The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Apr. 12, 2022
Filed:
Dec. 12, 2017
Thales Dis France SA, Meudon, FR;
Alsasian Atmopawiro, Meudon, FR;
Thi Tra Giang Dang, Meudon, FR;
Thales DIS France SA, Meudon, FR;
Abstract
The present invention relates to a method of secure generation by a client device A and a server device B of at least a RSA current signature and a RSA next signature with a private exponent component d of an RSA key, comprising: •a handshake phase (P) comprising: a. receiving (S) a handshake request comprising a hash of the next client value (pvA_next), b. checking (S) the value of the next client value (pvA_next) and: —when the next client value (pvA_next) equals a first default value (DUMMY): generating (S) a new value (x) and updating the next server value (pvB_next) with the generated new value, and sending (S) to the client device (A) the generated new value (x), to be used by the client device as next client value (pvA_next), —when the next client value (pvA_next) is not equal to said first default value (DUMMY): checking the value of the next server value (pvB_next) and when the next server value (pvB_next) is equal to a second default value (NULL) and the next client value (pvA_next) equals the current server value (pvB): sending to the client device (A) a fix request; and when the next server value (pvB_next) is equal to said second default value (NULL) and the next client value (pvA_next) is not equal to the current server value (pvB), suspending performing said method. •a signing phase (P) performed by the server device (B) after the handshake phase and generating the current signature; said signing phase comprising: a. generating (S) a server part of the current RSA signature (HS) from the server device private exponent component (dB) and from an updated server dynamic offset (hB') function of the current server dynamic offset (hB) and of a server shift value (cB), said server shift value (cB) being function of the current server value (pvB), such that the current RSA signature can be generated by combining said server part of the current RSA signature (HS) and a client part of the current RSA signature (HS) generated by the client device (A), b. setting (S) the current server dynamic offset (hB) to the updated server dynamic offset (hB′) value, the current server value (pvB) to the value of the next server value (pvB_next) and the next server value (pvB_next) to a second default value (NULL), •performing the handshake phase and the signing phase with the next signature as current signature, for generating the next signature.