1. Field of the Invention
The present invention relates in general to an information exchange technology, more specifically, to a method and system for transferring a secret code or secret information between two hardware modules. The transfer process is called secret code emulation. These two hardware modules are capable of secretly communicating with each other by using the original secret code and the emulated secret code only known by them.
2. Description of the Related Art
Key distribution is an important and fundamental issue in modern cryptosystems. The purpose of the key distribution is to distribute useful encryption/decryption information (or called encryption/decryption keys) over communication hosts for communicating with each other and to prevent illegal hosts or persons from intercepting the key-related information, thereby eavesdropping communication data or forging certificates. Modern cryptosystems can be categorized into two classes, where one is named as symmetric or secret-key systems and another is named as asymmetric or public-key systems. Implementations of the key distribution for these two kinds of cryptosystems are respectively described as follows with reference to the accompanying drawings.
FIG. 1 (Prior Art) is a schematic diagram of a conventional symmetric system, such as DES (Data Encryption Standard), for illustrating the key distribution scheme thereof. In the symmetric system, the sender (data source) and the receiver (data destination) use the same key, KEYC, to encrypt/decrypt private data. In FIG. 1, communication host 1 acts as the sender and communication host 2 acts as the receiver. Communication host 1 involves cipher 3, which uses KEYC to encrypt plaintext 10 into ciphertext 20. Ciphertext 20 can be distributed over public networks, such as LANs or the Internet, by setting communication host 2 to be the destination host. In addition, communication host 2 involves cipher 4. After fully receiving ciphertext 20, cipher 4 uses the same key KETC to decipher ciphertext 20 to obtain recovered text 12. In the symmetric cryptosystem, it is assumed that the common key KEYC, shared by both ends is distributed in a private and secure manner and cannot be intercepted during the distribution process. In reality, however, it is difficult to find out a transmission medium that can completely comply with this security requirement. It also reveals that crackers are capable of breaking through such cryptosystem by stealing the encryption key from the distrusted transmission medium.
FIG. 2 (Prior Art) is a schematic diagram of the conventional asymmetric cryptosystem system, such as the RSA system. Unlike the symmetric cryptosystem, asymmetric cryptosystems use different public keys and private keys for encryption and decryption, respectively. As shown in FIG. 2, communication hosts 1 and 2 employ the ciphers (5, 6) and (7, 8) to implement practical data encryption/decryption processes, which are similar to that of the symmetric cryptosystem does. However, each of the communication-hosts owns its private/public key pair. The private key and the public key of communication hosts 1 are denoted as KETAPRI and KETAPUB, and those of communication host 2 are denoted as KETBPRI and KETBPUB, respectively. It is noted that private keys are confidentially contained in their communication hosts, but public keys must be released to the public. In the case shown in FIG. 2, public key KEYAPUB of communication host 1 is acquired by communication host 2, and public key KEYBPUB of communication host 2 is also acquired by communication host 1.
Data transmission examples are now illustrated. Suppose that communication host 1 is ready to transmit a document to communication 2 in a secure manner. The first step is that cipher 5 employs public key KETBPUB of communication host 2 to encrypt this document. After encryption, the cipher document is transmitted from communication host 1 to communication host 2 over the interconnection network. Because communication host 2 sustains private key KEYBPR paired with public key KETBPUB applied to encrypt this document, the cipher document can be deciphered by cipher 6 using private key KETBPRI. In the similar manner, communication host 2 can use public key KETAPUB of communication host 1 to decrypt secret data, and communication host 1 can use its private key KETAPRI to decrypt the secret data. It is noted that key distribution can be readily achieved by disseminating these public keys to the public. The basic security assumption in conventional asymmetric cryptosystems is that the release of public keys will not cause protection defect of the cryptosystem.
As described above, the conventional symmetric cryptosystem and the asymmetric cryptosystem adopt different approaches to handling the key-distribution issue. In the symmetric system, the key-related information must be kept confidential and exchanged by means of a secure transmission medium. However, it is almost impossible to guarantee the privacy of the key exchange process in the real world. Therefore, from the aspect of key distribution, there is a security hole in the conventional symmetric cryptosystem. On the other hand, key distribution can be achieved by freely releasing the public keys in the conventional asymmetric cryptosystems. In other words, key exchange can be performed straightforwardly. Therefore, key distribution of the asymmetric cryptosystem can be fulfilled in an easier way than that of the symmetric cryptosystem.
In addition, most of the conventional cryptosystems use the cryptographic algorithms based on mathematics to encrypt data, especially in the asymmetric cryptosystems. For example, the RSA cryptosystem is designed on the basis of prime factoring problems. Therefore, the most common implementations of such cryptosystems are written by software. In the case shown in FIG. 2, ciphers 5 and 6 usually represent software packages that are designed for performing the required cryptographic algorithms and executed in communication hosts 1 and 2, respectively. Necessary keys, including KEYAPUB, KEYAPRI, KEYBPUB and KEYBPRI are supplied by users or automatically generated by key-generating software. Sometimes ciphers can be implemented by hardware for speeding up processing. No matter how these conventional cryptosystems are implemented, the fundamentals of the keys are still unchanged, that is, the determination of these keys strongly depends on the cryptographic algorithms and the keys can be accessed by the users.
According to the above description, the cryptographic algorithms of the conventional cryptosystems are known, but decryption keys are unknown. Therefore, the security performance of a cryptosystem involves two things: ensuring that nobody can decipher decrypted data based on the known cryptographic algorithms and the public keys, and carefully hiding the private key in the public-key cryptosystem and the secret key in the secret-key cryptosystem. It is obvious that a system is unsafe if its key information is reached by crakers. In fact, current cryptosystems still use user-defined keys, or allow users to acquire key information in some situations. It takes an advantage of device-independence and users can easily use their keys in any system supporting the same cryptographic algorithms. This feature, however, also provides a path for crackers to reach the hidden information.
A better solution to this problem is to plunge these keys in the hardware and to restrict the access path to these keys, thereby blocking the illegal access to the keys. However, embedding the keys in the hardware also introduces a problem, how to share key information between two hardware modules having the feature. The present invention deals with the key-exchange issue in such situation.
Therefore, an objective of the present invention is to provide a system and method for emulating a secret code, which can be a real key or a key ancestor, between two independent but coupled hardware modules. Secret code emulation means a process that a communication host replicates the secret code hidden within another communication host. In addition, the secret code is still kept in secret during and after the emulation process.
The present invention achieves the above indicated objectives by providing a system including a first hardware module and a second hardware module for communicating with each other, where the first hardware module has a secret code that is not accessible from outside and the second hardware module can emulate the secret code. The first hardware module comprises a device for storing a test sample and a device for transforming the secret code into a transformed secret code according to a transformation pattern randomly selected from a set of possible transformation patterns. Then the transformed secret code can be transferred from the first hardware module to the second hardware module. The second hardware module comprises a recovering logic circuit for restoring the transformed secret code to obtain hypothetical secret codes by recursively trying the set of the possible transformation patterns and an encoder for encoding the test sample into an encoded test sample by using each of the hypothetical secret codes. Each encoded test sample is sent to the first hardware module. The first hardware module further comprises a decoder for decoding the encoded test sample received from the second hardware module into a temporary sample by using the true secret code and a comparator for comparing the temporary sample with the test sample stored in the storing device and informing the second hardware module of the comparison result. When the comparison result shows that the temporary sample and the secret code are matched, the recovering logic circuit stops and the current hypothetical secret code will be equivalent as the secret code.
In addition, the present invention also provides an emulation method performed in such system. First, the secret code initially stored in the first hardware module is transformed into a transformed secret code according to a transformation pattern randomly selected from the predefined set of the possible transformation patterns. Then the transformed secret code can be transferred from the first hardware module to the second hardware module. It is impossible to directly acquire the true secret code from the transformed secret code unless someone can predict which of the possible transformation pattern will be selected. Next, the second hardware module can recursively guess a hypothetical secret code from the transformed secret code by selecting one from the possible transformation patterns and reversing the effect of the selected pattern on the transformed secret code until a comparison match result is received.
The comparison match result is verified and issued by the first hardware module. The second hardware module uses the current hypothetical secret code to encode a test sample into an encoded test sample and send the encoded test sample to the first hardware module for verification. Thus the first hardware module uses the true secret code to decode the encoded test sample into a temporary sample and compare it with the original test sample. If they are matched, it means that the current hypothetical secret code is correct. Therefore, the first hardware module can inform the second hardware module of comparison match. Then the secret code is successfully transferred from the first hardware module to the second hardware module.