Search Images Maps Play YouTube News Gmail Drive More »
Advanced Patent Search | Web History | Sign in

Patents

A system and method for generating random numbers utilizing a shared or distributed source of entropy is disclosed. In one embodiment, the invention allows networked computers to generate and share entropy in proportion to the need for random numbers utilized to initialize the internal state of random number generators residing on the computers. A shared session key generated during communications between a first and second computer is appended to the current internal state of the random number generators residing on the computers to create a bit string. The bit string is then mixed or hashed using a one-way "hash" function such as message digest function to produce a mixed bit string. At least a portion of the mixed bit string is then used to reinitialize the internal state of the random number generators residing on the computers. Since the initial state of the random number generators residing on the computers will be different, the values used to reinitialize the internal state...

InventorBryn Dole
Original AssigneeSun Microsystems, Inc.
Primary Examiner: Gilberto Barrn
Secondary Examiner: Douglas Meislahn
Attorney: Beyer Weaver & Thomas LLP
Current U.S. Classification380/44; 380/263
International Classification: H04L/922

View patent at USPTO
Search USPTO Assignment Database

Citations

Cited PatentFiling dateIssue dateOriginal AssigneeTitle
US4211891Feb 16, 1978Jul 8, 1980Licentia Patent-Verwaltungs-G.m.b.H.Method for setting code text generators in ciphering devices
US5241598May 22, 1991Aug 31, 1993Ericsson GE Mobile Communications, Inc.Rolling key resynchronization in cellular verification and validation system
US5369706Nov 5, 1993Nov 29, 1994United Technologies Automotive, Inc.Resynchronizing transmitters to receivers for secure vehicle entry using cryptography or rolling code
US5412721Mar 26, 1993May 2, 1995Motorola, Inc.Method for loading and utilizing a key in a secure transmission device
US5420925Mar 3, 1994May 30, 1995Lectron Products, Inc.Rolling code encryption process for remote keyless entry system
US5621799Oct 19, 1994Apr 15, 1997Matsushita Electric Industrial Co., Ltd.Scrambled transmission system
US5727062Jul 6, 1995Mar 10, 1998Variable size block ciphers
US5740249Apr 9, 1996Apr 14, 1998Kabushiki Kaisha ToshibaEncryption apparatus and method capable of controlling encryption process in accordance with an internal state
US5748734Apr 2, 1996May 5, 1998Lucent Technologies Inc.Circuit and method for generating cryptographic keys
US5778069Apr 10, 1996Jul 7, 1998Microsoft CorporationNon-biased pseudo random number generator
US5802175Sep 18, 1996Sep 1, 1998Computer file backup encryption system and method
US6122379May 30, 1997Sep 19, 2000Deloitte & Touche Inc.Method and apparatus for performing simultaneous data compression and encryption

Referenced by

Citing PatentFiling dateIssue dateOriginal AssigneeTitle
US6751667Oct 6, 2000Jun 15, 2004Hewlett-Packard Development Company, L.P.System for generating unique identifiers in a computer network
US6795555Dec 30, 1999Sep 21, 2004Nortel Networks LimitedEncryption key exchange protocol
US6804355Jan 6, 2000Oct 12, 2004Intel CorporationBlock cipher for small selectable block sizes
US6826686Apr 14, 2000Nov 30, 2004International Business Machines CorporationMethod and apparatus for secure password transmission and password changes
US6851049Oct 2, 2000Feb 1, 2005PGP CorporationMethod and apparatus for facilitating secure anonymous email recipients
US6917685Feb 4, 1999Jul 12, 2005Meteora System Co., Ltd.IP key management mechanism with divergence barrier increasing entropy against computational crypto-analyses
US6990204Mar 26, 2001Jan 24, 2006Kabushiki Kaisha ToshibaInterface security system and method
US7110539Mar 22, 1999Sep 19, 2006Kent Ridge Digital LabsMethod and apparatus for encrypting and decrypting data
US7249181Apr 15, 2004Jul 24, 2007Hewlett-Packard Development Company, L.P.Generating unique identifiers in a computer system
US7350069Apr 18, 2003Mar 25, 2008System and method which employs a multi user secure scheme utilizing shared keys
US7376235Jul 29, 2002May 20, 2008Microsoft CorporationMethods and systems for frustrating statistical attacks by injecting pseudo data into a data system
US7382881Dec 6, 2002Jun 3, 2008Telefonaktiebolaget L M Ericsson (Publ)Lawful interception of end-to-end encrypted data traffic
US7480939Jul 6, 2001Jan 20, 20093Com CorporationEnhancement to authentication protocol that uses a key lease
US7496616Nov 12, 2004Feb 24, 2009International Business Machines CorporationMethod, apparatus and system for resistance to side channel attacks on random number generators
US7558387Apr 15, 2005Jul 7, 2009Research In Motion LimitedGathering randomness in a wireless smart card reader
US7664269Dec 15, 2004Feb 16, 2010Intel CorporationEncrypting message for secure transmission
US7792290Jul 3, 2009Sep 7, 2010Research In Motion LimitedGathering randomness in a wireless smart card reader
US7894602Mar 31, 2006Feb 22, 2011SAP AGSystem and method for generating pseudo-random numbers
US8019802Aug 23, 2006Sep 13, 2011QUALCOMM IncorporatedCryptographically secure pseudo-random number generator
US8135766Jun 2, 2008Mar 13, 2012International Business Machines CorporationMethod, apparatus and system for resistance to side channel attacks on random number generators

Claims

1. A method for generating a session key for use in electronic transmission comprising the steps of:

receiving entropy in the form of a first bit string from a first computer at a second computer, the first bit string being a first key that has previously been used in a first set of communications between two computers;
combining the entropy with a second bit string residing in the second computer to create a third bit string;
mixing the third bit string to create a fourth bit string;
using at least a portion of the fourth bit string to initialize the internal state of a random number generator residing in the second computer, thereby enabling a second key to be generated for use in a second set of communications between two computers;
generating a random number with the random number generator residing in the second computer after the internal state is initialized using at least a portion of the fourth bit string; and
creating a second key for use in a second set of communications between two computers, the second key being created using the random number generated by the random number generator residing in the second computer.

2. The method of claim 1 wherein the first key is an encryption key and the second key is an encryption key.

3. The method of claim 2 further wherein the generated random number is used as an encryption key.

4. The method of claim 1 wherein the third bit string is mixed using a one-way function.

5. The method of claim 1 wherein the second bit string comprises the internal state of the random number generator residing on the second computer.

6. The method of claim 1 further comprising the step of deleting the first bit string after the first and second bit strings have been combined.

7. The method as recited in claim 1, wherein receiving entropy comprises:

negotiating the first key with the first computer.

8. The method as recited in claim 7, the first set of communications being between the second computer and the first computer, and the second set of communications being between the second computer and a third computer.

9. A method for generating a second session key using a random number generator by initializing the internal state of a random number generator with a first session key comprising the steps of:

receiving the first session key from a first computer at a second computer;
appending the first session key to the internal state of a random number generator residing in the second computer;
mixing the appended first session key and internal state;
using at least a portion of mixed value of the first session key and the internal state of the random number generator to reinitialize the internal state of the random number generator residing in the second computer, thereby enabling a second session key to be generated;
generating a random number with the random number generator residing in the second computer after the internal state is initialized using at least a portion of the mixed value of the first session key and the internal state of the random number generator; and
creating the second session key for use in a set of communications between two computers, the second session key being created using the random number generated by the random number generator residing in the second computer.

10. The method of claim 9 wherein the first session key is a first encryption key previously used in a first session and the second session key is a second encryption key to be used in a second session.

11. The method of claim 9 wherein the first session key is mixed with the internal state of the random number generator using a one-way function.

12. The method of claim 9 wherein the first session key is negotiated by the first and second computers utilizing a key exchange protocol.

13. The method of claim 12 wherein the key exchange protocol is a Diffie-Hellman key exchange.

14. A method for generating a session key comprising the steps of:

initiating communications between a first computer and a second computer;
negotiating a first shared session key between the first and second computers;
encrypting transmissions between the first and second computers using the first session key;
appending the first session key to the internal state of a first random number generator residing on the first computer to form a first unmixed bit string;
mixing the first unmixed bit string to produce a first mixed bit string;
inputting at least a portion of the first mixed bit string into an internal state update function to update the internal state of the first random number generator residing on the first computer; and
generating a random number with the first random number generator residing on the first computer after the internal state is initialized using at least a portion of the first mixed bit string, thereby enabling a second session key to be generated; and
creating a second session key for use in a second set of communications between two computers, the second session key being created using the random number generated by the random number generator residing in the second computer.

15. The method of claim 14 wherein the first session key is an encryption key and the second session key is an encryption key.

16. The method of claim 14 further comprising the step of appending the second session key to the internal state of a second random number generator residing on the second computer to form a second unmixed bit string.

17. The method of claim 16 further comprising the step of mixing the second session key and the internal state of the second random number generator to produce a second mixed bit string.

18. The method of claim 17 further comprising the step of inputting at least a portion of the second mixed bit string into an internal state update function to update the internal state of the second random number generator residing on the second computer.

19. The method of claim 18 further comprising the step of generating a random number with the second random number generator residing on the second computer.

20. The method of claim 19 further comprising the step of using the random number generated by the second random number generator to create a third encryption key for use by the second computer in a subsequent communication.

21. A computer program embodied on a computer-readable medium for generating a session key comprising:

an initiation code segment that initiates communication between a first computer and second computer;
a negotiation code segment that generates a first shared session key between the first and second computers;
an encryption code segment that encrypts transmissions between the first and second computers using the first session key;
an append code segment that appends the first session key to the internal state of a random number generator residing on the first computer to form an unmixed bit string;
a mix code segment that mixes the unmixed bit string to produce a mixed bit string;
an input code segment that receives at least a portion of the mixed bit string into an internal state update function to update the internal state of the random number generator residing on the first computer;
a generate code segment that generates a random number with the random number generator residing on the first computer after the internal state of the random number generator is updated with at least a portion of the mixed bit string, thereby enabling a second session key to be generated for use in encrypting transmissions; and
creating a second session key for use in a second set of communications between two computers, the second session key being created using the random number generated by the random number generator residing in the first computer after the internal state of the random number generator is updated with at least a portion of the mixed bit string.

22. A method for generating a session key comprising the steps of:

receiving a first bit string at a computer transmitted from an entropy source external to the computer, the first bit string being a first key used in a first set of communications between two computers;
combining the first bit string with a second bit string residing in the computer to create a third bit string;
mixing the third bit string to create a fourth bit string;
using at least a portion of the fourth bit string to initialize the internal state of a random number generator residing in the computer, thereby enabling a second key to be generated for use in a second set of communications between two computers;
generating a random number with the random number generator residing on the computer after the internal state is initialized using at least a portion of the fourth bit string, thereby enabling a second key to be generated; and
creating a second key for use in a second set of communications between two computers, the second key being created using the random number generated by the random number generator residing in the computer.

23. The method of claim 22 wherein the first key is an encryption key and the second key is an encryption key.

24. The method of claim 22 wherein the third bit string is mixed using a one-way function.

25. The method of claim 22 wherein the first bit string is an encryption key.

26. The method of claim 22 wherein the second bit string comprises the internal state of the random number generator residing on the computer.

27. The method of claim 22 further comprising the step of erasing the first bit string after the first and second bit strings have been combined.

Drawings