Data processing systems have a need to engage in secure operations from time to time. In general, such operations are concerned with authenticating users and/or data, authorizing users and/or data, and securely communicating data. In recent decades, asymmetric cryptography, also known as public-key cryptography, has become popular. While asymmetric cryptography is more computationally intensive than another form of cryptography, called symmetric cryptography or secret-key cryptography, it provides benefits when used in an environment where new users or data repeatedly need to be authenticated, authorized, and/or communicated.
Asymmetric cryptography uses a private key which is kept secret, or within the confines of a security boundary, and a public key which may be freely distributed within the untrustworthy environment. The public key and private key are mathematically related. But with sufficiently strong keys—and keys having a length of many hundred to a few thousand bits are common—potential attackers will find it impractical to derive, or even to attempt to derive, a private key from a public key. Accordingly, with sufficiently strong keys the weakest links in the security of an asymmetric cryptographic system are often key generation, key distribution, validation and certification, and key storage rather than mathematical attacks upon the public key.
Unfortunately, the costs associated with key generation, key distribution, validation and certification, and key storage have been undesirably high. The trust one has in the security system can be no better than the trust one has in the systems that generate a private key, distribute the private key, and store the private key. To guarantee that trust, extreme and expensive measures are often taken. The expenses associated with such measures have been so large that many conventional data processing systems have altogether avoided implementing cryptographically valid techniques, and suffered excessive security risks as a result.
For example, very powerful and very secure computers are often used to generate private keys. Such computers, when viewed along with the security provisions that surround them, can be very expensive. Moreover, when such computers are used to centrally generate many different private keys for many different data processing systems, a security vulnerability develops where the central key-generation facility becomes a highly valued target for attack due to the large number of data processing systems that can be compromised by a single breach in security.
When private keys are generated at a central facility, they are then distributed through the untrustworthy environment to the data processing systems where they will be used. The distribution of private keys is another security vulnerability that is conventionally addressed by complex and expensive techniques that merely ameliorate the problem but do not solve it.
Then, once distributed, private keys are conventionally injected across security boundaries associated with data processing systems and saved for use within the trusted confines of the security boundaries. Security vulnerabilities are often present in the injection process, and maintaining a security boundary for as long as a data processing system stores the private key can be a costly and troublesome process that is often performed poorly.
For example, when a security boundary surrounds an entire data processing system, such as a computer, then that system should be isolated from the untrustworthy environment. In other words, it should be kept in a secure place, the security of that place should be maintained for an extended period of time, user access to that computer should be limited to only trusted users, provisions should be devised and enforced to assure the trustworthiness of the users, and the computer should be protected from corruption by data from the untrustworthy environment. Such data may include untrustworthy computer programs, viruses, worms, trojans, and the like which, if executed on the trusted computer could compromise security for the entire data processing system. These are restrictions that are simply impractical and too costly for many applications to which data processing systems are put.
Some data processing systems have established security boundaries entirely within the interior confines of a computer. In other words, the interfaces between the data processing system and users or other computers are viewed as being part of the untrustworthy environment. In such applications, providers of such systems often suggest that the data processing system may be placed at any location in the untrustworthy environment, that no unusual location restrictions need be imposed to maintain security, and restrictions concerning protection from data corruption can be relaxed. Such systems are more usable in the wide variety of different applications to which data processing systems are put and can be less expensive. But they are too often subject to significant security vulnerabilities. For example, in such systems the security boundaries are too easily breached, even while the system is operating because signals traveling between components are exposed to the untrustworthy environment. In some examples, critical security features, such as a private key, may be detected merely through debugging operations and probing.
In another example, private keys are generated locally in a data processing system in response to user-supplied “seeds”. The expense and vulnerabilities of a centralized key generation facility and key distribution are avoided. But new vulnerabilities are introduced as an untrustworthy environment is used for the generation of a private key. The use of user-supplied seeds in the generation of a private key is particularly troublesome because users cannot be relied upon to provide truly random seeds, and the generation of such seeds can be an unworkably slow process when repeated numerous times in a programming loop. As a consequence, the resulting private key generated in reliance on such seeds is too often not as strong as it might be, and it may be vulnerable to mathematical manipulations performed on the public key. And, adequate trust cannot be guaranteed for the software used to generate the private key or for the private key storage facilities.
Accordingly, a need exists for an asymmetric cryptographic device that generates a private key locally within the device, which imposes a strong security boundary within the confines of the device, which avoids the security vulnerabilities of conventional techniques, and/or which does so at less expense than conventional techniques. By reducing the expenses associated with cryptographically valid processes, a wider variety of data processing systems and devices may benefit from asymmetric cryptographic techniques.