There is considerable knowledge in the current art involving cryptographic key replacement strategies for issued personal security devices (PSD) such as smart cards, subscriber identification modules (SIM), wireless identification modules (WIM), identification tokens, integrated circuit cards (IC cards) and related devices. Most replacement strategies rely on the use of the installed keys in order to perform key replacements, which may allow a fraudulent key holder to monitor the key replacement and thus potentially compromise the replacement keys. For example, U.S. Pat. Nos. 6,240,187 and 5,761,306 by Lewis describe sophisticated mechanisms to perform asymmetric key replacements incorporating sequential key generation and cryptographic techniques in order to securely send the replacement keys over an open network to a PSD. The sequential key replacements are dependent on currently installed keys.
In another approach, U.S. Pat. No. 6,230,267 by Richards, et al. describes a secure data loading process which could be extended to installing asymmetric keys and the preferable use of properly authenticated digital certificates to ensure that data stored inside a PSD has not been compromised. The approach taught by the Richards patent is effective for domain level key replacements but is not intended for use in replacing compromised high level key sets such as root keys or master keys. Again, the data transfer arrangement relies on the integrity of existing keys in order to ensure a secure data transfer.
In a third approach, U.S. Pat. No. 4,972,472 by Brown, et al. incorporates three separate cryptographic keys having active, retired and replacement status respectively. This key replacement strategy requires a secure channel in order to perform the key replacements and could allow a compromised key set to remain active for a predetermined period before being “retired.” Another limitation in employing this approach is the lack of a secure key replacement mechanism, which ensures the integrity of the installed keys. The intent of the Brown patent is to provide a transition period for normal key replacements.
A fourth approach is described in U.S. Pat. No. 5,680,458 by Spelman et al. where notification and replacement of a compromised asymmetric root key are performed using an out-of-band mechanism and having each PSD holder enter a key sequence which forms a partial replacement key. This viable approach relies on time consuming and potentially costly out-of-band notifications and end user intervention in order to change a potentially compromised root key.
Other common alternatives include returning the PSDs to the issuer for key exchanges; however, this removes the PSDs from service and impacts the PSD's end users. The final alternative is to simply dispose of the current PSDs and issue replacements, which is an expensive solution and may result in loss of customized data stored in the issued PSDs.
Little is disclosed in the current or prior art concerning secure recovery from the loss or compromise of a hardware security module (HSM), which may contain the master keys or the ability to generate master keys for issued PSDs. The loss or compromise of an active HSM is a particularly difficult and costly situation to remedy. Thus it is apparent that a secure root level key replacing technique which does not rely on currently active key sets or user intervention and can be performed using existing communications infrastructures is highly desirable. A method and system is described herein, which solves several of the limitations described above.