GENERATING PUBLIC-PRIVATE KEY PAIR BASED ON USER INPUT DATA

US 20060153370A1
Filed: 08/08/2005
Published: 07/13/2006
Est. Priority Date: 01/07/2005
Status: Abandoned Application

First Claim

Patent Images

1. An invention comprising a method of providing keys of a public-private key pair, the method comprising the steps of:

(a) receiving into a computer system input data from a user;

(b) generating within the computer system a first key as a deterministic function of said received data of said step (a);

(c) clearing from the computer system said received data of said step (a) so that said received data is no longer available for generating the first key;

(d) generating within the computer system a second key as a deterministic function of said generated first key of said step (b), said generated first and second keys comprising a public-private key pair; and

(e) following said step (d) of generating said second key, clearing said generated first key from the computer system so that said generated first key is no longer available for generating the second key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Keys of a public-private key pair are provided by: receiving into a computer system input data from a user (UID); generating within the computer system a first key as a deterministic function of the UID; and generating within the computer system a second key as a deterministic function of the first key. The first key is the private key and the second key is the public key. The first key is cleared from the computer system following generation of the second key. Neither the UID nor the first key is exported from the computer system. The second key may be exported from the computer system.

Citations

38 Claims

1. An invention comprising a method of providing keys of a public-private key pair, the method comprising the steps of:
- (a) receiving into a computer system input data from a user;
  
  (b) generating within the computer system a first key as a deterministic function of said received data of said step (a);
  
  (c) clearing from the computer system said received data of said step (a) so that said received data is no longer available for generating the first key;
  
  (d) generating within the computer system a second key as a deterministic function of said generated first key of said step (b), said generated first and second keys comprising a public-private key pair; and
  
  (e) following said step (d) of generating said second key, clearing said generated first key from the computer system so that said generated first key is no longer available for generating the second key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 2. The invention of claim 1, wherein neither said received data of said step (a) nor said generated first key of said step (b) is exported from the computer system.
  - 3. The invention of claim 1, wherein, following said step (c) of clearing said received data from the computer system, the input data received from the user in said step (a) must be received again within the computer system in order to regenerate the first key within the computer system using the deterministic function of said step (b).
  - 4. The invention of claim 1, wherein said generated second key of said step (d) is a public key of the public-private key pair.
  - 5. The invention of claim 1, wherein the method further comprises the step of exporting said generated second key of said step (d) from the computer system.
  - 6. The invention of claim 5, wherein the method further comprises the step of clearing said generated second key of said step (d) from the computer system following said step of exporting said generated second key from the computer system.
  - 7. The invention of claim 1, wherein said step (c) is performed prior to performance of said step (d).
  - 8. The invention of claim 1, wherein said step (c) is performed after performance of said step (d).
  - 9. The invention of claim 1, wherein said step (c) is performed upon performance of said step (b).
  - 10. The invention of claim 1, wherein said step (c) is performed immediately upon performance of said step (b).
  - 11. The invention of claim 1, wherein said step (e) is performed upon performance of said step (d).
  - 12. The invention of claim 1, wherein said step (e) is performed immediately upon performance of said step (d).
  - 13. The invention of claim 1, wherein the deterministic function of said step (b) outputs a large integer value.
  - 14. The invention of claim 1, wherein the deterministic function of said step (b) comprises hashing said received data.
  - 15. The invention of claim 14, wherein the deterministic function of said step (b) comprises hashing multiple times said received data.
  - 16. The invention of claim 14, wherein the deterministic function of said step (b) comprises hashing multiple times said received data while folding interim hashes together.
  - 17. The invention of claim 1, wherein the deterministic function of said step (b) comprises a strong hash function.
  - 18. The invention of claim 1, wherein the method further comprises, prior to said step (d), the step of receiving elliptical curve parameters.
  - 19. The invention of claim 18, wherein said received elliptical curve parameters define an elliptical curve over a finite field.
  - 20. The invention of claim 18, further comprising the steps of, prior to said step (d), receiving elliptical curve parameters defining an elliptical curve over a finite field, and receiving a generating point on the elliptical curve defined by said received elliptical curve parameters.
  - 21. The invention of claim 20, wherein the deterministic function of said step (d) comprises multiplying the generating point by said generated first key of said step (b).
  - 22. The invention of claim 1, wherein said step (e) of clearing from the computer system said received data comprises overwriting said received data in a computer-readable medium of the computer system so that said received data no longer exists within the computer system.
  - 23. The invention of claim 22, wherein said overwriting comprises wiping.
  - 24. The invention of claim 22, wherein said overwriting comprises writing pseudo random bit strings to data blocks in which said received data was stored in the computer system.
  - 25. The invention of claim 1, wherein said step (e) of clearing from the computer system said generated first key comprises overwriting said generated first key in a computer-readable medium of the computer system so that said generated first key no longer exists within the computer system.
  - 26. The invention of claim 25, wherein said overwriting comprises wiping.
  - 28. The invention of claim 1, wherein said step (e) of clearing said generated first key occurs within a single hour of said step (b) of generating the first key.
  - 29. The invention of claim 1, wherein said step (e) of clearing said generated first key occurs within a single minute of said step (b) of generating the first key.
  - 30. The invention of claim 1, wherein said step (e) of clearing said generated first key occurs within a single second of said step (b) of generating the first key.
  - 31. The invention of claim 1, wherein said step (c) of clearing from the computer system said received data from the user occurs upon performance of said step (b) of generating the first key.
  - 32. The invention of claim 1, wherein said step (c) of clearing from the computer system said received data from the user occurs immediately upon performance of said step (b) of generating the first key.
  - 33. The method of claim 1, wherein said step of (e) clearing said generated first key occurs following expiration of a predetermined period of time.
  - 34. The method of claim 1, wherein said step of (e) clearing said generated first key occurs immediately upon expiration of a predetermined period of time.
  - 35. The method of claim 34, wherein the predetermined period of time comprises a predetermined fixed amount of time.
  - 36. The invention of claim 1, further comprising the step of utilizing the keys of the public-private key pair in an Elliptical Curve Diffie-Hellman (EC-DH) system.
  - 37. The invention of claim 1, further comprising the step of utilizing the keys of the public-private key pair in an Elliptical Curve Internet Key Exchange (EC IKE) system.
  - 38. The invention of claim 1, further comprising a computer-readable medium having computer-executable instructions for performing the method.

27. The invention of 25, wherein said overwriting comprises writing pseudo random bit strings to data blocks in which said generated first key of said step (b) was stored in the computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Beeson, Curtis Linn

Application Number

US11/161,563
Publication Number

US 20060153370A1
Time in Patent Office

Days
Field of Search
US Class Current

380/30
CPC Class Codes

H04L 9/3073 involving pairings, e.g. id...

H04L 9/3252 using DSA or related signat...

GENERATING PUBLIC-PRIVATE KEY PAIR BASED ON USER INPUT DATA

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

GENERATING PUBLIC-PRIVATE KEY PAIR BASED ON USER INPUT DATA

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links