Secure seed generation protocol
First Claim
1. A method for secure generation of a seed for use in performing one or more cryptographic operations, the method comprising the steps of:
- a seed generation server providing a first string to a seed generation client;
the seed generation client generating a second string responsive to receipt of the first string, encrypting the second string utilizing a key, and sending the encrypted second string to the seed generation server;
the seed generation client generating the seed as a function of at least the first string and the second string; and
the seed generation server decrypting the encrypted second string and independently generating the seed as a function of at least the first string and the second string;
wherein the seed generation server sends an authentication code to the seed generation client, the authentication code proving knowledge of the generated seed and instructing the seed generation client to store the generated seed; and
wherein the authentication code is cryptographically derived from a secret key shared by the seed generation client and the seed generation server.
14 Assignments
0 Petitions
Accused Products
Abstract
Techniques for secure generation of a seed for use in performing one or more cryptographic operations, utilizing a seed generation protocol carried out by a seed generation client (110c) and a seed generation server (110s). The seed generation server (110s) provides a first string to the seed generation client (110c). The seed generation client (110c) generates a second string, encrypts the second string utilizing a key (216), and sends the encrypted second string to the seed generation server (110s). The seed generation client (110c) generates the seed as a function of at least the first string and the second string. The seed generation server (110s) decrypts the encrypted second string (222) and independently generates the seed as a function of at least the first string and the second string.
35 Citations
40 Claims
-
1. A method for secure generation of a seed for use in performing one or more cryptographic operations, the method comprising the steps of:
-
a seed generation server providing a first string to a seed generation client; the seed generation client generating a second string responsive to receipt of the first string, encrypting the second string utilizing a key, and sending the encrypted second string to the seed generation server; the seed generation client generating the seed as a function of at least the first string and the second string; and the seed generation server decrypting the encrypted second string and independently generating the seed as a function of at least the first string and the second string; wherein the seed generation server sends an authentication code to the seed generation client, the authentication code proving knowledge of the generated seed and instructing the seed generation client to store the generated seed; and wherein the authentication code is cryptographically derived from a secret key shared by the seed generation client and the seed generation server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for secure generation of a seed for use in performing one or more cryptographic operations, the method comprising the steps of:
-
a seed generation server providing a first string to a seed generation client; the seed generation client generating a second string responsive to receipt of the first string, encrypting the second string utilizing a key, and sending the encrypted second string to the seed generation server; the seed generation client generating the seed as a function of at least the first string and the second string; and the seed generation server decrypting the encrypted second string and independently generating the seed as a function of at least the first string and the second string; wherein the second string comprises a combination of at least two component strings, including at least a first component generated in the seed generation client by interaction with the seed generation server and a second component previously stored in the seed generation client.
-
-
26. A method for secure generation of a seed for use in performing one or more cryptographic operations, the method comprising the steps of:
-
a seed generation server providing a first string to a seed generation client; the seed generation client generating a second string responsive to receipt of the first string, encrypting the second string utilizing a key, and sending the encrypted second string to the seed generation server; the seed generation client generating the seed as a function of at least the first string and the second string; and the seed generation server decrypting the encrypted second string and independently generating the seed as a function of at least the first string and the second string; wherein the seed is generated by repeatedly applying a cryptographic algorithm to successive portions of an additional string generated utilizing the first string, the second string and the key. - View Dependent Claims (27, 28, 29, 30, 31, 32)
-
-
33. An apparatus for secure generation of a seed for use in performing one or more cryptographic operations, the apparatus comprising:
-
a processing device comprising a processor coupled to a memory, the processing device implementing at least one of a seed generation client and a seed generation server; wherein the seed generation server provides a first string to the seed generation client; the seed generation client generates a second string responsive to receipt of the first string, encrypts the second string utilizing a key, and sends the encrypted second string to the seed generation server; the seed generation client generates the seed as a function of at least the first string and the second string; and the seed generation server decrypts the encrypted second string and independently generates the seed as a function of at least the first string and the second string; wherein the seed generation server sends an authentication code to the seed generation client, the authentication code proving knowledge of the generated seed and instructing the seed generation client to store the generated seed; and wherein the authentication code is cryptographically derived from a secret key shared by the seed generation client and the seed generation server.
-
-
34. A non-transitory machine-readable storage medium containing one or more software programs for secure generation of a seed for use in performing one or more cryptographic operations, wherein the one or more software programs when executed by a processing device implement at least one of a seed generation client and seed generation server;
-
wherein the seed generation server provides a first string to the seed generation client; the seed generation client generates a second string responsive to receipt of the first string, encrypts the second string utilizing a key, and sends the encrypted second string to the seed generation server; the seed generation client generates the seed as a function of at least the first string and the second string; and the seed generation server decrypts the encrypted second string and independently generates the seed as a function of at least the first string and the second string; wherein the seed generation server sends an authentication code to the seed generation client, the authentication code proving knowledge of the generated seed and instructing the seed generation client to store the generated seed; and wherein the authentication code is cryptographically derived from a secret key shared by the seed generation client and the seed generation server.
-
-
35. A method for secure generation of a seed for use in performing one or more cryptographic operations, the method being implemented in a seed generation client, the method comprising the steps of:
-
receiving a first string from a seed generation server; generating a second string responsive to receipt of the first string, encrypting the second string utilizing a key, and sending the encrypted second string to the seed generation server; and generating the seed as a function of at least the first string and the second string; wherein the first string and the second string are configured so as to permit the seed generation server to independently generate the seed as a function of at least the first string and the second string; wherein the seed generation client receives an authentication code from the seed generation server, the authentication code proving knowledge of the generated seed and instructing the seed generation client to store the generated seed; and wherein the authentication code is cryptographically derived from a secret key shared by the seed generation client and the seed generation server. - View Dependent Claims (36)
-
-
37. An apparatus for secure generation of a seed for use in performing one or more cryptographic operations, the apparatus comprising:
-
a processing device comprising a processor coupled to a memory, the processing device implementing a seed generation client; the seed generation client being configured;
(i) to receive a first string from a seed generation server;
(ii) to generate a second string responsive to receipt of the first string, to encrypt the second string utilizing a key, and to send the encrypted second string to the seed generation server; and
(iii) to generate the seed as a function of at least the first string and the second string;wherein the first string and the second string are configured so as to permit the seed generation server to independently generate the seed as a function of at least the first string and the second string; wherein the seed generation client receives an authentication code from the seed generation server, the authentication code proving knowledge of the generated seed and instructing the seed generation client to store the generated seed; and wherein the authentication code is cryptographically derived from a secret key shared by the seed generation client and the seed generation server.
-
-
38. A method for secure generation of a seed for use in performing one or more cryptographic operations, the method being implemented in a seed generation server, the method comprising the steps of:
-
providing a first string to a seed generation client; receiving from the seed generation client a second string generated responsive to receipt of the first string and encrypted utilizing a key; decrypting the encrypted second string; and generating the seed as a function of at least the first string and the second string; wherein the first string and the second string are configured so as to permit the seed generation client to independently generate the seed as a function of at least the first string and the second string; wherein the seed generation server sends an authentication code to the seed generation client, the authentication code proving knowledge of the generated seed and instructing the seed generation client to store the generated seed; and wherein the authentication code is cryptographically derived from a secret key shared by the seed generation client and the seed generation server. - View Dependent Claims (39)
-
-
40. An apparatus for secure generation of a seed for use in performing one or more cryptographic operations, the apparatus comprising:
-
a processing device comprising a processor coupled to a memory, the processing device implementing a seed generation server; the seed generation server being configured;
(i) to provide a first string to a seed generation client;
(ii) to receive from the seed generation client a second string generated responsive to receipt of the first string and encrypted utilizing a key;
(iii) to decrypt the encrypted second string; and
(iv) to generate the seed as a function of at least the first string and the second string;wherein the first string and the second string are configured so as to permit the seed generation client to independently generate the seed as a function of at least the first string and the second string; wherein the seed generation server sends an authentication code to the seed generation client, the authentication code proving knowledge of the generated seed and instructing the seed generation client to store the generated seed; and wherein the authentication code is cryptographically derived from a secret key shared by the seed generation client and the seed generation server.
-
Specification