Generating user-dependent keys and random numbers

US 6,687,375 B1
Filed: 06/02/1999
Issued: 02/03/2004
Est. Priority Date: 06/02/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method of generating a cryptographic value, the method comprising the steps of:

obtaining non-secret user specific information about a user;

obtaining an initial cryptographic value; and

modifying the initial cryptographic value with the non-secret user specific information so as to provide a user dependent cryptographic value by hashing the initial cryptographic value and the non-secret user specific information utilizing a one-way hash operation so as to generate the user dependent cryptographic value;

wherein the user dependent key value (S) comprises n bits, wherein the results of the hash operation provides h bits and wherein the step of hashing comprises the steps of;

determining an intermediate hash value (Z) utilizing the concatenation of hash values defined by,

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and computer program products are provided which generate a cryptographic key utilizing user specific information to generate a user dependent key. The user specific information may be a user identification or biometric information associated with a user. In particular embodiments of the present invention a seed value is modified with biometric information to generate a user dependent key value. In alternative embodiments a key value is hashed with user specific information or user specific information is hashed and then combined with the key value to generate the user dependent key value. In still another embodiment of the present invention the space of potential key values is divided into subspaces and the subspaces assigned based on user specific information. A key value is then generated from the assigned subspace. Thus, the generated key values for different users are guaranteed to be disjoint.

219 Citations

31 Claims

1. A method of generating a cryptographic value, the method comprising the steps of:
- obtaining non-secret user specific information about a user;
  
  obtaining an initial cryptographic value; and
  
  modifying the initial cryptographic value with the non-secret user specific information so as to provide a user dependent cryptographic value by hashing the initial cryptographic value and the non-secret user specific information utilizing a one-way hash operation so as to generate the user dependent cryptographic value;
  
  wherein the user dependent key value (S) comprises n bits, wherein the results of the hash operation provides h bits and wherein the step of hashing comprises the steps of;
  
  determining an intermediate hash value (Z) utilizing the concatenation of hash values defined by,
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method according to claim 1, wherein the selected n bits comprise the n most significant bits of Z.
  - 3. A method according to claim 1, wherein the non-secret user specific information is biometric information.
  - 4. A method according to claim 1, wherein the non-secret user specific information is a globally unique user identification.
  - 5. A method according to claim 1, wherein the step of obtaining an initial cryptographic value comprises the step of generating a pseudo-random value utilizing a pseudo random number generator.

6. A method of generating a cryptographic value, the method comprising the steps of:
- obtaining an initial cryptographic value; and
  
  obtaining a final intermediate value as a function of user specific information about a user; and
  
  combining the final intermediate value with the initial cryptographic value so as to provide a user dependent cryptographic value;
  
  wherein the user dependent cryptographic value (S) comprises n bits and wherein the step of obtaining a final intermediate value comprises the steps of;
  
  determining a first intermediate hash value (Z) utilizing the concatenation of hash values defined by,
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. A method according to claim 6, wherein the selected n bits comprise the n most significant bits of Z.
  - 8. A method according to claim 6, wherein the step of combining comprises the step of EXCLUSIVE ORing the initial cryptographic value and the final intermediate value.
  - 9. A method according to claim 6, further comprising the step of storing the final intermediate value so as to provide a pre-computed intermediate value and wherein the step of obtaining an intermediate value comprises the step or obtaining the pre-computed intermediate value.
  - 10. A method according to claim 6, wherein the user specific information is biometric information.
  - 11. A method according to claim 6, wherein the user specific information is a globally unique user identification.
  - 12. A method according to claim 6, wherein the step of obtaining an initial cryptographic value comprises the step of generating a pseudo-random value utilizing a pseudo random number generator.

13. A method of generating a cryptographic value, the method comprising the steps of:
- obtaining user specific information about a user;
  
  selecting a user dependent cryptographic value from a user specific range of cryptographic values based on the user specific information, wherein the user specific range of cryptographic values comprises a subspace of a range of potential cryptographic values from which a value generation procedure selects a cryptographic value;
  
  wherein the user specific information comprises b bits and the cryptographic values comprise n bits, the method further comprising the steps of;
  
  dividing the range of potential cryptographic values into 2^bsubspaces; and
  
  selecting one of the subspaces as the user specific range of cryptographic values based on the user specific information so as to provide the user specific range of cryptographic values.
- View Dependent Claims (14, 15)
- - 14. A method according to claim 13, further comprising the step of mixing bits of the selected user dependent cryptographic value so as to increase the uniformity of a distribution of entropy in the user dependent cryptographic value.
  - 15. A method according to claim 13, wherein the user specific information is a globally unique user identification.

16. A method of authenticating a cryptographic value, the method comprising the steps of:
- obtaining entity specific information associated with a source entity;
  
  modifying a specified cryptographic value with the entity specific information to produce a branded value;
  
  receiving the branded value;
  
  recovering the entity specific information from the received branded value; and
  
  determining the source entity of the received branded value based on the recovered entity specific information;
  
  wherein the step of modifying a specified cryptographic value comprises the step of;
  
  modifying a seed value of a key generation procedure with the entity specific information so that the key generation procedure generates an entity dependent cryptographic key so as to provide the branded value; and
  
  wherein the steps of recovering the entity specific information from the received branded value and determining the source entity of the received branded value based on the recovered entity specific information comprises the steps of;
  
  generating a second branded value utilizing an expected seed value and the entity specific information and the key generation procedure; and
  
  comparing the generated second branded value with the received branded value.
- View Dependent Claims (17, 18, 22, 23)
- - 17. A method according to claim 16, wherein the entity specific information comprises a globally unique user identification associated with a user.
  - 18. A method according to claim 16, wherein the entity specific information comprises a company identification.
  - 22. A method according to claim 16, wherein the step of modifying a specified cryptographic value comprises the step of:
23. A method according to claim 22, wherein the steps of recovering the entity specific information from the received branded value and determining the source entity of the received branded value based on the recovered entity specific information comprises the step of:
- determining if the received branded values is within the entity specific range of cryptographic values associated with the source entity of the received branded value.

19. A method of authenticating a cryptographic value, the method comprising the steps of:
- obtaining entity specific information associated with a source entity;
  
  modifying a specified cryptographic value with the entity specific information to produce a branded value;
  
  receiving the branded value;
  
  recovering the entity specific information from the received branded value; and
  
  determining the source entity of the received branded value based on the recovered entity specific information;
  
  wherein the step of modifying a specified cryptographic value comprises the step of;
  
  hashing the specified cryptographic value and the entity specific information utilizing a one-way hash operation so as to generate the branded value;
  
  wherein the steps of recovering the entity specific information from the received branded value and determining the source entity of the received branded value based on the recovered entity specific information comprise the steps of;
  
  generating a second branded value by hashing an expected specified cryptographic value and the entity specific information utilizing the one-way hash function; and
  
  comparing the generated second branded value with the received branded value.

20. A method of authenticating a cryptographic value, the method comprising the steps of:
- obtaining entity specific information associated with a source entity;
  
  modifying a specified cryptographic value with the entity specific information to produce a branded value;
  
  receiving the branded value;
  
  recovering the entity specific information from the received branded value; and
  
  determining the source entity of the received branded value based on the recovered entity specific information;
  
  wherein the step of modifying a specified cryptographic value comprises the steps of;
  
  obtaining a final intermediate value as a function of the entity specific information; and
  
  combining the final intermediate value with the specified cryptographic value so as to provide the branded value.
- View Dependent Claims (21)
- - 21. A method according to claim 20,

24. A system for generating a cryptographic value, comprising:
- means for obtaining non-secret user specific information about a user;
  
  means for obtaining an initial cryptographic value; and
  
  means for modifying the initial cryptographic value with the non-secret user specific information so as to provide a user dependent cryptographic value by hashing the initial cryptographic value and the non-secret user specific information utilizing a one-way hash operation so as to generate the user dependent cryptographic value;
  
  wherein the user dependent key value (S) comprises n bits, wherein the results of the hash operation provides h bits and wherein the means for modifying comprises;
  
  means for determining an intermediate hash value (Z) utilizing the concatenation of hash values defined by,

25. A system for generating a cryptographic value, comprising:
- means for obtaining an initial cryptographic value; and
  
  means for obtaining a final intermediate value as a function of the user specific information about a user; and
  
  means for combining the final intermediate value with the initial cryptographic value so as to provide the user dependent cryptographic value;
  
  wherein the user dependent cryptographic value (S) comprises n bits and wherein the means for obtaining a final intermediate value comprises;
  
  means for determining a first intermediate hash value (Z) utilizing the concatenation of hash values defined by,

26. A system for generating a cryptographic value, comprising:
- means for obtaining user specific information about a user;
  
  means for selecting a user dependent cryptographic value from a user specific range of cryptographic values based on the user specific information, wherein the user specific range of cryptographic values comprises a subspace of a range of potential cryptographic values from which a value generation procedure selects a cryptographic value;
  
  wherein the user specific information comprises b bits and the cryptographic values comprise n bits, the system further comprising;
  
  means for dividing the range of potential cryptographic values into 2^bsubspaces; and
  
  means for selecting one of the subspaces as the user specific range of cryptographic values based on the user specific information so as to provide the user specific range of cryptographic values.

27. A system for authenticating a cryptographic value, comprising:
- means for obtaining entity specific information associated with a source entity;
  
  means for modifying a specified cryptographic value with the non-secret entity specific information to produce a branded value;
  
  means for receiving the branded value;
  
  means for recovering the entity specific information from the received branded value; and
  
  means for determining the source entity of the received branded value based on the recovered entity specific information;
  
  wherein the means for modifying a specified cryptographic value comprises;
  
  means for modifying a seed value of a key generation procedure with the entity specific information so that the key generation procedure generates an entity dependent cryptographic key so as to provide the branded value; and
  
  wherein the means for recovering the entity specific information from the received branded value and the means for determining the source entity of the received branded value based on the recovered entity specific information comprises;
  
  means for generating a second branded value utilizing an expected seed value and the entity specific information and the key generation procedure; and
  
  means for comparing the generated second branded value with the received branded value.

28. A computer program product for generating a cryptographic value, comprising:
- a computer-readable storage medium having computer-readable program code means embodied in said medium, said computer-readable program code means comprising;
  
  computer-readable program code means for obtaining non-secret user specific information about a user;
  
  computer-readable program code means for obtaining an initial cryptographic value; and
  
  computer-readable program code means for modifying the initial cryptographic value with the non-secret user specific information so as to provide a user dependent cryptographic value by hashing the initial cryptographic value and the non-secret user specific information utilizing a one-way hash operation so as to generate the user dependent cryptographic value;
  
  wherein the user dependent key value (S) comprises n bits, wherein the results of the hash operation provides h bits and wherein the computer readable code means for modifying comprises;
  
  computer readable code means for determining an intermediate hash value (Z) utilizing the concatenation of hash values defined by,

29. A computer program product for generating a cryptographic value, comprising:
- a computer-readable storage medium having computer-readable program code means embodied in said medium, said computer-readable program code means comprising;
  
  computer-readable program code means for obtaining an initial cryptographic value;
  
  computer-readable program code means for obtaining a final intermediate value as a function of the user specific information about a user; and
  
  computer-readable program code means for combining the final intermediate value with the initial cryptographic value so as to provide the user dependent cryptographic value;
  
  wherein the user dependent cryptographic value (S) comprises n bits and wherein the computer-readable program code means for obtaining a final intermediate value comprises;
  
  computer-readable program code means for determining a first intermediate hash value (Z) utilizing the concatenation of hash values defined by,

30. A computer program product for generating a cryptographic key, comprising:
- a computer-readable storage medium having computer-readable program code means embodied in said medium, said computer-readable program code means comprising;
  
  computer-readable program code means for obtaining user specific information about a user;
  
  computer-readable program code means for selecting a user dependent cryptographic value from a user specific range of cryptographic values based on the user specific information, wherein the user specific range of cryptographic values comprises a subspace of a range of potential cryptographic values from which a value generation procedure selects a cryptographic value;
  
  wherein the user specific information comprises b bits and the cryptographic values comprise n bits, the computer program product further comprising;
  
  computer-readable program means for dividing the range of potential cryptographic values into 2^bsubspaces; and
  
  computer-readable program means for selecting one of the subspaces as the user specific range of cryptographic values based on the user specific information so as to provide the user specific range of cryptographic values.

31. A computer program product for authenticating a cryptographic value, comprising:
- a computer-readable storage medium having computer-readable program code means embodied in said medium, said computer-readable program code means comprising;
  
  computer-readable program code means for obtaining entity specific information associated with a source entity;
  
  computer-readable program code means for modifying a specified cryptographic value with the non-secret entity specific information to produce a branded value;
  
  computer-readable program code means for receiving the branded value;
  
  computer-readable program code means for recovering the entity specific information from the received branded value; and
  
  computer-readable program code means for determining the source entity of the received branded value based on the recovered entity specific information, wherein the computer-readable program code means for modifying a specified cryptographic value comprises;
  
  computer-readable program code means for modifying a seed value of a key generation procedure with the entity specific information so that the key generation procedure generates an entity dependent cryptographic key so as to provide the branded value; and
  
  wherein the computer-readable program code means for recovering the entity specific information from the received branded value and the computer-readable program code means for determining the source entity of the received branded value based on the recovered entity specific information comprises;
  
  computer-readable program code means for generating a second branded value utilizing an expected seed value and the entity specific information and the key generation procedure; and
  
  computer-readable program code means for comparing the generated second branded value with the received branded value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Peyravian, Mohammad, Zunic, Nevenko, Roginsky, Allen Leonid, Matyas, Stephen Michael Jr.
Primary Examiner(s)
Barron, Gilberto
Assistant Examiner(s)
Lanier, Benjamin E

Application Number

US09/324,418
Time in Patent Office

1,707 Days
Field of Search

380/45, 380/30
US Class Current

380/45
CPC Class Codes

H04L 9/0866 involving user or device id...

Generating user-dependent keys and random numbers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

219 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Generating user-dependent keys and random numbers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

219 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links