Technical Field
The present disclosure generally relates to dynamic key cryptography used, for example, for authentication between a client electronic device and a service provider, encryption of data communications, and digital signatures and, more particularly, to cryptography using dynamic keys derived from dynamically changing key material.
Related Art
Use of computers for connecting to a network (such as the Internet) and communicating with a variety of services risks the privacy of many types of information belonging to a user including, for example, the user's relationships (e.g., social connections), business secrets, banking details, payment options, and health records. The use of cryptography is common to authenticate identities, protect data, and digitally sign the summary (i.e. digest) of an action.
Cryptography generally uses an algorithm (e.g., Advanced Encryption Standard (AES), Rivest Shamir Adelman (RSA)) to combine cryptographic keys (which may be symmetric, public, or private, for example) with plain text to form cipher text. Cryptography keys are typically random numbers without any special meaning. The process of distributing cryptographic keys and storing them on a client computer (referred to as “key management”) is difficult to perform securely and is often the point-of-attack for breaking the security of a cryptographic system. The key represents a single sequence of data and thus a single point-of-failure for the cryptographic system. Since the key normally must be present at the client computer, finding the key and then copying it to another computer can allow an imposter entity to masquerade as a valid entity.
Secure elements (e.g., smartcards) can securely store the cryptographic key and, in some instances, generate the key in a secure environment. Access to the key was typically controlled by requiring the user to enter a personal identification number (PIN); this ensured that the user had to provide a secret before the secure element would allow use of the key. Such access to a key is commonly known as two-factor authentication, and the two factors are generally referred to as: “Something You Know” and “Something You Have”. A third factor, “Something You Are”, can include, for example, biometric information. The factors themselves are related in use but entirely separate in material. Possession of the physical secure element (“Something You Have”) may be via validation of cryptographic functions using the random number cryptographic key provisioned to a particular secure element whose use may be protected by a secret PIN (“Something You Know”). There is no implicit binding between the key and the user.
The use of certificates in cryptography enabled the binding of a distinguished name (e.g., a unique user) with a cryptographic key. Yet, still the cryptographic key is a random number, and when the key is validated, the cryptographic system attributes the user in the certificate to the usage of the key; the key matter itself has no relation to the user.
On the Internet, ensuring a real-world identity for the user is critical for protecting data and privacy. Mobile users especially are at risk because they often do not use anti-virus applications and many of the service providers use applications (apps) optimized for simplicity, not security. This leaves much of the private data meaningful to both a user's identity and a service's value inadequately protected. Since online service providers (OSP) incur much of the risk, safety has become their responsibility.
The standard method for identifying a user to an online service is by entering a username and password. The username is a known service index and, as such, can be stored on the computer for convenience. The password is a user secret verifiable by the OSP; it should not be stored at the computer, where it can be compromised. However, because a quality password has many characters which should be a mix of upper, lower, punctuation and special characters, the password is often difficult and time-consuming to type. This is especially true on a mobile computer using touch keypads that have various ‘levels’ of keypads for characters beyond simple alpha-numeric. Thus, many mobile apps store the password on the computer. Because mobile operating systems require mobile apps to be signed in order to run, the apps themselves cannot be altered after installation. So, any data stored by the mobile app is separate from the mobile app and often can be vulnerable to attack. Furthermore, because the app cannot change, if encryption was used to protect the cached password, there could only be one encryption key for all instances of the application. This commonality made harvesting and cracking stored passwords on a mobile computer relatively simple, even if the passwords were encrypted, since they all used the same key for decryption.
Computer and computer identification has been attempted by calculating a hash of the minutia found on a computer to uniquely identify the computer, often referred to as a computer fingerprint. Computer fingerprints typically are used, among other things, to ‘lock’ software to a particular computer fingerprint and identify computers used in online actions to profile the history and potential risk of particular actions. A typical computer identifier is computed and remains static; to ensure reliability the computer fingerprint typically uses computer minutiae (e.g., serial numbers) that normally do not change. Thus, current computer fingerprints typically use a relatively small set of static minutia which may be prone to spoofing. Some approaches to improving computer identification have sought to increase the number of minutiae used in identifying the computer through the analysis of time (both in clock and network latency) and bits of information left on the computer (i.e. ‘cookies’). However, as more minutiae are included in the computation, the probability that changes occurred naturally to the minutia can result in a new computer fingerprint. This falsely identifies a computer as ‘different’ when it is actually the same computer (often referred to as ‘false negatives’). These changes to the minutia on a unique computer occur naturally during normal use and can invalidate the computer fingerprint process or inconvenience the user or service by forcing a re-initialization of the computer fingerprint.