System and method for generating encryption seed values

US 7,209,561 B1
Filed: 09/20/2002
Issued: 04/24/2007
Est. Priority Date: 07/19/2002
Status: Active Grant

First Claim

Patent Images

1. A method of generating a seed value for use in symmetric encryption, the method comprising the computer-implemented steps of:

(a) creating and storing a first data set;

(b) generating a hashed value based on the first data set;

(c) selecting, based on a time-based value associated with the step of generating the hashed value, a replacement position in the first data set;

(d) writing at least a portion of the hashed value into the first data set at the replacement position;

(e) selecting, as the seed value, a seed portion of the first data set;

(f) generating a symmetric encryption key based on the seed value; and

(g) encrypting, using the symmetric encryption key, data communicated to a computer system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for generating a seed value for use in symmetric encryption includes creating and storing a first data set and generating a hashed value based on the first data set. A replacement position in the first data set is selected, and at least a portion of the hashed value is written into the first data set at the replacement position. A seed portion of the first data set is selected as the seed value. By varying a number of iterations, a balance can be struck between performance (fewer iterations) and security (more iterations).

Citations

37 Claims

1. A method of generating a seed value for use in symmetric encryption, the method comprising the computer-implemented steps of:
- (a) creating and storing a first data set;
  
  (b) generating a hashed value based on the first data set;
  
  (c) selecting, based on a time-based value associated with the step of generating the hashed value, a replacement position in the first data set;
  
  (d) writing at least a portion of the hashed value into the first data set at the replacement position;
  
  (e) selecting, as the seed value, a seed portion of the first data set;
  
  (f) generating a symmetric encryption key based on the seed value; and
  
  (g) encrypting, using the symmetric encryption key, data communicated to a computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 13)
- - 2. A method as recited in claim 1, said step of selecting the replacement position comprising deriving the replacement position from a first then-current system clock value.
  - 3. A method as recited in claim 1, further comprising selecting the portion of the hashed value to have a size based on a then-current system clock value.
  - 4. A method as recited in claim 2, further comprising selecting the portion of the hashed value to have a size based on a second then-current system clock value at a different time.
  - 5. A method as recited in claim 1, said step of selecting the seed portion comprising deriving a starting position for the seed portion from a then-current system clock value.
  - 6. A method as recited in claim 1, further comprising, after step (d) and before step (e), performing the step of repeating steps (b) through (d), inclusive, for a specified number of iterations.
  - 7. A method as recited in claim 1, said step of selecting the replacement position further comprising selecting the replacement position based on a previously selected seed portion.
  - 13. A method as recited in claim 7, further comprising, after step (f) and before step (g), performing the step of repeating steps (b) through (f), inclusive, for a specified number of iterations.

8. A method of generating a seed value for use in symmetric encryption, the method comprising the computer-implemented steps of:
- (a) creating and storing a first data set;
  
  (b) generating a first index value;
  
  (c) generating a hashed value based on the first data set;
  
  (d) generating a second index value;
  
  (e) selecting a hash portion from the hashed value, wherein the hash portion has a size equal to the second index value;
  
  (f) writing the hash portion into the first data set at a replacement position specified by the first index value;
  
  (g) generating a seed index value;
  
  (h) selecting, as the seed value, a portion of the first data set at a seed position specified by the seed index value;
  
  (i) generating a symmetric encryption key based on the seed value; and
  
  (j) encrypting, using the symmetric encryption key, data communicated to a computer system.
- View Dependent Claims (9, 10, 11, 12)
- - 9. A method as recited in claim 8, wherein at least one of said steps of generating the first index value, generating the second index value and generating the seed index value further comprises determining a system clock value.
  - 10. A method as recited in claim 8, wherein at least one of said steps of generating the first index value, generating the second index value and generating the seed index value further comprises computing a modulus operation having as input a portion of a system clock value.
  - 11. A method as recited in claim 9, wherein a first system clock value determined during one of said steps of generating the first index value, generating the second index value and generating the seed index value of is different from a second system clock value determined during a different one of said steps of generating the first index value, generating the second index value and generating the seed index value.
  - 12. A method as recited in claim 9, wherein each system clock value determined during one of said steps of generating the first index value, generating the second index value and generating the seed index value of is different from a second system clock value determined during a different one of said steps of generating the first index value, generating the second index value and generating the seed index value.

14. A computer-readable medium carrying one or more sequences of instructions for generating a seed value for use in symmetric encryption, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
- (a) creating and storing a first data set;
  
  (b) generating a hashed value based on the first data set;
  
  (c) selecting, based on a time-based value associated with the step of generating the hashed value, a replacement position in the first data set;
  
  (d) writing at least a portion of the hashed value into the first data set at the replacement position;
  
  (e) selecting, as the seed value, a seed portion of the first data set;
  
  (f) generating a symmetric encryption key based on the seed value; and
  
  (g) encrypting, using the symmetric encryption key, data communicated to a computer system.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. A computer-readable medium as recited in claim 14, said step of selecting the replacement position comprising deriving the replacement position from a first then-current system clock value.
  - 16. A computer-readable medium as recited in claim 14, further comprising selecting the portion of the hashed value to have a size based on a then-current system clock value.
  - 17. A computer-readable medium as recited in claim 16, further comprising selecting the portion of the hashed value to have a size based on a second then-current system clock value at a different time.
  - 18. A computer-readable medium as recited in claim 14, said step of selecting the seed portion comprising deriving a starting position for the seed portion from a then-current system clock value.
  - 19. A computer-readable medium as recited in claim 14, further comprising, after step (d) and before step (e), performing the step of repeating steps (b) through (d), inclusive, for a specified number of iterations.
  - 20. A computer-readable medium as recited in claim 14, said step of selecting the replacement position further comprising selecting the replacement position based on a previously-selected seed portion.

21. An apparatus for generating a seed value for use in symmetric encryption, the apparatus comprising:
- means for creating and storing a first data set;
  
  means for generating a hashed value based on the first data set;
  
  means for selecting, based on a time-based value associated with the step of generating the hashed value, a replacement position in the first data set;
  
  means for writing at least a portion of the hashed value into the first data set at the replacement position;
  
  means for selecting, as the seed value, a seed portion of the first data set;
  
  means for generating a symmetric encryption key based on the seed value; and
  
  means for encrypting, using the symmetric encryption key, data communicated to a computer system.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. An apparatus as recited in claim 21, said means for selecting the replacement position comprising means for deriving the replacement position from a first then-current system clock value.
  - 23. An apparatus as recited in claim 21, further comprising means for selecting the portion of the hashed value to have a size based on a then-current system clock value.
  - 24. An apparatus as recited in claim 23, further comprising selecting the portion of the hashed value to have a size based on a second then-current system clock value at a different time.
  - 25. An apparatus as recited in claim 21, said step of selecting the seed portion comprising deriving a starting position for the seed portion from a then-current system clock value.
  - 26. An apparatus as recited in claim 21, further comprising means for repeating operation of the means for generating, selecting and writing, inclusive, for a specified number of iterations.
  - 27. An apparatus as recited in claim 21, said means for selecting the replacement position further comprising means for selecting the replacement position based on a previously selected seed portion.

28. An apparatus for generating a seed value for use in symmetric encryption, the apparatus comprising:
- a network interface that is coupled to a data network for receiving one or more packet flows therefrom;
  
  a processor;
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  creating and storing a first data set;
  
  generating a hashed value based on the first data set;
  
  selecting, based on a time-based value associated with the step of generating the hashed value, a replacement position in the first data set;
  
  writing at least a portion of the hashed value into the first data set at the replacement position;
  
  selecting, as the seed value, a seed portion of the first data set;
  
  generating a symmetric encryption key based on the seed value; and
  
  encrypting, using the symmetric encryption key, data communicated to a computer system.
- View Dependent Claims (29, 30, 31, 32, 33, 34)
- - 29. An apparatus as recited in claim 28, said step of selecting the replacement position comprising deriving the replacement position from a first then-current system clock value.
  - 30. An apparatus as recited in claim 28, further comprising selecting the portion of the hashed value to have a size based on a then-current system clock value.
  - 31. An apparatus as recited in claim 30, further comprising selecting the portion of the hashed value to have a size based on a second then-current system clock value at a different time.
  - 32. An apparatus as recited in claim 28, said step of selecting the seed portion comprising deriving a starting position for the seed portion from a then-current system clock value.
  - 33. An apparatus as recited in claim 28, further comprising, after the step of writing and before the step of selecting, repeating the steps of generating a hashed value through writing, inclusive, for a specified number of iterations.
  - 34. An apparatus as recited in claim 28, said step of selecting the replacement position further comprising selecting the replacement position based on a previously selected seed portion.

35. A computer-readable medium carrying one or more sequences of instructions for generating a seed value for use in encryption, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
- (a) creating and storing a first data set;
  
  (b) generating a first index value;
  
  (c) generating a hashed value based on the first data set;
  
  (d) generating a second index value;
  
  (e) selecting a hash portion from the hashed value, wherein the hash portion has a size equal to the second index value;
  
  (f) writing the hash portion into the first data set at a replacement position specified by the first index value;
  
  (g) generating a seed index value;
  
  (h) selecting, as the seed value, a portion of the first data set at a seed position specified by the seed index value;
  
  (i) generating a symmetric encryption key based on the seed value; and
  
  (j) encrypting, using the symmetric encryption key, data communicated to a computer system.

36. A system for generating a seed value for use in encryption, the system comprising:
- (a) means for creating and storing a first data set;
  
  (b) means for generating a first index value;
  
  (c) means for generating a hashed value based on the first data set;
  
  (d) means for generating a second index value;
  
  (e) means for selecting a hash portion from the hashed value, wherein the hash portion has a size equal to the second index value;
  
  (f) means for writing the hash portion into the first data set at a replacement position specified by the first index value;
  
  (g) means for generating a seed index value;
  
  (h) means for selecting, as the seed value, a portion of the first data set at a seed position specified by the seed index value;
  
  (i) means for generating a symmetric encryption key based on the seed value; and
  
  (j) means for encrypting, using the symmetric encryption key, data communicated to a computer system.

37. An apparatus for generating a seed value for use in symmetric encryption, the apparatus comprising:
- a network interface that is coupled to a data network for receiving one or more packet flows therefrom;
  
  a processor;
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  (a) creating and storing a first data set;
  
  (b) generating a first index value;
  
  (c) generating a hashed value based on the first data set;
  
  (d) generating a second index value;
  
  (e) selecting a hash portion from the hashed value, wherein the hash portion has a size equal to the second index value;
  
  (f) writing the hash portion into the first data set at a replacement position specified by the first index value;
  
  (g) generating a seed index value;
  
  (h) selecting, as the seed value, a portion of the first data set at a seed position specified by the seed index value;
  
  (i) generating a symmetric encryption key based on the seed value; and
  
  (j) encrypting, using the symmetric encryption key, data communicated to a computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cybersource Corporation (Visa, Inc.)
Original Assignee
Cybersource Corporation (Visa, Inc.)
Inventors
Eaton, Jason, Shankar, Vishnu
Primary Examiner(s)
Barrón, Jr.; Gilberto
Assistant Examiner(s)
NOBAHAR, ABDULHAKIM

Application Number

US10/251,243
Time in Patent Office

1,677 Days
Field of Search

None
US Class Current

380/262
CPC Class Codes

H04L 9/0872 using geo-location informat...

H04L 9/12 Transmitting and receiving ...

System and method for generating encryption seed values

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for generating encryption seed values

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links