Some content of this application is unavailable at the moment.
If this situation persist, please contact us atFeedback&Contact
1. (WO2018100578) A SYSTEM AND METHOD OF SECURING DEVICES USING ENCRYPTION KEYS
Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

CLAIMS:

1. A system for securely distributing a credential and encryption keys for physical devices, comprising:

a security server:

a physical device, comprising:

a memory module configured to store a share of the credential;

a communication module configured to exchange signals;

a processing module configured to execute calculations upon request received on a wireless manner via the communication module from the security server, the calculations are transmitted to the security server to execute a multi -party computation process;

wherein the multi-party computation process outputs two shares of the credential, a first share is stored in the physical device;

wherein the physical device does not have access to the credential.

2. The system of claim 1 , wherein the physical device comprises a wireless gateway.

3. The system of claim 1, wherein the security server further comprises a memory configured to store a second share of the credential not stored in the physical device, said second share is associated with an identifier of the physical device storing the first share.

4. The system of claim 1, wherein the security server further comprises a multi -party computation module configured to perform the multi-party computation process with the physical device.

5. The system of claim 1, further comprises an intermediate unit comprising an internet gateway, said internet gateway enables the physical device to communicate with the security server over the internet.

6. The system of claim 5, wherein the communication module of the physical device and the intermediate unit exchange information via a wired communication mechanism.

7. The system of claim 5, wherein the communication module of the physical device and the intermediate unit exchange information via a short-range wireless communication mechanism.

8. The system of claim 5, wherein the intermediate unit is an electronic device operated by a user of the physical device.

9. The system of claim 5, further comprises multiple distinct physical devices configured to execute a multi-party computation process with the security server, wherein the intermediate unit communicates with at least two of the multiple distinct physical devices, wherein the intermediate unit transfers information from the at least two of the multiple distinct physical devices to the security server via the internet gateway.

10. The system of claim 5, wherein the intermediate unit comprises a user interface enabling a user to input data into the intermediate unit, said data results in initiation of the multi-party computation process.

11. A method for securely distributing a credential and encryption keys for a physical device, comprising:

exchanging information between a processing module of the physical device and a security server to cooperatively execute a multi-party computation process, the output of the process is two shares of the credential;

storing one share of the credential in the physical device and another share of the credential in the security server;

wherein the physical device does not have access to the credential.

12. The method of claim 10, further comprises receiving a command to initiate the multi-party computation process.

13. The method of claim 10, further comprises associating an identifier of the physical device with the second share in the security server.

14. The method of claim 10, further comprises:

the physical device receiving a request to authenticate versus a third party,

the third party exchanges information with both the physical device and the security server to authenticate the physical server without the any one of the third party, the physical device and the security server have access to the credential.

15. The method of claim 14, further comprises storing a message counter in both the physical device and the security server, said message counter represents a usage of the share of the credential stored in the physical device,

adjusting the message counter in both the physical device and the security server upon use of the share versus the third party;

authenticating the physical device only if the value stored in both the physical device and the security server is equal.