Methods and systems for generating encryption keys using random bit generators
First Claim
1. In a network system that includes a first computer system network connectable to a second computer system, the first computer system capable of encrypting data, a method of the first computer system encrypting data so as to guard against eavesdropping and brute force attacks, the method comprising the following:
- an act of securely negotiating a master secret with the second computer system;
an act of generating a random bit sequence;
an act of including the random bit sequence in a seed to generate a random seed;
an act of inputting the master secret and the random seed into a key generation module to generate a key;
an act of using the key to encrypt data; and
an act of including the encrypted data and the random seed in a data structure.
2 Assignments
0 Petitions
Accused Products
Abstract
A security key, such as an encryption key, is generated so as to make it more difficult for eavesdroppers to identify the key. Specifically, a cryptographically secure random number generator generates a random bit sequence that is included in a seed. This random seed is provided along with a negotiated master secret to a key generation module. The key generation module may implement a pseudo random function that is in accordance with the Transport Layer Security (TLS) protocol or the Wireless Transport Layer Security (WTLS) protocol. This key may then be used to encrypt a plain text message to form an encrypted data packet. The encrypted data packet also includes the random seed in unencrypted form. The encrypted data packet may be transmitted over a public network to a recipient with reduced risk of eavesdropping.
-
Citations
35 Claims
-
1. In a network system that includes a first computer system network connectable to a second computer system, the first computer system capable of encrypting data, a method of the first computer system encrypting data so as to guard against eavesdropping and brute force attacks, the method comprising the following:
-
an act of securely negotiating a master secret with the second computer system;
an act of generating a random bit sequence;
an act of including the random bit sequence in a seed to generate a random seed;
an act of inputting the master secret and the random seed into a key generation module to generate a key;
an act of using the key to encrypt data; and
an act of including the encrypted data and the random seed in a data structure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 17, 18, 19, 20, 21, 22, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
13. A computer program product for use in a network system that includes a first computer system network connectable to a second computer system, the computer program product for implementing a method of the first computer system encrypting data so as to guard against eavesdropping and brute force attacks, the computer program product comprising a computer-readable medium having stored thereon the following:
-
computer-executable instructions for performing an act of securely negotiating a master secret with the second computer system;
computer-executable instructions for performing an act of generating a random bit sequence;
computer-executable instructions for performing an act of including the random bit sequence in a seed to generate a random seed;
computer-executable instructions for performing an act of inputting the master secret and the random seed into a key generation module to generate a key;
computer-executable instructions for performing an act of using the key to encrypt data; and
computer-executable instructions for performing an act of including the encrypted data and the random seed in a data structure.
-
-
15. In a network system that includes a first computer system network connectable to a second computer system, the first computer system capable of encrypting data, a method of the first computer system encrypting data so as to guard against eavesdropping and brute force attacks, the method comprising the following:
-
an act of securely negotiating a master secret with the second computer system;
a step for generating a key using the master secret and the random seed so that the master secret and key are difficult for an eavesdropper to identify;
an act of using the key to encrypt data; and
an act of including the encrypted data and the random seed in a data structure.
-
-
23. In a network system that includes a first computer system network connectable to a second computer system, a method of the second computer system decrypting a data packet that was transmitted to the second computer system by the first computer system, the data packet being encrypted so as to guard against eavesdropping and brute force attacks, the method comprising the following:
-
an act of securely negotiating a master secret with the first computer system;
an act of receiving a data packet from the first computer system;
an act of reading a random seed from the data packet received from the first computer system, the random seed including a random bit sequence generated by a random number generator;
an act of inputting the master secret and the random seed into a key generation module to generate a key; and
an act of using the key to decrypt the data packet.
-
-
33. A computer program product for use in a network system that includes a first computer system network connectable to a second computer system, the computer program product for implementing a method of the second computer system decrypting a data packet that was transmitted to the second computer system by the first computer system, the data packet being encrypted so as to guard against eavesdropping and brute force attacks, the computer program product comprising a computer-readable medium having stored thereon the following:
-
computer-executable instructions for performing an act of securely negotiating a master secret with the first computer system;
computer-executable instructions for performing an act of detecting the receipt of a data packet from the first computer system;
computer-executable instructions for performing an act of reading a random seed from the data packet received from the first computer system, the random seed including a random bit sequence generated by a random number generator;
computer-executable instructions for performing an act of inputting the master secret and the random seed into a key generation module to generate a key; and
computer-executable instructions for performing an act of using the key to decrypt the data packet. - View Dependent Claims (34)
-
-
35. In a network system comprising a plurality of server computer system connectable through a network with a plurality of client computer systems, the network system comprising the following:
-
a server computer system configured to securely negotiate a master secret with a client computer system, generate and include a random bit sequence in a seed to generate a random seed, input the master secret and the random seed into a server-side key generation module to generate a key, use the key to encrypt a data packet, and transmit the data packet to the client computer system; and
the client computer system, the client computer system further configured to receive the data packet from the server computer system, read the random seed from the data packet, input the master secret and the random seed into a client side key generation module to generate a key, and decrypt the data packet.
-
Specification