Method and apparatus for tracking cryptographic key material used on a mobile device

Fully homomorphic encryption is used to track and authorize cryptographic key material on mobile devices by mapping it with geographic data, addressing privacy concerns and unauthorized use, enhancing security and compliance.

DE102024211833A1Pending Publication Date: 2026-06-18ROBERT BOSCH GMBH

Patent Information

Authority / Receiving Office
DE · DE
Patent Type
Applications
Current Assignee / Owner
ROBERT BOSCH GMBH
Filing Date
2024-12-12
Publication Date
2026-06-18

Smart Images

  • Figure 00000000_0000_ABST
    Figure 00000000_0000_ABST
Patent Text Reader

Abstract

A method for tracking cryptographic key material (104) used on a mobile device (102) comprises capturing a request (110) representing a message secured and transmitted by the mobile device (102) using a fully homomorphic encryption method utilizing the cryptographic key material (104) and geographic location data (116) of the mobile device (201), extracting the geographic location data (116) from the request (110), and storing a mapping between the cryptographic key material (104) and the geographic location data (116).
Need to check novelty before this filing date? Find Prior Art

Description

State of the art

[0001] The invention relates to a device or a method according to the preamble of the independent claims. The present invention also relates to a computer program.

[0002] There are privacy-friendly geographic location services, such as sending targeted advertising to a device within a specific city boundary.

[0003] Furthermore, there are homomorphic encryption systems that may be of interest with regard to data protection. Disclosure of the invention

[0004] Against this background, the approach presented here comprises a method for tracking cryptographic key material used on a mobile device, a device employing this method, and a corresponding computer program according to the main claims. Advantageous further developments and improvements of the device specified in the independent claim are possible through the measures listed in the dependent claims.

[0005] Advantageously, the use of a fully homomorphic encryption method allows for the tracking of cryptographic key material while preserving privacy.

[0006] A procedure for tracking cryptographic key material used on a mobile device includes the following steps: Capturing a request representing a message that was secured and sent from the mobile device using a fully homomorphic encryption method utilizing the cryptographic key material as well as the mobile device's geographic location data; Extracting the geographic location data from the query; and Storing a mapping between the cryptographic key material and the geographic location data in order to track the cryptographic key material.

[0007] A mobile device could be, for example, a smartphone, a GPS device, or any development or production device with a control unit that has a trusted platform and provided cryptographic material. This cryptographic material can be used, for example, to establish secure communication between the mobile device and another entity, such as a server or another mobile device. Additionally or alternatively, the cryptographic material can be used, for example, to encrypt the request or data transmitted via the request. The cryptographic key material can be stored on the mobile device. The geographic information can include, for example, location coordinates that specify the mobile device's current position when the request is created.To implement the fully homomorphic encryption process, established methods for fully homomorphic encryption (FHE) can be used. One advantage of fully homomorphic encryption, also known as homomorphic encryption, is that encrypted data can be processed without requiring decryption. The request may have been sent wirelessly from the mobile device using a suitable transmission protocol. The request may have been received by the receiver using a suitable receiving device. Depending on the transmission protocol used, the request may consist of one or more messages. Geographic location data can be extracted from the request using calculations involved in fully homomorphic encryption.The mapping between the cryptographic key material and the geographic location data reveals where the cryptographic key material has been used. By storing this mapping, the use of the cryptographic key material can be tracked over an extended period by repeatedly running the procedure. It can also be determined whether the cryptographic key material was used simultaneously or within a short period in different locations. This can indicate that the cryptographic key material has been cloned and is being used on different mobile devices.

[0008] Thus, the procedure can include a repeated capture step, in which another request is captured representing another message secured and transmitted by the mobile device using the fully homomorphic encryption method employing the cryptographic key material and additional geographic location data of the mobile device; a repeated extraction step, in which the additional geographic location data is extracted from the request; and a repeated storage step, in which the mapping is augmented with the additional geographic location data. If the steps of the procedure are executed sequentially over time, the current locations where the cryptographic key material was used can be continuously determined.

[0009] The process can include a plausibility check step, in which the subsequent geographic location data is validated using previously stored geographic location data and the time elapsed between the request and the subsequent request to obtain a plausibility result. For example, the most recently determined geographic location data can be declared plausible if it differs only slightly from the previously determined geographic location data. Conversely, the most recently determined geographic location data can be declared implausible if it differs significantly from the previously determined geographic location data and the time elapsed between requests is insufficient to allow the mobile device to move the distance between the different geographic locations.

[0010] The procedure may include a step of comparing the geographic location data with a geographic area defined for the cryptographic key material to obtain a comparison result. The geographic area may encompass a space, such as a country, within which use of the mobile device is intended or expected. If the comparison result indicates a match, it can be assumed, for example, that the use of the cryptographic key material is permissible. If the comparison result indicates a mismatch, it can be assumed, for example, that the use of the cryptographic key material is impermissible.

[0011] The process may include a step of generating a blocking flag to lock the mobile device. The blocking flag can be generated if the plausibility check shows no correlation between the other geographic location data and the geographic location data, or if the comparison shows no match between the geographic location data and the geographic area. Based on the blocking flag, a review or blocking of the mobile device or the cryptographic key material may be initiated.

[0012] For example, the procedure could include a step of sending a blocking instruction to disable a function of the mobile device, responding to the block notice. This could, for instance, stop unauthorized use of the cryptographic key material.

[0013] At least the steps of capturing, extracting, and storing data can be performed using a device external to the mobile device. Such a device could be, for example, a server that can communicate with the mobile device.

[0014] The process can include a step of securing and sending the request using the mobile device. The request can be secured, for example encrypted, using a fully homomorphic encryption method that utilizes the cryptographic key material and the geographic location data, and then sent using a communication protocol.

[0015] The process may include a step of determining geographic location data using a positioning method executed on the mobile device. This allows the geographic location data to be continuously updated.

[0016] This process can be implemented, for example, in software or hardware, or in a hybrid form of software and hardware, for example in a control unit.

[0017] The approach presented here further creates a device designed to perform, control, and implement the steps of a variant of the method presented herein in appropriate facilities. This embodiment of the invention, in the form of a device, also allows the underlying problem to be solved quickly and efficiently. The device can comprise a system of several devices, for example, a mobile device and at least one server.

[0018] For this purpose, the device may have at least one processing unit for processing signals or data, at least one storage unit for storing signals or data, at least one interface to a sensor or actuator for reading sensor signals from the sensor or for outputting data or control signals to the actuator, and / or at least one communication interface for reading or outputting data embedded in a communication protocol. The processing unit may, for example, be a signal processor, a microcontroller, or the like, and the storage unit may be flash memory or a magnetic storage unit.The communication interface can be configured to read or output data wirelessly and / or via wired connections, whereby a communication interface that can read or output wired data can, for example, read this data electrically or optically from or output it into a corresponding data transmission line.

[0019] In this context, a device can be understood as an electrical device that processes sensor signals and outputs control and / or data signals accordingly. The device may have an interface, which can be implemented in hardware and / or software. In the case of a hardware-based interface, the interfaces can, for example, be part of a so-called system ASIC, which incorporates various functions of the device. However, it is also possible that the interfaces are separate integrated circuits or consist at least partially of discrete components. In the case of a software-based interface, the interfaces can be software modules, which, for example, are located on a microcontroller alongside other software modules.

[0020] Also advantageous is a computer program product or computer program with program code that can be stored on a machine-readable carrier or storage medium such as a semiconductor memory, a hard disk memory or an optical memory and is used to carry out, implement and / or control the steps of the method according to one of the embodiments described above, in particular if the program product or program is executed on a computer or device.

[0021] Examples of the approach presented here are shown in the drawings and explained in more detail in the following description. It shows: Fig. 1 a block diagram of a device according to an exemplary embodiment; and Fig. 2 a flowchart of a procedure according to an exemplary embodiment.

[0022] In the following description of favorable embodiments of the present invention, the same or similar reference numerals are used for the elements shown in the various figures and acting similarly, without repeating these elements.

[0023] Fig. Figure 1 shows an embodiment of a device 100 for tracking cryptographic key material 104 used on a mobile device 102. According to one embodiment, the device 100 comprises an external unit 106, which may, for example, include one or more servers. Optionally, the device 100 further comprises at least the mobile device 102, so that the device 100 is a system. The mobile device 102 and the external unit 106 are coupled or can be coupled to each other for data transmission. For this purpose, the mobile device 102 has, for example, a transmitting unit for wirelessly sending a request 110, and the external unit has, for example, a receiving unit for receiving the request 110.

[0024] According to one embodiment, the mobile device 102 comprises a storage device 112 for storing the cryptographic key material 104. According to another embodiment, the mobile device 102 comprises a generation device 114 configured to generate the request 110 to be sent. The generation device 114 is configured to secure the request using a fully homomorphic encryption method, for example, by encrypting it. The correspondingly secured request 110 is then sent to the external device 106 using a suitable transmission protocol.

[0025] The creation device 114 is configured to perform the steps required for the fully homomorphic encryption method, such as calculations. In this process, the request 110, or the data intended for transmission via the request 110, is fully homomorphically encrypted using the cryptographic key material 104 and the geographic location data 116 of the mobile device 102. According to one embodiment, steps of a known method for fully homomorphic encryption are executed for this purpose. According to another embodiment, the geographic location data 116 is acquired and provided using a tracking device 118 of the mobile device 102. The tracking device 118 is configured, for example, to perform a suitable satellite-based tracking method, such as the GPS system.

[0026] According to one embodiment, the external device 106 is used to track the cryptographic key material 104 used on the mobile device 102 in geographical terms.

[0027] The external device 106 is configured to read the request 110, which represents a message secured by the mobile device 102, and to use it to extract the geographic location data 116, which was used to secure the request 110 on the mobile device 102. Furthermore, the external device 106 is configured to associate the extracted geographic location data 116 with the cryptographic key material 104, which was used to secure the request 110 on the mobile device 102. According to one embodiment, the external device 106 is configured to store a corresponding association between the cryptographic key material 104 and the geographic location data 116 in a storage device 120.

[0028] According to one embodiment, the external device 106 knows which key material the mobile device 102 uses as the cryptographic key material 104. According to another embodiment, the external device 106 is configured, for example, to extract an identification of the cryptographic key material 104 from the query 110. In this way, the extracted geographic location data 116 can be reliably assigned to the cryptographic key material 104 used.

[0029] The assignment enables tracking of the cryptographic key material 104.

[0030] For this purpose, the external facility 106 is trained, for example, to extract further geographic location data for each subsequent request from the mobile device 102 or for selected further requests from the mobile device 102 and to use it to supplement the assignment.

[0031] According to one embodiment, the external device 106 is configured to evaluate geographic position data independently, for example by comparing it with a geographic area predetermined for the cryptographic key material 104, in order to assess the proper use of the cryptographic key material 104. As long as the cryptographic key material 104 is used in the predetermined geographic area, proper use of the cryptographic key material 104 can be assumed.

[0032] According to one embodiment, the external device 106 is alternatively or additionally configured to evaluate a plurality of geographic position data based on separate queries, for example by determining a spatial distance between successively extracted geographic position data, in order to assess the proper use of the cryptographic key material 104. For example, proper use of the cryptographic key material 104 can be assumed if successively extracted geographic position data do not differ or differ only slightly, or if the time interval between two queries is sufficiently long to allow the mobile device to be moved enough to occupy the different positions.

[0033] For example, the external device 106 is configured to generate a blocking notice if improper use of the cryptographic key material 104 has been detected or is suspected. According to one embodiment, the external device 106 is configured to send a blocking instruction 122 to block a function of the mobile device 122 in response to a corresponding blocking notice.

[0034] Advantageously, the approach described here allows tracking of the cryptographic key material 104 stored on the mobile device 102, for example a customer device.

[0035] The mobile device 102, for example a development device (unsecured / unsecured) or a production device (secured / secured), is equipped with cryptographic material 104, according to one embodiment, to enable participation in various protocols. A problem is that material from the device 102 leaks and is then reused on other devices. To determine whether shared or device-specific key material 104 is being reused, e.g., on the aftermarket by third-party vendors, a form of tracking of the mobile device 102 and, if applicable, other devices is performed using the external facility 106, i.e., on the server side. According to one embodiment, this tracking preserves privacy.

[0036] This advantageously enables the geographical tracking of cryptographic material, in this case cryptographic material 102, in compliance with data protection regulations. This takes into account that key material is digital and easily cloned.

[0037] Privacy-friendly geolocation within a specific geographical area is possible through fully homomorphic encryption (FHE), also known as fully homomorphic encryption.

[0038] Individual devices, such as the Mobile Device 102, may be locked or subjected to further investigation.

[0039] The advantages include granular control over the cryptographic material 102 of the device 106 while preserving privacy. This prevents the large-scale revocation of key material and eliminates the time-consuming and labor-intensive process of replacing leaked material. Furthermore, it enables the identification of critical vulnerabilities in the provision and storage of cryptographic material.

[0040] The use of a specific key material, such as cryptographic material 102, can be tracked in a privacy-friendly manner using full homomorphic encryption.

[0041] Shared key material can be checked for its location within certain geographical boundaries, e.g., one or more countries or a continent, using full homomorphic encryption.

[0042] Unique key material of a device, such as the mobile device 102, can be compared with the approximate geography between two or more usage requests via full homomorphic encryption. The question is whether identical unique device keys, such as the cryptographic key material 102, are used at different geographical locations within a specific timeframe.

[0043] The involved FHE calculations, i.e., calculations for carrying out the fully homomorphic encryption method, determine, for example, the GPS coordinates of the mobile device 102 within a geographical area.

[0044] Fig. Figure 2 shows an embodiment of a method for tracking cryptographic key material used on a mobile device. The method can be implemented, for example, using a device 100 as described in Fig. 1 is described.

[0045] In step 201, a request is captured representing a message that was secured and sent by a mobile device using a fully homomorphic encryption method. For this, the mobile device used both its cryptographic key material and its own geographic location data. In step 203, the geographic location data, or a location representation of the geographic location data, is extracted from the request. In step 205, a mapping between the cryptographic key material and the geographic location data, optionally represented by a corresponding location, is stored.

[0046] According to one embodiment, the method includes a comparison step 207, in which the geographic location data is compared with a geographic area defined for the cryptographic key material. This yields a comparison result, which is optionally used in a step 209 to generate a blocking flag. For example, the blocking flag is generated if the comparison result shows no match between the geographic location data and the geographic area. In an optional step 211, a blocking instruction is sent in response to the blocking flag to disable a function of the mobile device.

[0047] According to one embodiment, steps 201, 203, and 205 are executed repeatedly. This allows at least one further request to be captured, which was also secured and transmitted using the cryptographic key material and additional geographic location data of the mobile device, employing the fully homomorphic encryption method. The additional geographic location data can then be extracted from the request and used to complete the mapping. In this way, for example, at least two geographic location data sets are available for the cryptographic key material, which may differ if the mobile device has moved between the two requests, or if the cryptographic key material is used on two different mobile devices.To detect the latter, we execute an optional step 213 in which at least two geographic position data points are validated to obtain a plausibility result. For example, in optional step 209, a blocking notice is generated if the plausibility result shows no plausibility between the geographic position data and the other geographic position data.

[0048] According to one embodiment, steps 201, 203, 205 of capturing, extracting and storing are performed using a facility external to the mobile device, for example a server.

[0049] Optionally, the procedure includes at least one step 221, which is executed on the mobile device. In step 221, the request is fully homomorphically secured using the cryptographic key material and the geographic location data and transmitted using a communication protocol. Optionally, in a step 223, a location tracking procedure is performed before or simultaneously to determine the geographic location data. For example, a Trusted Platform Module of the mobile device is used for this purpose.

[0050] According to one embodiment, prior to step 221 of sending the request, information regarding the cryptographic key material is exchanged or transmitted between the mobile device and the external facility.

[0051] In the following, at least one embodiment of the approach described here will be explained in more detail.

[0052] The mobile device ID is located outside the FHE-encrypted data. The device ID is part of the signed data sent from the client to the server. According to one example, the client corresponds to the one described in Fig. The mobile device shown, the server of the external institution and the signed data represent, according to an exemplary embodiment, the request to the server.

[0053] The first point to consider is the data: The FHE client input uses either shared key material or device-unique key material. A distinction is made between two different device statuses: "Development" and "Production".

[0054] In the case of common key material, a geolocation, i.e., latitude AND longitude, AND a common key batch ID is used for the device status "Development".

[0055] In the case of common key material, a geolocation AND a common key batch ID are used for the device status "production".

[0056] In the case of device-specific key material, a geolocation AND a unique key ID are used for the device status "Development".

[0057] In the case of device-unique key material, a geolocation AND a unique key material ID are used for the device status "production".

[0058] The second point to consider is the FHE rating: The FHE evaluation is performed using an FHE server circuit. The server cannot verify the processed data (it is read as plain text). However, the server decides on the processing.

[0059] An evaluation of the FHE is performed using a common circuit or a circuit tailored with regard to the evaluation and / or the data set in the circuit.

[0060] A Trusted Platform controls key access. The third point to consider is the evaluated data:

[0061] In the case of shared key material, an FHE client output is generated, with alternative response examples being possible: status code Block_key_usage, based on the device ID, the common key batch ID and the geographic location, status code Send_FHE_output_to_Server

[0062] In the case of device-unique key material, an FHE client output is generated, with alternative response examples being possible: status code Block_key_usage, based on the device ID, the unique key ID and the geographic location, status code Send_FHE_output_to_Server The following is an example sequence:

[0063] Sequence steps 1 to 4 refer to key provisioning. 1st sequence step (Owner: Production-OEM / Supplier)

[0064] The device generates an FHE client key AND (corresponding) FHE server keys. Execution takes place within the trusted platform. This involves executing an authenticated / signed binary file. 2nd sequence step (Owner: Production-OEM / Supplier)

[0065] The device transmits the FHE server key to the server. 3rd sequence step (Owner: Production-OEM / Supplier)

[0066] The device generates a device-unique signature key pair (public AND private key). This occurs within the trusted platform by executing an authenticated / signed binary file. 4th sequence step (Owner: Production-OEM / Supplier)

[0067] The device transmits the client's public unique signature key to the server.

[0068] The server transmits the shared public signature key to the device. The resulting asset is a shared public signature key from the server.

[0069] The following sequence steps 5 to 16 relate to usage and controls. 5th sequence step (Owner: Device owner / Customer)

[0070] The device encrypts using the FHE client key. The FHE client key is stored as an asset. 6th sequence step (Owner: Device owner / Customer)

[0071] The device signs the concatenated {device ID (in plaintext), FHE-encrypted data}. The entry is a signature of the private device key. 7th sequence step (Owner: Device owner / Customer)

[0072] The device sends the data to the server. 8th sequence step (owner: server)

[0073] The server verifies the signature. The signature of the public key is available as an item. 9th sequence step (owner: server)

[0074] The server evaluates the encrypted data using a circuit (encrypted evaluation). The FHE server key AND an FHE circuit are stored as the data points. 10th sequence step (owner: server)

[0075] The server signs the evaluated data. The signature of a shared private server key is recorded. 11th sequence step (owner: server)

[0076] The server sends the processed FHE data back to the client. 12th sequence step (Owner: Device owner / Customer)

[0077] The device verifies the signature of the evaluated FHE. The position is defined as the verification of the signature. 13th sequence step (Owner: Device owner / Customer)

[0078] The device decrypts the FHE data. The FHE client key is stored as the location. 14th sequence step (Owner: Device owner / Customer)

[0079] The device signs the concatenated {device ID (in plaintext), FHE-decrypted data}. The signature of the private device key is present at the position. 15th sequence step (Owner: Device owner / Customer)

[0080] The device sends the data to the server. The step involves verifying the signature. 16th sequence step (owner: server)

[0081] The server collects the data to build a pseudonymized database. The database is used to create FHE evaluation circuits.

[0082] The device identifier (device ID) is a unique identifier for the mobile device, independent of its geographic location. The device identifier can be transmitted unencrypted, while the precise geolocation can never be in plaintext. The signatures mentioned in the example above are achieved using generally accepted cryptography. The client can encrypt and decrypt data, while the server can manipulate data or perform operations on it.

[0083] According to one embodiment, sequence steps 5 to 7 are executed as components of step 221 of saving and sending the request using the mobile device.

[0084] According to one embodiment, sequence step 8 is executed as part of step 201 of capturing a request, sequence step 9 as part of step 203 of extracting the geographic location data from the request, and sequence step 16 as part of step 205 of saving.

Claims

Method for tracking cryptographic key material (104) used on a mobile device (102), the method comprising the following steps: capturing (201) a request (110) representing a message secured and transmitted by the mobile device (102) using a fully homomorphic encryption method utilizing the cryptographic key material (104) and geographic location data (116) of the mobile device (101); extracting (203) the geographic location data (116) from the request (110); and storing (205) a mapping between the cryptographic key material (104) and the geographic location data (116) in order to track the cryptographic key material (104). The method according to claim 1, comprising a repeated step (201) of capture, in which a further request (110) is captured, representing a further message that was secured and transmitted by the mobile device (102) using the fully homomorphic encryption method employing the cryptographic key material (104) and further geographic location data (116) of the mobile device (102), a repeated step (203) of extraction, in which the further geographic location data (116) are extracted from the request (110), and a repeated step (205) of storage, in which the mapping is supplemented by the further geographic location data (116). Method according to claim 2, comprising a step (213) of plausibility checking the further geographic position data (116) using the geographic position data (116) and a time interval between the query and the further query to obtain a plausibility check result. Method according to one of the preceding claims, comprising a step (207) of comparing the geographic position data (116) with a geographic area defined for the cryptographic key material (104) to obtain a comparison result. Method according to claim 3 or 4, comprising a step (209) of generating a block notice to block the mobile device (102) if the plausibility result shows no plausibility between the geographic position data (116) and the further geographic position data (116) or if the comparison result shows no match between the geographic position data (116) and the geographic area. Method according to claim 5, comprising a step (211) of sending a blocking instruction (120) to block a function of the mobile device (102) responding to the block notice. Method according to one of the preceding claims, wherein the steps (201, 203, 205) of capturing, extracting and storing are performed using a device (106) external to the mobile device (102). Method according to one of the preceding claims, comprising a step (221) of securing and transmitting the request (110) using the mobile device (102), wherein the request (110) is secured using the fully homomorphic encryption method utilizing the cryptographic key material (104) and the geographic position data (116) and is transmitted using a communication protocol. Method according to claim 8, comprising a step (223) of determining the geographic position data (116) using a location tracking method performed on the mobile device (102). Device (100) which is configured to perform and / or control the steps of the method according to one of the preceding claims in corresponding units. Computer program configured to execute and / or control the steps of the method according to any one of claims 1 to 9.