The use of personal devices, such as cellular telephones and hand-held PDA:s (Personal Digital Assistant), is becoming increasingly popular. Other kinds of personal devices, including any mobile communication terminal having a terminal identity which somehow is associated with an end user identity, or in possession of an anonymous user, are easily conceivable. Among the end users of the personal devices and the parties communicating with these devices there is a need to be able to use encrypted communication, digital signatures and digital certificates. With these kinds of cryptographic techniques it is possible to ensure secrecy and integrity of communicated information data, authenticate an originator of information, as well as authenticating an intended recipient of information.
Encrypted communication between two entities is typically based on either shared secret keys or on public/private key pairs. To implement key-based encrypted communication and/or the use of digital signatures, schemes are needed to determine how and where the required keys should be generated, and also how to distribute the generated keys to the involved entities. A more general term which includes issues regarding generation, storage and distribution of keys, and which also is used in this document, is key management.
Secret keys obviously have to be managed and somehow be distributed among the participating entities. If a secret or private key should be transferred to an entity, it is important that this is performed in a secure way such that the key is not exposed to a third party, even if such a third party would do its utmost to get access to such a key. Public/private key pairs may be generated within an entity, requiring that only the public key needs to be distributed outside the entity. However, in case the public/private key pair is generated outside the specific entity, the private key needs to be transferred to the entity. Whenever a secret or private key is transferred it is also important to be able to ensure integrity of the key.
Future personal devices will include one or more device specific cryptographic keys. The number and types of these keys are dependent on the different applications included in the device, which applications will differ between different users and their respective usage of the device. Thus, it is difficult to foresee these numbers and types of keys that should be included in the device. For this reason it is necessary to be able to store a variety of keys in a storage area of the device when initializing the device. Typically, most of these keys will be stored in some non-robust memory, i.e. any memory in which information can be written and with the potential risk of losing any such information due to failure of the mechanism used for maintaining the information in the memory. As a consequence, in case of a failure of the device that results in loss of the originally stored keys, it is desired to be able to restore these original keys in a device. When transferring any secret or private keys for re-storage in the device, it is typically required, as discussed above, to maintain secrecy and integrity of the transferred keys.
U.S. Pat. No. 5,892,900, assigned to Intertrust, discloses, among other things, the use of cryptographic keys for providing security to cryptographic key management. The document describes a “Secure Processing Unit” (SPU) with a “Protected Processing Environment” (PPE) designed to perform processing tasks and to communicate with external entities in a secure manner. The PPE contains a key storage that is initialized with keys generated by the manufacturer and by the PPE itself. A manufacturing key that is public-key based or based on a shared secret is used as a so called master key for communicating other keys in a secure way. The manufacturing key is either hardwired into the PPE at manufacturing time, or sent to the PPE as its first key. The manufacturing key is used for protecting various other keys downloaded in the PPE, such as a public/private key pair and/or secret shared keys. Alternatively, the PPE has the capability of generating its own key pairs internally, in which case a manufacturing key may not be needed.
Disclosed in U.S. Pat. No. 5,892,900 is also the use of a download authorization key. The download authorization key is received by the PPE during an initialization download process. It is used to authorize PPE key updates and to protect a PPE external secure database backup to allow recovery by an administrator of the PPE if the PPE fails. The document also discloses the use of backup keys. A backup key is generated and stored within the PPE. A secure database external to the PPE stores backup records encrypted with the backup key. The backup key may be encrypted with the download authentication key and stored within the backup itself to permit an administrator to decrypt and recover the backup in case of PPE failure.