Search

US-12627512-B2 - Mutual authentication with pseudo random numbers

US12627512B2US 12627512 B2US12627512 B2US 12627512B2US-12627512-B2

Abstract

A verifier device of an authentication system comprises physical layer circuitry and processing circuitry coupled to the physical layer circuitry. The processing circuitry is configured to encode an authentication command for sending to a credential device; decode a response communication received from the credential device, wherein the response communication includes a first random number; encrypt the first random number, a second random number, and verifier keying material for sending to the credential device; decrypt encrypted information received from the credential device, wherein the encrypted information includes the first random number, the second random number, and receiver keying material; and calculate a session encryption key using the verifier keying material and the receiver keying material.

Inventors

  • Martin Kaufmann
  • Adam Augustyn

Assignees

  • ASSA ABLOY AB

Dates

Publication Date
20260512
Application Date
20231219

Claims (18)

  1. 1 . A method of device authentication, the method comprising: transmitting a first random number from a receiver device to an initiator device, wherein the first random number is a pseudo random number determined using a counter value and the first random number is bound to a specific context of communication between the initiator device and the receiver device; determining, by the receiver device, first key information using the first random number and a static key; in response to receiving the first random number, determining by the initiator device, the first key information using the first random number and the static key, a second random number, and second key information specific to the initiator device; transmitting the first random number, the second random number, and the second key information from the initiator device to the receiver device; transmitting the first random number, the second random number, and the first key information from the receiver device to the initiator device; and encrypting information communicated between the initiator device and the receiver device using an encryption key determined using the first key information and the second key information.
  2. 2 . The method of claim 1 , including updating the counter value for each communication session between the initiator device and the receiver device.
  3. 3 . The method of claim 1 , including updating the counter value after the first random number is communicated between the receiver device and the initiator device.
  4. 4 . The method of claim 1 , including determining the encryption key using a static key stored in each of the initiator and the receiver devices, the first key information, and the second key information.
  5. 5 . The method of claim 1 , wherein the initiator device is a verifier device and the receiver device is a credential device.
  6. 6 . The method of claim 5 , wherein the receiver device is a smartphone and the initiator device is a server or an access control device.
  7. 7 . The method of claim 5 , wherein the receiver device is a smart card and the initiator device is a server or an access control device.
  8. 8 . The method of claim 1 , including transmitting the first random number, the second random number, and the first key information from the receiver device to the authenticating initiator device according to a script included in the receiver device.
  9. 9 . The method of claim 1 , wherein the first key information includes a third random number predictable by the authenticating initiator device.
  10. 10 . A verifier device of an authentication system, the verifier device comprising: physical layer circuitry; and processing circuitry operatively coupled to the physical layer circuitry and configured to: encode an authentication command for sending to a credential device; decode a response communication received from the credential device, wherein the response communication includes a first random number; determine receiver device keying material using a static key and the first random number, a second random number, and verifier keying material in response to receiving the first random number; encrypt the first random number, the second random number, and verifier device keying material for sending to the credential device; decrypt encrypted information received from the credential device, wherein the encrypted information includes the first random number, the second random number, and the receiver device keying material; and calculate a session encryption key using the verifier device keying material and the receiver device keying material; wherein the verifier device is a reader device, and the processing circuitry is configured to receive credential information encrypted using the session encryption key and grant physical access to a resource according to the credential information.
  11. 11 . The verifier device of claim 10 , wherein the processing circuitry is configured to calculate the session encryption key using a static key, the verifier device keying material, and the receiver device keying material.
  12. 12 . The verifier device of claim 10 , wherein the processing circuitry is configured to calculate the first random number by applying a counter value to a pseudo random number function.
  13. 13 . The verifier device of claim 12 , wherein the processing circuitry is configured to change the counter value used to calculate the first random number for each communication session with the credential device.
  14. 14 . The verifier device of claim 12 , wherein the processing circuitry is configured to change the counter value used to calculate the first random number after an exchange of information with the credential device.
  15. 15 . The verifier device of claim 12 , wherein the processing circuitry is configured to prevent overflow of the counter value.
  16. 16 . The verifier device of claim 10 , wherein the processing circuitry is configured to decrypt the first random number, the second random number, and the receiver device keying material according to a script included in the verifier device.
  17. 17 . The verifier device of claim 10 , wherein the processing circuitry is configured to receive credential information encrypted using the session encryption key and grant access to a resource according to the credential information.
  18. 18 . The verifier device of claim 10 , wherein the receiver device keying material includes a third random number predictable by the verifier device.

Description

CLAIM OF PRIORITY This patent application is a continuation of U.S. patent application Ser. No. 17/025,011, filed Sep. 18, 2020, the disclosure of which is incorporated by reference herein in its entirety. TECHNICAL FIELD Embodiments illustrated and described herein generally relate to automatic identity authentication systems that authenticate users for access to secure resources, and to techniques of secure messaging for identity authentication systems. BACKGROUND There are many applications for which quick and accurate authentication of identity of a person is desirable. Some examples include airline travel and secure access to controlled areas. Additionally, remote identity authentication for applications such as mobile online shopping or mobile banking is now a common practice. Device authentication can involve authentication information being exchanged between a server performing authentication and a credential device such as a smart card or a mobile phone. Secure messaging is used to enable transfer of sensitive information used in the authentication process. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is an illustration of an example of portions of an authentication system. FIG. 2 is a flow diagram of an example of a method of device authentication. FIG. 3 is a block diagram illustrating an example of portions of a communication session for device authentication. FIG. 4 is a block diagram schematic of portions of an example of a verifier device. DETAILED DESCRIPTION It is desirable for automatic authentication of a person's identity based on verifiable identity information to be fast and secure. Authentication may involve messaging to send sensitive identification information between a verifier device (e.g., a system server of an authentication system backend) and credential device (e.g., a smartcard or smartphone). FIG. 1 is an illustration of an example of a verifier device 105 and a credential device 110 that communicate using secure messaging. In the example, the verifier device 105 is a system server of an authentication system backend and the credential device 110 is a smartphone, but the verifier device and the credential device can be any two devices that use secure messaging. The credential device may store an access credential that provides controlled access to a resource such as a financial resource or a secured physical space. Authentication messaging is used to verify that the access credential provides the desired access. The authentication messaging can be made secure using one or more session keys 115 to encrypt the messages of a communication session between the devices. The keys can be shared according to a communication protocol. To make the authentication automatic between the devices, the messaging that includes the key exchange can be scripted. The scripting can include a verifier device initiating a transaction to exchange keys. To make the key transaction scriptable, key information should be predictable. FIG. 2 is a flow diagram of a method of device authentication between an initiator device that initiates the authentication and a receiver device. The method 200 may provide mutual authentication using secret messaging that is scriptable. The initiator device may be a verifier device and the receiver device may be a credential device. Alternatively, the credential device may be the initiator device, and the verifier device is the receiver device. At block 205, an authentication command is sent to the receiver device from the initiator device to trigger the authentication for secure messaging between the devices. At block 210, a first random number RB is generated by the receiver device and transmitted from the receiver device to the initiator device. At block 215, the receiver device also determines receiver device keying information, or receiver device keying material, FB. The keying material is calculated using the random number RB and a static encryption key KENC, or FB=KDF(KENC,RB), where KDF is the key derivation function performed using processing circuitry of the receiver device. One or more keys are generated using FB. In some examples, the random number RB is a true random number, and the static encryption key KENC can be a device specific encryption key stored in the receiver device and the initiator device. The KDF binds the keying material FB to a specific context of the communication session. The context may be, among other things, an application, a key identifier, a session ID, etc. To make the secure messaging scriptable, the receiver keying material FB is a predictable random number that can be determined by the initiator device. In response to receiving the communication that includes the random number RB, the initiator device determines, the receiver keying material FB, a second random number RA and initiator device keying material FA. The initiator device keying material FA can be a random number. At block 220, the initiator device transmits random number RB