Method and apparatus for secure cryptographic key generation, certification and use
First Claim
1. A digital wallet, secured with a user'"'"'s access code, for reproducing a confidential datum for said user, said digital wallet comprising:
- (a) a computer-implemented input for receiving an input access code;
(b) a seed derivation module operatively connected to said input, for deriving a seed usable to generate at least a portion of said confidential datum;
(c) a seed-based data generation module(i) implementing a predetermined data generation protocol that was previously used by a seed-based initialization of said confidential datum of said user,(ii) containing a representation of a seed-access code relationship,(iii) configured to generate an output datum by digitally processing said derived seed in accordance with said seed-access code relationship, wherein the output datum is a function of the input access code, and(iv) said output datum having an appearance and reproducing at least a portion of said user'"'"'s confidential datum when said input access code equals said user'"'"'s access code; and
(d) said generation of said output datum occurring without dependence on any storage of any form of said at least a portion of said confidential datum,(e) wherein for at least one input access code not equaling said user'"'"'s access code, said seed-based data generation module generates an invalid output datum having said appearance of said user'"'"'s confidential datum.
10 Assignments
0 Petitions
Accused Products
Abstract
A confidential datum, such as a private key used in public key signature systems, is secured in a digital wallet using a “generation camouflaging” technique. With this technique, the private key is not necessarily stored in the digital wallet, not even in an encrypted form. Instead, the wallet contains a private key generation function that reproduces the correct private key when the user inputs his or her pre-selected PIN. If the user inputs an incorrect PIN, an incorrect private key is outputted. Such private key can be configured so that it cannot be readily distinguished from the correct private key through the use of private key formatting, and/or the use of pseudo-public keys corresponding to the private key. The techniques described herein are also applicable to other forms of regeneratable confidential data besides private keys.
-
Citations
37 Claims
-
1. A digital wallet, secured with a user'"'"'s access code, for reproducing a confidential datum for said user, said digital wallet comprising:
-
(a) a computer-implemented input for receiving an input access code; (b) a seed derivation module operatively connected to said input, for deriving a seed usable to generate at least a portion of said confidential datum; (c) a seed-based data generation module (i) implementing a predetermined data generation protocol that was previously used by a seed-based initialization of said confidential datum of said user, (ii) containing a representation of a seed-access code relationship, (iii) configured to generate an output datum by digitally processing said derived seed in accordance with said seed-access code relationship, wherein the output datum is a function of the input access code, and (iv) said output datum having an appearance and reproducing at least a portion of said user'"'"'s confidential datum when said input access code equals said user'"'"'s access code; and (d) said generation of said output datum occurring without dependence on any storage of any form of said at least a portion of said confidential datum, (e) wherein for at least one input access code not equaling said user'"'"'s access code, said seed-based data generation module generates an invalid output datum having said appearance of said user'"'"'s confidential datum. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer-implemented method for securely storing and reproducing a confidential datum for said user, comprising:
-
(a) receiving an input access code; (b) deriving a seed usable to generate at least a portion of said confidential datum by using said received input access code; (c) obtaining a representation of a seed-access code relationship; (d) digitally processing said derived seed (i) in accordance with said seed-access code relationship, (ii) by executing a predetermined data generation protocol that was previously used by a seed-based initialization of said confidential datum of said user, (iii) thereby producing an output datum reproducing at least a portion of said user'"'"'s confidential datum when said input access code equals said user'"'"'s access code, wherein the output datum is a function of the input access code and comprises an appearance; and (e) said generation of said output datum occurring without dependence on any storage of any form of said at least a portion of said confidential datum, (f) wherein for at least one input access code not equaling said user'"'"'s access code, generating an invalid output datum having said appearance of said user'"'"'s confidential datum. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer-readable medium having stored thereon a program executable on a computer to securely store and reproduce a confidential datum for said user, the program comprising computer logic instructions for:
-
(a) receiving an input access code; (b) deriving a seed usable to generate at least a portion of said confidential datum by using said received input access code; (c) obtaining a representation of a seed-access code relationship; (d) digitally processing said derived seed (i) in accordance with said seed-access code relationship, (ii) by executing a predetermined data generation protocol that was previously used by a seed-based initialization of said at least a portion of said confidential datum of said user, (iii) thereby producing an output datum reproducing said at least a portion of said user'"'"'s confidential datum if said input access code equals said user'"'"'s access code, wherein the output datum is a function of said input access code and comprises an appearance; and (e) said generation of said output datum occurring without dependence on any storage of any form of said at least a portion of said confidential datum, (f) wherein for at least one input access code not equaling said user'"'"'s access code, generating an invalid output datum having said appearance of said user'"'"'s confidential datum. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A method for camouflaging a user'"'"'s generation-camouflaged access-controlled datum under said user'"'"'s access code, comprising:
-
(a) initializing a user'"'"'s access-controlled datum by using a generation protocol in accordance with a generation indicia; (b) storing in a memory in a digital wallet a predetermined relationship between said generation indicia and said user'"'"'s access code; (c) camouflaging at least a portion of said access-controlled datum (i) such as to be reproducible by an authorized user thereof but non-reproducible by an unauthorized user thereof (ii) said camouflaging including storing said predetermined relationship between said generation indicia and said user'"'"'s access code; (iii) thereby allowing subsequent accessing of said at least a portion of said access-controlled datum via computer-based processing of an inputted access code, in accordance with said stored generation indicia-access code relationship wherein said access-controlled datum comprises an appearance; (iv) without dependence on any storage of any form of said at least a portion of said access-controlled datum; (v) wherein for at least one inputted access code not equaling said user'"'"'s access code, generating an output datum that has said appearance of said access-controlled datum, wherein the output datum is a function of said input access code; and (d) providing said digital wallet to said user.
-
-
37. A method for camouflaging a user'"'"'s generation-camouflaged access-controlled datum under said user'"'"'s access code, comprising:
-
(a) initializing a user'"'"'s access-controlled datum by using a generation protocol in accordance with a generation indicia; (b) generation-camouflaging at least a portion of said access-controlled datum such as to be reproducible by an authorized user thereof but non-reproducible by an unauthorized user thereof, wherein said access-controlled datum comprises an appearance, wherein when an incorrect datum is entered reproducing an invalid generation-camouflaged datum comprising said appearance of the user'"'"'s access-controlled datum, wherein said output datum is a function of the input access code; (c) storing said generation-camouflaged at least a portion of said access-controlled datum in a digital wallet; and (d) providing said digital wallet to said user.
-
Specification