-
公开(公告)号:US11979508B2
公开(公告)日:2024-05-07
申请号:US17413681
申请日:2019-12-13
发明人: John A. Nix
CPC分类号: H04L9/3268 , G06F8/445 , H04L9/006 , H04L9/0841 , H04L9/0861 , H04L9/3297
摘要: A tamper resistant element (TRE) in a device can operate a primary platform and support a “Smart Secure Platform”. The TRE may not keep time when electrical power is removed from the TRE. The device can receive (i) a certificate for an image delivery server (IDS) with a first timestamp and (ii) a signed second timestamp from a certificate authority, comprising a signature according to the Online Certificate Status Protocol (OCSP) with stapling. The device can forward the certificate and second timestamp to the TRE. The device can receive a ciphertext and an encrypted image from the IDS, where the ciphertext includes a third timestamp from a Time Stamp Authority (TSA), and forward the data to the TRE. The TRE can conduct a key exchange to decrypt the ciphertext. The TRE can compare the second and third timestamps to verify the certificate has not been revoked.
-
公开(公告)号:US11909870B2
公开(公告)日:2024-02-20
申请号:US18125953
申请日:2023-03-24
发明人: John A. Nix
CPC分类号: H04L9/0841 , H04L9/0825 , H04L9/3066 , H04L9/3242 , H04L9/3252
摘要: A server can record a device static public key (Sd) and a server static private key (ss). The server can receive a message with (i) a device ephemeral public key (Ed) and (ii) a ciphertext encrypted with key K1. The server can (i) conduct an EC point addition operation on Sd and Ed and (ii) send the resulting point/secret X0 to a key server. The key server can (i) perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using X0 and a network static private key to derive a point/secret X1, and (ii) send X1 to the server. The server can conduct a second ECDH key exchange using the server static private key and point X0 to derive point X2. The server can conduct an EC point addition on X1 and X2 to derive X3. The server can derive K1 using X3 and decrypt the ciphertext.
-
公开(公告)号:US20230336332A1
公开(公告)日:2023-10-19
申请号:US18210776
申请日:2023-06-16
发明人: John A. Nix
CPC分类号: H04L9/0841 , H04L9/14 , H04L9/085 , H04L9/3066 , H04L9/006 , H04L9/0662 , H04L9/0825
摘要: A server can receive a device public key and forward the device public key to a key server. The key server can perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using the device public key and a network private key to derive a secret X1. The key server can send the secret X1 to the server. The server can derive an ECC PKI key pair and send to the device the server public key. The server can conduct a second ECDH key exchange using the derived server secret key and the device public key to derive a secret X2. The server can perform an ECC point addition using the secret X1 and secret X2 to derive a secret X3. The device can derive the secret X3 using (i) the server public key, a network public key, and the device private key and (ii) a third ECDH key exchange.
-
公开(公告)号:US11777719B2
公开(公告)日:2023-10-03
申请号:US17748706
申请日:2022-05-19
申请人: John A. Nix
发明人: John A. Nix
CPC分类号: H04L9/0844 , H04L9/0618 , H04L9/0852 , H04L9/0869 , H04L9/3066 , G06N10/00
摘要: Elliptic Curve Cryptography (ECC) can provide security against quantum computers that could feasibly determine private keys from public keys. A server communicating with a device can store and use PKI keys comprising server private key ss, device public key Sd, and device ephemeral public key Ed. The device can store and use the corresponding PKI keys, such as server public key Ss. The key use can support all of (i) mutual authentication, (ii) forward secrecy, and (iii) shared secret key exchange. The server and the device can conduct an ECDHE key exchange with the PKI keys to mutually derive a symmetric ciphering key K1. The device can encrypt a device public key PK.Device with K1 and send to the server as a first ciphertext. The server can encrypt a server public key PK.Network with at least K1 and send to the device as a second ciphertext.
-
公开(公告)号:US20230208626A1
公开(公告)日:2023-06-29
申请号:US18111307
申请日:2023-02-17
发明人: John A. Nix
CPC分类号: H04L9/0841 , H04W12/03 , G06F13/20 , H04L9/0861 , H04L9/3013 , H04L9/3247 , H04L9/3263 , H04L63/0435 , H04W12/06 , G16Y30/10
摘要: A device can include an internal secure processing environment (SE) and communicate with a configuration system. The device may utilize a near field communications (NFC) radio. A mobile handset can connect with the SE in the device using NFC. The mobile handset can communicate with the configuration system and receive configuration data and a software package for the device. The SE can derive a PM key pair and send the derived public key to the configuration system via the mobile handset. The SE and the configuration system can mutually derive an encryption key using the derived PM key pair. The configuration data can be transmitted over the NFC radio, and the mobile handset can establish a Wi-Fi access point. The software package can be encrypted using the encryption key and transmitted to the device over the established Wi-Fi access point, thereby completing a configuration step for the device.
-
公开(公告)号:US11621832B2
公开(公告)日:2023-04-04
申请号:US16980987
申请日:2019-03-14
发明人: John A. Nix
摘要: A device can include an internal secure processing environment (SE) and communicate with a configuration system. The device may utilize a near field communications (NFC) radio. A mobile handset can connect with the SE in the device using NFC. The mobile handset can communicate with the configuration system and receive configuration data and a software package for the device. The SE can derive a PKI key pair and send the derived public key to the configuration system via the mobile handset. The SE and the configuration system can mutually derive an encryption key using the derived PKI key pair. The configuration data can be transmitted over the NFC radio, and the mobile handset can establish a Wi-Fi access point. The software package can be encrypted using the encryption key and transmitted to the device over the established Wi-Fi access point, thereby completing a configuration step for the device.
-
公开(公告)号:US20220360622A1
公开(公告)日:2022-11-10
申请号:US17871701
申请日:2022-07-22
发明人: John A. Nix
IPC分类号: H04L67/06 , H04W4/70 , H04L9/32 , H04L67/1097 , H04W12/04
摘要: A storage radio unit (SRU) for a device can include a radio, embedded universal integrated circuit card (eUICC), a processor, an antenna, and nonvolatile memory. The SRU can support standards for removable storage form factors and record a file system for a device. The device can be associated with a service provider and the SRU can be associated with a network provider. The radio can support Narrowband Internet of Things (NB-IoT) standards. The SRU can operate a file system interface (FSI) for the radio, where the device records application data in a file of the FSI. The SRU can attach to a wireless NB-IoT network using credentials recorded in the eUICC. The SRU can read the file of the FSI, and compress, encrypt, and transmit the application data to a network provider via the radio. The network provider can transmit the application data via TLS to the service provider.
-
18.发明授权公开(公告)号:US11438176B2
公开(公告)日:2022-09-06
申请号:US17570201
申请日:2022-01-06
发明人: John A. Nix
摘要: A device can (i) store public keys Ss and Sn for a network and (ii) record private key sd. A network can record a corresponding private keys ss and sn. The device can (i) generate a device ephemeral PKI key pair (Ed, ed) and (ii) send public key Ed to the network. The device can receive an ephemeral public key Es from the network. The device can calculate values for A: an elliptic curve point addition over Ss, Sn, and Es, and B: (sd+ed)mod n. The device can input values for X and Y into an elliptic curve Diffie Hellman key exchange (ECDH) in order to determine a mutually derived shared secret X5, where the network can also derive shared secret X5. The device can (i) use X5 to derive a key K2 and (ii) decrypt a ciphertext from the network using key K2.
-
19.发明授权公开(公告)号:US11228448B2
公开(公告)日:2022-01-18
申请号:US16689074
申请日:2019-11-19
发明人: John A. Nix
摘要: A device can (i) store public keys Ss and Sn for a network and (ii) record private key sd. A network can record a corresponding private keys ss and sn. The device can (i) generate a device ephemeral PKI key pair (Ed, ed) and (ii) send public key Ed to the network. The device can receive an ephemeral public key Es from the network. The device can calculate values for A: an elliptic curve point addition over Ss, Sn, and Es, and B: (sd+ed) mod n. The device can input values for X and Y into an elliptic curve Diffie Hellman key exchange (ECDH) in order to determine a mutually derived shared secret X5, where the network can also derive shared secret X5. The device can (i) use X5 to derive a key K2 and (ii) decrypt a ciphertext from the network using key K2.
-
20.发明公开公开(公告)号:US20240106660A1
公开(公告)日:2024-03-28
申请号:US18536771
申请日:2023-12-12
发明人: John A. Nix
CPC分类号: H04L9/3252 , H04L9/0825 , H04L9/0861 , H04L9/0894 , H04L9/14 , H04L9/3066
摘要: A device can (i) store public keys Ss and Sn for a network and (ii) record private key sd. A network can record a corresponding private keys ss and sn. The device can (i) generate a device ephemeral PKI key pair (Ed, ed) and (ii) send public key Ed to the network. The device can receive an ephemeral public key Es from the network. The device can calculate values for A: an elliptic curve point addition over Ss, Sn, and Es, and B: (sd+ed) mod n. The device can input values for X and Y into an elliptic curve Diffie Hellman key exchange (ECDH) in order to determine a mutually derived shared secret X5, where the network can also derive shared secret X5. The device can (i) use X5 to derive a key K2 and (ii) decrypt a ciphertext from the network using key K2.
-
-
-
-
-
-
-
-
-
搜索结果
34 条记录 (耗时 0.025 秒)
