Method for generating public and private key pairs without using a passphrase

US 5,201,000 A
Filed: 09/27/1991
Issued: 04/06/1993
Est. Priority Date: 09/27/1991
Status: Expired due to Term

First Claim

Patent Images

1. In a data processing system, a method for managing a public key cryptographic system which includes a public key, private key pair generator, comprising the steps of:

generating a first public key, private key pair signal in a generating means using a first seed value known to a user, and generating a first control vector signal defining a first use of said first public key, private key pair signal;

wherein said first seed value is generated from a passphrase;

generating a second public key, private key pair signal using a second seed value unknown to the user, and generating a second control vector signal defining a second use of said second public key, private key pair signal;

controlling the use of said first public key, private key pair signal in controlling means using said first control vector signal; and

controlling the use of said second public key, private key pair signal with said second control vector signal.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing system, program and method are disclosed for managing a public key cryptographic system which includes a public key, private key pair generator. The method includes the step of generating a first public key, private key pair using a first seed value known to a user, the first seed value being generated from a passphrase. A first random number is generated using the first seed value and applied to generating the first key pair. The method then generates a first control vector defining a first use of the first public key, private key pair.

The method then continues with the step of generating a second public key, private key pair using a second seed value unknown to the user, the second seed value being a true random number. The second random number is generated using the second seed value in a pseudorandom number generator and applied to generating the second key pair. The method generates a second control vector defining a second use of the second public key, private key pair.

The method then controls the use of the first public key, private key pair using the first control vector and controls the use of the second public key, private key pair with the second control vector.

Citations

39 Claims

1. In a data processing system, a method for managing a public key cryptographic system which includes a public key, private key pair generator, comprising the steps of:
- generating a first public key, private key pair signal in a generating means using a first seed value known to a user, and generating a first control vector signal defining a first use of said first public key, private key pair signal;
  
  wherein said first seed value is generated from a passphrase;
  
  generating a second public key, private key pair signal using a second seed value unknown to the user, and generating a second control vector signal defining a second use of said second public key, private key pair signal;
  
  controlling the use of said first public key, private key pair signal in controlling means using said first control vector signal; and
  
  controlling the use of said second public key, private key pair signal with said second control vector signal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein said second seed value is a pseudorandom number.
  - 3. The method of claim 1, which further comprises the steps of:
    - generating a first random number using said first seed value and applying said first random number to said first generation step.
  - 4. The method of claim 1, which further comprises:
    - generating a second random number using said second seed value in a pseudorandom number generator and applying said second random number to said second generation step.
  - 5. The method of claim 1, wherein said first control vector signal has two components, a first public key control vector portion for controlling the use of said first public key and a first private key control vector portion for controlling the use of said first private key.
  - 6. The method of claim 1, wherein said second control vector signal has two components, a second public key control vector portion for controlling said second public key and a second private key control vector portion for controlling said second private key.
  - 7. The method of claim 1, wherein said first control vector signal controls said first private key to limit its use to the generation of digital signatures;
    - andsaid second control vector signal controls said second private key to limit its use to the generation of digital signatures and to decrypt encrypted keys received as part of a key distribution protocol.
  - 8. The method of claim 7, wherein said first control vector signal limits the use of said first public key to the verification of digital signatures and said second control vector signal limits the use of said second public key to the verification of digital signatures and to the encryption of keys in a key distribution protocol.
  - 9. The method of claim 1, wherein said first control vector signal controls the generation of a digital signature with said first private key and said second control vector signal prohibits the use of said second private key from the generation of digital signatures.

10. In a data processing system, a method for managing a public key cryptographic system including a public key, private key pair generator, comprising the steps of:
- generating a first random number using a first seed value derived from a passphrase;
  
  generating a second random number using a second seed value unknown to a user;
  
  generating a first public key, private key pair signal in a generating means using said first random number and generating a first public key control vector signal and a first private key control vector signal for defining a first use of said first public key and of said first private key, respectively;
  
  generating a second public key, private key pair signal using said second random number and generating a second public key control vector signal and a second private key control vector signal for defining a second use of said second public key and of said second private key, respectively;
  
  controlling the use of said first public key and said first private key in controlling means using said first public key control vector signal and said first private key control vector signal, respectively;
  
  controlling the use of said second public key and said second private key using said second public key control vector signal and said second private key control vector signal, respectively.

11. In a data processing system, a method for managing a cryptographic system having a key generator, comprising the steps of:
- generating a first random number using a first seed value derived from a passphrase;
  
  generating a second random number using a second seed value unknown to the user;
  
  generating a first key signal in a generating means using said first random number and generating a first control vector signal for controlling the use of said first key signal;
  
  generating a second key signal using said second random number and generating a second control vector signal controlling a second use of said second key signal;
  
  controlling the use of said first key signal in control means with said first control vector signal;
  
  controlling the use of said second key signal with said second control vector signal;
  
  said first use of said first key signal being different from said second use of said second key signal.

12. In a data processing system, a method for managing a public key cryptographic system including a public key, private key pair generator, comprising the steps of:
- generating a random number signal in a generation means using a first seed value derived from a passphrase; and
  
  generating and outputting a public key, private key pair signal in said generation means using said random number signal and generating a first control vector signal for said public key and a second control vector signal for said private key, said first control vector signal controlling the use of said public key and said second control vector signal controlling the use of said private key.

13. In a data processing system, a method for managing a public key cryptographic system, including a public key, private key pair generator, comprising the steps of:
- generating a random number signal in a generation means using a seed value derived from a passphrase; and
  
  generating and outputting a public key and a private key pair signal in said generation means using said random number signal.

14. In combination, a data processing system and a program for managing a public key cryptographic system which includes a public key, private key pair generator, said program being executed on said data processing system, said combination performing a method comprising the steps of:
- generating a first public key, private key pair signal in a generating means using a first seed value known to a user, and generating a first control vector signal defining a first use of said first public key, private key pair signal;
  
  wherein said first seed value is generated from a passphrase;
  
  generating a second public key, private key pair signal using a second seed value unknown to the user, and generating a second control vector signal defining a second use of said second public key, private key pair signal;
  
  outputting first output signals for controlling the use of said first public key, private key pair signal in a controlling means using said first control vector signal; and
  
  outputting second output signals for controlling the use of said second public key, private key pair signal with said second control vector signal.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The combination of claim 14, wherein said second seed value is a pseudorandom number.
  - 16. The combination of claim 14, which further comprises, when executed on said data processing system, performing the steps of:
    - generating a first random number using said first seed value and applying said first random number to said first generation step.
  - 17. The combination of claim 14, which further comprises, when executed on said data processing system, performing the steps of:
    - generating a second random number using said second seed value in a pseudorandom number generator and applying said second random number to said second generation step.
  - 18. The combination of claim 14, wherein said first control vector signal has two components, a first public key control vector portion for controlling the use of said first public key and a first private key control vector portion for controlling the use of said first private key.
  - 19. The combination of claim 14, wherein said second control vector signal has two components, a second public key control vector portion for controlling said second public key and a second private key control vector portion for controlling said second private key.
  - 20. The combination of claim 14, wherein said first control vector signal controls said first private key to limit its use to the generation of digital signatures;
    - andsaid second control vector signal controls said second private key to limit its use to the generation of digital signatures and to decrypt encrypted keys received as part of a key distribution protocol.
  - 21. The combination of claim 20, wherein said first control vector signal limits the use of said first public key to the verification of digital signatures and said second control vector signal limits the use of said second public key to the verification of digital signatures and to the encryption of keys in a key distribution protocol.
  - 22. The combination of claim 14, wherein said first control vector signal controls the generation of a digital signature with said first private key and said second control vector signal prohibits the use of said second private key from the generation of digital signatures.

23. In combination, a data processing system and a program for managing a public key cryptographic system including a public key, private key pair generator, said program being executed on said data processing system, said combination performing a method comprising the steps of:
- generating a first random number using a first seed value derived from a passphrase;
  
  generating a second random number using a second seed value unknown to a user;
  
  generating a first public key, private key pair signal in a generating means using said first random number and generating a first public key control vector signal and a first private key control vector signal for defining a first use of said first public key and of said first private key, respectively;
  
  generating a second public key, private key pair signal using said second random number and generating a second public key control vector signal and a second private key control vector signal for defining a second use of said second public key and of said second private key, respectively;
  
  outputting first output signals for controlling the use of said first public key and said first private key in controlling means using said first public key control vector signal and said first private key control vector signal, respectively;
  
  outputting second output signals for controlling the use of said second public key and said second private key using said second public key control vector signal and said second private key control vector signal, respectively.

24. In combination, a data processing system and a program for managing a cryptographic system having a key generator, said program being executed on said data processing system, said combination performing a method comprising the steps of:
- generating a first random number using a first seed value derived from a passphrase;
  
  generating a second random number using a second seed value unknown to the user;
  
  generating a first key signal in a generating means using said first random number and generating a first control vector signal for controlling the use of said first key signal;
  
  generating a second key signal using said second random number and generating a second control vector signal controlling a second use of said second key signal;
  
  outputting first signals for controlling the use of said first key signal in control means with said first control vector signal;
  
  outputting second signals for controlling the use of said second key signal with said second control vector signal;
  
  said first use of said first key signal being different from said second use of said second key signal.

25. In combination, a data processing system and a program for managing a public key cryptographic system including a public key, private key pair generator, said program being executed on said data processing system, said combination performing a method comprising the steps of:
- generating a random number signal in a generation means using a first seed value derived from a passphrase; and
  
  generating and outputting a public key, private key pair signal in said generating means using said random number and generating a first control vector signal for said public key and a second control vector signal for said private key;
  
  and outputting said first control vector signal for controlling the use of said public key and said second control vector signal for controlling the use of said private key.

26. In combination, a data processing system and a program for managing a public key cryptographic system, including a public key, private key pair generator, said program being executed on said data processing system, said combination performing a method comprising the steps of:
- generating a random number signal in a generation means using a seed value derived from a passphrase; and
  
  generating and outputting a public key and a private key pair signal in said generation means using said random number signal.

27. In a data processing system, an apparatus for managing a public key cryptographic system which includes a public key, private key pair generator, comprising:
- first generating means for generating a first public key, private key pair signal using a first seed value known to a user, and generating a first control vector signal defining a first use of said first public key, private key pair signal;
  
  wherein said first seed value is generated from a passphrase;
  
  second generating means for generating a second public key, private key pair signal using a second seed value unknown to the user, and generating a second control vector signal defining a second use of said second public key, private key pair signal;
  
  controlling means coupled to said first generating means, for controlling the use of said first public key, private key pair signal using said first control vector signal; and
  
  said controlling means coupled to said second generating means, for controlling the use of said second public key, private key pair signal with said second control vector signal.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
- - 28. The apparatus of claim 27, wherein said second seed value is a pseudorandom number.
  - 29. The apparatus of claim 27, which further comprises:
    - said first generating means generating a first random number using said first seed value and applying said first random number to said generation of a first public key, private key pair signal.
  - 30. The apparatus of claim 27, which further comprises:
    - said second generating means generating a second random number using said second seed value in a pseudorandom number generator and applying said second random number to said generation of a second public key, private key pair signal.
  - 31. The apparatus of claim 27, wherein said first control vector signal has two components, a first public key control vector portion for controlling the use of said first public key and a first private key control vector portion for controlling the use of said first private key.
  - 32. The apparatus of claim 27, wherein said second control vector signal has two components, a second public key control vector portion for controlling said second public key and a second private key control vector for portion controlling said second private key.
  - 33. The apparatus of claim 27, wherein said first control vector signal controls said first private key to limit its use to the generation of digital signatures;
    - andsaid second control vector signal controls said second private key to limit its use to the generation of digital signatures and to decrypt encrypted keys received as part of a key distribution protocol.
  - 34. The apparatus of claim 33, wherein said first control vector signal limits the use of said first public key to the verification of digital signatures and said second control vector signal limits the use of said second public key to the verification of digital signatures and to the encryption of keys in a key distribution protocol.
  - 35. The apparatus of claim 27, wherein said first control vector signal controls the generation of a digital signature with said first private key and said second control vector signal prohibits the use of said second private key from the generation of digital signatures.

36. In a data processing system, an apparatus for managing a public key cryptographic system including a public key, private key pair generator, comprising:
- first generating means for generating a first random number using a first seed value derived from a passphrase;
  
  second generating means for generating a second random number using a second seed value unknown to a user;
  
  said first generating means generating a first public key, private key pair signal using said first random number and generating a first public key control vector signal and a first private key control vector signal for defining a first use of said first public key and of said first private key, respectively;
  
  said second generating means generating a second public key, private key pair signal using said second random number and generating a second public key control vector signal and a second private key control vector signal for defining a second use of said second public key and of said second private key, respectively;
  
  controlling means coupled to said first generating means, for controlling the use of said first public key and said first private key using said first public key control vector signal and said first private key control vector signal, respectively;
  
  said controlling means coupled to said second generating means, for controlling the use of said second public key and said second private key using said second public key control vector signal and said second private key control vector signal, respectively.

37. In a data processing system, an apparatus for managing a cryptographic system having a key generator, comprising;
- first generating means for generating a first random number using a first seed value derived from a passphrase;
  
  second generating means for generating a second random number using a second seed value unknown to the user;
  
  said first generating means generating a first key signal using said first random number and generating a first control vector signal for controlling the use of said first key signal;
  
  said second generating means generating a second key signal using said second random number and generating a second control vector signal controlling a second use of said second key signal;
  
  controlling means coupled to said first generating means, for controlling the use of said first key signal with said first control vector signal;
  
  said controlling means coupled to said second generating means, for controlling the use of said second key signal with said second control vector signal;
  
  said first use of said first key signal being different from said second use of said second key signal.

38. In a data processing system, an apparatus for managing a public key cryptographic system including a public key, private key pair generator, comprising:
- a generating means for generating a random number signal using a first seed value derived from a passphrase;
  
  said generating means generating a public key, private key pair signal using said random number signal and generating a first control vector signal for said public key and a second control vector signal for said private key, said first control vector signal controlling the use of said public key and said second control vector signal controlling the use of said private key.

39. In a data processing system, an apparatus for managing a public key cryptographic system, including a public key, private key pair generator, comprising:
- generating means for generating a random number signal using a seed value derived from a passphrase; and
  
  said generating means generating and outputting a public key and a private key pair signal using said random number signal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Johnson, Donald B., Matyas, Stephen M., Prymak, Rostislaw, Le, An V., Wilkins, John D.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US07/766,533
Time in Patent Office

557 Days
Field of Search

380/25, 380/30, 380/46
US Class Current

380/30
CPC Class Codes

G06F 9/30003   Arrangements for executing ...

H04L 2209/26   Testing cryptographic entit...

H04L 9/088   Usage controlling of secret...

H04L 9/302   involving the integer facto...

Method for generating public and private key pairs without using a passphrase

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Method for generating public and private key pairs without using a passphrase

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links