Process for cryptographic key generation and safekeeping
First Claim
1. A process for cryptographic key generation and safekeeping, comprising:
- selecting a plurality of key agents each having a copy of source code;
loading one copy of the source code onto a secure computer system;
comparing the loaded copy of the source code with each other copy of the source code to validate the loaded copy of the source code;
generating master key information and locking key information by executing compiled source code;
separating the master key information into a plurality of master key shares;
distributing the plurality of master key shares to key agents designated to be master key agents such that each master key agent possesses one master key share;
separating the locking key information into a plurality of locking key shares;
distributing the plurality of locking key shares to key agents designated to be locking key agents such that each locking key agent possesses one locking key share;
validating the plurality of locking key shares and the plurality of master key shares; and
shutting down the secure computer system such that the master key information and locking key information can not be reconstructed from the secure computer system.
5 Assignments
0 Petitions
Accused Products
Abstract
A process for cryptographic key generation and safekeeping is provided. A plurality of key agents are selected, each having a copy of the source code. One copy of the source code is loaded onto a secure computer system and is compared with at least one other copy of the source code to validate the loaded copy of the source code. Master key information and locking key information are generated by executing compiled source code. The master key information is then separated into a plurality of master key shares which are distributed to master key agents such that each master key agent possesses one master key share. The locking key information is separated into a plurality of locking key shares which are distributed to locking key agents such that each locking key agent possesses one locking key share. Then, the plurality of locking key shares and the plurality of master key shares are validated, and the secure computer system is securely shut down.
-
Citations
19 Claims
-
1. A process for cryptographic key generation and safekeeping, comprising:
-
selecting a plurality of key agents each having a copy of source code; loading one copy of the source code onto a secure computer system; comparing the loaded copy of the source code with each other copy of the source code to validate the loaded copy of the source code; generating master key information and locking key information by executing compiled source code; separating the master key information into a plurality of master key shares; distributing the plurality of master key shares to key agents designated to be master key agents such that each master key agent possesses one master key share; separating the locking key information into a plurality of locking key shares; distributing the plurality of locking key shares to key agents designated to be locking key agents such that each locking key agent possesses one locking key share; validating the plurality of locking key shares and the plurality of master key shares; and shutting down the secure computer system such that the master key information and locking key information can not be reconstructed from the secure computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A process for cryptographic key generation and safekeeping, comprising:
-
selecting a plurality of key agents each having a copy of source code; loading one copy of the source code onto a secure computer system; comparing the loaded copy of the source code with each other copy of the source code to validate the loaded copy of the source code; generating master key information by executing compiled source code including; sampling environmental noise for random collection of bits; testing the collection of bits for randomness; repeating the sampling if the collection of bits are not sufficiently random; initializing a secure random number generator using the collection of bits; building the master key information using a random number produced by the random number generator; separating the master key information into a plurality of master key shares; distributing the plurality of master key shares to key agents designated to be master key agents such that each master key agent possesses one master key share; validating the plurality of master key shares; and shutting down the secure computer system such that the master key information can not be reconstructed from the secure computer system. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A process for generating and providing a plurality of random collections of bits for use as a source of randomness, comprising:
-
sampling an unpredictable source to create a collection of bits; testing the collection of bits using a plurality of statistical tests of randomness; rejecting the collection of bits if the collection of bits fails any of the plurality of statistical tests of randomness in order to avoid providing the collection of bits when the unpredictable source experiences a failure; providing the collection of bits for use as a source of randomness if the collection of bits passes the plurality of statistical tests of randomness; and repeating sampling, testing, rejecting, and providing such that a plurality of collections of bits are provided for use as a source of randomness. - View Dependent Claims (15)
-
-
16. A process for locking master key shares, comprising:
-
generating master key information wherein the master key information can be used in a selected encryption process to encrypt and decipher information; generating locking key information wherein the locking key information can be used in the selected encryption process to encrypt and decipher information; separating the master key information into a plurality of master key shares; and encrypting each master key shares using the locking key information in the selected encryption method such that each master key share is encrypted using an encryption method selected for use with the master key information. - View Dependent Claims (17)
-
-
18. A process for cryptographic key generation and safekeeping using a key sharing scheme, comprising:
-
selecting initial values for a minimum number of master key agents, a total number of master key agents, a minimum number of locking key agents, and a total number of locking key agents; determining a risk of loss and a risk of compromise of a master key based upon the initial values; selecting new values for the minimum number of master key agents, the total number of master key agents, the minimum number of locking key agents, and the total number of locking key agents; determining a risk of loss and a risk of compromise of a master key based upon the new values; repeating selecting new values and determining risk to adjust the risk of loss and the risk of compromise; identifying final values for the minimum number of master key agents, the total number of master key agents, the minimum number of locking key agents, and the total number of locking key agents based upon the risk of loss and the risk of compromise such that a desired risk of compromise and loss is set; and generating master key shares equal in number to the final value for the total number of master key agents and locking key shares equal in number to the final value for the total number of locking key agents. - View Dependent Claims (19)
-
Specification