Distributed cryptographic methods and arrangements
First Claim
1. A method comprising:
- causing a first computing device to provide data to a physically distinct, portable computing device; and
causing the portable computing device to cryptographically modify the data and provide the resulting cryptographically modified data to the first computing device, wherein the first computing device does not cryptographically modify the data and wherein the portable computing system comprises encryption logic that is configured to encrypt the data using at least one cryptographic key and to maintain the cryptographic key in an obfuscated form, said maintaining comprising;
generating a first hash value using a random value and a portable computing system identifier;
using the first hash to identify a first key seed in a registry file, wherein the registry file contains one or more decoy values; and
generating a second hash value using the first key seed and a second key seed, wherein the second hash value corresponds to the cryptographic key.
2 Assignments
0 Petitions
Accused Products
Abstract
First and second computing devices are selectively operatively coupled together. The first device provides data to the second device. The second device can be a portable computing device. The second device is configured to encrypt/decrypt the data, as needed by the first device. The second device maintains the cryptographic key data internally. As such, the first device, which, for example, may be a personal computer will only maintain the returned encrypted data following encryption and only temporarily use any returned decrypted data. Thus, by physically and operatively distributing the cryptographic processing/maintenance between the two devices, additional security is provided for protecting private data.
-
Citations
41 Claims
-
1. A method comprising:
-
causing a first computing device to provide data to a physically distinct, portable computing device; and causing the portable computing device to cryptographically modify the data and provide the resulting cryptographically modified data to the first computing device, wherein the first computing device does not cryptographically modify the data and wherein the portable computing system comprises encryption logic that is configured to encrypt the data using at least one cryptographic key and to maintain the cryptographic key in an obfuscated form, said maintaining comprising; generating a first hash value using a random value and a portable computing system identifier; using the first hash to identify a first key seed in a registry file, wherein the registry file contains one or more decoy values; and generating a second hash value using the first key seed and a second key seed, wherein the second hash value corresponds to the cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
a first computing system; and a physically distinct portable computing system operatively coupled to the first computing system, and wherein the first computing system is configured to output data to the portable computing system and the portable computing system is configured to cryptographically modify the data and output the resulting cryptographically modified data to the first computing system, and wherein the portable computing system comprises encryption logic that is configured to encrypt the data using at least one cryptographic key and to maintain the cryptographic key in an obfuscated form, said maintaining comprising; generating a first hash value using a random value and a portable computing system identifier; using the first hash to identify a first key seed in a registry file, wherein the registry file contains one or more decoy values; and generating a second hash value using the first key seed and a second key seed, wherein the second hash value corresponds to the cryptographic key. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. An apparatus comprising:
-
memory; and logic operatively coupled to the memory and configurable to receive data from a separate, external computer system, cryptographically modify the data using at least one internally generated cryptographic key, and output the resulting cryptographically modified data to the external computer system without outputting the internally generated cryptographic key, wherein the logic is further configured to encrypt the data using at least one cryptographic key and to maintain the cryptographic key in an obfuscated form, said maintaining comprising; generating a first hash value using a random value and a portable computing system identifier; using the first hash to identify a first key seed in a registry file, wherein the registry file contains one or more decoy values; and generating a second hash value using the first key seed and a second key seed, wherein the second hash value corresponds to the cryptographic key. - View Dependent Claims (41)
-
Specification