Methods and systems for entropy collection for server-side key generation
First Claim
Patent Images
1. A method of generating credentials for a token, the method comprising:
- detecting the token and the server determining that the token is to be enrolled;
generating a subject key pair within the server based on a plurality of sources of entropy, wherein the subject key pair includes a subject public key and the subject private key;
encrypting the subject private key with a key transport session key to arrive at a wrapped private key; and
forwarding the wrapped private key to the token.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide a multiple source entropy feed for a PRNG that is used to generate server-side encryption keys. In particular, embodiments of the present invention provide a data recovery manager that collects additional entropy sources that feed into the PRNG between each key generation. The entropy may be collected from a variety of sources, for example, high-resolution timer intervals between input/output interrupts, hard disk access operations, and the like. The number of bits of entropy collected may be configured for each key generation.
164 Citations
27 Claims
-
1. A method of generating credentials for a token, the method comprising:
-
detecting the token and the server determining that the token is to be enrolled; generating a subject key pair within the server based on a plurality of sources of entropy, wherein the subject key pair includes a subject public key and the subject private key; encrypting the subject private key with a key transport session key to arrive at a wrapped private key; and forwarding the wrapped private key to the token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for generating credentials for a token, the system comprising:
-
a token; a security client configured to manage the token; and a security server configured to interface with the security client, wherein the security server is configured to detect the token to be enrolled by the security server, generate a subject key pair within the security server based on a plurality of sources of entropy, wherein the subject key pair includes a subject public key and the subject private key;
encrypt the subject private key with a key transport session key to arrive at a wrapped private key; and
forward the wrapped private key to the token. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification