Method and apparatus for secure cryptographic key generation, certification and use

US 7,328,350 B2
Filed: 06/05/2001
Issued: 02/05/2008
Est. Priority Date: 03/29/2001
Status: Active Grant

First Claim

Patent Images

1. A digital wallet, secured with a user'"'"'s access code, for reproducing a confidential datum for said user, said digital wallet comprising:

(a) a computer-implemented input for receiving an input access code;

(b) a seed derivation module operatively connected to said input, for deriving a seed usable to generate at least a portion of said confidential datum;

(c) a seed-based data generation module(i) implementing a predetermined data generation protocol that was previously used by a seed-based initialization of said confidential datum of said user,(ii) containing a representation of a seed-access code relationship,(iii) configured to generate an output datum by digitally processing said derived seed in accordance with said seed-access code relationship, wherein the output datum is a function of the input access code, and(iv) said output datum having an appearance and reproducing at least a portion of said user'"'"'s confidential datum when said input access code equals said user'"'"'s access code; and

(d) said generation of said output datum occurring without dependence on any storage of any form of said at least a portion of said confidential datum,(e) wherein for at least one input access code not equaling said user'"'"'s access code, said seed-based data generation module generates an invalid output datum having said appearance of said user'"'"'s confidential datum.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A confidential datum, such as a private key used in public key signature systems, is secured in a digital wallet using a “generation camouflaging” technique. With this technique, the private key is not necessarily stored in the digital wallet, not even in an encrypted form. Instead, the wallet contains a private key generation function that reproduces the correct private key when the user inputs his or her pre-selected PIN. If the user inputs an incorrect PIN, an incorrect private key is outputted. Such private key can be configured so that it cannot be readily distinguished from the correct private key through the use of private key formatting, and/or the use of pseudo-public keys corresponding to the private key. The techniques described herein are also applicable to other forms of regeneratable confidential data besides private keys.

Citations

37 Claims

1. A digital wallet, secured with a user'"'"'s access code, for reproducing a confidential datum for said user, said digital wallet comprising:
- (a) a computer-implemented input for receiving an input access code;
  
  (b) a seed derivation module operatively connected to said input, for deriving a seed usable to generate at least a portion of said confidential datum;
  
  (c) a seed-based data generation module(i) implementing a predetermined data generation protocol that was previously used by a seed-based initialization of said confidential datum of said user,(ii) containing a representation of a seed-access code relationship,(iii) configured to generate an output datum by digitally processing said derived seed in accordance with said seed-access code relationship, wherein the output datum is a function of the input access code, and(iv) said output datum having an appearance and reproducing at least a portion of said user'"'"'s confidential datum when said input access code equals said user'"'"'s access code; and
  
  (d) said generation of said output datum occurring without dependence on any storage of any form of said at least a portion of said confidential datum,(e) wherein for at least one input access code not equaling said user'"'"'s access code, said seed-based data generation module generates an invalid output datum having said appearance of said user'"'"'s confidential datum.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The wallet of claim 1 where said access code is a PIN, and said confidential datum includes an asymmetric cryptographic key.
  - 3. The wallet of claim 2 where said output datum has the characteristic appearance of an asymmetric cryptographic key.
  - 4. The wallet of claim 3 where said confidential datum includes a private key of said user, and said output datum has the characteristic appearance of a private key.
  - 5. The wallet of claim 3 where said user'"'"'s public key corresponding to said user'"'"'s private key is pseudo-public.
  - 6. The wallet of claim 5 further comprising a digital certificate containing said pseudo-public key.
  - 7. The wallet of claim 6 where said digital certificate includes an encrypted version of said user'"'"'s pseudo-public key encrypted under a certifier'"'"'s key which is not verifiable except by authorized verifiers.
  - 8. The wallet of claim 1 where said access code is a PIN, and said confidential datum includes a symmetric cryptographic key.
  - 9. The wallet of claim 1 where said seed-access code relationship is an identity relationship, so that said derived seed equals said input access code.
  - 10. The wallet of claim 1 where said seed-access code relationship represents said derived seed as a padded version of said input access code.
  - 11. The wallet of claim 1 where said seed-access code relationship includes a version of said initial seed masked by user'"'"'s access code.
  - 12. The wallet of claim 11 where:
    - (i) said masked version of said initial seed includes an XOR of said initial seed with said user'"'"'s access code; and
      
      (ii) said processing of said derived seed in accordance with said seed-access code relationship includes XORing said masked version of said initial seed with said derived seed.
  - 13. The wallet of claim 12 further comprising program code for updating an user'"'"'s old access code with a user'"'"'s new access code by replacing said stored masked version of said initial seed with its value XORed with said user'"'"'s old access code XORed with said user'"'"'s new access code.
  - 14. The wallet of claim 1 where:
    - (i) said seed-access code relationship includes a truncated version of said initial seed capable of being concatenated with said input access code to form said derived seed; and
      
      (ii) said processing of said derived seed in accordance with said seed-access code relationship includes concatenating said truncated version of said initial seed with said input access code.
  - 15. The wallet of claim 1 where:
    - (i) said seed-access code relationship includes values of, and associations between, a plurality of possible values of said input access code and a corresponding plurality of possible values of said derived seed; and
      
      (ii) said processing of said derived seed in accordance with said seed-access code relationship includes looking up and outputting said possible value of said derived seed corresponding to said input access code.
  - 16. The wallet of claim 15 where:
    - (1) said seed derivation module is merged with said data generation module;
      
      (2) said output datum includes said derived seed.
  - 17. The wallet of claim 1 configured to be remotely accessible to a roaming user across a network.

18. A computer-implemented method for securely storing and reproducing a confidential datum for said user, comprising:
- (a) receiving an input access code;
  
  (b) deriving a seed usable to generate at least a portion of said confidential datum by using said received input access code;
  
  (c) obtaining a representation of a seed-access code relationship;
  
  (d) digitally processing said derived seed(i) in accordance with said seed-access code relationship,(ii) by executing a predetermined data generation protocol that was previously used by a seed-based initialization of said confidential datum of said user,(iii) thereby producing an output datum reproducing at least a portion of said user'"'"'s confidential datum when said input access code equals said user'"'"'s access code, wherein the output datum is a function of the input access code and comprises an appearance; and
  
  (e) said generation of said output datum occurring without dependence on any storage of any form of said at least a portion of said confidential datum,(f) wherein for at least one input access code not equaling said user'"'"'s access code, generating an invalid output datum having said appearance of said user'"'"'s confidential datum.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The method of claim 18 where said access code is a PIN, and said confidential datum includes an asymmetric cryptographic key.
  - 20. The method of claim 18 where said seed-access code relationship is a identity relationship, so that said derived seed equals said input access code.
  - 21. The method of claim 18 where said seed-access code relationship represents said derived seed as a padded version of said input access code.
  - 22. The method of claim 18 where said seed-access code relationship includes a version of said initial seed masked by user'"'"'s access code.
  - 23. The method of claim 22 where:
    - (i) said masked version of said initial seed includes an XOR of said initial seed with said user'"'"'s access code; and
      
      (ii) said processing of said derived seed in accordance with said seed-access code relationship includes XORing said masked version of said initial seed with said derived seed.
  - 24. The method of claim 18 where:
    - (i) said seed-access code relationship includes a truncated version of said initial seed capable of being concatenated with said input access code to form said derived seed; and
      
      (ii) said processing of said derived seed in accordance with said seed-access code relationship includes concatenating said truncated version of said initial seed with said input access code.
  - 25. The method of claim 18 where:
    - (i) said seed-access code relationship includes values of, and associations between, a plurality of possible values of said input access code and a corresponding plurality of possible values of said derived seed; and
      
      (ii) said processing of said derived seed in accordance with said seed-access code relationship includes looking up and outputting said possible value of said derived seed corresponding to said input access code.
  - 26. The method of claim 25 where:
    - (1) said deriving said seed and said executing said predetermined data generation protocol are merged into a common operation; and
      
      (2) said output datum includes said derived seed.

27. A computer-readable medium having stored thereon a program executable on a computer to securely store and reproduce a confidential datum for said user, the program comprising computer logic instructions for:
- (a) receiving an input access code;
  
  (b) deriving a seed usable to generate at least a portion of said confidential datum by using said received input access code;
  
  (c) obtaining a representation of a seed-access code relationship;
  
  (d) digitally processing said derived seed(i) in accordance with said seed-access code relationship,(ii) by executing a predetermined data generation protocol that was previously used by a seed-based initialization of said at least a portion of said confidential datum of said user,(iii) thereby producing an output datum reproducing said at least a portion of said user'"'"'s confidential datum if said input access code equals said user'"'"'s access code, wherein the output datum is a function of said input access code and comprises an appearance; and
  
  (e) said generation of said output datum occurring without dependence on any storage of any form of said at least a portion of said confidential datum,(f) wherein for at least one input access code not equaling said user'"'"'s access code, generating an invalid output datum having said appearance of said user'"'"'s confidential datum.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
- - 28. The computer-readable medium of claim 27 where said access code is a PIN, said confidential datum includes an asymmetric cryptographic key.
  - 29. The computer-readable medium of claim 27 where said seed-access code relationship is a identity relationship, so that said derived seed equals said input access code.
  - 30. The computer-readable medium of claim 27 where said seed-access code relationship represents said derived seed as a padded version of said input access code.
  - 31. The computer-readable medium of claim 27 where said seed-access code relationship includes a version of said initial seed masked by user'"'"'s access code.
  - 32. The computer-readable medium of claim 31 where:
    - (i) said masked version of said initial seed includes an XOR of said initial seed with said user'"'"'s access code; and
      
      (ii) said processing of said derived seed in accordance with said seed-access code relationship includes XORing said masked version of said initial seed with said derived seed.
  - 33. The computer-readable medium of claim 27 where:
    - (i) said seed-access code relationship includes a truncated version of said initial seed capable of being concatenated with said input access code to form said derived seed; and
      
      (ii) said processing of said derived seed in accordance with said seed-access code relationship includes concatenating said truncated version of said initial seed with said input access code.
  - 34. The computer-readable medium of claim 27 where:
    - (i) said seed-access code relationship includes values of, and associations between, a plurality of possible values of said input access code and a corresponding plurality of possible values of said derived seed; and
      
      (ii) said processing of said derived seed in accordance with said seed-access code relationship includes looking up and outputting said possible value of said derived seed corresponding to said input access code.
  - 35. The computer-readable medium of claim 34 where:
    - (1) said deriving said seed and said executing said predetermined data generation protocol are merged into a common operation; and
      
      (2) said output datum includes said derived seed.

36. A method for camouflaging a user'"'"'s generation-camouflaged access-controlled datum under said user'"'"'s access code, comprising:
- (a) initializing a user'"'"'s access-controlled datum by using a generation protocol in accordance with a generation indicia;
  
  (b) storing in a memory in a digital wallet a predetermined relationship between said generation indicia and said user'"'"'s access code;
  
  (c) camouflaging at least a portion of said access-controlled datum(i) such as to be reproducible by an authorized user thereof but non-reproducible by an unauthorized user thereof(ii) said camouflaging including storing said predetermined relationship between said generation indicia and said user'"'"'s access code;
  
  (iii) thereby allowing subsequent accessing of said at least a portion of said access-controlled datum via computer-based processing of an inputted access code, in accordance with said stored generation indicia-access code relationship wherein said access-controlled datum comprises an appearance;
  
  (iv) without dependence on any storage of any form of said at least a portion of said access-controlled datum;
  
  (v) wherein for at least one inputted access code not equaling said user'"'"'s access code, generating an output datum that has said appearance of said access-controlled datum, wherein the output datum is a function of said input access code; and
  
  (d) providing said digital wallet to said user.

37. A method for camouflaging a user'"'"'s generation-camouflaged access-controlled datum under said user'"'"'s access code, comprising:
- (a) initializing a user'"'"'s access-controlled datum by using a generation protocol in accordance with a generation indicia;
  
  (b) generation-camouflaging at least a portion of said access-controlled datum such as to be reproducible by an authorized user thereof but non-reproducible by an unauthorized user thereof, wherein said access-controlled datum comprises an appearance, wherein when an incorrect datum is entered reproducing an invalid generation-camouflaged datum comprising said appearance of the user'"'"'s access-controlled datum, wherein said output datum is a function of the input access code;
  
  (c) storing said generation-camouflaged at least a portion of said access-controlled datum in a digital wallet; and
  
  (d) providing said digital wallet to said user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Arcot Systems, Inc. (Broadcom, Inc.)
Inventors
Hird, Geoffrey R.
Primary Examiner(s)
Truong; T. B.
Assistant Examiner(s)
Klimach; Paula W

Application Number

US09/874,795
Publication Number

US 20020141575A1
Time in Patent Office

2,436 Days
Field of Search

380/283, 380/46, 380/44, 713/202, 713183-185, 235/379, 235/380, 235381-3825, 726/10, 726/20
US Class Current

713/183
CPC Class Codes

G06F 21/62   Protecting access to data v...

H04L 2209/046   of operations, operands or ...

H04L 2209/20   Manipulating the length of ...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0869   involving random numbers or...

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

Method and apparatus for secure cryptographic key generation, certification and use

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for secure cryptographic key generation, certification and use

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links