Skip to content
This repository has been archived by the owner on Dec 12, 2022. It is now read-only.
Derk Norton edited this page Oct 3, 2022 · 18 revisions

Proprietary Technology

The technology and source code in this project are for reference purposes only. They are protected by US Patents 9,853,813 and 10,439,811 with additional patents pending. Any use of this technology or source code without a license from Crater Dog Technologies™ will be deemed an infringement of one or more patents. Crater Dog Technologies™ retains full ownership of this proprietary technology. If you are interested in experimenting with, or licensing the technology, please contact us at craterdog@gmail.com.

Welcome

You have arrived at the Crater Dog Technologies™ hardware security module (HSM) prototype project. It is a working prototype of the wearable part of the Crater Dog Technologies™ Wearable Identity System™. This project provides C++ code that can be uploaded to an Adafruit BLE nRF52 feather board to create the prototype hardware security module (code named "ArmorD™"). A hardened production version of ArmorD™ could then be embedded in a wearable device like a ring, pendant or fob.

Overview

Public key cryptography is used by computer systems everywhere to ensure that they are "who" they claim to be and to keep the communications with those systems confidential. But the security of this approach depends on preventing the private key from being stolen. For systems that are running in a physically secure environment like the cloud, this is no problem. But what about mobile devices which may be lost or stolen and with them their private keys?

ArmorD™ provides a patented mechanism to protect a private key in a way that permits a mobile device to digitally sign any reasonably sized byte stream (<10K bytes). This allows the user of an application running on the mobile device to safely perform a multitude of security related tasks including:

  • Automatically unlocking their mobile device or laptop computer
  • Logging the user into a website without the use of a password or two factor authentication
  • Authorizing a business transaction with a merchant either at a brick and mortar store or online
  • Signing a legal document in a way that cannot be forged or tampered with

What makes this approach special is the fact that neither the ArmorD™ nor the mobile device maintains the private key, so if either one of them is lost or stolen, the private key cannot be compromised. In fact, the private key is never actually stored anywhere. And yet, the public key is available to anyone and can be used to validate the digital signature that was created using the private key.

Cryptographic Operations

ArmorD™ provides the following simple low level cryptographic operations that can be used to construct a multitude of higher level security applications:

  • generateKeys - generates a new public-private key pair and returns the public key
  • rotateKeys - replaces the existing public-private key pair with a new one and returns the new public key
  • eraseKeys - erases any existing key pair
  • digestBytes - returns a SHA512 digital digest for a specified array of bytes
  • signBytes - uses the private key to generate a digital signature for a specified array of bytes and returns the signature
  • validSignature? - checks to see whether or not a specified array of bytes and a digital signature of those bytes was generated using the private key associated with a specified public key

In Summary

A user carrying ArmorD™ with them as a wearable device can use applications running on their mobile device to perform many security related tasks without worrying about whether or not the private key that is being used by the applications to digitally sign things is safe. The private key does not reside anywhere and therefore cannot be stolen or compromised.

To dive in deeper on the parts of the prototype that interest you most, click on links listed in the side bar in the upper right corner ↗️ of this page.