Key derivation functions to enhance security
First Claim
Patent Images
1. An apparatus comprising:
- an input port to receive a master key;
an implementation of a universal hash algorithm, including;
a divider to divide said master key into a first segment and a second segment;
a repeater to repeat said counter to form an encoded counter as a longer bit pattern;
an implementation of a first bitwise binary function operative on said first segment and said encoded counter to produce a first result;
an implementation of a second bitwise binary function operative on said second segment and said encoded counter to produce a second result; and
a combiner to combine said first result, said second result, and said encoded counter to produce said result;
an implementation of a secure hash algorithm;
means for generating a derivative key from said master key using the implementation of said universal hash algorithm and said secure hash algorithm; and
an output port to output said derivative key.
3 Assignments
0 Petitions
Accused Products
Abstract
Key derivation algorithms are disclosed. In one key derivation application, a segment of the master key is hashed. Two numbers of derived from another segment of the master key. A universal hash function, using the two numbers, is applied to the result of the hash, from which bits are selected as the derived key. In another embodiment, an encoded counter is combined with segments of the master key. The result is then hashed, from which bits are selected as the derived key.
64 Citations
69 Claims
-
1. An apparatus comprising:
-
an input port to receive a master key; an implementation of a universal hash algorithm, including; a divider to divide said master key into a first segment and a second segment; a repeater to repeat said counter to form an encoded counter as a longer bit pattern; an implementation of a first bitwise binary function operative on said first segment and said encoded counter to produce a first result; an implementation of a second bitwise binary function operative on said second segment and said encoded counter to produce a second result; and a combiner to combine said first result, said second result, and said encoded counter to produce said result; an implementation of a secure hash algorithm; means for generating a derivative key from said master key using the implementation of said universal hash algorithm and said secure hash algorithm; and an output port to output said derivative key. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus comprising:
-
an input port to receive a master key; a first calculator to implement a universal hash algorithm; a second calculator to implement a secure hash algorithm; a key denver to generate a derivative key from said master key using the first calculator and the second calculator, including; a divider to divide said master key into a first segment and a second segment; a repeater to repeat said counter to form an encoded counter as a longer bit pattern; a third calculator to implement a first bitwise binary function operative on said first segment and said encoded counter to produce a first result; a fourth calculator to implement a second bitwise binary function operative on said second segment and said encoded counter to produce a second result; and a combiner to combine said first result, said second result, and said encoded counter to produce said result; and an output port to output said derivative key. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. An apparatus, comprising:
-
an input port to receive a master key; a divider to divide said master key into a first segment and a second segment; a concatenates to concatenate said first segment and a counter to produce a modified first segment; a hasher to hash said modified first segment into a hash value; a determiner to determine a first number and a second number from said second segment; a calculator including an implementation of an arithmetic formula to compute a result using said hash value, said first number, and said second number; and a bit selector to select a set of bits from said result as a derivative key, said derivative key thereby calculated using a secure hash and a universal hash. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A data security device, comprising:
-
a key denver, including; an input port to receive a master key; a divider to divide said master key into a first segment and a second segment; a concatenator to concatenate said first segment and a counter to produce a modified first segment; a hasher to hash said modified first segment into a hash value; a determiner to determine a first number and a second number from said second segment modulo a modulus; a calculator including an implementation of an arithmetic formula to compute a result using said hash value, said first number, and said second number; and a bit selector to select a set of bits from said result as a derivative key; and an encrypted to encrypt data using said derivative key, said derivative key thereby calculated using a secure hash and a universal hash. - View Dependent Claims (19, 20, 21, 22, 23)
-
-
24. A method for performing key derivation, comprising:
-
dividing a master key into a first segment and a second segment; hashing the first segment to produce a hash value; determining a first number and a second number from the second segment; computing a universal hash function of the hash value, the first number, and the second number to produce a result; and selecting a derivative key from bits in the result. - View Dependent Claims (25, 26, 27, 28, 29)
-
-
30. A method for encrypting data using a derivative key, comprising:
-
generating the derivative key, including; dividing the master key into a first segment and a second segment; hashing the first segment to produce a hash value; determining a first number and a second number from the second segment; computing a product of the first number and the hash value; computing a sum of the product and the second number; computing a result as the sum modulo a modulus; and selecting the derivative key from bits in the result; and encrypting data using the derivative key, the derivative key thereby calculated using a secure hash and a universal hash. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. An apparatus, comprising:
-
an input port to receive a master key; a repeater to repeat a value to form an encoded value as a longer bit pattern; a divider to divide said master key into a first segment and a second segment; a combiner to combine said master key and a said encoded value to produce a modified master key, including; an implementation of a first bitwise binary function operative on said first segment and said encoded value to produce a first result; an implementation of a second bitwise binary function operative on said second segment and said encoded value to produce a second result; and a combiner to combine said first result and said second result to produce said modified master key; a hasher to hash said modified master key into a hash value; and a bit selector to select a set of bits from said hash value as a derivative key, said derivative key thereby calculated using a secure hash and a universal hash. - View Dependent Claims (44, 45, 46)
-
-
47. A data security device, comprising:
-
a key denver, including; an input port to receive a master key; a divider to divide said master key into a first segment and a second segment; a repeater to repeat a value to form an encoded value as a longer bit pattern; an implementation of a first bitwise binary function operative on said first segment and said encoded value to produce a first result; an implementation of a second bitwise binary function operative on said second segment and said encoded value to produce a second result; a combiner to combine said first result, said second result, and said encoded value to produce said modified master key; a hasher to hash said modified master key into a hash value; and
a bit selector to select a set of bits from said result as a derivative key; andan encrypted to encrypt data using said derivative key, said derivative key thereby calculated using a secure hash and a universal hash. - View Dependent Claims (48, 49, 50, 51)
-
-
52. A method for performing key derivation, comprising:
-
combining a master key with a value to produce a modified master key, including; dividing the master key into a first segment and a second segment; combining the first segment with the value to produce a first result; combining the second segment with the value to produce a second result; and combining the first result and the second result to produce the modified master key; hashing the modified master key to produce a hash value; and selecting a derivative key from bits in the hash value, the derivative key thereby calculated using a secure hash and a universal hash. - View Dependent Claims (53, 54, 55, 56, 57)
-
-
58. A method for encrypting a derivative key, comprising:
-
dividing a master key into a first segment and a second segment, each of the first segment and the second segment including at least one bit; organizing the bits in the second segment into a number of groups, the number of groups equal to a number of bits in the first segment;
each group having a same number of bits;associating each of the groups with a bit in the first segment; applying a permutation function to at least one of the groups according to the associated bit in the first segment; constructing a transformed master key from the first segment and the permuted groups; combining a the transformed master key with a value to produce a modified master key; hashing the modified master key to produce a hash value; selecting a derivative key from bits in the hash value; and encrypting data using the derivative key, the derivative key thereby calculated using a secure hash and a universal hash. - View Dependent Claims (59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69)
-
Specification