Secure Audit Logging with Tamper-Resistant Hardware

Astlio - C.N. Chong , Z. Peng , P.H. Hartel

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

18 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

Secure Audit Logging with Tamper-Resistant HardwareCheun N Chong Zhonghong Peng Pieter H HartelDept. of Computer ScienceUniversity of TwenteThe Netherlandsfchong,zhong,pieterg@cs.utwente.nlAbstract the rights on the content, such as cryptography,digital ngerprinting, watermarking etc. In thisSecure perimeter schemes (e.g. DRM) and tracing paper, we assume that users can be identi ed, andtraitor schemes (e.g. watermarking, audit logging) we concern ourselves with the issue of gatheringstrive to mitigate the problems of content escap- information on the user’s behaviour.ing the control of the rights holder. Secure audit Secure audit logging records the actions of a userlogging records the user’s actions on content and on an item of content and does so in a manner thatenables detection of some forms of tampering with allows some forms of tampering with the log tothe logs. We implement Schneier and Kelsey’s se- be detected. We implement Schneier and Kelseycure audit logging protocol [1], strengthening the secure audit logging protocol [1], using tamper-protocol by using tamper-resistant hardware (an resistant hardware (TRH). For brevity in the se-iButton) in two ways: Firstly our implementation quel, we refer to Schneier and Kelsey [1] as \SK".of the protocol works o ine as well as online. Sec-An audit log is an important tool to detect andondly, we use unforgeable time stamps to increaseto comprehend damages of a computer or networkthe possibilities of ...

Informations

Publié par	Astlio
Nombre de lectures	40
Langue	English

Extrait

eAuceAuHieLoLLiTLwieRaTSepc-eRdideaTeHacHwac -CTNgnNCTcnSZTcnSTcnSPNnS Npf. cP CcZpgfNd .DiNnDN UinhNdeifycPCwNnfN CTNNNfTNdUnaHe { chong,zhong,pieter } @cs.utwente.nl

6DdecCFe KXVliX gXi]dXkXi jV“XdXj ﬄX)[) :JG) TeW kiTV]e[ kiT]kfi jV“XdXj ﬄX)[) nTkXidTib]e[’ TlW]k cf[[]e[) jki]mX kf d]k][TkX k“X gifUcXdj fY VfekXek XjVTg( ]e[ k“X Vfekifc fY k“X i][“kj “fcWXi) KXVliX TlW]k cf[[]e[ iXVfiWj k“X ljXiﬃj TVk]fej fe VfekXek TeW XeTUcXj WXkXVk]fe fY jfdX Yfidj fY kTdgXi]e[ n]k“ k“X cf[j) OX ]dgcXdXek KV“eX]Xi TeW EXcjXpﬃj jX( VliX TlW]k cf[[]e[ gifkfVfc R-]’ jkiXe[k“Xe]e[ k“X gifkfVfc Up lj]e[ kTdgXi(iXj]jkTek “TiWnTiX ﬄTe ]8lkkfe) ]e knf nTpj6 =]ijkcp fli ]dgcXdXekTk]fe fY k“X gifkfVfc nfibj f]eX Tj nXcc Tj fec]eX) KXV( feWcp’ nX ljX leYfi[XTUcX k]dX jkTdgj kf ]eViXTjX k“X gfjj]U]c]k]Xj fY YiTlW WXkXVk]fe) OX gifm]WX T gXiYfidTeVX TjjXjjdXek fY fli ]dgcXdXekTk]fe kf j“fn leWXi n“]V“ V]iVldjkTeVXj k“X gifkfVfc ]j giTVk]VTc kf ljX) 1IaecbIuFeiba :][]kTc VfekXek ]j jf XTj]cp W]jki]UlkXW’ TeW W]jjf( V]TkXW Yifd k“X dXkT(WTkT k“Tk WXjVi]UXj fneXi’ kXidj TeW VfeW]k]fej fY ljX XkV) k“Tk Vfgpi][“k ]e( Yi]e[XdXek ]j i]YX) KXVliX gXi]dXkXi jV“XdXj jlV“ Tj W][]kTc i][“kj dTeT[XdXek ﬄ:JG) TccXm]TkX k“X gifUcXd ]e jfdX VTjXj R.] Ulk dfjk ﬄ]Y efk Tcc) :JG jpjkXdj TiX mlceXiTUcX kf TkkTVbj) L“X iTn VfekXek VTe k“Xe UX iXW]jki]UlkXW’ jXmXiXcp WTd( T[]e[ k“X ]ekXiXjkj fY k“X i][“kj “fcWXi) LiTV]e[ kiT]kfi jV“XdXj kiTVX cXTbj fY VfekXek kf k“X ljXij n“f VTe UX ]WXek]ﬀXW’ TeW lck]dTkXcp n“fjX UX( “Tm]fli VTe UX iXVfiWXW Tj Xm]WXeVX) GTep kXV“( e]hlXj Xo]jk kf iXW]jVfmXi k“X ]WXek]kp TeW k“XeVX

iPNfNdHaHdfNU

k“X i][“kj fe k“X VfekXek’ jlV“ Tj Vipgkf[iTg“p’ W][]kTc ﬀe[Xigi]ek]e[’ nTkXidTib]e[ XkV) Ce k“]j gTgXi’ nX TjjldX k“Tk ljXij VTe UX ]WXek]ﬀXW’ TeW nX VfeVXie flijXcmXj n]k“ k“X ]jjlX fY [Tk“Xi]e[ ]eYfidTk]fe fe k“X ljXiﬃj UX“Tm]fli) KXVliX TlW]k cf[[]e[ iXVfiWj k“X TVk]fej fY T ljXi fe Te ]kXd fY VfekXek TeW WfXj jf ]e T dTeeXi k“Tk Tccfnj jfdX Yfidj fY kTdgXi]e[ n]k“ k“X cf[ kf UX WXkXVkXW) OX ]dgcXdXek KV“eX]Xi TeW EXcjXp jXVliX TlW]k cf[[]e[ gifkfVfc R-]’ lj]e[ kTdgXi( iXj]jkTek “TiWnTiX ﬄLJB)) =fi UiXm]kp ]e k“X jX( hlXc’nXiXYXikfKV“eX]XiTeWEXcjXpR-]TjSKE") 7e TlW]k cf[ ]j Te ]dgfikTek kffc kf WXkXVk TeW kf VfdgiX“XeW WTdT[Xj fY T VfdglkXi fi eXknfib jpjkXd VTljXW Up ]ekilj]fej’ WXYXVkj fi TVV]WXekj) 7e TlW]k cf[ VfekT]ej WXjVi]gk]fej fY efkXnfik“p XmXekj) Ce fli :JG XogXi]dXek TlW]k cf[j TiX [Xe( XiTkXW ]e k“X ljXiﬃj gXijfeTc VfdglkXi ﬄP9)) L“X P9]jT“fjk]cXXem]ifedXekﬄlekiljkXWWfdT]e) UXVTljX fY ]kj mlceXiTU]c]kp T[T]ejk mTi]flj dTc]( V]flj TkkTVbj) L“XiXYfiX’ k“X TlW]k cf[j iXhl]iX gifkXVk]fe kf XejliX ]kj ]ekX[i]kp) KE iXeWXij TlW]k cf[j ]dgfjj]UcX Yfi Te TWmXi( jTip kf leWXkXVkTUcp iXTW’ Yfi[X TeW WXcXkX) KE ]emfcmXj knf gTik]Xj6 Te lekiljkXW dTV“]eX TeW T kiljkXW dTV“]eX) L“X VfddXek Up KE k“Tk Sk“X kiljkXW dTV“]eX dTp kpg]VTccp UX k“fl[“k fY Tj T jXimXi ]e T jXVliX cfVTk]fe’ fi ]dgcXdXekXW ]e mTi( ]flj nTpj’ n“]V“ ]eVclWXj T kTdgXi(iXj]jkTek kf( bXe" “Tj ]ejg]iXW lj kf ljX kTdgXi(iXj]jkTek “TiW( nTiX ﬄLJB) Tj k“X kiljkXW dTV“]eX Yfi jXVliX cf[( []e[) L“X LJB ﬄfi k“X kiljkXW dTV“]eX) nX ljX ]j T DTmT ]8lkkfe ﬄ www)UMhggdc)Ndb ) Yfi k“X Yfccfn( ]e[ iXTjfej6

-) L“X ]8lkkfe VfekT]ej T gif[iTddTUcX kTdgXi(Xm]WXek iXTc k]dX VcfVb) L“X iXTc k]dX VcfVb bXXgj k]dX ]e 03+6 jXVfeW ]eViX( dXekj) L“]j VTe UX kiTejcTkXW ]ekf jXVfeWj’ d]elkXj’ WTpj’ dfek“j fi pXTij) .) L“X ]8lkkfe jlggfikj XV]Xek ]dgcXdXekT( k]fej fY Vfddfe Vipgkf[iTg“]V Tc[fi]k“dj jlV“ Tj KB7(- ﬄ“Tj“]e[)’ :;K ﬄjpddXki]V XeVipgk]fe+WXVipgk]fe) TeW JK7 ﬄglUc]V bXp XeVipgk]fe+WXVipgk]fe TeW j][eTkliX)) /) L“X ]8lkkfe mXij]fe -: - gifm]WXj lg kf 2b8 efe(mfcTk]cX J7G’ k“X dfiX XogXej]mX mXi( j]fe . : . VfekT]ej Tggifo]dTkXcp -/0b8 efe( mfcTk]cX J7G) OX ljX k“X ]8lkkfe Tj T kiljkXW WXm]VX kf T]W ]e k“X TlW]k cf[ ViXTk]fe ]e k“X dTeeXi gifgfjXW Up KE) 7e ]8lkkfe ]j kff jdTcc kf jkfiX T cf[ fY Tep ljXYlcj]qX]eTVfjkXXVk]mXdTeeXi67kpg]VTcP9 VfekT]ej 0,A8 jkfiT[X’ ])X) TifleW /,, ; ,,, k]dX dfiX k“Te k“X ]8lkkfe) Ili :JG jpjkXd “Tj k“X ljlTc 9c]Xek+KXimXi TiV“]kXVkliX)L“X9c]Xek]jTljXin]k““XiP9’ n“]V“ iXgiXjXekj k“X lekiljkXW WfdT]e) L“X KXimXi ]j T kiljkXW Xem]ifedXek n“XiX VfekXek TeW c]VXejX TiX jkfiXW) O“Xe k“X 9c]Xek TVVXjjXj k“X VfekXek g]XVXdXTc Yifd k“X KXimXi ﬄX)[) Up jkiXTd( ]e[)’ k“X cTkkXi ]j TUcX kf gifkXVk k“X VfekXek kf jfdX XokXek UXVTljX k“X 9c]Xekﬃj TVk]fej VTe UX dfe]kfiXW) BfnXmXi’ n“Xe k“X 9c]Xek WfnecfTWj k“XVfekXekkfk“XP9ﬃjefe(mfcTk]cXjkfiT[XkfTV( VXjjXjk“XVfekXekf]eXﬄ])X)W]jVfeeXVkXWYifd k“X KXimXi)’ k“X KXimXi ]j efk TUcX kf dfe]kfi k“X 9c]Xekﬃj UX“Tm]fli) OX gifgfjX lj]e[ jXVliX TlW]k cf[[]e[ n]k“ LJB kf Ui]e[ k“X jXVli]kp fY f]eX :JG kf k“X cXmXc fY fec]eX :JG) L“X dT]e Vfe( ki]Ulk]fej fY k“]j gTgXi TiX6 -) Lf ]dgcXdXek KE XdUXWWXW ]e jXmXiTc Tlo]c( ]Tip gifkfVfcj TeW n]k“ k“X ]8lkkfe) .) Lf XmTclTkX k“X gXiYfidTeVX fY k“X ]dgcXdXe( kTk]fe; k“lj ]emXjk][Tk]e[ n“Xk“Xi k“X ]8lkkfe VTe UX ljXW XXVk]mXcp) /) Lf jkiXe[k“Xe KE Up dTb]e[ jliX k“Tk jfdX fY ]kj jXVli]kp Tjjldgk]fej TiX mTc]W Up m]iklX fY lj]e[ k“X ]8lkkfe) OX [XeXiTkX VfiX jXViXkj TeW k]dXjkTdgj fe k“X ]8lkkfe ]ejkXTW fY k“X lekiljkXWP9)

Lf k“X UXjk fY fli befncXW[X flij ]j k“X ﬀijk TkkXdgk kf ]dgcXdXek KE TeW k“X ﬀijk XeWXTmfli kf TeTcpjX k“X gXiYfidTeVX fY KE ]e [XeXiTc’ TeW KE n]k“ ]8lkkfe ]e gTik]VlcTi) 7 nXTbeXjj fY Tep jpjkXd’ n“]V“ iXc]Xj fe LJB kf VfXiVX Te lekiljkXW 9c]Xek ]ekf jgXV]ﬀV UX( “Tm]fli’ ]j k“Tk k“X ljXi dTp j]dgcp jXmXi k“X VfeeXVk]fe UXknXXe k“X 9c]Xek TeW k“X LJB) OX jl[[Xjk T eldUXi fY nTpj kf W]jVfliT[X k“X 9c]Xek Yifd jlV“ UX“Tm]fli6 • L“X KXimXi ]j WXj][eXW jf k“Tk ]k ]ej]jkj fe k“X ]8lkkfe UX]e[ giXjXek kf Tlk“Xek]VTkX TeW Tlk“fi]qX k“X 9c]Xek) • Ii[Te]qTk]feTc gfc]Vp ﬄX)[) ]e T VfigfiTkX ]e( kiTeXk) ]j ljXW kf XeYfiVX k“X ljX fY k“X ]8lk( kfe) Ce Ufk“ VTjXj ljXij TiX gifm]WXW Te ]eVXek]mX kf dT]ekT]e Vfddle]VTk]fe n]k“ k“X ]8lkkfe6 ef ]8lkkfe dXTej ef VfekXek) L“X iXdT]eWXi fY k“]j gTgXi ]j W]m]WXW ]ekf jXV( k]fej Tj Yfccfnj6 KXVk]fe . gifm]WXj T ljXi jVXeTi]f) KXVk]fe / WXjVi]UXj iXcTkXW nfib) KXVk]fe 0 Xo( gcT]ej KE lj]e[ k“X ]8lkkfe) KXVk]fe 1 W]jVljjXj VfeV]jXcp k“X iXﬀeXdXek nX “TmX dTWX fY KE) KXV( k]fe 2 WXjVi]UXj fli ]dgcXdXekTk]fe) KXVk]fe 3 WX( jVi]UXj k“X YXTj]U]c]kp fY k“X ]dgcXdXekTk]fe) KXV( k]fe 4 []mXj fli gXiYfidTeVX TeTcpj]j fe k“X ]d( gcXdXekTk]fe) KXVk]fe 5 VfeVclWXj k“]j gTgXi Tcjf dXek]fe]e[ YlkliX nfib) ﬁ UdKc AFKaCcib =][liX - j“fnj T ljXi jVXeTi]f n“XiX jXVliX cf[( []e[ ]j eXXWXW) 7 9c]Xek ﬄT ljXi TeW “Xi cTgkfg) “Tj WfnecfTWXW T gifaXVk gifgfjTc Yifd k“X KXimXi fY “Xi VfdgTep) K“X eXXWj kf TkkTV“ “Xi ]8lkkfe Yfi WfnecfTW]e[ k“X gifgfjTc ﬄYfi Tlk“Xek]VTk]fe gligfjXj)) K“X “Tj Tcjf WfnecfTWXW Te TjjfV]TkXW W][]kTc c]VXejX Yfi iXTW]e[ k“]j gifgfjTc fe “Xi cTg( kfg) L“X KXimXi ]j TUcX kf dfe]kfi k“X 9c]Xekﬃj UX“Tm]fli n“Xe k“X 9c]Xek ]j fec]eX) O“Xe k“X ljXi VTii]Xj “Xi cTgkfg flk fY “Xi fY( ﬀVX’ k“X 9c]Xek ]j W]jVfeeXVkXW Yifd k“X KXimXi’ TeW k“X KXimXi “Tj cfjk k“X TU]c]kp kf dfe]kfi k“X 9c]Xek) L“X 9c]Xek cf[j “Xi UX“Tm]fli’ n]k“ k“X Tk( kTV“XW TeW mTc]W ]8lkkfe) IeVX j“X ]j UTVb ]e “Xi fVX’ j“X iXVfeeXVkj kf k“X KXimXi ﬄjTp Yfi cTkXjk

Verifier Server

Client Java iButton Downloading a projec proposal from the Serv Downloading an associated digital licens Client is under surveillance of server Client is accessing Server lost control the digital content over the client OFFLINE oggi Logs are generated according to all the actions client exercises lient is connected an gs are sent to the serv

time time time time =][liX -6 7 ljXi jVXeTi]f fY lj]e[ ]8lkkfe ]e T :JG Tggc]VTk]fe) mXij]fe fY gifaXVk iXgfikj) k“Xe Tcc k“X cf[j jkfiXW Tk k“X 9c]Xek TiX kiTejd]kkXW kf k“X KXimXi) 7 NXi]ﬀXi’ n“]V“ ]j T kiljkXW 9c]Xek’ ]j TUcX kf m]Xn’ mTc]WTkX TeW mXi]Yp k“X cf[ dXjjT[Xj) L“X NXi]ﬀXi VTe UX gfkXek]Tccp k“X jTdX jpjkXd Tj k“X KXimXi) L“X NXi]ﬀXi ]eYfidj k“X KXimXi X]k“Xi k“Tk k“X ljXi “Tj UX“TmXW VfiiXVkcp TeW k“Tk j“X ]j Xek]kcXW kf iXVX]mX Ylik“Xi VfekXek’ fi k“Tk jfdXk“]e[ ]j nife[ TeW k“Tk TVk]fe j“flcW UX kTbXe) . 9KUCeKI WbcT Jle R/] “Tj gifWlVXW T jlimXp fe TlW]k cf[[]e[) L“X WXﬀe]k]fe fY cf[ “X []mXj ]j6 7 cf[ ]j Te TggXeW(fecp ni]kX jkfiX TeW ]j T gcT]e ﬀcX n“XiX WTkT TiX jkfiXW jX( hlXek]Tccp Tj k“Xp Tii]mX) 7lW]k cf[j TiX [XeXiTccp ljXW ]e Te ]ekilj]fe WXkXVk]fe jpjkXd ﬄC:K)’ n“]V“ ]j Te TlkfdTkXW jpjkXd Yfi WXkXVk]fe fY VfdglkXi’ eXknfib fi WTkTUTjX jpjkXd ]ekilj]fej) L“X TlW]k cf[j fY C:K VTe UX ljXW kf kiTVX k“X jfliVX fY TkkTVbj k“XiXUp Xogfj]e[ k“X TkkTVbXiﬃj ]WXek]kp) 7lW]k

cf[j TiX Tcjf Vfddfecp ljXW ]e X(VfddXiVX ]eVclW( ]e[ :JG’ efk fecp Tj k“X Vfddfe TlW]k cf[j ljXW ]e C:K’ Ulk Tcjf Tj TlW]k kiT]cj kf kiTVb k“X Vlj( kfdXijﬃ TVk]m]k]Xj) L“X TlW]k cf[j VTe k“Xe gifm]WX k“X UTj]j Yfi V“Ti[]e[ k“X VljkfdXi fY lj]e[ k“X jXim]VXj) 7lW]k cf[j Tcjf fXi T “]jkfi]VTc iXgfik fe k“X VljkfdXiﬃj UX“Tm]fli’ n“]V“ VTe UX ljXW Yfi dTibXk]e[ gligfjXj) K“Tg]if TeW N]e[iTcXb R0] jlimXp jXmXiTc dXV“( Te]jdj kf dTeT[X k“X gXij]jkXek jkTkX ]e T :JG jpjkXd’ ]eVclW]e[ gifkXVkXW W][]kTc VfekXek’ TlW]k kiT]c’ VfekXek ljT[X Vflekj TeW WXVipgk]fe bXpj) IeX fY k“X dXV“Te]jdj k“Xp dXek]fe ]j jXVliX Tl( W]k cf[[]e[) L“X knf jXVliX TlW]k cf[[]e[ dXk“fWj k“Xp V]kX TiX 8XccTiX TeW YXX Tj nXcc Tj KV“eX]Xi TeW EXcjXp) 8XccTiXTeWYXXﬄ8)YR1]WXjVi]UXTeTlW]kcf[ jpjkXd k“Tk gfjjXjjXj k“X YfinTiW ]ekX[i]kp gifg( Xikp) S=finTiW ]ekX[i]kp" ]j TV“]XmXW Up gXi]fW]( VTccp TckXi]e[ k“X bXp kf VfdglkX k“X G79 fmXi k“X TlW]k Xeki]Xj) 8Y TckXij k“X bXpj fe T iX[( lcTi UTj]j Up YXXW]e[ W]XiXek jXViXk mTclXj kf T YTd]cp fY gjXlWf(iTeWfd YleVk]fej kf [XeXiTkX k“X G79j fmXi k“X Xek]iX cf[ Xeki]Xj) CY Te TWmXijTip ]j TUcX kf Vfdgifd]jX k“X VliiXek G79 bXp’ ]k ]j leYXTj]UcX Yfi “Xi kf WXVX]mX k“X “]jkfi]VTc Xeki]Xj [XeXiTkXW) S=finTiW ]ekX[i]kp" VTe UX m]XnXW Tj Te]ekX[i]kpTeTcf[lXfYSYfinTiWjXViXVp"R2])7 gifkfVfc gfjjXjjXj k“X YfinTiW ]ekX[i]kp gifgXikp ]Y T Vfdgifd]jX fY cfe[(kXid bXpj WfXj efk Vfd( gifd]jX k“X gTjk bXpj) KV“eX]Xi TeW EXcjXp R-’ 3] ]ekifWlVX T gifkfVfc Yfi [XeXiTk]e[ TeW mXi]Yp]e[ TlW]k cf[j Up lj]e[ T c]eXTi “Tj“ V“T]e kf c]eb k“X Xek]iX TlW]k cf[ Xeki]Xj jf k“Tk jfdX Yfidj fY kTdgXi]e[ VTe UX WXkXVkXW) L“X “Tj“(V“T]e ]j VfejkilVkXW Up “Tj“]e[ XTV“ giX( m]flj “Tj“ mTclX fY XTV“ cf[ Xekip’ VfeVTkXeTk]e[ n]k“ jfdX fk“Xi mTclXj) KE gifm]WXj T VfdgcXkX jXVliX TlW]k cf[[]e[ gif( kfVfc’ Yifd k“X cf[ ViXTk]fe kf cf[ mXi]ﬀVTk]fe TeW m]Xn]e[) 7 kiljkXW dTV“]eX ]j eXXWXW Wli]e[ k“X cf[ Xekip ViXTk]fe) L“X lekiljkXW dTV“]eX eXXWj kf Vfddle]VTkX n]k“ k“X kiljkXW dTV“]eX Yifd k]dX kf k]dX kf T]W ]e TlW]k cf[j ViXTk]fe TeW kf jXeW k“X TlW]k cf[j [XeXiTkXW) L“X cf[[]e[ gifVXjj nfibj n“]cX k“X VfeeXVk]fe kf k“X kiljkXW dTV“]eX ]j TmT]cTUcX’ TeW n“]cX k“X cTkkXi bXXgj k“X TlW]k cf[j) Ie k“X fk“Xi “TeW’ 8Y [XeXiTkXj k“X cf[ Xe( ki]Xj n]k“flk Tjj]jkTeVX Yifd Tep XokXieTc gTikp) K]d]cTi kf KE’ k“X lekiljkXW dTV“]eX fY 8Y dT]e(

kT]ej k“X TlW]k cf[j) KE TeW 8Y dTbX ]cc]V]k WXcXk]fe fY TlW]k cf[j WX( kXVkTUcX) BfnXmXi’ k“Xp TiX efk TUcX kf gifkXVk k“X TlW]k cf[j Yifd WXcXk]fe) 8fk“ KE TeW 8Y iXVbfe k“Tk k“X WXcXk]fe fY cf[ Xeki]Xj VTeefk UX giXmXekXW Up lj]e[ Vipgkf[iTg“]V dXk“fWj’ Ulk fecp Up lj( ]e[ ni]kX(fecp “TiWnTiX jlV“ Tj 9:(JIG’ fi gT( gXi gi]ekflk) 7WW]k]feTccp’ KE TeW 8Y j“TiX Te( fk“Xi jXVli]kp nXTbeXjj) CY Te TWmXijTip ]j TUcX kf Vfdgifd]jX k“X lekiljkXW dTV“]eX Tk k]dX t ’ ])X) fUkT]ej k“X bXp Tk k]dX t ’ j“X ]j TUcX kf Yfi[X k“X cf[ Xekip Tk k]dX t ) Ce T cTkXi gTgXi R4]’ KV“eX]Xi TeW EXcjXp ]d( gifmX k“X]i XTic]Xi ]WXT Up dTb]e[ TlW]k cf[ mXi]( ﬀVTk]fe dfiX XV]Xek jf k“Tk k“X jpjkXd ]j dfiX jl]kTUcX Yfi ]dgcXdXekTk]fe ]e cfn(UTeWn]Wk“ Xe( m]ifedXekjR5])L“XpTcjfgiXjXekTj][eTkliXYfi( dTk kf j]dgc]Yp k“X kTjb fY WXj][e]e[ jkife[ gif( kfVfcj lj]e[ jXVli]kp kfbXej) L“X jXVli]kp kfbXej ljX k“X gTWW]e[ U]kj’ n“]V“ TiX iXhl]iXW Yfi T j][( eTkliX Tc[fi]k“d ﬄjlV“ Tj JK7) kf gTW T dXjjT[X UXYfiX j][e]e[’ Tj T V“TeeXc kf XdUXW TlW]k]e[ ]e( YfidTk]fe ]e k“X j][eXW dXjjT[Xj) CejkXTW fY Ul]cW]e[ jgXV]Tc gifkfVfcj kf iXeWXi TlW]k cf[[]e[ jXVliX’ Tj gifgfjXW Up KE TeW 8Y’ ]k ]j Tcjf gfjj]UcX kf ljX T kiljkXW jlU WfdT]e ]e Te lekiljkXW WfdT]e) IiW]eTip TlW]k kiT]cj VTe k“Xe UX jXVliXW Up jkfi]e[ k“X cf[j ]ej]WX k“X kiljkXW jlU WfdT]e gifm]WXW k“X kiljkXW jlU WfdT]e fY( YXij jlV]Xek jkfiT[X VTgTV]kp) L“XiX TiX knf VTkX[fi]Xj fY dXV“Te]jdj TmT]cTUcX6 ﬄ-) LTdgXi( iXj]jkTek jfYknTiX ﬄLJK) TeW ﬄ.) LTdgXi(iXj]jkTek “TiWnTiX ﬄLJB)) L“XiX TiX Tk cXTjk knf nTpj fY iXTc]q]e[ LJK ]e Te lekiljkXW WfdT]e) L“X ﬀijk ]j Up lj]e[ “f( dfdfig“]V XeVipgk]fe’ n“XiXUp ]ejkXTW fY VTcVl( cTk]e[ n]k“ iTn WTkT’ ﬄXhl]mTcXek) VTcVlcTk]fej TiX Tggc]XW kf XeVipgkXW WTkT R-,]) L“X jXVfeW iX( Tc]qTk]fe fY LJK ]j VfWX fUYljVTk]fe R--]) L“]j cTkkXi kXV“e]hlX Vfej]jkj fY Tggcp]e[ mTi]flj jkTe( WTiW gif[iTd kiTejYfidTk]fej jlV“ k“Tk k“X fi][( ]eTc gif[iTd UXVfdXj W]Vlck kf TeTcpjX ﬄUp dT( V“]eX) TeW+fi iXVf[e]qX ﬄUp gXfgcX)) Ck ]j [XeXiTccp gfjj]UcX kf kiTejYfid gif[iTdj ]emTi]fljW]XiXeknTpjUXVTljXfYk“X[XeXiflj Tdflek fY iXWleWTeVp giXjXek ]e gif[iTdj) Bfn( XmXi’ ]k ]j efk gfjj]UcX kf Tggcp aljk Tep kiTejYfi( dTk]fe) IUYljVTk]fe Up TWW]e[ [iTkl]kflj gf]ekXi dTe]glcTk]fen]ccjk]Vbflk"c]bXTjflik“ldU"’ n“]V“ YT]cj k“X jkXTck“ Vi]kXi]fe fY 9fccUXi[ Xk

Tc R-.]) IggfeXekj n]cc XTj]cp ]WXek]Yp jlV“ le( jkXTck“p kiTejYfidTk]fej TeW TkkTVb k“Xd) IeVX Te TeTcpj]j kXV“e]hlX Yfi T gTik]VlcTi fUYljVTk]fe kiTejYfidTk]fe “Tj UXXe YfleW’ ]k nflcW UX gfjj]( UcX kf UiXTb efk aljk feX bXp Ulk Tcjf Tcc k“X bXpj k“Tk WXgXeW fe k“]j kiTejYfidTk]fe) LJB TWWj T kiljkXW jlUWfdT]e ]e k“X lekiljkXW WfdT]eUplj]e[TWW(fe“TiWnTiXkfk“XP9) 7 jdTik VTiW ﬄTeW DTmT VTiW’ n“]V“ ]j Te ]e( jkTeVX fY T jdTik VTiW) ]j T [XeXiTc “TiWnTiX kfbXe k“Tk ]j ljXW kf jkfiX “fcWXijﬃ jXej]k]mX ]eYfidT( k]fe’jlV“TjUTebTVVflekWTkT’PCHeldUXij’ gTjjnfiWj’ gi]mTkX bXpj TeW fk“Xi jXViXk WTkT) L“X DTmT ]8lkkfe ﬄ www)UMhggdc)Ndb ) ]j T iXcT( k]mXcp “][“ jXVli]kp XoTdgcX fY LJB) GTep Tg( gc]VTk]fej R-/’ -0’ -1’ -2’ -3] TiX WXmXcfgXW lj]e[ k“X LJB’ Yfi k“X]i kTdgXi(iXj]jkTek YXTkliXj) 7j YTi Tj nX befn’ nX TiX k“X ﬀijk kf ]dgcXdXek k“X jXVliX TlW]k cf[[]e[ lj]e[ k“X ]8lkkfe) 9ipgkf[iTg“]V VfgifVXjjfij’ jlV“ Tj k“X C8G 0314 P9C KXVliXOTp 9ipgkf[iTg“]V 9fgifVXjjfi ﬄ Tggww://wp(.)UMb)Ndb/fPNheUgj/NejpgdNLeOf/ ) fXi dfiX jXVli]kp k“Te T jdTik VTiW) L“X C8G VfgifVXjjfi ]j TUcX kf TWW T “][“(jXVli]kp Xem]ifedXek kf T mTi]Xkp fY fgXiTk]e[ jpjkXdj fe T P9 TeW gifm]WX T kTdgXi(iXj]jkTek Xem]ife( dXek Yfi jkfi]e[ bXpj TeW gXiYfid]e[ jXej]k]mX gifVXjj]e[) :pXi Xk Tc R-4] “TmX ile T VTjX jklWp fe jlV“ VfgifVXjjfi’ XoTd]e]e[ k“X gXiYfidTeVX fY k“]j gifWlVk Tj T jpjkXd) AlkdTee R-5] XoTd]eXj mTi]flj VfeVXiej ]e WXj][e]e[ k“X Vf( gifVXjjfi’ TeW XogcfiXj TckXieTk]mXj Yfi ]dgifm]e[ k“X gXiYfidTeVX fY Vipgkf fgXiTk]fej fe k“X “TiWnTiX) OX]j TeW FlVbj R.,] XogcfiX k“X jgXXW fY dfWXie UcfVb V]g“Xij ]dgcXdXekXW ]e DTmT) L“Xp gifm]WX iXcXmTek UXeV“dTibj fe Te CekXc PXek]ld .,, GBq GGP9PMdTV“]eX’UlkleYfikleTkXcpefkfe T jdTikVTiW+]8lkkfe) KV“eX]Xi TeW O“]k]e[ R.-] dXTjliX k“X gXiYfidTeVX fY mTi]flj 7;K VTeW]( WTkXj’ X)[) Lnfﬀj“ TeW J]aeWTXc fe T jdTikVTiW n]k“ Te TiV“]kXVkliX VfdgTiTUcX kf fli ]8lkkfe) L“X]i dXTjliXdXekj TiX j]d]cTi kf fli ]8lkkfe dXTjliXdXekj Yfi :;K) :liTeW R..] dXTjliX T 0, × UXkkXi gXiYfidTeVX fY JK7 k“Te nX Wf’ n“]V“ ]j Tk cXTjk gTikcp WlX kf k“X]i lj]e[ T /.(U]k 0,GBq jdTikVTiW) Ili ]8lkkfe ]j fecp Te 4(U]k 9PM ile( e]e[ Tk -,GBq) OX ]ekXigiXk :liTeWj dXTjliX( dXekj Tj Te ]eW]VTk]fe k“Tk k“X gXiYfidTeVX fY ]8lkkfej VflcW UX j][e]ﬀVTekcp ]dgifmXW ]e YlkliX’

k“lj fXi]e[ UXkkXi gXiYfidTeVX Tcjf kf T jXVliX TlW]k cf[[]e[ Tggc]VTk]fe) 1 BSK PcbebFbUd =][liX . ]ccljkiTkXj k“X gifkfVfcj ]e fli jXVliX Tl( W]k cf[[]e[ dXk“fW) KE- TeW KE. TiX Yifd KE) L“Xfk“Xij’7P’P-TeWP.TiXflifnegifkfVfcj) Verifier Server Client iButton K iB PK K SK C PK iB SK iB AP P1 SK1 P2

SK2

=][liX .6 ImXim]Xn fY k“X jXVliX TlW]k cf[[]e[ dXk“fW) L“X Yfli gifkfVfcj j“fne ]e k“X ﬀ[liX TiX6 -) KE-6 L“]j ]j KV“eX]Xi TeW EXcjXpﬃj gifkfVfc Yfi ViXTk]e[ TeW Vcfj]e[ TlW]k cf[j) KE- ilej UXknXXe k“X 9c]Xek TeW k“X ]8lkkfe) OX W]j( Vljj KE- ]e jXVk]fe 0)-) .) 7P6 L“X 7P gifkfVfc ]j T jkTeWTiW jdTik( VTiW+]8lkkfe Tlk“Xek]VTk]fe gifkfVfc) 7P Tlk“Xek]VTkXj k“X 9c]Xek kf k“X ]8lkkfe) L“]j ]j kf [lTiTekXX k“Tk k“X ]8lkkfe kTcbj kf k“X cX[]k]dTkX 9c]Xek) 7P ilej UXknXXe k“X 9c]Xek TeW k“X ]8lkkfe) OX XogcT]e 7P ]e jXV( k]fe 0).) /) P-6 L“X P- gifkfVfc ]j Yfi k“X ]8lkkfe kf [Xe( XiTkX k“X Tlk“Xek]VTk]fe bXpj TeW k]dXjkTdgj YfiKE-)K]d]cTikf7P’P-ilejUXknXXek“X 9c]Xek TeW k“X ]8lkkfe) OX XogcT]e P- ]e dfiX WXkT]c ]e jXVk]fe 0)/)

0) P.6 L“X P. gifkfVfc jXeWj k“X TlW]k cf[j dT]ekT]eXW Tk k“X 9c]Xek kf k“X KXimXi TeW jpeV“ife]qXj k“X ]8lkkfe iXTc(k]dX VcfVb n]k“ k“X KXimXi VcfVb) L“X gifkfVfc Tcjf XeTUcXj kiTejd]kk]e[ jXVliXcp k“X ]e]k]Tc Tlk“Xek]VT( k]fe bXp jkfiXW fe k“X ]8lkkfe kf k“X KXimXi) L“XiXYfiX’P.]emfcmXjk“X9c]Xek’k“X]8lk( kfe TeW k“X KXimXi) OX XcTUfiTkX P. ]e jXV( k]fe 0)0) 1) KE.6 L“X KE. gifkfVfc ]j Yfi mXi]Yp]e[ TeW m]Xn]e[ k“X TlW]k cf[j jkfiXW ]e k“X KXimXi) OX WXjVi]UX KE. ]e jXVk]fe 0)1) 7j j“fne ]e =][liX .’ k“X 9c]Xek TeW k“X ]8lkkfe fne W]XiXek jXkj fY bXp gT]ij) I F C TeW MF C TiX k“X glUc]V bXp TeW gi]mTkX bXp fY k“X 9c]Xek’ iXjgXVk]mXcp) I F iB TeW MF iB TiX k“X glUc]V bXp TeW gi]mTkX bXp fY k“X ]8lkkfe’ iXjgXVk]mXcp) L“X ]8lkkfe TeW k“X KXimXi j“TiX T jXViXk bXp’ F iB ) L“X glUc]V+gi]mTkX bXpj TeW k“X j“TiXW jXViXk bXp TiX giXcfTWXW fe k“X ]8lkkfe UXYfiX ]k ]j WXgcfpXW) 1.1AK1 KE- ViXTkXj TeW VcfjXj Te TlW]k cf[) KXVk]fe 0)-)-XogcT]ej k“X Tjjldgk]fej nX “TmX dTWX Yfi fli ]dgcXdXekTk]fe) KXVk]fe 0)-). c]jkj k“X efkTk]fej TeW jpdUfcj nX ljX kf WXjVi]UX k“X gifkfVfcj) KXV( k]fe 0)-)/ XcTUfiTkXj k“X ilcXj Yfi VfejkilVk]e[ k“X TlW]k cf[j) KXVk]fej 0)-). { 0)-)/ TiX kTbXe Yifd KE TeW iXgifWlVXW “XiX ]e TUUiXm]TkXW Yfid kf dTbX fli gTgXi jXcY VfekT]eXW) OX YfVlj fe k“X kXV“e]VTc WXkT]cj fY k“X gifkfVfc TeW iXYXi k“X iXTWXi kf JXY( XiXeVX R-] Yfi k“X dfk]mTk]fej UX“]eW k“X gifkfVfc) 4.(.( AdduUpeibnd OX “TmX dTWX jfdX Tjjldgk]fej k“Tk nX UXc]XmX kf UX iXTjfeTUcX n“]cX ]dgcXdXek]e[ k“X gifkfVfcj) L“X dT]e iXTjfe ]j kf YTV]c]kTkX k“X ]dgcXdXekT( k]fe fY KE ]e k“X iXjfliVX VfejkiT]eXW ]8lkkfe) -) L“X VfeeXVk]fe UXknXXe k“X 9c]Xek TeW k“X KXimXi’ Tj nXcc Tj k“X NXi]ﬀXi TeW k“X KXimXi ]j XjkTUc]j“XW Up lj]e[ k“X KXVliX KfVbXk FTpXi ﬄKKF) dXV“Te]jd) .) O]k“flk iXjki]Vk]e[ [XeXiTc]kp’ k“XiX ]j fecp dcP NXi]ﬀXi’ dcP KXimXi’ dcP 9c]Xek TeW dcP

4.i)n

]8lkkfe ]e k“X TlW]k cf[[]e[ gifVXjj) L“XiX ]j fecp dcP TlW]k cf[ ﬀcX ViXTkXW Yifd k“X gif( VXjj) /) CY k“X ]8lkkfe ]j iXdfmXW Yifd k“X ]8lkkfe iXTWXi “TcYnTp k“ifl[“ Te ]ejkilVk]fe k“Xe k“X cf[ ﬀcX ]j VcfjXW TUefidTccp n]k“ T iXT( jfe jkTkXW ]e k“X cf[ ﬄjXX =][liX 1)) FcbU C2 (KNR (.) NbeFeibn =fi UXkkXi leWXijkTeW]e[ fY k“X iXdT]eWXi fY k“]j gTgXi’ nX ljX k“X Yfccfn]e[ efkTk]fej Yifd KE) • I, x iXgiXjXekj T le]hlX ]WXek]ﬀXi jki]e[ Yfi Te Xek]kp h ) • I FA P K x ﬄ F ) ]j k“X glUc]V(bXp XeVipgk]fe fY F lj]e[ k“X glUc]V bXp’ I F x fY h ) L“X VfiiXjgfeW]e[ gi]mTkX(bXp WXVipgk]fe fY F ]j I F, SK x ﬄ F )’ n“XiX MF x ]j h ﬃj gi]mTkX bXp ﬄjXViXkbXp))OXljXk“XJK7Tc[fi]k“dUX( VTljX ]k ]j TmT]cTUcX ]e k“X ]8lkkfe mXij]fe iX( cXTjX -: -) • MIDN SK x ﬄ Z ) ]j k“X W][]kTc j][eTkliX fY Z ’ le( WXi h ﬃj gi]mTkX bXp) OX ljX JK7 n]k“ T bXp j]qX fY -.4 U]kj) • A K ﬄ P ) ]j k“X jpddXki]V bXp XeVipgk]fe fY P leWXi bXp F ) , K ]j k“X VfiiXjgfeW]e[ jpd( dXki]V bXp WXVipgk]fe’ n“]V“ nX ljX ]e TWW]( k]fe kf KE efkTk]fej) OX “TmX iXeTdXW F 0 ]e k“X KE kf LF 0 kf W]jk]e[l]j“ ]k Yifd k“X cf[ Xekip XeVipgk]fe bXp ]e jXVk]fe 0)-)/) F VTe UX LF n ’ ﬄT iTeWfd jXjj]fe bXp) fi F iB ) OX ljX j]e[cX :;K) • H A. K 0 ﬄ P ) ]j k“X dXjjT[X Tlk“Xek]VTk]fe VfWX’ leWXi k“X jpddXki]V bXp F 0 ’ fY P ) OX ljX T feX(nTp “Tj“ G79 Tc[fi]k“d’ eTdXcp BG79) • YRgY ﬄ P ) ]j Te feX(nTp Vfcc]j]fe(iXj]jkTek “Tj“ YleVk]fe Yfi n“]V“ nX ljX k“X KB7- Tc( [fi]k“d) • P; Q iXgiXjXekj k“X VfeVTkXeTk]fe fY P n]k“ Q )

.4(..3bR1necyCbndecuLeibnAuTNd OX efn jlddTi]qX k“X KE cf[ Xekip VfejkilV( k]fe ilcXj UXcfn’ ]eW]VTk]e[ k“X ifcX fY k“X ]8lkkfe n“XiX Tggifgi]TkX) -) , j ]j k“X iXTc cf[ WTkT ]e j k“ cf[ Xekip fY I, log ) =fi T :JG Tggc]VTk]fe’ k“X WTkT j“flcW XeVTgjlcTkX ]eYfidTk]fe Yifd k“X W][]( kTc c]VXejX’ TVk]fej k“X 9c]Xek XoXiV]jXW fe k“X W][]kTc VfekXek’ UX“Tm]flij fY k“X VfekXek iXe( WXiXi TeW fk“Xi iXcXmTek ]eYfidTk]fe k“Tk fV( Vlij Tk k“X 9c]Xek) .) N j ]j k“X cf[ Xekip kpgX fY k“X j k“ cf[ Xekip) /) A j ]j k“X Tlk“Xek]VTk]fe bXp Yfi k“X j k“ Xekip ]e k“X cf[) L“]j ]j k“X VfiX jXVli]kp fY KE) 0) F j = YRgY ﬄ 00 AcTeiptZdcFei 00 ; N j ; A j ) VTc( VlcTkXj k“X j k“ cf[ Xekip jpddXki]V XeVipg( k]fe bXp) 1) Q j = YRgY ﬄ Q j − + ; A K j ﬄ , j ) ; N j ) ]j k“X V“T]eXW “Tj“) ;TV“ cf[ Xekip VfekT]ej Te XcXdXek ]e T “Tj“ V“T]e kf Tlk“Xek]VTkX k“X mTclXj fY giX( m]fljcf[Xeki]XjR./]) 2) Z j = H A. A j ﬄ Q j ) ]j k“X G79 VfWX fY Q j [Xe( XiTkXW leWXi j k“ Tlk“Xek]VTk]fe bXp’ A j ) 3) G j = N j ; A K j ﬄ , j ) ; Q j ; Z j ’ ]j k“X j k“ cf[ Xe( kip Vfej]jk]e[ fY k“X VfeVTkXeTk]fe fY k“X Yfli mTclXj c]jkXW) 4) A j ++ = YRgY ﬄ 00 IcTeebectE RgY 00 ; A j ) [XeXi( TkXj T jlUjXhlXek Tlk“Xek]VTk]fe bXp Yifd k“X giXm]flj feX) .(4. ESN PcbLNdd KE- ]j W]m]WXW ]ekf knf gTikj6 ﬄ-) ViXTkX cf[ TeW ﬄ.) VcfjX cf[) OX gTp dfjk TkkXek]fe kf k“X TlW]k cf[ ViXTk]fe gifVXjj UXVTljX nX TiX ]ekXiXjkXW kf befn k“X ]eﬂlXeVX fY k“X ]8lkkfe fe k“X 9c]Xekﬃj gXiYfidTeVX) CcNFeN3bR =][liXj / TeW 0 j“fn k“X gifVXjj fY ViXTk]e[ Te TlW]k cf[) Ce KE’ k“X MekiljkXW dTV“]eX ﬄk“X 9c]Xek) jXeWj ]kj glUc]V bXp VXik]ﬀ( VTkX kf k“X LiljkXW dTV“]eX ﬄk“X KXimXi) Yfi Vc]Xek Tlk“Xek]VTk]fe) L“X ]8lkkfe’ n“]V“ nX ljX Tj T

LiljkXW dTV“]eX Tj XogcT]eXW ]e jXVk]fe -’ Tlk“Xe( k]VTkXj k“X 9c]Xek lj]e[ T jkTeWTiW Tlk“Xek]VTk]fe dXk“fW W]jVljjXW Ui]Xﬂp ]e jXVk]fe 0).) L“X jkXgj TeW dXjjT[Xj fY =][liX / TeW =][liX 0 VTe UX XogcT]eXW Tj Yfccfnj6 -) Lf jkTik TlW]k cf[[]e[’ k“X 9c]Xek kTbXj k“X ]e]k]Tk]mXUpTVk]mTk]e[P-)7YkXiP-’k“X 9c]Xek “Tj k“X ]e]k]Tc Tlk“Xek]VTk]fe bXp’ A 0 TeW k“X VliiXek XeVipgkXW k]dXjkTdg’ A K iB ﬄ W 0 )) KE cXTmXj ]k kf k“X 9c]Xek kf WXV]WX 0 TeW W ) OX cXTmX k“XjX knf ]kXdj [ XW A Xe XiTk fe k“X ]8lkkfe’ Tj XogcT]eXW ]e jXVk]fe 0)/) ’ LF ; .) L“X 9c]Xek Yfidj T iTeWfd jXjj]fe bXp 0 k“X k]dXflk gXi]fW k“Tk k“X 9c]Xek n]cc nT]k Yfi k“X iXjgfejX Yifd k“X ]8lkkfe’ W 0 ”; T le]hlX ]WXek]ﬀXi Yfi k“]j cf[ ﬀcX’ I, log ; TeW T efeVX befne Tj jkXg ]WXek]ﬀXi’ p ) L“X 9c]Xek VfeVTkXeTkXj p ’ A K iB ﬄ W 0 )’ TeW A 0 kf Yfid k“X dXjjT[X P 0 ) /) L“X 9c]Xek XeVipgkj LF 0 n]k“ k“X ]8lkkfeﬃj glUc]V bXp’ I F iB TeW XeVipgkj k“ j][ 0 X eXW P n]k“ LF 0 ) L“X 9c]Xek Yfidj T dXjjT[X’ H 0 Up VfeVTkXeTk]e[ p ’ I, C ’ k“X XeVipgkXW LF ’ 0 TeW k“X XeVipgkXW j][eXW P 0 ) 0) L“X 9c]Xek [XeXiTkXj TeW jkfiXj k“X “Tj“ fY P 0 Yfi mTc]WTk]fe ]e k“X jlUjXhlXek jkXgj) 1) L“X 9c]Xek jXeWj k“X dXjjT[X’ H 0 kf k“X ]8lk( kfe) 2) L“X ]8lkkfe iXki]XmXj k“X iTeWfd jXjj]fe bXp’ LF 0 Up Wf]e[ gi]mTkX bXp WXVipgk]fe) L“X ]8lkkfe VTe k“Xe WXVipgk TeW iXki]XmX P 0 Up lj]e[ LF Tj T WXVipgk]fe bXp) L“X ]8lk( 0 kfe mTc]WTkXj P 0 Up mXi]Yp]e[ k“X j][eTkliX) =]eTccp’ T eXn iTeWfd jXjj]fe bXp’ LF + ]j [XeXiTkXW) 3) L“X ]8lkkfe Yfidj dXjjT[X P + ’ Up VfeVTkX( eTk]e[ k“X jkXg ]WXek]ﬀXi p ’ I, log ’ TeW “Tj“ fY P 0 ) L“X ]8lkkfe [XeXiTkXj dXjjT[X H + Up VfeVTkXeTk]e[ I, iB ’ XeVipgkXW LF + n]k“ k“X 9c]Xekﬃj glUc]V bXp’ I F C ’ TeW k“X XeVipgkXW j][eXW P + n]k“ LF + ) 4) L“X ]8lkkfe jXeWj k“X iXgcp dXjjT[X’ H + kf k“X 9c]Xek)

iButton

Client 1 P1 2 Generates RK 0 , d 0 +, p, ID log , X 0 = p, E K iB (d 0 ) _ 3 M 0 = p, ID C , PKE PK iB (RK 0 ), _ E RK 0 (X 0 , SIGN SK C (X 0 ) _ _ 4 Stores hash(X 0 ) 5 M 0 6 Retrieves RK 0 by PKD SK iB _ Retrieves X 0 by D RK 0 _ Verifies signature of X 0 Genereates RK 1 7 X 1 = p, ID log , hash(X 0 ) M 1 = p, ID iB , PKE PK C (RK 1 ), _ X E RK 1 ( 1 , SIGN SK iB (X 1 )) _ _ 8 9 M 1 Retrieves RK 1 by PKD SK C _ Retrieves X 1 by D RK 1 _ Verifies signature of X 1 Compare hash(X 0 ) 10 W 0 = "LogfileInitializationType" D 0 = E K iB (d 0 ), d0+, ID log , M 0 _ K 0 = hash("Encryption Key", W 0 , A 0 ) Y -1 = "0000000000000000000" Y 0 = hash(Y -1 , E K 0 (D 0 ), W 0 ) _ Z 0 = MAC A0 (Y 0 ) L 0 = W 0 , E K 0 (D 0 ), Y 0, Z 0 _ A 0 and K 0 are disposed 11 P1 12 Generates RK 2 , d 1 +, ID log X 1 = p, E K iB (d 1 ) _ 13 M 2 = p, ID C , PKE PK iB (RK 2 ), _ E RK 2 (X 1 , SIGN SK C (X 1 ) _ _ 14 Stores hash(X 1 ) 15 Time M 2 =][liX /6 L“X gifkfVfc fY ViXTk]e[ TlW]k cf[j ﬄjkXgj - kf -1))

Client

iButton 15 M 2 16 Retrieves RK 2 by PKD SK iB _ Retrieves X 1 by D RK 2 _ Verifies signature of X 1 Generates RK 3 17 X 2 = p, ID log , hash(X 1 ) M 3 = p, ID iB , PKE PK C (RK 3 ), _ E RK 3 (X 2 , SIGN SK iB (X 2 )) _ _ 18 19 M 3 Retrieves RK 3 by PKD SK C _ Retrieves X 2 by D RK 3 _ Verifies signature of X 2 Compare hash(X 1 ) 20 W 1 = "DRMApplicationType" D D 1 = E K_iB (d 1 ), d 1 +, I log , M 2 , Data K 1 = hash("Encryption Key", W 1 , A 1 ) Y 1 = hash(Y 0 , E K 1 (D 1 ), W 1 ) _ Z = MAC A1 (Y 1 ) 1 L 1 = W 1 , E K_1 (D 1 ), Y 1, Z 1 A 1 and K 1 are disposed 21 P1 22 Generates RK 4 , d 2 +, ID log X 3 = p, d 2 23 M 4 = p, ID C , PKE PK iB (RK 4 ), _ E RK 4 (X 3 , SIGNS SK C (X 3 ) _ _ 24 Stores hash(X 3 ) Time =][liX 06 L“X gifkfVfc fY ViXTk]e[ TlW]k cf[j ﬄjkXgj -1 fenTiWj))

5) O“Xe k“X 9c]Xek iXVX]mXj H + Yifd k“X ]8lk( kfe’ k“X 9c]Xek mXi]ﬀXj k“X dXjjT[X) L“X 9c]Xek VfdgTiXj k“X “Tj“ mTclX fY P 0 Yifd k“X ]8lkkfe n]k“ k“X jkfiXW “Tj“ mTclX) -,) L“X 9c]Xek [XeXiTkXj k“X ﬀijk cf[ Xe( kip) L“X ﬀijk cf[ ﬄfY kpgX’ N = 00 0 GdXCZaIecZtZRaZzRtZdcTiep 00 ) dljk UX gifg( Xicp YfidXW Tk k“X 9c]Xek fi XcjX k“X KXimXi n]cc jljgXVk k“Tk k“X 9c]Xek “Tj UXXe kTd( gXiXW n]k“) L“X ﬀijk WTkT ﬀXcW’ , 0 XeVTg( jlcTkXj A K iB ﬄ W 0 )’ W 0 ”’ I, log ’ TeW H 0 ) L“X 9c]Xek [XeXiTkXj k“X ﬀijk cf[ Xekip XeVipgk]fe bXp’ F 0 ) L“XiX ]j ef giXm]flj “Tj“ mTclX kf jkTik k“X “Tj“ V“T]e j]eVX k“]j ]j k“X ﬀijk cf[ Xekip) L“XiXYfiX’ nX jXk k“X ]e]k]Tc “Tj“ mTclX’ Q − + kf Te TiiTp fY qXifj) BTj“ mTclX’ Q 0 ’ TeW k“X G79 mTclX’ Z TiX [XeXiTkXW) A 0 TeW F 0 0 TiX W]jgfjXW) --) K]d]cTi kf jkXg -’ kf jkTik TlW]k cf[[]e[’ k“X 9c]XekXeTUcXjP-TeWfUkT]ejTeXnTlk“Xe( k]VTk]fe bXp’ A + TeW T eXn XeVipgkXW k]dXj( kTdg’ A K iB ﬄ W + )) -.) L“X 9c]Xek [XeXiTkXj T eXn iTeWfd jXjj]fe bXp’ LF 0 ’ T eXn k]dXflk’ W + ”) L“X I, log ]j k“X jTdX I, log [XeXiTkXW Tk jkXg -) L“X 9c]Xek VfeVTkXeTkXj p TeW A K iB ﬄ W + ) TeW Yfidj P + ) -/) K]d]cTi kf jkXg /’ k“X 9c]Xek gifWlVXj dXjjT[X H 0 ) -0) K]d]cTi kf jkXg 0’ k“X 9c]Xek jkfiXj k“X “Tj“ mTclX fY P + Yfi YlkliX mTc]WTk]fe) -1) L“X 9c]Xek jXeWj dXjjT[X H 0 kf k“X ]8lkkfe) -2) L“X ]8lkkfe iXgXTkj jkXg 2) -3) L“X ]8lkkfe iXgXTkj jkXg 3) -4) L“X ]8lkkfe jXeWj k“X [XeXiTkXW dXjjT[X’ H 1 UTVb kf k“X 9c]Xek) -5) L“X 9c]Xek iXgXTkj jkXg 5 Yfi mXi]ﬀVTk]fe fe k“X dXjjT[Xj iXVX]mXW Yifd k“X ]8lkkfe) .,) L“X 9c]Xek iXgXTkj k“X gifVXWliXj fY [XeXi( Tk]e[ k“X ﬀijk cf[ Xekip ﬄjkXg -,) kf [Xe( XiTkX jlUjXhlXek cf[ Xeki]Xj’ n]k“ N j = 00 ,LH AppaZTRtZdcT ipe 00 ’ n“XiX j ]j k“X cf[ Xekip eldUXi) L“X fecp W]XiXeVX ]j k“Tk Tk