MULTIPLE CRYPTOGRAPHIC KEY PRECOMPUTE AND STORE
First Claim
1. A method of providing cryptographic parameters for use in cryptographic applications in response to requests therefor, comprising the steps of:
- pre-computing one or more different types of sets of cryptographic parameters, each said type of set being adapted for use by an associated type of cryptographic application, and each said type of set including an associated modulus n having an associated length L, each said modulus n being a composite number generated from the product of an associated number k of randomly generated distinct prime number values p1, p2, . . . pk, wherein k≧
2;
securely storing said pre-computed sets of cryptographic parameters in a memory storage unit;
receiving a request for a set of cryptographic parameters having specified characteristics for use in a particular cryptographic application, said characteristics including a specified length of a requested modulus and a specified number of prime number values constituting prime factors of said requested modulus;
determining one of said sets of cryptographic parameters stored In said memory storage unit that has specified characteristics;
accessing said determined set of cryptographic parameters from said memory storage unit; and
providing said determined set of cryptographic parameters with minimal latency.
15 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus provides cryptographic parameters for use in cryptographic applications in response to requests therefor. The method includes the steps of: pre-computing one or more different types of sets of cryptographic parameters, each the type of set being adapted for use by an associated type of cryptographic application; securely storing the pre-computed sets of cryptographic parameters in a memory storage unit; receiving a request for a set of cryptographic parameters having specified characteristics for use in a particular cryptographic application; determining one of the sets of cryptographic parameters stored in the memory storage unit that has specified characteristics; accessing the determined set of cryptographic parameters from the memory storage unit; and providing the determined set of cryptographic parameters with minimal latency.
134 Citations
53 Claims
-
1. A method of providing cryptographic parameters for use in cryptographic applications in response to requests therefor, comprising the steps of:
-
pre-computing one or more different types of sets of cryptographic parameters, each said type of set being adapted for use by an associated type of cryptographic application, and each said type of set including an associated modulus n having an associated length L, each said modulus n being a composite number generated from the product of an associated number k of randomly generated distinct prime number values p1, p2, . . . pk, wherein k≧
2;
securely storing said pre-computed sets of cryptographic parameters in a memory storage unit;
receiving a request for a set of cryptographic parameters having specified characteristics for use in a particular cryptographic application, said characteristics including a specified length of a requested modulus and a specified number of prime number values constituting prime factors of said requested modulus;
determining one of said sets of cryptographic parameters stored In said memory storage unit that has specified characteristics;
accessing said determined set of cryptographic parameters from said memory storage unit; and
providing said determined set of cryptographic parameters with minimal latency. - View Dependent Claims (2, 3, 10, 11, 12, 13, 14, 15)
-
- 4. (canceled)
-
16. A method of providing cryptographic parameters for use in cryptographic applications in response to requests therefor, comprising the steps of:
-
pre-computing one or more different types of sets of cryptographic parameters, each said type of set being adapted for use by an associated type of cryptographic application using an associated public key exponent value e, each said set of an associated type including, an associated modulus n having an associated length L and being a composite number generated from the product of an associated number k of randomly generated distinct and suitable prime number values p1, p2, . . . pk, wherein k≧
1,an associated public key exponent value e, an associated private key exponent value d determined based on the associated prime number values p1, p2, . . . pk and the associated public key exponent value e, a set of sub-task private exponents d1, d2, . . . dk that are pre-computed based on the associated prime number values p1, p2, . . . pk and the associated private key exponent value d, and at least one set of Chinese Remainder Algorithm coefficients pre-computed based on said associated prime number values p1, p2, . . . pk;
securely storing said different types of sets of cryptographic parameters in a memory storage unit;
receiving a request for a specified type of set of cryptographic parameters having specified characteristics for use in a particular cryptographic application, said specified characteristics including, a specified length L of a requested modulus N that is to be a composite number generated as a product of an associated specified number of prime number values, a specified public key exponent value e, and a specified type of Chinese Remainder Algorithm being used by the particular cryptographic application;
determining one of said sets of cryptographic parameters stored in said memory storage unit that has said specified characteristics;
accessing said determined set of cryptographic parameters from said memory storage unit; and
providing said determined set of cryptographic parameters with minimal latency.
-
-
17. A method for providing prime number values with minimal latency in response to requests therefor, comprising the steps of:
-
pre-computing a plurality of random distinct prime number values that are suitable for use in a cryptographic security application;
securely storing said pre-computed prime number values in a memory storage unit;
receiving a request for at least one prime number value to be used in a particular cryptographic application, said request including information indicating a specified number of requested prime number values;
accessing at least one of said securely stored prime number values from said memory storage unit; and
providing said at least one accessed prime number value with minimal latency In response to said request. - View Dependent Claims (18)
-
-
19. (canceled)
-
20. A system for providing cryptographic parameters for use In cryptographic applications in response to requests therefor, comprising:
-
means for pre-computing one or more different types of sets of cryptographic parameters, each said type of set being adapted for use by an associated type of cryptographic application, and each said type of set including an associated number k of randomly generated distinct prime number values that are suitable for use in an associated type of cryptographic application, wherein k≧
1;
memory storage means for securely storing said pre-computed sets of cryptographic parameters;
means for receiving a request for a set of cryptographic parameters having specified characteristics for use in a particular cryptographic application, said characteristics including a specified number of requested prime number values;
means for determining one of said sets of cryptographic parameters stored in said memory storage unit that has specified characteristics;
means for accessing said determined set of cryptographic parameters from said memory storage unit; and
means for providing said determined set of cryptographic parameters with minimal latency. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
21. (canceled)
-
38. A server system operative to precompute prime numbers and securely store the precomputed prime numbers for later use, comprising:
-
a server computing system communicatively coupled with a plurality of remote clients via a network, and being responsive to requests for randomly generated prime numbers each being associated with ones of said remote clients, each of said requests including a specified number of prime number values and a specified length of each of said prime number values;
a prime number generation unit communicatively coupled with said server computing system and providing for precomputing a plurality of randomly generated prime numbers, said prime number generation unit being configured to be protected within a logical and physical security boundary; and
a secure memory unit protected within said security boundary and being communicatively coupled with said server computing system and said prime number generation unit, said secure memory unit providing for storage of said pre-computed prime numbers;
said server computing system being operative to access said prime numbers stored in said secure memory unit, and to provide said prime numbers with minimal latency in response to said requests for randomly generated prime numbers. - View Dependent Claims (39)
-
-
40. A server system for processing cryptographic transactions and for providing prime number values in response to user requests therefor, comprising:
-
a server computing system operative communicatively coupled with a plurality of remote clients via a network, and including a queuing means for storing a plurality of queued job requests including cryptographic transaction job requests, and prime number requests having associated length parameters specifying a length for a randomly generated prime number, said server computing system being operative to determine a number of prime number requests and a number of transaction job requests currently stored in said queuing means;
a cryptographic processing unit communicatively coupled with said server computing system, and being operative to search for randomly generated prime numbers and to process cryptographic transactions in response to requests therefor;
at least one exponentiation unit communicatively coupled with said cryptographic processing unit and providing exponentiation resources for use in searching for randomly generated prime numbers and In processing cryptographic transactions; and
a storage means communicatively coupled with said cryptographic unit for storing said randomly generated prime numbers;
said cryptographic unit also being operative to perform the steps of, determining a number of pre-computed prime numbers currently stored in the local secure memory unit;
based on the number of prime number requests and cryptographic transaction job requests currently stored in the queuing unit, and the number of cryptographic key values currently stored in the storage unit, dynamically allocating a first portion of said exponentiation resources for prime number searching, and a second portion of the total exponentiation resources for processing cryptographic transactions, performing prime number searching functions in response to said prime number requests and associated length parameters, said number searching functions including randomly generating at least one random odd number having the specified length, and performing at least one probabilistic primality test on said random number, each of said primality tests including an associated exponentiation operation executed using said first dynamically allocated portion of the said exponentiation resources, and performing cryptographic transaction processing functions in response to said cryptographic transaction job requests using said second dynamically allocated portion of said exponentiation resources. - View Dependent Claims (41)
-
-
42. In a server system for processing cryptographic transactions and for providing randomly generated prime numbers in response to requests therefor, the server system including a computing system operative to communicate with a plurality of remote clients via a network, a memory storage unit for storing said randomly generated prime numbers, a queuing unit for storing a plurality of queued job requests including cryptographic transaction job requests, and prime number requests having associated length parameters specifying a length for a randomly generated prime number to be provided, and at least one exponentiation unit communicatively coupled with said cryptographic unit and providing exponentiation resources for use in searching for randomly generated prime numbers and in processing cryptographic transactions, a process of dynamically allocating portions of said exponentiation resources for processing cryptographic transactions and for searching for randomly generated prime numbers, comprising the steps of:
-
determining a number of prime number requests and a number of cryptographic transaction job requests currently stored in the queuing unit;
determining a number of pre-computed prime numbers currently stored in the memory unit; and
based on said number of prime number requests and said number of cryptographic transaction job requests currently stored in the queuing unit, and said number of prime numbers currently stored in the memory unit, determining portions of said exponentiation resources to be dynamically allocated for prime number searching, and for processing cryptographic transactions.
-
-
43. In a server system for processing cryptographic transactions and for providing randomly generated prime numbers in response to requests therefor, the server system including a computing system operative to communicate with a plurality of remote clients via a network, a memory storage unit for storing said randomly generated prime numbers, a queuing unit for storing a plurality of queued job requests including cryptographic transaction job requests, and prime number requests having associated length parameters specifying a length for a randomly generated prime number to be provided, and at least one exponentiation unit communicatively coupled with said cryptographic unit and providing exponentiation resources for use in searching for randomly generated prime numbers and in processing cryptographic transactions, a software system for dynamically allocating portions of said exponentiation resources for processing cryptographic transactions and for searching for randomly generated prime numbers, comprising:
-
a first module for determining a number of prime number requests and a number of cryptographic transaction job requests currently stored in the queuing unit;
a second module operative to determine a number of pre-computed prime numbers currently stored In the memory unit;
a third module operative to determine a portion of said exponentiation resources to be dynamically allocated for prime number searching, and a portion of said exponentiation resources to be dynamically allocated for processing cryptographic transactions based on said number of prime number requests and said number of cryptographic transaction job requests currently stored in the queuing unit, and based on said number of prime numbers currently stored in the memory unit;
a fourth module operative to perform prime number searching functions in response to said prime number requests and associated length parameters, said number searching functions including randomly generating at least one random odd number having the specified length, and performing at least one probabilistic primality test on said random number, each of said primality tests including an associated exponentiation operation executed using said first dynamically allocated portion of the said exponentiation resources, and a fifth module operative to perform cryptographic transaction processing functions in response to said cryptographic transaction job requests using said second dynamically allocated portion of said exponentiation resources.
-
-
44. A method, comprising:
-
storing on a server a set of cryptographic parameters suitable for generating a cryptographic key;
receiving a request from a client for a cryptographic parameter, the request comprising a specified cryptographic parameter characteristic;
comparing the specified characteristic to a stored cryptographic parameter characteristic within the stored set of cryptographic parameters;
providing the requested cryptographic parameter to the client If the specified characteristic matches the stored characteristic; and
generating at the client the cryptographic key using the provided cryptographic parameter. - View Dependent Claims (45, 46, 47, 48)
-
-
49. A computer, comprising:
-
a processor; and
a memory coupled to the processor, the memory used to store a set of cryptographic parameters usable to generate a cryptographic key;
wherein the processor receives a request from a second computer for a plurality of cryptographic parameters, said request includes a specified cryptographic parameter characteristic;
wherein the processor provides the requested plurality of cryptographic parameters in response to the requests; and
wherein at least one of the plurality of requested cryptographic parameters comprises a modulus generated from a plurality of distinct randomly generated prime numbers. - View Dependent Claims (50, 51, 53)
-
-
52. (canceled)
Specification