Generating user-dependent keys and random numbers
First Claim
1. A method of generating a cryptographic value, the method comprising the steps of:
- obtaining non-secret user specific information about a user;
obtaining an initial cryptographic value; and
modifying the initial cryptographic value with the non-secret user specific information so as to provide a user dependent cryptographic value by hashing the initial cryptographic value and the non-secret user specific information utilizing a one-way hash operation so as to generate the user dependent cryptographic value;
wherein the user dependent key value (S) comprises n bits, wherein the results of the hash operation provides h bits and wherein the step of hashing comprises the steps of;
determining an intermediate hash value (Z) utilizing the concatenation of hash values defined by,
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems and computer program products are provided which generate a cryptographic key utilizing user specific information to generate a user dependent key. The user specific information may be a user identification or biometric information associated with a user. In particular embodiments of the present invention a seed value is modified with biometric information to generate a user dependent key value. In alternative embodiments a key value is hashed with user specific information or user specific information is hashed and then combined with the key value to generate the user dependent key value. In still another embodiment of the present invention the space of potential key values is divided into subspaces and the subspaces assigned based on user specific information. A key value is then generated from the assigned subspace. Thus, the generated key values for different users are guaranteed to be disjoint.
219 Citations
31 Claims
-
1. A method of generating a cryptographic value, the method comprising the steps of:
-
obtaining non-secret user specific information about a user;
obtaining an initial cryptographic value; and
modifying the initial cryptographic value with the non-secret user specific information so as to provide a user dependent cryptographic value by hashing the initial cryptographic value and the non-secret user specific information utilizing a one-way hash operation so as to generate the user dependent cryptographic value;
wherein the user dependent key value (S) comprises n bits, wherein the results of the hash operation provides h bits and wherein the step of hashing comprises the steps of;
determining an intermediate hash value (Z) utilizing the concatenation of hash values defined by, - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of generating a cryptographic value, the method comprising the steps of:
-
obtaining an initial cryptographic value; and
obtaining a final intermediate value as a function of user specific information about a user; and
combining the final intermediate value with the initial cryptographic value so as to provide a user dependent cryptographic value;
wherein the user dependent cryptographic value (S) comprises n bits and wherein the step of obtaining a final intermediate value comprises the steps of;
determining a first intermediate hash value (Z) utilizing the concatenation of hash values defined by, - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A method of generating a cryptographic value, the method comprising the steps of:
-
obtaining user specific information about a user;
selecting a user dependent cryptographic value from a user specific range of cryptographic values based on the user specific information, wherein the user specific range of cryptographic values comprises a subspace of a range of potential cryptographic values from which a value generation procedure selects a cryptographic value;
wherein the user specific information comprises b bits and the cryptographic values comprise n bits, the method further comprising the steps of;
dividing the range of potential cryptographic values into 2b subspaces; and
selecting one of the subspaces as the user specific range of cryptographic values based on the user specific information so as to provide the user specific range of cryptographic values. - View Dependent Claims (14, 15)
-
-
16. A method of authenticating a cryptographic value, the method comprising the steps of:
-
obtaining entity specific information associated with a source entity;
modifying a specified cryptographic value with the entity specific information to produce a branded value;
receiving the branded value;
recovering the entity specific information from the received branded value; and
determining the source entity of the received branded value based on the recovered entity specific information;
wherein the step of modifying a specified cryptographic value comprises the step of;
modifying a seed value of a key generation procedure with the entity specific information so that the key generation procedure generates an entity dependent cryptographic key so as to provide the branded value; and
wherein the steps of recovering the entity specific information from the received branded value and determining the source entity of the received branded value based on the recovered entity specific information comprises the steps of;
generating a second branded value utilizing an expected seed value and the entity specific information and the key generation procedure; and
comparing the generated second branded value with the received branded value. - View Dependent Claims (17, 18, 22, 23)
selecting a value from an entity specific range of cryptographic values based on the entity specific information, wherein the entity specific range of cryptographic values comprises a subspace of a range of potential cryptographic values from which a value generation procedure selects a cryptographic value so as to provide the branded value.
-
-
23. A method according to claim 22, wherein the steps of recovering the entity specific information from the received branded value and determining the source entity of the received branded value based on the recovered entity specific information comprises the step of:
determining if the received branded values is within the entity specific range of cryptographic values associated with the source entity of the received branded value.
-
19. A method of authenticating a cryptographic value, the method comprising the steps of:
-
obtaining entity specific information associated with a source entity;
modifying a specified cryptographic value with the entity specific information to produce a branded value;
receiving the branded value;
recovering the entity specific information from the received branded value; and
determining the source entity of the received branded value based on the recovered entity specific information;
wherein the step of modifying a specified cryptographic value comprises the step of;
hashing the specified cryptographic value and the entity specific information utilizing a one-way hash operation so as to generate the branded value;
wherein the steps of recovering the entity specific information from the received branded value and determining the source entity of the received branded value based on the recovered entity specific information comprise the steps of;
generating a second branded value by hashing an expected specified cryptographic value and the entity specific information utilizing the one-way hash function; and
comparing the generated second branded value with the received branded value.
-
-
20. A method of authenticating a cryptographic value, the method comprising the steps of:
-
obtaining entity specific information associated with a source entity;
modifying a specified cryptographic value with the entity specific information to produce a branded value;
receiving the branded value;
recovering the entity specific information from the received branded value; and
determining the source entity of the received branded value based on the recovered entity specific information;
wherein the step of modifying a specified cryptographic value comprises the steps of;
obtaining a final intermediate value as a function of the entity specific information; and
combining the final intermediate value with the specified cryptographic value so as to provide the branded value. - View Dependent Claims (21)
wherein the steps of recovering the entity specific information from the received branded value and determining the source entity of the received branded value based on the recovered entity specific information comprises the steps of: generating a second branded value by combining an expected specified cryptographic value and the final intermediate value; and
comparing the generated second branded value with the received branded value.
-
-
24. A system for generating a cryptographic value, comprising:
-
means for obtaining non-secret user specific information about a user;
means for obtaining an initial cryptographic value; and
means for modifying the initial cryptographic value with the non-secret user specific information so as to provide a user dependent cryptographic value by hashing the initial cryptographic value and the non-secret user specific information utilizing a one-way hash operation so as to generate the user dependent cryptographic value;
wherein the user dependent key value (S) comprises n bits, wherein the results of the hash operation provides h bits and wherein the means for modifying comprises;
means for determining an intermediate hash value (Z) utilizing the concatenation of hash values defined by,
-
-
25. A system for generating a cryptographic value, comprising:
-
means for obtaining an initial cryptographic value; and
means for obtaining a final intermediate value as a function of the user specific information about a user; and
means for combining the final intermediate value with the initial cryptographic value so as to provide the user dependent cryptographic value;
wherein the user dependent cryptographic value (S) comprises n bits and wherein the means for obtaining a final intermediate value comprises;
means for determining a first intermediate hash value (Z) utilizing the concatenation of hash values defined by,
-
-
26. A system for generating a cryptographic value, comprising:
-
means for obtaining user specific information about a user;
means for selecting a user dependent cryptographic value from a user specific range of cryptographic values based on the user specific information, wherein the user specific range of cryptographic values comprises a subspace of a range of potential cryptographic values from which a value generation procedure selects a cryptographic value;
wherein the user specific information comprises b bits and the cryptographic values comprise n bits, the system further comprising;
means for dividing the range of potential cryptographic values into 2b subspaces; and
means for selecting one of the subspaces as the user specific range of cryptographic values based on the user specific information so as to provide the user specific range of cryptographic values.
-
-
27. A system for authenticating a cryptographic value, comprising:
-
means for obtaining entity specific information associated with a source entity;
means for modifying a specified cryptographic value with the non-secret entity specific information to produce a branded value;
means for receiving the branded value;
means for recovering the entity specific information from the received branded value; and
means for determining the source entity of the received branded value based on the recovered entity specific information;
wherein the means for modifying a specified cryptographic value comprises;
means for modifying a seed value of a key generation procedure with the entity specific information so that the key generation procedure generates an entity dependent cryptographic key so as to provide the branded value; and
wherein the means for recovering the entity specific information from the received branded value and the means for determining the source entity of the received branded value based on the recovered entity specific information comprises;
means for generating a second branded value utilizing an expected seed value and the entity specific information and the key generation procedure; and
means for comparing the generated second branded value with the received branded value.
-
-
28. A computer program product for generating a cryptographic value, comprising:
-
a computer-readable storage medium having computer-readable program code means embodied in said medium, said computer-readable program code means comprising;
computer-readable program code means for obtaining non-secret user specific information about a user;
computer-readable program code means for obtaining an initial cryptographic value; and
computer-readable program code means for modifying the initial cryptographic value with the non-secret user specific information so as to provide a user dependent cryptographic value by hashing the initial cryptographic value and the non-secret user specific information utilizing a one-way hash operation so as to generate the user dependent cryptographic value;
wherein the user dependent key value (S) comprises n bits, wherein the results of the hash operation provides h bits and wherein the computer readable code means for modifying comprises;
computer readable code means for determining an intermediate hash value (Z) utilizing the concatenation of hash values defined by,
-
-
29. A computer program product for generating a cryptographic value, comprising:
-
a computer-readable storage medium having computer-readable program code means embodied in said medium, said computer-readable program code means comprising;
computer-readable program code means for obtaining an initial cryptographic value;
computer-readable program code means for obtaining a final intermediate value as a function of the user specific information about a user; and
computer-readable program code means for combining the final intermediate value with the initial cryptographic value so as to provide the user dependent cryptographic value;
wherein the user dependent cryptographic value (S) comprises n bits and wherein the computer-readable program code means for obtaining a final intermediate value comprises;
computer-readable program code means for determining a first intermediate hash value (Z) utilizing the concatenation of hash values defined by,
-
-
30. A computer program product for generating a cryptographic key, comprising:
-
a computer-readable storage medium having computer-readable program code means embodied in said medium, said computer-readable program code means comprising;
computer-readable program code means for obtaining user specific information about a user;
computer-readable program code means for selecting a user dependent cryptographic value from a user specific range of cryptographic values based on the user specific information, wherein the user specific range of cryptographic values comprises a subspace of a range of potential cryptographic values from which a value generation procedure selects a cryptographic value;
wherein the user specific information comprises b bits and the cryptographic values comprise n bits, the computer program product further comprising;
computer-readable program means for dividing the range of potential cryptographic values into 2b subspaces; and
computer-readable program means for selecting one of the subspaces as the user specific range of cryptographic values based on the user specific information so as to provide the user specific range of cryptographic values.
-
-
31. A computer program product for authenticating a cryptographic value, comprising:
-
a computer-readable storage medium having computer-readable program code means embodied in said medium, said computer-readable program code means comprising;
computer-readable program code means for obtaining entity specific information associated with a source entity;
computer-readable program code means for modifying a specified cryptographic value with the non-secret entity specific information to produce a branded value;
computer-readable program code means for receiving the branded value;
computer-readable program code means for recovering the entity specific information from the received branded value; and
computer-readable program code means for determining the source entity of the received branded value based on the recovered entity specific information, wherein the computer-readable program code means for modifying a specified cryptographic value comprises;
computer-readable program code means for modifying a seed value of a key generation procedure with the entity specific information so that the key generation procedure generates an entity dependent cryptographic key so as to provide the branded value; and
wherein the computer-readable program code means for recovering the entity specific information from the received branded value and the computer-readable program code means for determining the source entity of the received branded value based on the recovered entity specific information comprises;
computer-readable program code means for generating a second branded value utilizing an expected seed value and the entity specific information and the key generation procedure; and
computer-readable program code means for comparing the generated second branded value with the received branded value.
-
Specification