Algorithm Authentication Cryptographic
Engine Cryptography Digest Digital
Signature Encryption FIPS Hashing Math
Accelerator PKE (Public Key
Encryption) PKI Private
Key Public
Key Zeroization
Algorithm Mathematical procedure
performed in a series of steps. A public key encryption algorithm must
have special characteristics:
- The algorithm is not simply reversible; that is, you cannot directly
derive initial conditions just by knowing the end result.
- Processing the algorithm forward encrypts; running it backwards
decrypts; both encryption and decryption require input from either the
public or private key.
- The algorithmic sequence must be permutable; that is, either key
value can be inserted into either the forward or the reverse process
that results in encryption/decryption. The key usage must be sequential,
but the initial order does not matter.
The algorithm used in the DS1954 crypto iButton is licensed from
RSA Data Security, Inc. and looks like
this:
Encryption: C = ME mod N Decryption: M = CD
mod N
where:
M = Original plain text message (as a number) C = Encrypted
message (as a number) N = Public and private key modulus E =
Public key exponent D = Private key exponent
Authentication The ability to
bestow authoritative, legal, binding identity upon electronic
communications, both as to content and source. This is the purpose of the
digital
signature.
Cryptography Obscured writing. See
Encryption.
"Encipher," "encode" and "encrypt" are used interchangeably in common
English usage; when it comes to securing Internet messages, however,
"encryption" is distinguished from the "encoded" character set, such as
ASCI, that all computers must use.
Digest Abridged and cryptographically
obscured version of message text, also called a message hash.
In electronic communication the message digest is used for 1)
incorporating a message identifier within a digital
signature and 2) tamper
detection.
Digital Signature Code that 1) encrypts a
person's identity and 2) links it to a specific message traveling over the
Internet. The crypto iButton uses RSA public key
encryption (PKE). In this scheme, the digital signature incorporates
the digest and the sender's private key.
Note: When the encryption technique renders it unique and unforgeable,
a digital signature carries the same legal significance as a handwritten
signature. A trustworthy digital signature is essential to validate
commercial and financial transactions over the Internet. The digital
signature authenticates
both sender identity and, through the hash value, the message content. The
encryption technique used for creating digital signatures is legally
exportable from the U.S.A. The technology to encrypt and decrypt messages
is export-controlled.
Encryption The substitution of units
of message values (letters, numbers, words, places, names, etc.) according
to a regular plan or formula agreed upon by the sender and receiver. The
crypto iButton uses public key
encryption (PKE).
FIPS Federal Information Processing
Standards of the NIST (National Institute of Standards and
Technology). The crypto iButton meets FIPS 140-1 Security
Requirements for Cryptographic Modules, per the following:
1.3 Security Level 3
... Level 3 attempts to prevent the
intruder from gaining access to critical security parameters held within
the module. For example, a multi-chip embedded module must be contained
in a strong enclosure, and if a cover is removed or a door is opened,
the critical security parameters are zeroized.
Hashing The mathematical process that
produces the message
digest or "hash." The processor treats the message as a large number,
which it subjects to mathematical transformations that result in the digest or
hash. The computer incorporates the hash into the sender's digital
signature. Due to the mathematics involved, the original message cannot be
recreated from the hash. However, the method for creating hashes is public
knowledge. To check for tampering, the message recipient re-hashes the
full message in hand and compares the result with the hash enciphered with
the digital signature. If the hash values do not match, the message has
been altered.
Math Accelerator/
Cryptographic Engine The guts and glory of the DS1954 crypto
iButton: a secure DS83C950 microprocessor with NV RAM and the
1-Wire® circuit design. The microprocessor cycles at a low power, 10-20
MHz, yet manages to hash the message, fetch the keys and generate the
digital signature in about one second.
While running the math, the crypto iButton disguises signals by
using an irregular oscillator to cover patterns. A separate, steady
oscillator runs the clock/calendar that provides the time and date stamp.
PKE (Public Key Encryption) Encryption scheme using two complementary numeric
keys for either encoding or decoding a message in a sufficiently complex
mathematical process. The public key is openly available; the private key
is known only to the owner. One key is used in the algorithm for the
encrypting process, and the other key in its complementary place for the
decryption process. The keys can be used interchangeably for either
encrypting or decrypting. Both keys are essential to the complete process
but can only be used separately. If one key is used to encrypt, only the
other key can be used to decrypt.
The algorithm
used to produce both keys is publicly known; however, the process does not
allow the value of the private key to be derived from the public key.
The keys in the public/private key pair are related through a composite
number produced by multiplying two large prime numbers together. The
public key is built with this composite; the private key is an inverse of
the public key. Even though its value is dependent on the public key, the
private key value cannot be deduced from the public key without
unrealistic amounts of time and computer power, mainly due to the
intractable nature of large prime numbers.
The success of public key encryption depends on two aspects of the private
key: 1) The private key must be very large to maximize the difficulty
of figuring it out. 2) The private key must be physically kept safe and
secret.
PKI Public Key Infrastructure: "a system of
digital certificates, Certificate Authorities, and other registration
authorities that verify and authenticate the validity of each party
involved in an Internet transaction." Source: Webopedia.
Private Key In Public Key
Encryption, the key value that is complementary to the owner's public
key, but is carefully kept hidden and private in an electronic medium
secure from hacking. It is too large to be memorized or transferred from
paper. The crypto iButton stores the private key offline, in
nonvolatile RAM.
The 1024-bit private key's number value (used in the crypto
iButton) covers 21024 decimal extensions. However, since the number
represented must include the product of primes (one 512-bit number times
another 512-bit number), currently known methods for finding primes reduce
the range to approximately 296 possible values.
Public Key In Public Key
Encryption, the key value, complementary to the private key, published
in a publicly accessed directory and publicly associated with the owner.
Zeroization A tamper response whereby
an attempt to access protected memory initiates an instant erasure. The
crypto iButton zeroizes in a fraction of a second thanks to the
high-speed read/write capability of nonvolatile random access memory (NV
RAM). The DS1954's the steel case is a constantly monitored 1-Wire switch
contact. If someone attempts to open it, the cryptographic chip separates
from the lithium power cell, putting the circuit on internal capacitor
power. The chip uses this power to completely overwrite the memory area
with nulls, making the previous content irretrievable.
|