Methods and Systems to Create Big Memorizable Secrets and Their Applications in Information Engineering
First Claim
Patent Images
1. A method to create big and yet memorizable (or mnemonic) secret as password and passphrase beyond 128 bits for various applications in information engineering, especially MePKC (Memorizable Public-Key Cryptography) using fully memorizable private key, by selecting and using one or a hybrid combination of the listed options here, wherein they are consisting of:
- (a) using self-created signature-like Han character of CLPW (Chinese Language Password) and CLPP (Chinese Language Passphrase) characterized by phonetic encoding of hanyu pinyin, structural encoding of sijiao haoma (aka four-corner method), textual semantic noises, uniquely self-created signature-like symbol, and higher randomness;
(b) using two-dimensional key (2D key) characterized by possible key styles of multiline passphrase, crossword, ASCII art/graphics, Unicode art/graphics, colorful text, sensitive input sequence, as well as partially, fully, and extraordinary filled in user-selected matrix-like 2D field;
(c) using multilingual key characterized by black-and-white or colorful Unicode graphic symbols for a key space in tabular pages with optional grid partitioning;
(d) using multi-tier geo-image key characterized by a generated graphical password/key from series of geographical images called geo-images, and textual password/key of normal text hinted by the geo-images; and
(e) using multi-factor key using software token characterized by the feature, where for 2n-bit MePKC, an n-bit symmetric key can use n-bit symmetric cipher to encrypt a 2n-bit hash of various digital multimedia data like random or non-random bitstream, text, image, audio, animation, or video.
0 Assignments
0 Petitions
Accused Products
Abstract
Main invention is methods and systems to create big and yet memorizable secret, which are later applied into many novel and innovated applications in information engineering. Among the big secret creation methods are (i) self-created signature-like Chinese character, (ii) two-dimensional key (2D key), (iii) multilingual key, (iv) multi-tier geo-image key, (v) multi-factor key using software token, and their hybrid combinations. Multihash key using hash iteration and hash truncation is further used to increase number of created secret for multiple offline and online accounts. Besides, multihash signature using multiple hash values of a message from different hash iteration provides object-designated signature function. The object may be recipient, action, feature, function, meaning, etc., as representation. Also, random space steganography using stego-data with random noise insertion is proposed. The main application of big memorizable secret is MePKC (Memorizable Public-Key Cryptography) using fully memorizable private key. Here, 160- to 512-bit MePKC can be realized.
-
Citations
7 Claims
-
1. A method to create big and yet memorizable (or mnemonic) secret as password and passphrase beyond 128 bits for various applications in information engineering, especially MePKC (Memorizable Public-Key Cryptography) using fully memorizable private key, by selecting and using one or a hybrid combination of the listed options here, wherein they are consisting of:
-
(a) using self-created signature-like Han character of CLPW (Chinese Language Password) and CLPP (Chinese Language Passphrase) characterized by phonetic encoding of hanyu pinyin, structural encoding of sijiao haoma (aka four-corner method), textual semantic noises, uniquely self-created signature-like symbol, and higher randomness; (b) using two-dimensional key (2D key) characterized by possible key styles of multiline passphrase, crossword, ASCII art/graphics, Unicode art/graphics, colorful text, sensitive input sequence, as well as partially, fully, and extraordinary filled in user-selected matrix-like 2D field; (c) using multilingual key characterized by black-and-white or colorful Unicode graphic symbols for a key space in tabular pages with optional grid partitioning; (d) using multi-tier geo-image key characterized by a generated graphical password/key from series of geographical images called geo-images, and textual password/key of normal text hinted by the geo-images; and (e) using multi-factor key using software token characterized by the feature, where for 2n-bit MePKC, an n-bit symmetric key can use n-bit symmetric cipher to encrypt a 2n-bit hash of various digital multimedia data like random or non-random bitstream, text, image, audio, animation, or video. - View Dependent Claims (2)
-
-
3. A method to generate multiple storage-free slave keys from a single memorizable master key called multihash key to further boost up the number of created big memorizable secrets or work independently, wherein there are:
-
(a) optional unique feature called binding identity having partial master key to be concatenated with domain name and/or ID (aka identity) to tie up the master key with unique user identity; (b) unique feature called hash truncation, creating a first discarded half portion of hash value, that is hard to be retrieved by password cracker, and a second ephemeral half portion of hash value as a slave key, that is preferably a hard problem for brute force attack of password guessing; (c) a first basic model of multihash key is characterized by using hash iteration, hash truncation, and CSPRBG (Cryptographically Secure Pseudo-Random Bit Generator) supporting infinite online account and finite offline accounts like 20, 32, etc.; (d) a second improved model of multihash key characterized by using filename, random number, or two-tier structure to support more offline accounts; (e) a third improved model of mutlihash key as the first variant characterized by using a combination of multi-tier multihash key for the combination selection of intermediate slave keys to generate the final slave key; (f) a fourth improved model of multihash key as the second variant characterized by using a permutation of some slave keys in the mono-tier multihash key keys to generate the final slave key; and (g) a fifth improved model of multihash key as the third variant characterized by using a hybrid combination of multi-tier and permutation of some slave keys at the same tier to generate the final slave key.
-
-
4. A method to generate object-designated signature message with specific meaning, function, or recipient called multihash signature to be used independently or together with the methods to create big and yet memorizable secret for various applications in information engineering, wherein the features are characterized by:
-
(a) using a single asymmetric key pair signing over a single message source to generate multiple unique digital signatures based on different round of hash iteration over the single message; (b) defined representation like designated receiver, functions like referral, and meanings like cheque validity status; (c) possible anonymous identity, and representation of object, action, feature, function, meaning, etc., as a representation; (d) avoidance of name clashing and rename problem for stronger collision resistance strength; and (e) recipient non-repudiation, where the recipient as a second signer signs the received signature using one'"'"'s private key to create an acknowledgment message sent to the originator of object-designated signature message as the first signor.
-
-
5. A method, called here as random space steganography, to harden the identification of embedded data in steganography although stego-data has been detected, wherein characterized by:
-
(a) using the big and yet memorizable secret generation methods to resist stego-key searching; (b) using both asymmetric and symmetric key cryptography to boost up the security strength of steganography; (c) embedding the encrypted data and symmetric key into the space of cover data, together with random noise insertion into the vacant space of cover data, to form stego-data, like stego-image, randomly, by using an asymmetric key pair and stego-key; (d) retrieving the embedded data by using the stego-key, asymmetric key pair, and symmetric key from stego-data; (e) frequently broadcasting the dummy stego-data with noises as the embedded data to paralyze the detection of actual stego-data; and (f) using the sources of cover data from the possible multimedia file formats like bitstream, text, audio, animation, video, or their hybrid combinations.
-
-
6. A method to enable stronger public key certificate with one or more asymmetric key pairs per user, wherein there are features characterized by:
-
(a) using digital certificate with more than one asymmetric key pair for different protection periods and password throttling; (b) using three-tier MePKC digital certificates for ladder authentication; and (c) boosting up the trust level of MePKC digital certificate by using more than one certification authority (CA) and/or introducer of trust of web.
-
-
7. A system comprising a single computing device like computer, or multiple computers forming a computer communications network, or networked system, for implementing the generation methods of big memorizable secret, multihash key, multihash signature, or random space steganography, wherein:
-
(a) the computing devices are characterized by any possible things having CPU (Central Processing Unit), main memory, and I/O (Input/Output) devices connected by some system interconnection bus; and (b) the networked system is characterized by any possible computing networks like PAN (Personal Area Network), LAN (Local Area Network) (of home, company, school, etc.), CAN (Campus Area Network), MAN (Metropolitan Area Network), WAN (Wide Area Network), Internet, or any other types of computer communications network.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeKok-Wah Lee
-
Original AssigneeKok-Wah Lee
-
InventorsLee, Kok-Wah
-
Application NumberUS12/921,155Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current713/183CPC Class CodesH04L 2209/42 Anonymization, e.g. involvi...H04L 2209/463 Electronic votingH04L 2209/56 Financial cryptography, e.g...H04L 2209/80 WirelessH04L 9/0844 with user authentication or...H04L 9/3218 using proof of knowledge, e...H04L 9/3226 using a predetermined code,...H04L 9/3247 involving digital signaturesH04L 9/3263 involving certificates, e.g...H04L 9/50 using hash chains, e.g. blo...
