Abstract
When resolving known contacts device-to-device, a credential and its corresponding key can be tracked if it is used multiple times. While using each credential or key only once addresses the privacy issues, providing single-use credentials or keys requires an efficient way to issue many credentials to many keys for individual devices without straining on-device cryptographic hardware or server-side identity services. This disclosure describes the use of key batches to construct an efficient mechanism for certifying many keys with a single request to device cryptographic hardware and a single request to an identity server. In an example implementation, device attestation is bound to such a key batch on device. A server then verifies both the attestation and the binding before issuing credentials for the entire batch. The on-device attestation is performed using the cryptographic services backed by device hardware.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Krahn, Darren and McCloskey, Dave, "Using Key Batches to Optimize Issuance of Device Credentials", Technical Disclosure Commons, (October 23, 2025)
https://www.tdcommons.org/dpubs_series/8770