secure infra first device 10 for use with an established PKI infrastructure. structure PKI, it recomputes the appropriate private keyk, as In selected embodiments, the public key G is transformed specified above. into a unique credential by generating an ephemeral key pair 15 At whatever point the public key Q, is computed, the first (d. Q.), constructing identity and validity information ID, device 10 can publish the public key Q. in the public domain for the first device 10 (e.g., with ID generation module 43). by publishing predetermined parameters, such as elliptic generating a public reconstruction value B, (e.g., B. G+ curve domain parameters T (p.a,b.G.n.h), in the public Q), formatting an implicit certificate IC, from the value pair domain where they may be obtained by another correspon (ID, B), computing associated private key contribution dent or device 20 (User B) wishing to participate with User A datas, using trusted routines, and then returning the implicit in a secure infrastructure. Alternatively, the first device 10 certificate IC, and private key contribution datas, to the first (User A) can send one of its implicit certificates IC, to a device 10 over secure channel 18 to provide CA's signature second device 20 (User B) which then recovers User As on the identity information ID, as an additional implicit public key Q. To this end, the second device 20 may be certificate for the first device 10. 25 configured to transform the received credential IC, into a Under the disclosed scenario, a plurality of CAS can issue public key Q, using one or more processors 26 that run one new network credential ECQV certificates to a first corre or more software programs embodied in non-transitory Stor spondent or device 10 (User A) to enable the user/device 10 to age media device(s) (e.g., RAM, ROM, flash memory, etc.) or compute a plurality of private keys associated with those otherwise control dedicated hardware circuits in the memory/ credentials, using a single private key d. To this end, the first 30 hardware module 21. The transformation process begins by device 10 stores each received implicit certificate IC, and retrieving and parsing the received credential IC, to obtain private key contribution data s, in memory 11. In selected the public reconstruction value B, and identity and validity embodiments, the implicit certificate IC, and associated field information ID. In selected embodiments, the IC verifica elements, may be stored without providing confidentiality to tion module 22 shown in FIG.1 may be used to verify that the the stored data. When the first device 10 requires use of this 35 public reconstruction value B, is a point on a predetermined ECQV-credential in the application space of the PKI, infra curve, and to otherwise verify the identity and validity infor structure associated with a particular certificate authority CA, mation ID using predetermined application rules. If any the first device 10 transforms the implicit certificate and asso information is not verified, the second device 20 terminates ciated field element to generate a unique private key using the process. possibly pre-computed and stored values. The transformation 40 Once verified, the received credential IC can be trans process begins by retrieving and parsing the selected implicit formed by the second device 20 into a public key Q, for the certificate IC to obtain the public reconstruction value B, first device 10 for use with an established PKI infrastructure. and identity and validity information ID. In selected In selected embodiments, the IC/key transformation module embodiments, the IC verification module 12 shown in FIG. 1 24 shown in FIG.1 may be used to the transform the creden may be used to verify that the public reconstruction value B, 45 tial IC by first computing the hash value e, Hash(IC) is a point of required order on a predetermined curve, and to using a predetermined hash function, and then computing the otherwise verify the identity and validity information ID, public key Q, e, B+Q., (mod n), where Q, is the public using predetermined application rules. If any information is key for the CA, which issued the credential IC. not verified, the first device 10 terminates the process. Although anyone can reconstructUser A's public key Q, Once the information in the implicit certificate IC, is veri 50 from public data, this does not mean that the reconstructed fied, the first device 10 may compute a key pair (k, Q.) public key Q, has been certified. Instead, authentication is using trusted routines. In selected embodiments, the IC/key implicit, meaning the authentication of the first device 10 transformation module 12 shown in FIG. 1 may be used to (User A) is not considered complete until the first device 10 compute the private key k, by first computing the hash value proves to be in possession of the corresponding private key e, Hash (IC) using a predetermined hash function, and then 55 kca. This can be done by generating a signature on a mes computing the integerk, e, d--s (mod n), where d is the sage, or performing a key-agreement. Such as the MQV (Me first device's long term private key and S, is the associated nezes-Qu-Vanstone) key-agreement scheme, ECDH (Elliptic private key contribution data. In addition, the first device 10 curve Diffie-Hellman) key-agreement scheme: ECMQV (El computes an associated public key Q, by combining or oth liptic curve Menezes-Qu-Vanstone) key-agreement Scheme, erwise transforming the public reconstruction value B, and 60 or ECDSA (Elliptic curve Digital Signature Algorithm) associated certificate authority’s public key Q. Such as by operation. It is only after this usage of the associated private using the key transformation module 12 to compute key that the certificate is considered valid and the first device Quie, Butt-QC. 10 can be authenticated. As seen from above, the first device 10 can use a single To illustrate an example methodology, reference is now private key d to compute and store a plurality of key pairs 65 made to FIG. 2 which depicts in flow chart form a procedure (k41. Q4), (k42, Q2), (ku, Q) that are respectively associ 200 for obtaining a plurality of credentials from a single ated with a corresponding plurality of associated credentials public key that may be registered with a public key database. US 8,701,169 B2 7 8 With the procedure 200, a single registered public key is used identity information ID. The exact form of the implicit to accept registration of User A's device into a plurality of certificate IC depends on the certificate format specified secure PKI infrastructures by issuing multiple certificates during setup. from the single registered public key within different certifi At step 266, each certificate authority CA, computes a hash cate authority domains to reduce overall registration costs of 5 value e, Hash (IC) using an established hash function. In provisioning multiple credentials onto the network, and to addition, private key contribution data s is derived from the allow multiple private keys to be derived from the single hash value. For example, the private key contribution data registered public key. Sed,+k (mod n) is computed according to procedures of Once the procedure 200 starts, User A's device 201 gener the implicit key infrastructure (e.g., ECQV). ates a long-term key pair (d. G) at step 204, where that 10 If any of the computations or verifications in steps 256-266 public key G may be included into a controlled public key fails, the process stops and an “invalid’ message is output. database. To provision User A's device 201 onto multiple Otherwise, a “valid’ message is output and the implicit cer networks, the registered G is leveraged to obtain a plurality tificate IC, is returned along with the private key contribution of credentials from a plurality of certificate authorities 251 datas (step 268) to User A's device 201 via return message 253 by sending a credential request 207 at step 206 which 15 269. includes User A's long-term public key G. In an example At step 208, each received implicit certificate IC can be implementation, the credential provisioning may be a push parsed to obtain the public reconstruction value B, and iden transaction onto User A's device 201. tity information ID, and these values can then be verified At each of the certificate authorities 251-253, User As according to the procedures of the established PKI, infra device 201 is associated with a new credential IC, for the structure associated with the certificate authority CA. secure PKI, infrastructure associated with the CA, thereby At step 210, the implicit certificate IC, and associated allowing a plurality of different of certificate authorities CA, private key contribution data s may be stored at User As to issue separate network credential ECQV certificates which device 201 in one or more memory storage devices. In enable User A's device 201 to compute a corresponding plu selected embodiments, the information can be stored without rality of associated private keys with those credentials, all 25 the need of providing confidentiality to this data. based on a single long-term private key d from User As With the ECQV-based credentials IC, stored. User As device 201. In particular, each certificate authority CA, trans device 201 can use each ECQV-based credential IC to forms the credential request into an implicit certificate by first securely communicate with another device in the application generating or retrieving a long-term key pair (k, Q.) at space of PKI, (e.g., User B381) by sending the credential IC, step 254. Upon receiving the credential request 207 at step 30 in message 213 at Step 212. 256, the request is authenticated according to the procedures At User B's device 381, the received credentials IC, is of the established PKI, infrastructure associated with the cer parsed and verified at step 384 to obtain the public reconstruc tificate authority CA. For example. User A's long-term pub tion value B, and identity information ID. A hash value lic key G is verified, such as by Verifying the public key in a e, Hash(IC) is then computed at step 386, and the hash controlled or public key database. In addition, any received 35 value is then used to derive the public key Q, for User As identification information for User A may be verified at step device 201 by computing Q, e.B+Q. 256. If verification fails, the certificate authority CA, returns At the same time. User A's device 201 constructs a key pair a FAIL message to User A's device 201 and to any controlling (k, Q.) in the application space of PKI, using possibly infrastructure. pre-computed and stored values and the following transfor At step 258, identity and validity information ID for User 40 mation. For example, User A's device 201 computes a hash As device 201 may be constructed at each certificate author value e-Hash(IC) at step 214, and the hash value is then ity CA. The User A identity information ID may be con used to derive the key pair (k, Q). For example, the private structed by choosing a unique distinguished name or identity key k, for User A's device 201 is generated by computing (e.g., name, address, phone number, email address, MAC ked+S, (mod n) at step 216. In addition, the public key address) for User A. This identity information ID may be 45 Q for User A's device 201 is generated by computing generated as octet string and shall containing identification Qe,B+Q., at step 218. As seen from the foregoing, both information according to the procedures of the established User A 201 and User B 381 derive the same public key Q. infrastructure and may also contain other information, Such as from the implicit certificate IC. the intended use of the public key, the serial number of the As described hereinabove, selected embodiments are pro implicit certificate, and the validity period of the implicit 50 vided for using a single public key to make multiple certifi certificate. The exact form of ID, depends on the certificate cate requests to different certificate authorities to acquire format specified during the setup procedure. additional ECQV-based credentials. However, selected At step 260, each certificate authority CA, generates an embodiments also provided for using a single credential. Such ephemeral key pair (d. Q.) using any desired key generation as an existing ECQV certificate, to validate multiple certifi technique. For example, a predetermined elliptic curve key 55 cate requests to different certificate authorities to acquire pair generation primitive may be used to generate an ephem additional ECQV-based credentials. To illustrate selected eral key pair (d. Q.) for the specified elliptic curve domain examples of Such certificate-based credential requests, refer parameters. ence is now made to FIG. 3 in which there is depicted a At step 262, each certificate authority CA, computes a schematic representation of a system 300 in which an existing public reconstruction value B. For example, the elliptic 60 implicit certificate associated with a first device 50 is used to curve point B. Q,+G may be computed from the CAs obtain a plurality of credentials from different certificate ephemeral public key Q, and User A's public key G. authorities 70, 80, 90 for implicitly certifying a plurality of At step 264, each certificate authority CA computes or public keys. The depicted system 300 includes at least a pair constructs an implicit certificate IC, according to procedures of first and second correspondents (A, B) 50, 60 and a plural of the established PKI, infrastructure. For example, the 65 ity of trusted third parties (CA-CA) 70, 80,90. The corre implicit certificate IC, may be generated as octet string con spondents A and B exchange information over a communi taining identification the public reconstruction value B, and cation channel 59 by using software and/or hardware to US 8,701,169 B2 10 perform cryptographic functions for transmitting, receiving, ing the first hash value e-Hash(IC) using a predetermined encrypting, decrypting and Verifying exchanged information hash function. The IC/key transformation module 73 also messages. To this end, each of the correspondents A and B generates a public key Q for User A's device 50 by comput includes, among other components, hardware and/or soft ing Qt-e B+Q. After generating an ephemeral key pair ware executed by one or more processor elements for gener (d. Q.), the IC/key transformation module 73 generates the ating and applying encryption keys, as well as generating and new public reconstruction value B, by computing B-Q,+ processing credentials and credential requests. Q4. As described herein, the first correspondent or device 50 In addition to computing a new public reconstruction value (User A) can be any component or item that is capable of Be the certificate authority CA, 70 constructs new identity registering into a PKI transaction (e.g., a chip, circuit board, 10 and validity information ID, for the first device 50. In electronic consumer device, computer, processor, memory, selected embodiments, the ID generation module 74 shown in etc.). The depicted first device 50 has previously been FIG.3 may be used to generate identity information by choos installed with a credential IC, such as an ECQV certificate ing a unique distinguished name or identity ID (e.g., name, issued by a certificate authority (not shown) based on the address, phone number, email address, MAC address) for the long-term key pair (d. G). With a factory installed creden 15 first device 50 or its associated User A. tial IC, the first device 50 may represent a ZigBee Smart At the Key/IC transformation module 75, the value pair Energy (ZSE) device that is manufactured with an ECQV (IDB) is formatted to generate a new implicit certificate certificate IC issued from a root Certificate Authority (CA). IC, for the first device 50. In addition, the transformation Alternatively, the depicted first device 50 may be installed module 75 computes associated private key contribution data with a certificate IC based on the long-term key pair (d. G.) s, using one or more trusted routines, such as by computing a substantially as described hereinabove with reference to FIG. second hash value ea Hash(IC) using a predetermined hash 1. However installed, the certificate IC can be used leverage function, and then computing the integers, e, d--kc., (mod the provisioning of the first device 50 into a plurality of public n) as the private key contribution data, where d, is CAs key infrastructures (PKI) by transforming the single certifi ephemeral private key and k, is CA's secret private key. cate IC, into one or more additional certificates IC, 25 The implicit certificate IC, and private key contribution data In support of this transformation, the first device 50 stores s, are then securely returned to the first device 50 over secure the long-term key pair (d. G) and certificate IC in device channel 58 to provide CA's signature on the identity infor memory 51. In addition, the first device 50 is configured to mation ID, as an implicit certificate for the first device 50. transform a single credential (e.g., ECOV certificate) into a In similar fashion, additional credentials can be generated plurality of implicit credentials using one or more processors 30 from the single ECQV certificate IC by one or more addi 54 that run one or more software programs embodied in tional certificate authorities CA, 80, 90 that are similarly non-transitory storage media device(s) (e.g., RAM, ROM, configured to transform the single IC credential request into flash memory, etc.) or otherwise control dedicated hardware a unique implicit certificate using one or more processors that circuits in the memory/hardware module 51. The transforma run one or more software programs embodied in non-transi tion process is initiated when the first device 50 sends the 35 tory storage media device(s) (e.g., RAM, ROM, flash single existing credential or certificate IC as credential memory, etc.) or otherwise control dedicated hardware cir request over the secure channel(s) 58 using appropriate input/ cuits in the memory/hardware module (not shown). In par output circuitry 55 to one or more certificate authorities CA, ticular, the received credential request is processed with 70, 80, 90. In response, each certificate authority associates CA's key pair (k, Q) by Verifying the public recon the first device 10 with a new credential (e.g., an ECQV 40 struction value B and identity and validity information ID certificate) for an associated secure PKI infrastructure. in the credential request IC, transforming the credential For example, a first certificate authority CA, 70 is config request IC into a new public reconstruction value B, con ured to transform a single ECQV certificate IC credential structing new identity and validity information ID for the request into a new, unique implicit certificate using one or first device 50, formatting an implicit certificate IC, from the more processors 76 that run one or more Software programs 45 value pair (ID, B.), computing associated private key con embodied in non-transitory storage media device(s) (e.g., tribution datas, using trusted routines, and then returning the RAM, ROM, flash memory, etc.) or otherwise control dedi implicit certificate IC, and private key contribution datas, to cated hardware circuits in the memory/hardware module 71. the first device 50 over secure channel 58 to provide CAs At the first certificate authority CA, 70, the credential request signature on the identity information ID, as an additional is received with appropriate input/output circuitry 77 and then 50 implicit certificate for the first device 50. processed with CA's long-term key pair (k, Q) by first Under the disclosed scenario, one or more certificate authenticating the received ECQV certificate IC in the cre authorities CA, can issue new network credential ECQV cer dential request. In selected embodiments, the parse and Veri tificates to a first correspondent or device 50 (User A) to fication module 72 shown in FIG.3 may be used to parse the enable the user/device 10 to compute a plurality of private received credential IC to obtain the public reconstruction 55 keys associated with those credentials, using a single ECQV value B and identity and validity informationID associated credential or other implicit certificate. To this end, the first therewith by verifying that public reconstruction value B is device 50 stores each received additional implicit certificate a point on a predetermined curve, and to otherwise verify the IC, and private key contribution datas, in memory 51. Again, identity and validity information ID using predetermined the implicit certificate IC, and associated field elements, application rules. If any information is not verified, the cer 60 may be stored without providing confidentiality to the stored tificate authority CA, 70 terminates the process. data. When the first device 50 requires use of any additional To transform the certificate IC into a unique credential for ECQV-credential IC, in the application space of the PKI, the first device 50, the certificate authority CA, 70 first com infrastructure associated with a particular certificate authority putes a new public reconstruction value B, using one or more CA, the first device 50 transforms the implicit certificate IC, trusted routines. In selected embodiments, the IC/key trans 65 and associated field elements, to generate a unique private formation module 73 shown in FIG.3 may be used to com key-public key pair (k, Q.) using the IC/s/Key transforma pute the new public reconstruction value B, by first comput tion module 54 and private key d using trusted routines US 8,701,169 B2 11 12 substantially as described hereinabove. In this way, the first credential that is derived a single long-term private key d device 50 may use a single private key d and ECQV certifi from User A's device 401. In particular, CA, 451 transforms cate IC to compute and store a plurality of key pairs (k, the credential request into an implicit certificate by first gen Q), (k12, Q2), (ka, Q) that are respectively associated erating or retrieving a long-term key pair (k, Q.) at Step with a corresponding plurality of associated credentials and 5 452. private key contribution data IC 41, s), (IC 42, S2), (IC. S.). Upon receiving the credential request 405 at step 454, the Alternatively, the additional credentials IC, and associated request is parsed and Verified according to the procedures of private key contribution datas, can be retrieved from memory the established PKI, infrastructure associated with the certifi along with the pre-computed the hash value e, and used to cate authority CA. For example, User A's credential IC is reconstruct the key pair (k, Q) associated with certificate 10 parsed to extract the public reconstruction value B and iden IC, when needed. tity information ID for User A, and the extracted values are Similar to the embodiments described with reference to verified by confirming that the extract value B is a point of FIG.1, the first device 50 (User A) will then have a privatekey required order on a predetermined curve, and to otherwise d that is associated with each public key Q, that is recover verify the identity and validity information ID using prede able from the implicit certificate IC by the second device 60 15 termined application rules. If verification fails, the certificate (User B) from the additional implicit certificate IC. At the authority CA, returns a FAIL message to User A's device 401. first device 50, the initial private key d is the only private Once verified, the received credential IC can be trans credential that User A should store in secret memory in order formed by CA, 451 into a unique credential for the first device to keep secret the rest of his credentials issued for other 401. The credential transformation process beings at step 456 networks. The other credential values value (es, IC) can by computing a first hash value e=Hash(IC) using a prede be stored in a separate memory that requires only data integ termined hash function. In addition, a public key Q is gen rity, thereby providing cost and processing speed advantages. erated for User A's device 401 by computing Qe B+Q. At the second device 60, the received implicit certificate IC, After generating an ephemeral key pair (d. Q.), a new public can be transformed into a public key Q, for the first device 50 reconstruction value B is generated at step 460 by comput for use with an established PKI, infrastructure by first parsing 25 ing B-Q,+Q. and verifying the received implicit certificate IC, (with mod At step 462, new identity and validity information ID for ule 62) and then transforming the received implicit certificate User A's device 401 may be constructed at CA 451, such as IC, (with module 64) by first computing a hash value by choosing a unique distinguished name or identity for User e, Hash (IC) and then computing the public key Q, e, A or otherwise including identification information accord B+Q (mod n), where Q is the public key for the CA, 30 ing to the procedures of the established infrastructure. The which issued the credential IC. exact form of ID depends on the certificate format specified As seen from the foregoing, a single certificate IC, such as during the setup procedure. a factory installed ECQV certificate, can be used as a certifi At step 464, CA, 451 computes or constructs an implicit cate request to one or more certificate authorities so that any certificate IC, as a function of the new public reconstruction certificate authority CA, with a long-term key pair (d. 35 value B, and new identity and validity information ID, Q), the ECQV certificate IC for User A, and the originat according to procedures of the established PKI, infrastruc ing certificate authority’s public key Q can issue new cre ture. The exact form of the implicit certificate IC depends on dentials for PKI, from the certificate authority CA. Further, if the certificate format specified during setup. the registration process used by the initial certificate authority At step 466, CA 451 computes a second hash value is deemed adequate, the additional certificate can be issued 40 e-Hash(IC) using an established hash function. In addi with implicit verification. tion, private key contribution datas, is derived from the hash To illustrate an example methodology, reference is now value. For example, the private key contribution data made to FIG. 4 which depicts in flow chart form a procedure Stead,+k, (mod n) is computed according to procedures 400 for obtaining a plurality of credentials from a single of the established implicit certificate infrastructure. implicit certificate. With the procedure 400, a single implicit 45 If any of the computations or verifications in steps 454-466 certificate is used to validate registration of User A's device fails, the process stops and an “invalid’ message is output. into a plurality of secure PKI infrastructures by issuing mul Otherwise, a “valid’ message is output and the implicit cer tiple certificates from the single implicit certificate within tificate IC, is returned along with the private key contribution different certificate authority domains to reduce overall reg datas (step 468) to User A's device 401 via return message istration costs of provisioning multiple credentials onto the 50 469. network. Under the disclosed scenario, a plurality of certificate Once the procedure 400 starts, User A's device 401 gener authorities 451-453 can each issue a new network credential ates or obtains along-term key pair (d. G) and an associated ECQV certificate to a first correspondent or device 401 (User implicit certificate IC (e.g., an ECQV certificate) and field A) in response to the single implicit certificate IC (e.g., an elements at step 402. To provision User A's device 401 onto 55 ECQV certificate) to enable the user/device 401 to compute a multiple networks, the implicit certificate IC is leveraged to plurality of private keys associated with those credentials obtain a plurality of additional credentials from one or more using a single private key d. certificate authorities 451–453 by sending a credential request To generate multiple private keys, the first device 401 405 at step 404 which includes User A's credential or implicit parses each received certificate IC to extract and Verify the certificate IC. In an example implementation, the credential 60 public reconstruction value B, and associated information request may be a push transaction onto User A's device 401 ID, at step 406. In addition, the hash value e-Hash(IC) by an infrastructure already having the required information. may be computed using a predetermined hash function at Step At the certificate authority CA, 451. User A's device 401 is 408. At step 410, each received implicit certificate IC, pri associated with a new credential IC, for the secure PKI, infra vate key contribution datas, and associated hash value e, are structure associated with the CA, by having the CA issue a 65 stored in memory. separate network credential IC, which enables User As Whena secure communication between the first device 401 device 401 to compute an associated private key with that (User A) and second device 481 (User B) requires access to US 8,701,169 B2 13 14 the application space of the PKI, infrastructure associated plays, keyboards, keypads, Switches, dials, mice, track balls, with a particular certificate authority CA, the first device 401 Voice recognizers, card readers, paper tape readers, or other sends the implicit certificate IC, associated with the CA, to well-known input devices. the second device 481 in a message 413 at step 412. At the The network connectivity devices 506 may take the form of second device 481, the received certificate IC, is parsed and modems, modem banks, ethernet cards, universal serial bus Verified to extractID, and B (step 482), hashed to compute (USB) interface cards, serial interfaces, token ring cards, fiber e, Hash(IC) (step 484), and transformed into User A's pub distributed data interface (FDDI) cards, wireless local area lic key Q, by computing Qe,B+Q. Simultaneously, network (WLAN) cards, radio transceiver cards such as code division multiple access (CDMA) and/or global system for the first device 401 transforms the implicit certificate IC, and 10 mobile communications (GSM) radio transceiver cards, and associated field elements, to generate a unique private key other well-known network devices. These network connec using the pre-computed and stored values (IC. S. e.). The tivity 506 devices may enable the processor 504 to commu transformation process begins by computing the private key nicate with an Internet or one or more intranets. With such a ke, d--s (mod n) at step 414, where e, is the stored or network connection, it is contemplated that the processor 504 computed hash value, d is User A's long term private key, 15 might receive information from the network, or might output and S, is the associated private key contribution data. The information to the network in the course of performing the corresponding public key Q, for User A is then generated at above-described method steps. Such information, which is step 416 by computing Q =e,B+Q., often represented as a sequence of instructions to be executed As seen from the foregoing, a variety of techniques are using processor 504, may be received from and outputted to provided for leveraging an initial controlled public key reg the network, for example, in the form of a computer data istration or a previous ECOV certificate, each with an asso signal embodied in a carrier wave or a non-transitory com ciated private key, to obtain one or more additional ECQV puter readable storage medium, such as RAM, ROM or other certificates and credentials for acceptance into other PKIs, memory storage devices. thereby reducing registration costs and enabling multiple pri Such information, which may include data or instructions vate keys to be derived from a single long-term private key. As 25 to be executed using processor 504 for example, may be a result, these techniques are well suited for use with devices received from and outputted to the network, for example, in having limited certificate processing functionality, Such as the form of a computer databaseband signal or signal embod Small, low-power radio control devices requiring secure net ied in a carrier wave. The baseband signal or signal embodied working having factory-installed key pairs (e.g., (d. G) or in the carrier wave generated by the network connectivity 506 implicit certificates (e.g., ECQV certificates). However, it 30 devices may propagate in or on the Surface of electrical con will be appreciated that the benefits of extending credentials ductors, in coaxial cables, in waveguides, in optical media, to a plurality of PKIs can also be applied to other devices for example optical fiber, or in the air or free space. The having enhanced certificate processing capabilities, such as information contained in the baseband signal or signal an authentication server, host system, Solution server, wire embedded in the carrier wave may be ordered according to less communications device (such as a mobile device, Black 35 different sequences, as may be desirable for either processing Berry device or other user equipment), or other communica or generating the information or transmitting or receiving the tion device which requires secure networking. information. The baseband signal or signal embedded in the The user device and certificate authority elements carrier wave, or other types of signals currently used or here described herein may include any general or special purpose after developed, referred to herein as the transmission computer with Sufficient processing power, memory 40 medium, may be generated according to several methods well resources, and network throughput capability to handle the known to one skilled in the art. necessary workload placed upon it. FIG. 5 illustrates an The processor 504 executes instructions, codes, computer example computer system 500 that may be suitable for imple programs, Scripts which it accesses from hard disk, floppy menting one or more embodiments disclosed herein. The disk, optical disk (these various disk-based systems may all computer system 500 includes a processor 504 (which may be 45 be considered secondary storage 508), ROM 512, RAM 510, referred to as a central processor unit or CPU) that is in or the network connectivity devices 506. While only one communication with input/output (I/O) devices 502, network processor 504 is shown, multiple processors may be present. connectivity devices 506, an optional secondary storage 508, Thus, while instructions may be discussed as executed by a random access memory (RAM) 510, and read only memory processor, the instructions may be executed simultaneously, (ROM) 512. The processor may be implemented as one or 50 serially, or otherwise executed by one or multiple processors. more CPU chips. In addition or in the alternative, any required processing The secondary storage 508 is optionally included, and functionality may be executed by a cryptographic engine or typically includes one or more disk drives or tape drives used other hardware accelerator circuit (not shown). for non-volatile storage of data and/or for over-flow data FIG. 6 is a diagram of a software environment 600 that may storage device if RAM 510 is not large enough to hold all 55 be implemented on a communication device and/or certificate working data. Secondary storage 508 may be used to store authority operable for some of the various embodiments of programs which are loaded into RAM 510 when such pro the disclosure. As illustrated, one or more processing grams are selected for execution. The ROM 512 is used to resources at the communication device or CA execute oper store instructions and perhaps data which are read during ating system drivers 604 that provide a platform from which program execution. ROM 512 is a non-volatile memory 60 the rest of the software operates. The operating system drivers device which typically has a small memory capacity relative 604 provide drivers for the device hardware with standardized to the larger memory capacity of secondary storage. The interfaces that are accessible to application software. The RAM 510 is used to store volatile data and perhaps to store operating system drivers 604 include application manage instructions. Access to both ROM 512 and RAM 510 is typi ment services (AMS) 606 that transfer control between cally faster than to secondary storage 508. 65 applications running on the device. In UE instances, the Soft I/O devices 502 may include on or more printers, video ware environment 602 includes a web browser application monitors, liquid crystal displays (LCDs), touch screen dis 608, a media player application 610, and Java applets 612 are US 8,701,169 B2 15 16 provided as device applications. The web browser application 712, a data port 714, a keyboard 716, a speaker 718, a micro 608 configures the UE device to operate as a web browser, phone 720, short-range communications 722, and other allowing a user to enter information into forms and select device subsystems 724. As described herein, memory 705 links to retrieve and view web pages. The media player appli provides secure storage for a long-term key pair (d. G), and cation 610 configures the UE to retrieve and play audio or also stores any initial credential (e.g., ECQV certificate IC) audiovisual media. The Java applets 612 configure the UE and associated field element S, as well as any additional device to provide games, utilities, and other functionality. credential and field element values (ICs) that may be used Finally, the component 614 may provide the credential pro to generate additional key pairs (k, Q.) as described herein. cessing functionality described herein. Some of the subsystems of the user equipment 700 perform Turning now to FIG. 7, there is depicted a schematic block 10 communication-related functions, whereas other Subsystems diagram illustrating exemplary components of a mobile wire may provide “resident' or on-device functions. By way of less communications device 700 which may be used with example, the display 710 and the keyboard 716 may be used selected embodiments of the present invention to extend a for both communication-related functions, such as entering a single registered public key or certificate credential to gener text message for transmission over the network 701, and ate a plurality of certificate credentials. The wireless device 15 device-resident functions such as a calculator or task list. 700 is shown with specific components for implementing The user equipment 700 can send and receive communi features described above. It is to be understood that the wire cation signals over the wireless network 701 after required less device 700 is shown with very specific details for exem network registration or activation procedures have been com plary purposes only. As depicted, user equipment 700 pleted. Network access is associated with a subscriber or user includes a number of components such as a main processor of the user equipment 700. To identify a subscriber, the user 702 that controls the overall operation ofuser equipment 700. equipment 700 requires a SIM/RUIM card 726 (i.e. Sub Communication functions, including data and Voice commu scriber Identity Module or a Removable User Identity Mod nications, are performed through a communication Sub ule) to be inserted into a SIM/RUIM interface 728 in order to system 704. The communication subsystem 704 receives communicate with a network. The SIM card or RUIM 726 is messages from and sends messages to a wireless network 25 one type of a conventional “smart card” that can be used to 701. In this illustrative embodiment of user equipment 700, identify a subscriber of the user equipment 700 and to per communication Subsystem 704 is configured in accordance sonalize the user equipment 700, among other things. With with the Global System for Mobile Communication (GSM) out the SIM card 726, the user equipment 700 is not fully and General Packet Radio Services (GPRS) standards. The operational for communication with the wireless network GSM/GPRS wireless network is used worldwide and these 30 701. By inserting the SIM card/RUIM 726 into the SIM/ standards may be superseded eventually by Enhanced Data RUIM interface 728, a subscriber can access all subscribed GSM Environment (EDGE) and Universal Mobile Telecom services. Services may include: web browsing and messaging munications Service (UMTS). New standards are still being such as e-mail, voice mail, Short Message Service (SMS), defined, but it is believed that they will have similarities to the and Multimedia Messaging Services (MMS). More advanced network behavior described herein, and it will also be under 35 services may include: point of sale, field service and sales stood by persons skilled in the art that the embodiments force automation. The SIM card/RUIM 726 includes a pro described herein are intended to use any other suitable stan cessor and memory for storing information. Once the SIM dards that are developed in the future. The wireless link card/RUIM 726 is inserted into the SIM/RUIM interface 728, connecting the communication subsystem 704 with the wire it is coupled to the main processor 702. In order to identify the less network 701 represents one or more different Radio 40 subscriber, the SIM card/RUIM 726 can include some user Frequency (RF) channels, operating according to defined pro parameters such as an International Mobile Subscriber Iden tocols specified for GSM/GPRS communications. With tity (IMSI). An advantage of using the SIM card/RUIM 726 is newer network protocols, these channels are capable of Sup that a Subscriber is not necessarily bound by any single physi porting both circuit Switched Voice communications and cal user equipment. The SIM card/RUIM 726 may store addi packet Switched data communications. 45 tional Subscriber information for user equipment as well, Although the wireless network 701 associated with user including datebook (or calendar) information and recent call equipment 700 is a GSM/GPRS wireless network in one information. Alternatively, user identification information implementation, other wireless networks may also be associ can also be programmed into the flash memory 708. ated with user equipment 700 in variant implementations. The user equipment 700 is a battery-powered device and The different types of wireless networks that may be 50 includes a battery interface 732 for receiving one or more employed include, for example, data-centric wireless net rechargeable batteries 730. In at least some embodiments, the works, Voice-centric wireless networks, and dual-mode net battery 730 can be a smart battery with an embedded micro works that can Support both Voice and data communications processor. The battery interface 732 is coupled to a regulator over the same physical base stations. Combined dual-mode (not shown), which assists the battery 730 in providing power networks include, but are not limited to, Code Division Mul 55 V+ to the user equipment 700. Although current technology tipleAccess (CDMA) or CDMA2000 networks, GSM/GPRS makes use of a battery, future technologies such as micro fuel networks (as mentioned above), and future generation net cells may provide the power to the user equipment 700. works like EDGE, UMTS, WiMAX, LTE and LTE-A. Some The user equipment 700 also includes an operating system other examples of data-centric networks include WiFi 802.11, 734 and software components 736 which are described in MobitexTM and DataTACTM network communication sys 60 more detail below. The operating system 734 and the software tems. Examples of other voice-centric data networks include components 736 that are executed by the main processor 702 Personal Communication Systems (PCS) networks like GSM are typically stored in a persistent store such as the flash and Time Division Multiple Access (TDMA) systems. memory 708, which may alternatively be a read-only memory The main processor 702 also interacts with additional sub (ROM) or similar storage element (not shown). Those skilled systems such as one or more key and credential memories 65 in the art will appreciate that portions of the operating system 705, Random Access Memory (RAM) 706, a flash memory 734 and the software components 736 such as specific device 708, a display 710, an auxiliary input/output (I/O) subsystem applications, or parts thereof, may be temporarily loaded into US 8,701,169 B2 17 18 a volatile store such as the RAM 706. Other software com Applications for which the IT policy may be applicable then ponents can also be included, as is well known to those skilled respond by reading the IT policy data to look for IT policy in the art. rules that are applicable. The subset of software components 736 that control basic Other types of software applications can also be installed device operations, including data and Voice communication on the user equipment 700. These software applications can applications, will normally be installed on the user equipment be third party applications, which are added after the manu 700 during its manufacture. Other software applications facture of the user equipment 700. Examples of third party include a message application 738 that can be any suitable applications include games, calculators, utilities, etc. software program that allows a user of the user equipment 700 The additional applications can be loaded onto the user 10 equipment 700 through at least one of the wireless network to send and receive electronic messages. Various alternatives 701, the auxiliary I/O subsystem 712, the data port 714, the exist for the message application 738 as is well known to short-range communications Subsystem 722, or any other those skilled in the art. Messages that have been sent or suitable device subsystem 724. This flexibility in application received by the user are typically stored in the random access installation increases the functionality of the user equipment or flash memory 708 of the user equipment 700 or some other 15 700 and may provide enhanced on-device functions, commu suitable storage element in the user equipment 700. In at least nication-related functions, or both. For example, secure com Some embodiments, some of the sent and received messages munication applications may enable electronic commerce may be stored remotely from the device 700 such as in a data functions and other Such financial transactions to be per store of an associated host system that the user equipment 700 formed using the user equipment 700. communicates with. The data port 714 enables a subscriber to set preferences The software applications can further include a device state through an external device or Software application and module 740, a Personal Information Manager (PIM) 742, and extends the capabilities of the user equipment 700 by provid other suitable modules (not shown). The device state module ing for information or software downloads to the user equip 740 provides persistence, i.e. the device state module 740 ment 700 other than through a wireless communication net ensures that important device data is stored in persistent 25 work. The alternate download path may, for example, be used memory, such as the flash memory 708, so that the data is not to load an encryption key onto the user equipment 700 lost when the user equipment 700 is turned off or loses power. through a direct, and thus reliable and trusted connection, to The PIM 742 includes functionality for organizing and provide secure device communication. managing data items of interest to the user, Such as, but not The data port 714 can be any suitable port that enables data limited to, e-mail, contacts, calendar events, Voice mails, 30 communication between the user equipment 700 and another appointments, and task items. A PIM application has the computing device. The data port 714 can be a serial or a ability to send and receive data items via the wireless network parallel port. In some instances, the data port 714 can be a 701. PIM data items may be seamlessly integrated, synchro USB port that includes data lines for data transfer and a nized, and updated via the wireless network 701 with the user Supply line that can provide a charging current to charge the equipment Subscriber's corresponding data items stored or 35 battery 730 of the user equipment 700. associated with a host computer system. This functionality The short-range communications Subsystem 722 provides creates a mirrored host computer on the user equipment 700 for communication between the user equipment 700 and dif with respect to Such items. This can be particularly advanta ferent systems or devices, without the use of the wireless geous when the host computer system is the user equipment network 701. For example, the subsystem 722 may include an subscriber's office computer system. 40 infrared device and associated circuits and components for The user equipment 700 also includes a connect module short-range communication. Examples of short-range com 744, and an IT policy module 746. The connect module 744 munication standards include standards developed by the implements the communication protocols that are required Infrared Data Association (IrDA), Bluetooth, and the 802.11 for the user equipment 700 to communicate with the wireless family of standards developed by IEEE. infrastructure and any host system, Such as an enterprise 45 In use, a received signal Such as a text message, an e-mail system, that the user equipment 700 is authorized to interface message, or web page download will be processed by the with. communication Subsystem 704 and input to the main proces The connect module 744 includes a set of APIs that can be sor 702. The main processor 702 will then process the integrated with the user equipment 700 to allow the user received signal for output to the display 710 or alternatively to equipment 700 to use any number of services associated with 50 the auxiliary I/O subsystem 712. A subscriber may also com the enterprise system. The connect module 744 allows the pose data items. Such as e-mail messages, for example, using user equipment 700 to establish an end-to-end secure, authen the keyboard 716 in conjunction with the display 710 and ticated communication pipe with the host system. A Subset of possibly the auxiliary I/O subsystem 712. The auxiliary sub applications for which access is provided by the connect system 712 may include devices such as: a touch screen, module 744 can be used to pass IT policy commands from the 55 mouse, track ball, infrared fingerprint detector, or a roller host system to the user equipment 700. This can be done in a wheel with dynamic button pressing capability. The keyboard wireless or wired manner. These instructions can then be 716 is preferably an alphanumeric keyboard or telephone passed to the IT policy module 746 to modify the configura type keypad. However, other types of keyboards may also be tion of the device 700. Alternatively, in some cases, the IT used. A composed item may be transmitted over the wireless policy update can also be done over a wired connection. 60 network 200 through the communication subsystem 704. The IT policy module 746 receives IT policy data that For voice communications, the overall operation of the encodes the IT policy. The IT policy module 746 then ensures user equipment 700 is substantially similar, except that the that the IT policy data is authenticated by the user equipment received signals are output to the speaker 718, and signals for 700. The IT policy data can then be stored in the flash memory transmission are generated by the microphone 720. Alterna 708 in its native form. After the IT policy data is stored, a 65 tive Voice or audio I/O Subsystems, such as a voice message global notification can be sent by the IT policy module 746 to recording Subsystem, can also be implemented on the user all of the applications residing on the user equipment 700. equipment 700. Although Voice or audio signal output is US 8,701,169 B2 19 20 accomplished primarily through the speaker 718, the display distinguishing the first entity A So that the unique credential 710 can also be used to provide additional information such as can be constructed as a new implicit certificate from the the identity of a calling party, duration of a Voice call, or other public reconstruction value and the identity value. The public voice call related information. reconstruction value may be computed by parsing the implicit By now it should be appreciated that there is disclosed certificate into a first public reconstruction value and a first herein a method, apparatus, computer program product, and identity value, combining these parsed values in accordance system for generating a plurality of unique credentials from a with a first mathematical function (e.g., secure hash function) single credential request value in a secure digital communi to derive entity information, and then combining the entity cation system having a plurality of trusted entities CA, and at information with the first public reconstruction value and one least one subscriber entity A. As disclosed, a first correspon 10 or more public key values of the trusted entity CA to derive dent or entity A obtains a secret valued and associated public the public reconstruction value. In addition, the private key value G. The values d and G may be obtained from Secure contribution value may be computed by binding a hash of the memory or by generating an ephemeral public-key pair (d. unique credential with private values of the trusted entity CA. G) associated with predetermined elliptic curve domain Finally, the trusted entity CA sends the unique credential and parameters for the secure digital communication system. 15 associated private key contribution value to the first entity A. Entity A sends a single credential request to a plurality of In yet another form, there is provided a cryptographic unit trusted entities CA, where the credential request includes a of a first correspondent or entity for generating a plurality of first value associated with the public value G. In selected implicit certificates for a corresponding plurality of public embodiments, the credential request is the public value G keys from a single credential requestina data communication that is sent to the trusted entities CA, while in other embodi system. As disclosed, the cryptographic unit may be imple ments, a previously issued implicit certificate IC associated mented with hardware and/or software executed by one or with the public key value G is sent to the trusted entities CA, more processor elements, and is configured to send a single such as by sending an ECOV certificate IC that is associated credential request to a plurality of certificate authorities com with predetermined elliptic curve domain parameters for the prising a first value associated with a public value for the first secure digital communication system. Subsequently, entity A 25 entity. In selected embodiments, the cryptographic unit sends receives from each of the trusted entities CA, a unique cre the credential request as a single ECQV certificate associated dential (e.g., implicit certificate IC) and associated private with the public key value for the first entity, and in other key contribution value (e.g., associated private key contribu embodiments, the cryptographic unit sends the credential tion value S.), thereby obtaining and storing in memory a request as a single elliptic curve public key value for the first plurality of unique credentials from the corresponding plu 30 entity using predetermined elliptic curve domain parameters rality of trusted entities CA. In selected embodiments, the for the secure digital communication system. The crypto implicit certificate IC, includes (1) a public reconstruction graphic unit at the first entity is also configured to receive value computed at the trusted entity CA, by mathematically from each of the plurality of certificate authorities a unique combining public values associated with the trusted entity Elliptic Curve Qu-Vanstone (ECQV) certificate and associ CA, and entity A, and (2) an identity value for entity A con 35 ated private key contribution value that are uniquely gener structed at the trusted entity CA. In addition, the associated ated from the single credential request, thereby obtaining a private key contribution value S, may be computed at the plurality of unique ECQV certificates from the corresponding trusted entity CA, by binding a hash of the implicit certificate plurality of certificate authorities. The cryptographic unit at IC, with private values of the trusted entity CA. With the the first entity may also be configured to compute a private unique credentials and associated private key contribution 40 key from one of the plurality of unique ECQV certificates by values stored in memory, a private key may be generated that parsing a first unique ECQV certificate into a first public is associated with a unique credential received from a trusted reconstruction value and a first identity value for the first entity CA, by deriving the private key from the unique cre entity. The parsed first public reconstruction value and first dential, associated private key contribution value, and secret identity value may then be combined in accordance with a valued for entity A. In addition, a public key may be ener 45 first hash function to derive entity information, and the entity ated that is associated with a unique credential received from information may then be combined with a private key value a trustedentity CA, by deriving the public key from the unique associated with the public value for the first entity and with credential and a public value associated with the trusted entity the private key contribution value associated with the first CA. unique ECQV certificate to derive a first private key. In another form, there is provided a method and associated 50 In still yet another form, there is provided a cryptographic apparatus for generating a unique credential at a trusted entity unit of a trusted entity for facilitating generation of a public CA in a secure digital communication system. As disclosed, key for a first entity A in a data communication system. As the trusted entity CA may receive a credential request from a disclosed, the cryptographic unit may be implemented with first entity A which includes an implicit certificate associated hardware and/or software executed by one or more processor with a private key at the first entity A. Alternatively, the 55 elements, and is configured to obtain an implicit certificate trusted entity may otherwise obtain an implicit certificate associated with a private key of the first entity A, to transform (e.g., an ECQV certificate) associated with a private key of a the implicit certificate into a unique ECQV certificate and first entity A, either from memory storage, from a first corre associated private key contribution value, and to send the spondent/entity A, or from another trusted entity. The trusted unique ECQV certificate and associated private key contribu entity CA transforms the implicit certificate into a unique 60 tion value to the first entity A. In selected embodiments, the credential and associated private key contribution value from implicit certificate is transformed by extracting a first public the trusted entity CA. In selected embodiments, the transfor value from the implicit certificate; computing a public recon mation process starts by extracting a first public value from struction value by mathematically combining the first public the implicit certificate, and then computing a public recon value with one or more public values associated with the struction value (e.g., by mathematically combining the first 65 trusted entity; constructing an identity value distinguishing public value with one or more public values associated with the first entity A; and constructing the ECQV certificate from the trusted entity CA) and constructing an identity value the public reconstruction value and the identity value. US 8,701,169 B2 21 22 Although the described exemplary embodiments disclosed trusted entity and the subscriber device, and (2) an iden herein are described with reference to using a registered EC tity value for the subscriber device constructed at the public key or ECQV certificate as a credential request to trusted entity, and different certificate authorities to obtain a plurality of new where the associated private key contribution value is com credentials, the present invention is not necessarily limited to puted at the trusted entity by binding a hash of the the example embodiments which illustrate inventive aspects implicit certificate with private values of the trusted of the present invention that are applicable to a wide variety of entity. authentication algorithms. Thus, the particular embodiments 7. The method of claim 1, further comprising storing the disclosed above are illustrative only and should not be taken secret value in a secure memory that provides confidentiality as limitations upon the present invention, as the invention 10 and data integrity. may be modified and practiced in different but equivalent 8. The method of claim 1, further comprising storing each manners apparent to those skilled in the art having the benefit unique credential and associated private key contribution of the teachings herein. For example, other implicit certificate value in a memory that requires data integrity. algorithms may be used. Such as those disclosed in U.S. Pat. 9. The method of claim 1, further comprising generating a No. 6,792,530 which is incorporated by reference as if fully 15 private key that is associated with a unique credential received set forth herein. Accordingly, the foregoing description is not from a trusted entity by deriving the private key from the intended to limit the invention to the particular form set forth, unique credential, associated private key contribution value, but on the contrary, is intended to cover Such alternatives, and secret value for the subscriber device. modifications and equivalents as may be included within the 10. The method of claim 1, further comprising generating spirit and scope of the invention as defined by the appended a public key that is associated with a unique credential claims so that those skilled in the art should understand that received from a trusted entity by deriving the public key from they can make various changes, Substitutions and alterations the unique credential and a public value associated with the without departing from the spirit and scope of the invention in trusted entity. its broadest form. 11. A method for generating a unique credential at a trusted What is claimed is: 25 entity device in a secure digital communication system, the 1. A method for generating a plurality of unique credentials method comprising: from a single credential request value in a secure digital obtaining at the trusted entity device an implicit certificate communication system having a plurality of trusted entities associated with a private key of a first entity; and at least one subscriber device, the method comprising: transforming, by a circuit of the trusted entity device, the obtaining a secret value and associated public value for a 30 implicit certificate into a unique credential and associ Subscriber device; ated private key contribution value, wherein the trans sending, by an input/output circuit of the subscriber device, forming step includes a single credential request to the plurality of trusted extracting a first public value from the implicit certifi entities, the single credential request comprising a first Cate, value associated with the public value; and 35 computing a public reconstruction value by mathemati receiving, from each of the plurality of trusted entities, by cally combining the first public value with one or the input/output circuit of the subscriber device, a more public values associated with the trusted entity unique credential and associated private key contribu device; and tion value, thereby obtaining a plurality of unique cre sending the unique credential and associated private key dentials from the corresponding plurality of trusted enti 40 contribution value to the first entity. ties. 12. The method of claim 11, where obtaining the implicit 2. The method of claim 1, wherein obtaining the secret certificate comprises obtaining an Elliptic Curve Qu-Van value and associated public value comprises generating an stone (ECOV) certificate associated with the private key at the ephemeral public-key pair associated with predetermined first entity using predetermined elliptic curve domain param elliptic curve domain parameters for the secure digital com 45 eters for the secure digital communication system. munication system. 13. The method of claim 11, where transforming the 3. The method of claim 1, wherein sending the single implicit certificate further comprises: credential request comprises sending the public value to the constructing an identity value distinguishing the first plurality of trusted entities. entity; and 4. The method of claim 1, wherein sending the single 50 constructing the unique credential as a new implicit certifi credential request comprises sending to the plurality of cate from the public reconstruction value and the iden trusted entities a previously issued implicit certificate associ tity value. ated with the public key value. 14. The method of claim 13, where extracting the first 5. The method of claim 1, wherein sending the single public value comprises parsing the implicit certificate in the credential request comprises sending to the plurality of 55 credential request into a first public reconstruction value and trusted entities an Elliptic Curve Qu-Vanstone (ECQV) cer a first identity value for the first entity. tificate associated with the public key value using predeter 15. The method of claim 14, where computing the public mined elliptic curve domain parameters for the secure digital reconstruction value comprises: communication system. combining the first public reconstruction value and first 6. The method of claim 1, wherein receiving the unique 60 identity value for the first entity in accordance with a first credential and associated private key contribution value from mathematical function to derive entity information; and each of the plurality of trusted entities comprises receiving, combining the entity information with the first public from each trusted entity, an implicit certificate and associated reconstruction value and one or more public key values private key contribution value, of the trusted entity device to derive the public recon where the implicit certificate comprises (1) a public recon 65 struction value. struction value computed at the trusted entity by math 16. The method of claim 15, where the first mathematical ematically combining public values associated with the function comprises a secure hash function. US 8,701,169 B2 23 24 17. The method of claim 11, where transforming the parsing a first unique ECQV certificate into a first public implicit certificate comprises computing the private key con reconstruction value and a first identity value for the first tribution value by binding a hash of the unique credential with entity; private values of the trusted entity device. combining the first public reconstruction value and first 18. The method of claim 11, further comprising receiving a credential request at the trusted entity device from the first identity value for the first entity in accordance with a first entity comprising an implicit certificate associated with a hash function to derive entity information; and private key at the first entity. combining the entity information with a private key value 19. A subscriber device for generating a plurality of associated with the public value for the subscriber implicit certificates for a corresponding plurality of public device and with the private key contribution value asso keys from a single credential requestina data communication 10 ciated with the first unique ECQV certificate to derive a system, said Subscriber device comprising: first private key. an input/output circuit configured to send a single creden 23. A trusted entity device for facilitating generation of a tial request to a plurality of certificate authorities com public key for a subscriber device in a data communication prising a first value associated with a public value for the system, said trusted entity device comprising: subscriber device, and receive from each of the plurality 15 of certificate authorities a unique Elliptic Curve Qu a processing circuit configured to obtain an implicit cer Vanstone (ECQV) certificate and associated private key tificate associated with a private key of the subscriber contribution value that are uniquely generated from the device, and transform the implicit certificate into a single credential request, thereby obtaining a plurality of unique Elliptic Curve Qu-Vanstone (ECOV) certificate unique ECQV certificates from the corresponding plu and associated private key contribution value; and rality of certificate authorities. an input/output circuit configured to send the unique 20. The subscriber device of claim 19, wherein the input/ ECQV certificate and associated private key contribu output circuit is configured to send the single credential tion value to the subscriber device, request by sending to the plurality of certificate authorities a wherein the processing circuit is further configured to single ECQV certificate associated with the public key value 25 transform the implicit certificate by for the subscriber device using predetermined elliptic curve extracting a first public value from the implicit certificate; domain parameters for the secure digital communication sys computing a public reconstruction value by mathemati tem. cally combining the first public value with one or more 21. The subscriber device of claim 19, wherein the sub public values associated with the trusted entity device. scriber device is configured to send the single credential 30 24. The trusted entity device of claim 23, wherein the request by sending to the plurality of certificate authorities a processing circuit is further configured to transform the single elliptic curve public key value for the subscriber device implicit certificate by: using predetermined elliptic curve domain parameters for the constructing an identity value distinguishing the Subscriber secure digital communication system. device; and 22. The subscriber device of claim 19, further comprising 35 constructing the ECQV certificate from the public recon a processor circuit configured to compute a private key from struction value and the identity value. one of the plurality of unique ECQV certificates by: k k k k k