Method And Apparatus For Secure Cryptographic Key Generation, Certification And Use
First Claim
1. A digital wallet, secured with a user'"'"'s access code, for reproducing a confidential datum for said user, said digital wallet comprising:
- (a) a computer-implemented input for receiving a input access code;
(b) a seed derivation module operatively connected to said input, for deriving a seed usable to generate at least a portion of said confidential datum;
(c) a seed-based data generation module(i) implementing a predetermined data generation protocol that was previously used by a seed-based initialization of said confidential datum of said user,(ii) configured to generate an output datum, and(iii) said output datum reproducing said at least a portion of said user'"'"'s confidential datum if said input access code equals said user'"'"'s access code; and
(d) said generation of said output datum occurring without dependence on any storage of any form of said at least a portion of said confidential datum.
3 Assignments
0 Petitions
Accused Products
Abstract
A confidential datum, such as a private key used in public key signature systems, is secured in a digital wallet using a “generation camouflaging” technique. With this technique, the private key is not necessarily stored in the digital wallet, not even in an encrypted form. Instead, the wallet contains a private key generation function that reproduces the correct private key when the user inputs his or her pre-selected PIN. If the user inputs an incorrect PIN, an incorrect private key is outputted. Such private key can be configured so that it cannot be readily distinguished from the correct private key through the use of private key formatting, and/or the use of pseudo-public keys corresponding to the private key. The techniques described herein are also applicable to other forms of regeneratable confidential data besides private keys.
71 Citations
2 Claims
-
1. A digital wallet, secured with a user'"'"'s access code, for reproducing a confidential datum for said user, said digital wallet comprising:
-
(a) a computer-implemented input for receiving a input access code; (b) a seed derivation module operatively connected to said input, for deriving a seed usable to generate at least a portion of said confidential datum; (c) a seed-based data generation module (i) implementing a predetermined data generation protocol that was previously used by a seed-based initialization of said confidential datum of said user, (ii) configured to generate an output datum, and (iii) said output datum reproducing said at least a portion of said user'"'"'s confidential datum if said input access code equals said user'"'"'s access code; and (d) said generation of said output datum occurring without dependence on any storage of any form of said at least a portion of said confidential datum.
-
-
2-43. -43. (canceled)
Specification
-
- Resources
-
Current AssigneeCA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
-
Original AssigneeArcot Systems, Inc. (Broadcom, Inc.)
-
InventorsHird, Geoffrey R.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current380/277
-
CPC Class CodesG06F 21/62 Protecting access to data v...H04L 2209/046 of operations, operands or ...H04L 2209/20 Manipulating the length of ...H04L 2209/56 Financial cryptography, e.g...H04L 9/0869 involving random numbers or...H04L 9/3226 using a predetermined code,...H04L 9/3247 involving digital signatures
