Secure deterministic encryption key generator system and method
DCFirst Claim
1. A method of generating a pseudo-random, symmetric encryption key which is highly resistant to reverse analysis, and which comprises the following steps:
- combining a constant value and a secret plural bit sequence to produce a shuffled bit result having fewer than a collective number of bits in said constant value and said secret plural bit sequence;
performing a secure hash operation on said shuffled bit result to produce a message digest; and
extracting said pseudo-random, symmetric encryption key from said message digest.
2 Assignments
Litigations
0 Petitions
Accused Products
Abstract
An encryption key generator is disclosed which is highly resistant to cryptographic analysis or brute force attacks, and which accommodates the destruction of an encryption key after each use by providing for the recreation of the key without need of key directories or other encryption key storage processes. A constant value and a secret E-Key Seed are applied as inputs to a bit-shuffling algorithm to provide a first many-to-few bit mapping and produce a first pseudo-random number. The first pseudo-random number in turn is applied as an input to a secure one-way hash algorithm to provide a second many-to-few bit mapping and produce a second pseudo-random number or message digest that may be truncated to a desired bit length to serve as a non-predictable but deterministic encryption key. Same constant value and E-Key Seed inputs to the key generator will provide the same message digest and hence the same key.
-
Citations
27 Claims
-
1. A method of generating a pseudo-random, symmetric encryption key which is highly resistant to reverse analysis, and which comprises the following steps:
-
combining a constant value and a secret plural bit sequence to produce a shuffled bit result having fewer than a collective number of bits in said constant value and said secret plural bit sequence; performing a secure hash operation on said shuffled bit result to produce a message digest; and extracting said pseudo-random, symmetric encryption key from said message digest. - View Dependent Claims (2, 3, 4, 5, 6, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
7. A system for creating a pseudo-random, symmetric encryption key for use in a computer network system, which comprises:
-
a first function generator means having a constant value as one input and a secret plural bit sequence as a second input for combining said constant value and said secret plural bit sequence produce a pseudo-random output having fewer than a collective number of bits in said constant value and said secret plural bit sequence; a secure hash function generator means in electrical communication with said first function generator means and having said pseudo-random output as an input for generating a pseudo-random message digest; and truncation means in electrical communication with said secure hash function generator means and receiving said pseudo-random message digest for truncating said pseudo-random message digest to provide said pseudo-random, symmetric encryption key. - View Dependent Claims (8, 9, 10, 11, 21, 22, 23, 24, 25, 27)
-
-
12. An encryption key generator in electrical communication with a host system, which comprises:
-
an I/O interface means in electrical communication with said host system and receiving command sequences from said host system; interrupt control means in electrical communication with said I/O interface means for issuing an interrupt signal upon receipt of said command sequences; a ROM in electrical communication with said I/O interface means and having stored therein operating firmware, a bit-shuffle computer program, and a secure hash computer program; a RAM in electrical communication with said I/O interface means and said ROM for storing a current E-Key Seed and a constant value; an EEPROM in electrical communication with said I/O interface means, said ROM, and said RAM, for storing said E-Key Seed and said constant value; and a CPU in electrical communication with said interrupt control, said I/O interface means, said ROM, said RAM, and said EEPROM for executing said bit-shuffle computer program to combine said constant value and said E-Key Seed in a first many-to-few bit mapping, for executing said secure hash algorithm to produce a message digest in a second many-to-few bit mapping, and for extracting a pseudo-random symmetric, encryption key from said message digest and storing said encryption key in said EEPROM. - View Dependent Claims (26)
-
Specification