| 摘要 |
A method and apparatus for asymmetrical key management in a cryptographic system is provided. Embodiments of the invention implement varying levels of diversification to manage the encryption keys. In one embodiment, a unique key per device approach is used that minimizes the risks due to unauthorized key access. In yet another embodiment, a unique key per device per transaction is used. The keys generated in embodiments of the invention can be used to authenticate one device with another. An authenticating device generates a current key that is initially unknown to an unauthenticated device. The authenticating device sends information to an unauthenticated device to assist it in determining the value of the current key. The unauthenticated device uses the determined value of the current key to derive the authenticating device's authentication value. Each device generates a authentication value that must be correctly determined by an unauthenticated device for successful authentication. Authentication is performed between two devices such that each device is authenticated with the other device. Computing devices of a system can be grouped. In one embodiment devices are grouped such that one group includes devices that have a master key and another group includes devices that have a key that is derived from the master key. Another embodiment includes groups whose devices have the group's master key and a key derived from each of the master keys of the other group(s). In this embodiment, a dual authentication process can be used to authenticate two devices from different groups. |
