It is often desirable to enable at least one-way, and preferably two-way, secure communication between three or more entities. One way of doing this is by using a digital signature.
To create a digital signature, the data to be signed (d) is passed together with a secret key (k) through a key dependent one-way hash function (SIG). i.e. signature=SIGk(d). The key dependent one-way hash function used throughout the QA Chip Logical Interface is HMAC-SHA1, although any key dependent one-way hash function could be used.
Signatures are only of use if they can be validated. For example, QA Device A produces a signature for data and QA Device B can check if the signature is valid for that particular data. This implies that A and B must share some secret information so that they can generate equivalent signatures.
Common key signature generation is when QA Device A and QA Device B share the exact same key i.e. key KA=key KB. Thus the signature for a message produced by A using KA can be equivalently produced by B using KB. In other words SIGKA(d)=SIGKB(d) because key KA=key KB.
However, common key authentication has some disadvantages. For example, if a first entity wants to communicate with a series of other entities, it can share a single common key with all of them. However, this means that each of the entities will be able to authenticate (and emulate) messages from each other. One way around this is to give each of the other entities its own key, and store a copy of each of the keys in the first entity. However, where large numbers of entities are involved, an unacceptable number of keys may need to be stored in the first entity.
The problem is exacerbated when it is desirable to enable a second entity to communicate with a third entity, where the third entity has a key to enable communication, but the second entity does not.
It would be desirable to provide a method of authenticated communication that addressed at least some of the problems of the prior art.