Described below are a method and a device for agreeing a shared key between a first communication device and a second communication device.
A multiplicity of potential applications exist for storage media having small integrated computing capacities, such as, for example, USB memory sticks with built-in processors, RFID chips, smart chipcards, etc. They can be used, for example, for access control or in logistical processes. A further application area is digital rights management systems as used in the sales and marketing of DVDs and licensed software.
A precondition for the use of the communication devices in such security-critical applications is that secure handling of the sensitive data, in particular during the transmission to another communication device, is guaranteed.
Let this be explained in more detail with reference to an example. Access to copy-protected electronic data objects, such as, for example, audio files, video files or software, is usually controlled by electronic protection mechanisms called digital rights management (DRM) systems. They restrict access to digital offerings mostly to registered, i.e. paying, users, or even allow individual billing of single accesses to an offering. In practice this operates via specially developed file formats which include a copy protection or encryption. Consequently these files can only be used by special programs and an associated key called a content encryption key (CEK). This means that without the corresponding key CEK it is not possible to access the content of the protected data object.
The encrypted content of the data object that is to be protected is typically stored on a storage medium, such as CDs, DVDs, USB sticks or SD (“Secure Digital”) memory cards, and the corresponding key CEK for decrypting the digital content is distributed separately. It is particularly advantageous to deliver the key CEK on a communication device with limited memory space and limited available computing capacity.
An example of a communication device of this type is an RFID (“Radio Frequency IDentification”) chip, which may be a silicon chip with an integrated processor having limited computing capacities, an antenna for the purpose of communicating with a reader device, and a small memory space of about two kilobytes. These properties make RFID chips an attractive medium for distributing keys CEK by which access to encrypted contents on a storage medium is granted.
A problematic aspect with this type of solution is the transmission of the key CEK or the data for determining the key CEK to the communication device which is to decrypt the protected content. In this case it must be guaranteed that the key CEK will be transmitted only to appropriately authorized communication devices and that the communication devices in turn accept the key CEK only from appropriately authorized communication devices. This is ensured by a mutual authentication protocol between the receiving communication device and the transmitting communication device. For this purpose, however, known authentication protocols require extensive computing capacities and a large amount of available memory space.