METHOD OF DELIVERING DIRECT PROOF PRIVATE KEYS TO DEVICES USING AN ON-LINE SERVICE

摘要

It is transmitted to the device installed on the client computer system in a direct proof secret key field can be achieved in a secure manner without requiring the significant non-volatile storage on the device. It is created with a unique pseudo-random numbers is stored in the device during manufacture. Using the pseudo random number to produce a symmetric key for encrypting a data structure for holding the Direct Proof private key and a private key digest associated with the device. As a result of the encrypted data structure it is stored in a protectable online server accessed by the client computer system. When the device is initiated on the client computer system, the system checks whether the encrypted local data structure in the system. Not present, the encrypted local data structure, the system obtains the encrypted data structure associated protection line from a server using a secure protocol. The device decrypts the encrypted data structure by using the symmetric key regenerated from the stored pseudo-random number values ​​to obtain a direct proof of the secret key. If the secret key is valid, the private key may be used for the follow-up of the authentication processing by the device on the client computer system.