Secure seed generation protocol

US 7,979,707 B2
Filed: 07/09/2004
Issued: 07/12/2011
Est. Priority Date: 07/10/2003
Status: Active Grant

First Claim

Patent Images

1. A method for secure generation of a seed for use in performing one or more cryptographic operations, the method comprising the steps of:

a seed generation server providing a first string to a seed generation client;

the seed generation client generating a second string responsive to receipt of the first string, encrypting the second string utilizing a key, and sending the encrypted second string to the seed generation server;

the seed generation client generating the seed as a function of at least the first string and the second string; and

the seed generation server decrypting the encrypted second string and independently generating the seed as a function of at least the first string and the second string;

wherein the seed generation server sends an authentication code to the seed generation client, the authentication code proving knowledge of the generated seed and instructing the seed generation client to store the generated seed; and

wherein the authentication code is cryptographically derived from a secret key shared by the seed generation client and the seed generation server.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for secure generation of a seed for use in performing one or more cryptographic operations, utilizing a seed generation protocol carried out by a seed generation client (110c) and a seed generation server (110s). The seed generation server (110s) provides a first string to the seed generation client (110c). The seed generation client (110c) generates a second string, encrypts the second string utilizing a key (216), and sends the encrypted second string to the seed generation server (110s). The seed generation client (110c) generates the seed as a function of at least the first string and the second string. The seed generation server (110s) decrypts the encrypted second string (222) and independently generates the seed as a function of at least the first string and the second string.

35 Citations

View as Search Results

40 Claims

1. A method for secure generation of a seed for use in performing one or more cryptographic operations, the method comprising the steps of:
- a seed generation server providing a first string to a seed generation client;
  
  the seed generation client generating a second string responsive to receipt of the first string, encrypting the second string utilizing a key, and sending the encrypted second string to the seed generation server;
  
  the seed generation client generating the seed as a function of at least the first string and the second string; and
  
  the seed generation server decrypting the encrypted second string and independently generating the seed as a function of at least the first string and the second string;
  
  wherein the seed generation server sends an authentication code to the seed generation client, the authentication code proving knowledge of the generated seed and instructing the seed generation client to store the generated seed; and
  
  wherein the authentication code is cryptographically derived from a secret key shared by the seed generation client and the seed generation server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The method of claim 1 wherein the seed comprises a symmetric key.
  - 3. The method of claim 1 wherein the seed is generated, by at least one of the seed generation client and the seed generation server, as a function of the second string, the first string, and identifying information associated with the seed generation server.
  - 4. The method of claim 3 wherein the identifying information associated with the seed generation server comprises a public key of the seed generation server.
  - 5. The method of claim 1 wherein the key utilized by the seed generation client to encrypt the second string comprises a public key of the seed generation server.
  - 6. The method of claim 1 wherein the key utilized by the seed generation client to encrypt the second string comprises the secret key shared by the seed generation client and the seed generation server.
  - 7. The method of claim 1 wherein the seed generation client comprises or is otherwise associated with an authentication token.
  - 8. The method of claim 1 wherein the seed generation server comprises or is otherwise associated with an authentication entity.
  - 9. The method of claim 1 wherein the seed generation server sends the generated seed to an authentication entity.
  - 10. The method of claim 9 wherein the seed generation server also sends user identifying information associated with the seed to the authentication entity.
  - 11. The method of claim 1 wherein the seed generation client is associated with a first processing device and the seed generation server is associated with a second processing device.
  - 12. The method of claim 1 wherein the seed generation client and the seed generation server communicate with one another through at least one intermediary processing device.
  - 13. The method of claim 1 wherein the seed generation server initiates the seed generation process responsive to receipt of a command.
  - 14. The method of claim 1 wherein the seed generation server initiates the seed generation process responsive to receipt of a request initiated by the seed generation client.
  - 15. The method of claim 14 wherein the seed generation client in response to initiation of the seed generation process by the seed generation server provides the seed generation server with information indicating one or more processing algorithms suitable for use in the seed generation process.
  - 16. The method of claim 15 wherein the seed generation server responsive to the information indicating one or more processing algorithms provides to the seed generation client additional information specifying one or more characteristics of the seed generation process.
  - 17. The method of claim 1 wherein the seed generation client stores the generated seed in an authentication token.
  - 18. The method of claim 1 wherein the seed generation server stores the generated seed in an authentication entity.
  - 19. The method of claim 1 wherein the generated seed is used to replace an existing seed known to both the seed generation client and the seed generation server.
  - 20. The method of claim 19 wherein the generated seed is used to replace an existing seed in an authentication token associated with the seed generation client and in an authentication entity associated with the seed generation server.
  - 21. The method of claim 20 wherein the authentication token replaces the existing seed with the generated seed after the receipt of a signal from the authentication entity.
  - 22. The method of claim 21 wherein the signal from the authentication entity comprises the authentication code.
  - 23. The method of claim 20 wherein the authentication entity replaces the existing seed with the generated seed after receipt of a signal from the authentication token.
  - 24. The method of claim 23 wherein the signal from the authentication token comprises the authentication code.

25. A method for secure generation of a seed for use in performing one or more cryptographic operations, the method comprising the steps of:
- a seed generation server providing a first string to a seed generation client;
  
  the seed generation client generating a second string responsive to receipt of the first string, encrypting the second string utilizing a key, and sending the encrypted second string to the seed generation server;
  
  the seed generation client generating the seed as a function of at least the first string and the second string; and
  
  the seed generation server decrypting the encrypted second string and independently generating the seed as a function of at least the first string and the second string;
  
  wherein the second string comprises a combination of at least two component strings, including at least a first component generated in the seed generation client by interaction with the seed generation server and a second component previously stored in the seed generation client.

26. A method for secure generation of a seed for use in performing one or more cryptographic operations, the method comprising the steps of:
- a seed generation server providing a first string to a seed generation client;
  
  the seed generation client generating a second string responsive to receipt of the first string, encrypting the second string utilizing a key, and sending the encrypted second string to the seed generation server;
  
  the seed generation client generating the seed as a function of at least the first string and the second string; and
  
  the seed generation server decrypting the encrypted second string and independently generating the seed as a function of at least the first string and the second string;
  
  wherein the seed is generated by repeatedly applying a cryptographic algorithm to successive portions of an additional string generated utilizing the first string, the second string and the key.
- View Dependent Claims (27, 28, 29, 30, 31, 32)
- - 27. The method of claim 26 wherein the additional string generated utilizing the first string, the second string and the key comprises a concatenation of the first string, the second string and the key.
  - 28. The method of claim 26 wherein the additional string comprises n portions C[1], C[2], . . . C[n], and the seed is generated by computing:
    - I[1]=Algorithm (C[1], C[2])
      I[2]=Algorithm (I[1], C[3])
      . . .
      I[n−
      
      1]=Algorithm (I[n−
      
      2], C[n])
      seed =I[n−
      
      1],where Algorithm (A, B) denotes application of the cryptographic algorithm to portion B of the string utilizing an algorithm parameter denoted by A.
  - 29. The method of claim 26 wherein the cryptographic algorithm comprises a one-way cryptographic operation.
  - 30. The method of claim 29 wherein the one-way cryptographic operation comprises a hash function.
  - 31. The method of claim 26 wherein the cryptographic algorithm comprises an encryption operation.
  - 32. The method of claim 31 wherein the encryption operation comprises the AES algorithm.

33. An apparatus for secure generation of a seed for use in performing one or more cryptographic operations, the apparatus comprising:
- a processing device comprising a processor coupled to a memory, the processing device implementing at least one of a seed generation client and a seed generation server;
  
  wherein the seed generation server provides a first string to the seed generation client;
  
  the seed generation client generates a second string responsive to receipt of the first string, encrypts the second string utilizing a key, and sends the encrypted second string to the seed generation server;
  
  the seed generation client generates the seed as a function of at least the first string and the second string; and
  
  the seed generation server decrypts the encrypted second string and independently generates the seed as a function of at least the first string and the second string;
  
  wherein the seed generation server sends an authentication code to the seed generation client, the authentication code proving knowledge of the generated seed and instructing the seed generation client to store the generated seed; and
  
  wherein the authentication code is cryptographically derived from a secret key shared by the seed generation client and the seed generation server.

34. A non-transitory machine-readable storage medium containing one or more software programs for secure generation of a seed for use in performing one or more cryptographic operations, wherein the one or more software programs when executed by a processing device implement at least one of a seed generation client and seed generation server;
- wherein the seed generation server provides a first string to the seed generation client;
  
  the seed generation client generates a second string responsive to receipt of the first string, encrypts the second string utilizing a key, and sends the encrypted second string to the seed generation server;
  
  the seed generation client generates the seed as a function of at least the first string and the second string; and
  
  the seed generation server decrypts the encrypted second string and independently generates the seed as a function of at least the first string and the second string;
  
  wherein the seed generation server sends an authentication code to the seed generation client, the authentication code proving knowledge of the generated seed and instructing the seed generation client to store the generated seed; and
  
  wherein the authentication code is cryptographically derived from a secret key shared by the seed generation client and the seed generation server.

35. A method for secure generation of a seed for use in performing one or more cryptographic operations, the method being implemented in a seed generation client, the method comprising the steps of:
- receiving a first string from a seed generation server;
  
  generating a second string responsive to receipt of the first string, encrypting the second string utilizing a key, and sending the encrypted second string to the seed generation server; and
  
  generating the seed as a function of at least the first string and the second string;
  
  wherein the first string and the second string are configured so as to permit the seed generation server to independently generate the seed as a function of at least the first string and the second string;
  
  wherein the seed generation client receives an authentication code from the seed generation server, the authentication code proving knowledge of the generated seed and instructing the seed generation client to store the generated seed; and
  
  wherein the authentication code is cryptographically derived from a secret key shared by the seed generation client and the seed generation server.
- View Dependent Claims (36)
- - 36. The method of claim 35, wherein the seed is generated by repeatedly applying a cryptographic algorithm to successive portions of an additional string generated utilizing the first string, the second string and the key.

37. An apparatus for secure generation of a seed for use in performing one or more cryptographic operations, the apparatus comprising:
- a processing device comprising a processor coupled to a memory, the processing device implementing a seed generation client;
  
  the seed generation client being configured;
  
  (i) to receive a first string from a seed generation server;
  
  (ii) to generate a second string responsive to receipt of the first string, to encrypt the second string utilizing a key, and to send the encrypted second string to the seed generation server; and
  
  (iii) to generate the seed as a function of at least the first string and the second string;
  
  wherein the first string and the second string are configured so as to permit the seed generation server to independently generate the seed as a function of at least the first string and the second string;
  
  wherein the seed generation client receives an authentication code from the seed generation server, the authentication code proving knowledge of the generated seed and instructing the seed generation client to store the generated seed; and
  
  wherein the authentication code is cryptographically derived from a secret key shared by the seed generation client and the seed generation server.

38. A method for secure generation of a seed for use in performing one or more cryptographic operations, the method being implemented in a seed generation server, the method comprising the steps of:
- providing a first string to a seed generation client;
  
  receiving from the seed generation client a second string generated responsive to receipt of the first string and encrypted utilizing a key;
  
  decrypting the encrypted second string; and
  
  generating the seed as a function of at least the first string and the second string;
  
  wherein the first string and the second string are configured so as to permit the seed generation client to independently generate the seed as a function of at least the first string and the second string;
  
  wherein the seed generation server sends an authentication code to the seed generation client, the authentication code proving knowledge of the generated seed and instructing the seed generation client to store the generated seed; and
  
  wherein the authentication code is cryptographically derived from a secret key shared by the seed generation client and the seed generation server.
- View Dependent Claims (39)
- - 39. The method of claim 38, wherein the seed is generated by repeatedly applying a cryptographic algorithm to successive portions of an additional string generated utilizing the first string, the second string and the key.

40. An apparatus for secure generation of a seed for use in performing one or more cryptographic operations, the apparatus comprising:
- a processing device comprising a processor coupled to a memory, the processing device implementing a seed generation server;
  
  the seed generation server being configured;
  
  (i) to provide a first string to a seed generation client;
  
  (ii) to receive from the seed generation client a second string generated responsive to receipt of the first string and encrypted utilizing a key;
  
  (iii) to decrypt the encrypted second string; and
  
  (iv) to generate the seed as a function of at least the first string and the second string;
  
  wherein the first string and the second string are configured so as to permit the seed generation client to independently generate the seed as a function of at least the first string and the second string;
  
  wherein the seed generation server sends an authentication code to the seed generation client, the authentication code proving knowledge of the generated seed and instructing the seed generation client to store the generated seed; and
  
  wherein the authentication code is cryptographically derived from a secret key shared by the seed generation client and the seed generation server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Nyström, Magnus, Röstin, Peter, Duane, William M.
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
HO, VIRGINIA T

Application Number

US10/549,542
Publication Number

US 20060177056A1
Time in Patent Office

2,559 Days
Field of Search

380/37, 380/42, 380 44- 47, 380259-260, 380262-263, 380/281, 380283-285, 380/278, 380/273, 726/14, 713/171, 713/168, 713/169
US Class Current

713/171
CPC Class Codes

H04L 2209/20   Manipulating the length of ...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 9/06   the encryption apparatus us...

H04L 9/0869   involving random numbers or...

H04L 9/3234   involving additional secure...

H04L 9/3242   involving keyed hash functi...

H04L 9/3271   using challenge-response

Secure seed generation protocol

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Secure seed generation protocol

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links