The present invention relates to an apparatus for verifying a validity of an encrypted token and to an apparatus for generating such an encrypted token as well as to methods for verifying such an encrypted token and a method for generating an encrypted token. Embodiments of the invention particularly relate to an encrypted token associated to a product, for example, a computer program or software product. In this case the encrypted token may be a serial number of the software product.
User specific tokens to authorize access to a technical system are widely used, for example, in the information technology (IT). While such tokens exist as either personalized or as anonymous access keys, one of the most crucial aspects is the security.
Typically, public key cryptography is used to digitally sign or encrypt the token such as to allow an access control mechanism of a technical system to verify the authenticity of said token. The length of the key (the number or size in bits) used for creating the signature/encrypting the token corresponds directly to the achieved level of security. In many applications for user specific tokens, the maximum size of such tokens is limited to a certain number of bits. This is to ensure that they are easy to transmit or comfortable for handling, e.g. when the token has to be entered manually into a technical system.
A signed user specific token consists of an arbitrary number of payload bits and a minimum number of signature bits determined by the signing/encryption algorithm used. Insecure user specific tokens or user access keys for technical systems, e.g. for software products, can lead to an illegal use of such technical systems. Based on such an insecure token, an illegal user may be able to build an own key or token generator and thus, create own access keys for the technical system.
Therefore, signing/encryption algorithms should be used which guarantee a high level of security. Thus, cryptographic methods are applied to generate encrypted user specific tokens and to verify such user specific tokens.
Nowadays, often public/private key cryptography is used for encrypting or decrypting such user specific tokens by means of a private and a public key. Typical public key cryptosystems are, for example, the RSA-cryptosystem, the McEliece cryptosystem applying a Goppa code or the Niederreiter-cryptosystem. These cryptosystems are asymmetric key algorithms with a public key and a private key. These keys are used to encrypt and decrypt messages, for example, user specific tokens or access keys.
In the publication “How to Achieve a McEliece-based Digital Signature Scheme” of Nichols Courtois et al., a method is described to build a practical signature scheme based on coding theory. However, according to this article, the access key size (user specific token) and the finding costs remain high. Furthermore, if the access key size is reduced, the calculation time for verifying the validity of the signature may increase, e.g. up to 30 s.
According to the publication, a method based on a Niederreiter algorithm is described to generate a digital signature. If D is a document and H a hash function, then S is defined as the hash value of the document D. This means that S=H (D) is valid. If i is a counter variable, which starts with 0 counted up, this means i=0, 1, 2, 3, 4, etc., then D|i is the concatenation if i is connected to the document D as a bit structure and Si is defined as the hash value Si=H (D|i). The variable i is counted up until a hash value Si is obtained, which can be encrypted with the secret key. Then, ti represents the value, which is obtained if Si is encrypted with the secret key. The signature of the document D is then ti|i, this means that the concatenation of ti with the value i. Document D with the signature is the value D|tk|i. If the signature method is now applied to the serial number and 54 bits of information shall be protected with cryptographic security, then the Niederreiter method with the parameter m=16 and t=9 results in a signature with an average length of 144 bits. Then the encrypted serial number comprises an average length of 144+54=198 bits. This means that in the most favorable case, the encrypted serial number comprises a length of 180 bits. The probability that the length of the encrypted serial number comprises more than 204 bits is almost zero.
In order to encrypt a cryptographically secure serial number, for example, with 54 bit information, the encrypted serial number comprises an average length of 198 bits according to the method described from Courtois et al. In contrast, the inventive methods and apparatus described herein generate for a serial number with 54 bit information normally an encrypted serial number with 140 bits. This means that the length of the encrypted serial number or the encrypted token may be shorter than by the proposed method described by Courtois et al. Furthermore, the method described by Courtois et al. does not propose a concept of scalable security. Courtois et al. describes the possibility to change the proposed method in order to reduce the length of the encrypted token to an average of 159 bits. However, in this case, the computing time in order to verify the validity of the encrypted serial number is drastically increased up to 30 seconds. In contrast, the computing time for the validation of an encrypted token according to embodiments of the invention may only comprise some milliseconds.