Search Images Maps Play YouTube News Gmail Drive More »
Advanced Patent Search | Web History | Sign in

Patents

An encryption key generator is disclosed which is highly resistant to cryptographic analysis or brute force attacks, and which accommodates the destruction of an encryption key after each use by providing for the recreation of the key without need of key directories or other encryption key storage processes. A constant value and a secret E-Key Seed are applied as inputs to a bit-shuffling algorithm to provide a first many-to-few bit mapping and produce a first pseudo-random number. The first pseudo-random number in turn is applied as an input to a secure one-way hash algorithm to provide a second many-to-few bit mapping and produce a second pseudo-random number or message digest that may be truncated to a desired bit length to serve as a non-predictable but deterministic encryption key. Same constant value and E-Key Seed inputs to the key generator will provide the same message digest and hence the same key.

InventorsGuy L Fielder, Paul N Alito
Original AssigneeThe PACid Group
Current U.S. Classification380/259; 380/277
International Classification: H04L 900

View patent at USPTO
Search USPTO Assignment Database

Citations

Cited PatentFiling dateIssue dateOriginal AssigneeTitle
US5050212Jun 20, 1990Sep 17, 1991Apple Computer, Inc.Method and apparatus for verifying the integrity of a file stored separately from a computer
US5453598Apr 22, 1993Sep 26, 1995The Balance Dynamics CorporationApparatus for the transfer of electrical power to a balancer
US5664016Oct 17, 1995Sep 2, 1997Northern Telecom LimitedMethod of building fast MACS from hash functions
US5694569Jun 5, 1995Dec 2, 1997Method for protecting a volatile file using a single hash
US5748738Sep 15, 1995May 5, 1998Document Authentication Systems, Inc.System and method for electronic transmission, storage and retrieval of authenticated documents

Referenced by

Citing PatentFiling dateIssue dateOriginal AssigneeTitle
US6895504Sep 29, 2000May 17, 2005Intel CorporationEnabling secure communications with a client
US6901512Dec 12, 2000May 31, 2005Hewlett-Packard Development Company, L.P.Centralized cryptographic key administration scheme for enabling secure context-free application operation
US6957185Feb 25, 2000Oct 18, 2005Enco-Tone, Ltd.Method and apparatus for the secure identification of the owner of a portable device
US6959090Nov 20, 2000Oct 25, 2005Nokia CorporationContent Protection scheme for a digital recording device
US6986045Aug 17, 2001Jan 10, 2006Pitney Bowes Inc.Single algorithm cipher suite for messaging
US6987853Nov 29, 2000Jan 17, 2006Bodacion Technologies, LLCMethod and apparatus for generating a group of character sets that are both never repeating within certain period of time and difficult to guess
US7003107May 22, 2001Feb 21, 2006MainStream EncryptionHybrid stream cipher
US7103181Jul 13, 2001Sep 5, 2006Mainstream EncryptionState-varying hybrid stream cipher
US7151829Apr 22, 2002Dec 19, 2006International Business Machines CorporationSystem and method for implementing a hash algorithm
US7158892Jun 28, 2002Jan 2, 2007International Business Machines CorporationGenomic messaging system
US7194618Mar 5, 2002Mar 20, 2007Encryption and authentication systems and methods
US7346167May 10, 2002Mar 18, 2008Harris CorporationSecure mobile ad-hoc network and related methods
US7352867Jul 10, 2002Apr 1, 2008General Instrument CorporationMethod of preventing unauthorized distribution and use of electronic keys using a key seed
US7546327Dec 21, 2004Jun 9, 2009Wells Fargo Bank, N.A.Platform independent randomness accumulator for network applications
US7548998Oct 27, 2006Jun 16, 2009International Business Machines CorporationModifying host input/output (I/O) activity to allow a storage drive to which I/O activity is directed to access requested information
US7565297Oct 17, 2005Jul 21, 2009Cidway Technologies LtdMethod and apparatus for the secure identification of the owner of a portable device
US7602903Jan 16, 2004Oct 13, 2009Microsoft CorporationCryptography correctness detection methods and apparatuses
US7653895Jan 20, 2006Jan 26, 2010XILINX, Inc.Memory arrangement for message processing by a plurality of threads
US7733874Oct 27, 2006Jun 8, 2010International Business Machines CorporationCommunicating packets between devices involving the use of different communication protocols
US7747020Dec 4, 2003Jun 29, 2010Intel CorporationTechnique for implementing a security algorithm
US7827143Mar 30, 2009Nov 2, 2010Symantec CorporationMethod and apparatus for generating readable, unique identifiers
US7912216Mar 3, 2006Mar 22, 2011SafeNet, Inc.Elliptic curve cryptosystem optimization using two phase key generation
US7914107Apr 12, 2010Mar 29, 2011Silverbrook Research Pty LtdPrinter incorporating multiple synchronizing printer controllers
US7941842Oct 28, 2008May 10, 2011Unspam, LLC.Method and apparatus for a non-revealing do-not-contact list system
US7954148Dec 21, 2009May 31, 2011Bolique Applications Ltd., L.L.C.Encryption and authentication systems and methods
US7970135Jul 6, 2000Jun 28, 2011Deutsche Telekom AGMethod for the secure, distributed generation of an encryption key
US7979707Jul 9, 2004Jul 12, 2011EMC CorporationSecure seed generation protocol
US7996322Jun 16, 2004Aug 9, 2011Samsung Electronics Co., Ltd.Method of creating domain based on public key cryptography
US8000473Oct 7, 2005Aug 16, 2011Gemalto SAMethod and apparatus for generating cryptographic sets of instructions automatically and code generator
US8006299Mar 19, 2007Aug 23, 2011Bolique Applications Ltd., L.L.C.Encryption and authentication systems and methods
US8007063Jul 15, 2010Aug 30, 2011Silverbrook Research Pty LtdPrinter having printhead with multiple controllers
US8032874Jan 20, 2006Oct 4, 2011Xilinx, Inc.Generation of executable threads having source code specifications that describe network packets
US8123318May 25, 2010Feb 28, 2012Silverbrook Research Pty LtdPrinthead having controlled nozzle firing grouping
US8132012Dec 19, 2008Mar 6, 2012Cidway Technologies, Ltd.Method and apparatus for the secure identification of the owner of a portable device

Claims

1. A method of generating a pseudo-random, symmetric encryption key which is highly resistant to reverse analysis, and which comprises the following steps:

combining a constant value and a secret plural bit sequence to produce a shuffled bit result having fewer than a collective number of bits in said constant value and said secret plural bit sequence;
performing a secure hash operation on said shuffled bit result to produce a message digest; and
extracting said pseudo-random, symmetric encryption key from said message digest.

2. The method of claim 1, wherein said secret plural bit sequence has a binary length of at least 224 bits, and said pseudo-random symmetric encryption key has a binary length of at least 112 bits.

3. The method of claim 1, wherein said constant value and said secret plural bit sequence are combined by plural algebraic functions to form said shuffled bit result.

4. The method of claim 1, wherein said constant value and said secret plural bit sequence are encrypted before being combined by an algebraic function to form said shuffled bit result.

5. The method of claim 1, wherein said message digest has a binary length which is less than that of said shuffled bit result.

6. The method of claim 1, wherein said plural bit sequence has a binary length larger than that of said constant value.

7. A system for creating a pseudo-random, symmetric encryption key for use in a computer network system, which comprises:

a first function generator means having a constant value as one input and a secret plural bit sequence as a second input for combining said constant value and said secret plural bit sequence produce a pseudo-random output having fewer than a collective number of bits in said constant value and said secret plural bit sequence;
a secure hash function generator means in electrical communication with said first function generator means and having said pseudo-random output as an input for generating a pseudo-random message digest; and
truncation means in electrical communication with said secure hash function generator means and receiving said pseudo-random message digest for truncating said pseudo-random message digest to provide said pseudo-random, symmetric encryption key.

8. The system of claim 7, secret wherein said plural bit sequence has a first binary length larger than that of said constant value, and said pseudo-random output has a second binary length larger than said pseudo-random message digest.

9. The system of claim 7, wherein said constant value and said secret plural bit sequence are combined in accordance with at least one algebraic function.

10. The system of claim 9, wherein said at least one algebraic function is replaced by at least one logic function.

11. The system of claim 7, wherein said secret plural bit sequence and said constant value are encrypted before being combined.

12. An encryption key generator in electrical communication with a host system, which comprises:

an I/O interface means in electrical communication with said host system and receiving command sequences from said host system;
interrupt control means in electrical communication with said I/O interface means for issuing an interrupt signal upon receipt of said command sequences;
a ROM in electrical communication with said I/O interface means and having stored therein operating firmware, a bit-shuffle computer program, and a secure hash computer program;
a RAM in electrical communication with said I/O interface means and said ROM for storing a current E-Key Seed and a constant value;
an EEPROM in electrical communication with said I/O interface means, said ROM, and said RAM, for storing said E-Key Seed and said constant value; and
a CPU in electrical communication with said interrupt control, said I/O interface means, said ROM, said RAM, and said EEPROM for executing said bit-shuffle computer program to combine said constant value and said E-Key Seed in a first many-to-few bit mapping, for executing said secure hash algorithm to produce a message digest in a second many-to-few bit mapping, and for extracting a pseudo-random symmetric, encryption key from said message digest and storing said encryption key in said EEPROM.

13. The method of claim 1, wherein said constant value and said secret plural bit sequence are combined by at least one algebraic function.

14. The method of claim 1, wherein said constant value and said secret plural bit sequence are combined by at least one logic function.

15. The method of claim 1, wherein said constant value and said secret plural bit sequence are combined by at least one cryptographic function.

16. The method of claim 1, wherein said constant value and said secret plural bit sequence are combined by any combination of one or more of each of an algebraic function, a logic function, and an encryption function.

17. The method of claim 1, wherein said pseudo-random, symmetric encryption key also is deterministic and non-predictable.

18. The method of claim 1, wherein the step of combining includes plural bit shuffling operations to form said shuffled bit result.

19. The method of claim 1, wherein the step of performing also includes plural bit shuffling functions in forming said message digest.

20. The method of claim 1, wherein said secret plural bit sequence may vary in binary bit length.

21. The system of claim 7, wherein said constant value and said secret plural bit sequence are combined in accordance with at least one cryptographic function.

22. The system of claim 7, wherein said constant value and said secret plural bit sequence are combined by any combination of one or more of each of an algebraic function, a logic function, and an encryption function.

23. The system of claim 7, wherein said pseudo-random, symmetric encryption key also is deterministic and non-predictable.

24. The system of claim 7, wherein said first function generator performs plural bit shuffling functions in combining said constant value and said secret plural bit sequence.

25. The system of claim 7 further including bit shuffling means receiving said pseudo-random message digest from said secure hash function generator means for performing plural bit shuffling operations on said pseudo-random message digest to generate a second pseudo-random message digest which is truncated by said truncation means to provide said pseudo-random, symmetric encryption key.

26. The system of claim 12, wherein said pseudo-random, symmetric encryption key also is deterministic and non-predictable.

27. The system of claim 7, wherein said secret plural bit sequence may vary in binary bit length.

Drawings