主权项 |
1. An access control device having dual interfaces comprising: a memory having a cryptographic store with entries storing cryptographic information, the cryptographic information including access credentials and cryptographic keys;
a contact-bound interface for communication with a remote system, the contact-bound interface comprising a USB (“universal serial bus”) interface; a contact-less interface for transmitting data derived from the cryptographic information to an access control system; a cryptographic processor that controls the access control device to: present, via the contact-bound interface, a USB mass storage device interface having a virtual file system that does not expose free read-and-write access to the memory of the access control device and presents a virtual representation of the cryptographic information in which entries in the cryptographic store are represented as files; receive, via the contact-bound interface, new cryptographic information in an encrypted file written to the virtual file system, wherein the new cryptographic information is received as blocks of wrapped and/or Authenticated Encryption with Associated Data (AEAD) files; verify the new cryptographic information received in the encrypted file written to the virtual file system, wherein the verifying comprises: decrypting the encrypted file using a master key from the cryptographic store to produce a decrypted file; and verifying a digital signature present in the decrypted file; and responsive to successful verification of the new cryptographic information, store the new cryptographic information from the decrypted file in one or more entries of the cryptographic store. |