Key derivation functions to enhance security
First Claim
Patent Images
1. An apparatus comprising:
- an input port to receive a master key;
an implementation of a universal hash algorithm;
an implementation of a hash algorithm;
means for generating a derivative key from said master key using the implementation of said universal hash algorithm and said hash algorithm; and
an output port to output said derivative key.
3 Assignments
0 Petitions
Accused Products
Abstract
Key derivation algorithms are disclosed. In one key derivation application, a segment of the master key is hashed. Two numbers of derived from another segment of the master key. A universal hash function, using the two numbers, is applied to the result of the hash, from which bits are selected as the derived key. In another embodiment, an encoded counter is combined with segments of the master key. The result is then hashed, from which bits are selected as the derived key.
-
Citations
79 Claims
-
1. An apparatus comprising:
-
an input port to receive a master key;
an implementation of a universal hash algorithm;
an implementation of a hash algorithm;
means for generating a derivative key from said master key using the implementation of said universal hash algorithm and said hash algorithm; and
an output port to output said derivative key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus comprising:
-
an input port to receive a master key;
a first calculator to implement a universal hash algorithm;
a second calculator to implement a hash algorithm;
a key deriver to generate a derivative key from said master key using the first calculator and the second calculator; and
an output port to output said derivative key. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus, comprising:
-
an input port to receive a master key;
a divider to divide said master key into a first segment and a second segment;
a concatenator to concatenate said first segment and a counter to produce a modified first segment;
a hasher to hash said modified first segment into a hash value;
a determiner to determine a first number and a second number from said second segment;
a calculator including an implementation of an arithmetic formula to compute a result using said hash value, said first number, and said second number; and
a bit selector to select a set of bits from said result as a derivative key. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A data security device, comprising:
-
a key deriver, including;
an input port to receive a master key;
a divider to divide said master key into a first segment and a second segment;
a concatenator to concatenate said first segment and a counter to produce a modified first segment;
a hasher to hash said modified first segment into a hash value;
a determiner to determine a first number and a second number from said second segment modulo a modulus;
a calculator including an implementation of an arithmetic formula to compute a result using said hash value, said first number, and said second number; and
a bit selector to select a set of bits from said result as a derivative key; and
an encrypter to encrypt data using said derivative key. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A method for performing key derivation, comprising:
-
hashing a master key to produce a hash value;
determining a first number and a second number from the master key;
computing a universal hash function of the hash value, the first number, and the second number to produce a result; and
selecting a derivative key from bits in the result. - View Dependent Claims (28, 29, 30, 31, 32, 33)
-
-
34. A method for encrypting a derivative key, comprising:
-
generating the derivative key, including;
dividing the master key into a first segment and a second segment;
hashing the first segment to produce a hash value;
determining a first number and a second number from the second segment;
computing a product of the first number and the hash value;
computing a sum of the product and the second number; and
computing a result as the sum modulo a modulus; and
selecting the derivative key from bits in the result; and
encrypting data using the derivative key. - View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
-
47. An apparatus, comprising:
-
an input port to receive a master key;
a combiner to combine said master key and a value to produce a modified master key;
a hasher to hash said modified master key into a hash value; and
a bit selector to select a set of bits from said hash value as a derivative key. - View Dependent Claims (48, 49, 50, 51, 52, 76)
-
-
53. A data security device, comprising:
-
a key deriver, including;
an input port to receive a master key;
a divider to divide said master key into a first segment and a second segment;
a repeater to repeat a value to form an encoded value as a longer bit pattern;
an implementation of a first bitwise binary function operative on said first segment and said encoded value to produce a first result;
an implementation of a second bitwise binary function operative on said second segment and said encoded value to produce a second result;
a combiner to combine said first result, said second result, and said encoded value to produce said modified master key;
a hasher to hash said modified master key into a hash value; and
a bit selector to select a set of bits from said result as a derivative key; and
an encrypter to encrypt data using said derivative key. - View Dependent Claims (54, 55, 56, 77)
-
-
57. A method for performing key derivation, comprising:
-
combining a master key with a value to produce a modified master key;
hashing the modified master key to produce a hash value; and
selecting a derivative key from bits in the hash value. - View Dependent Claims (58, 59, 60, 61, 62, 78)
-
-
63. A method for encrypting a derivative key, comprising:
-
combining a master key with a value to produce a modified master key;
hashing the modified master key to produce a hash value;
selecting a derivative key from bits in the hash value; and
encrypting data using the derivative key. - View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 79)
-
Specification