1. Field
Various embodiments pertain to secure communications and, in particular, to constrained cryptographic keys that enable secure communications between two parties via a proxy device.
2. Background
Currently, secured communications between two parties is often accomplished by use of a shared secret. This shared secret allows the two parties to keep the content of their communications (e.g., data packets, messages, etc.) private by using encryption based on the shared secret. Additionally, the shared secret allows a party to authenticate that a communication indeed came from a claimed sender and was not modified in transit.
In some situations, a direct and secure communication link cannot be established between two parties. For example, when a secure communication link between a first device and second device is lost or severed, a third device may need to troubleshoot or service the second device. To communicate with the second device, the third device (e.g., field technician, etc.) would need to establish a secure link with the second device.
In applications where public-key cryptography (asymmetric key cryptography) is used between a first party and second party, certificate hierarchies are often used to solve this problem via a third party acting as a proxy between the first party and second party. The first party can issue a proxy certificate to the third party (typically by digitally signing the third party's public key with the first party's private key) that enables the third party to act as a proxy for the first party. This third party can then present its public key along with the proxy certificate to the second party.
However, asymmetric key cryptography algorithms are relatively computationally costly in comparison to other cryptographic methods. Additionally, once a proxy certificate is issued to a third party, it is difficult to limit what type of information the third party may receive or access from the second party or how long the third party may act as a proxy for the first party. Thus, a proxy key cryptographic algorithm is needed that is computationally efficient and allows a proxy generator to apply constraints to the proxy key.