主权项 |
1. A method of deriving a session key that secures a user session between users having access to a host computer, the method comprising:
generating an ECC key pair in response to energizing a smart card; outputting, via by the smart card, a public portion of the ECC key pair to a hardware security controller, and performing persistent storage of the public portion in memory of the hardware security controller; outputting, via the smart card, a session key request to a host application executed on an electronic device, and outputting the session key request from the host application to the hardware security controller; deriving, via the hardware security controller, a session key in response to the session key request and storing the derived session key in the memory; outputting, via the hardware security controller, first public information to the host application, and deriving a transitory symmetric key via the host application; outputting, via the host application, the first public information and additional second public information to the smart card, independently deriving the session key and the transitory symmetric key via the smart card, encrypting the session key with the transitory symmetric key via the smart card, and outputting the encrypted session key to the host application; and decrypting, via the host application, the encrypted session key with a copy of the transitory symmetric key such that each of the smart card, the host application and the hardware security controller possess matching session keys. |