Techniques for carrying out seed or key derivation

US 8,059,814 B1
Filed: 09/28/2007
Issued: 11/15/2011
Est. Priority Date: 09/28/2007
Status: Active Grant

First Claim

Patent Images

1. In an electronic apparatus, a method of carrying out key derivation, comprising:

acquiring, by the electronic apparatus, a stored representation of a derived key, the stored representation of the derived key resulting from an earlier-performed cryptographic operation based on a higher-level key;

performing a current cryptographic operation based on a stored representation of the higher-level key, the current cryptographic operation resulting in a current representation of the derived key;

providing a corruption detection signal indicating whether the current representation of the derived key matches the stored representation of the derived key; and

in response to the corruption detection signal indicating that the current representation of the derived key does not match the stored representation of the derived key, (i) deriving a current representation of the higher-level key and (ii) providing a signal indicating whether the current representation of the higher-level key matches the stored representation of the higher-level key.

View all claims

23 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique carries out seed (or key) derivation within an electronic apparatus (e.g., a hand holdable electronic apparatus such as a token, an authentication server, etc.). The technique involves acquiring a stored representation of a derived seed, the stored representation of the derived seed resulting from an earlier-performed cryptographic operation based on a higher-level seed. The technique further involves (i) performing a current cryptographic operation based on a stored representation of the higher-level seed, the current cryptographic operation resulting in a current representation of the derived seed, and (ii) providing a corruption detection signal indicating whether the current representation of the derived seed matches the stored representation of the derived seed.

Citations

18 Claims

1. In an electronic apparatus, a method of carrying out key derivation, comprising:
- acquiring, by the electronic apparatus, a stored representation of a derived key, the stored representation of the derived key resulting from an earlier-performed cryptographic operation based on a higher-level key;
  
  performing a current cryptographic operation based on a stored representation of the higher-level key, the current cryptographic operation resulting in a current representation of the derived key;
  
  providing a corruption detection signal indicating whether the current representation of the derived key matches the stored representation of the derived key; and
  
  in response to the corruption detection signal indicating that the current representation of the derived key does not match the stored representation of the derived key, (i) deriving a current representation of the higher-level key and (ii) providing a signal indicating whether the current representation of the higher-level key matches the stored representation of the higher-level key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 12, 13, 14, 15, 18)
- - 2. A method as in claim 1, further comprising:
    - in response to the corruption detection signal indicating that the current representation of the derived key matches the stored representation of the derived key, deriving a new key based on the stored representation of the higher-level key.
  - 3. A method as in claim 2 wherein the electronic apparatus is arranged to supply a nonce parameter whose value changes over time;
    - wherein the earlier-performed cryptographic operation inputted, as the nonce parameter, a particular value; and
      
      wherein performing the current cryptographic operation includes inputting the particular value to generate the current representation of the derived key.
  - 4. A method as in claim 3 wherein deriving the new key includes:
    - performing a new cryptographic operation which inputs, as the nonce parameter, a new value which is different than the particular value.
  - 5. A method as in claim 4, further comprising:
    - updating the nonce parameter to change its value at regular intervals over time, the delta between the particular value and the new value being a predetermined amount.
  - 6. A method as in claim 1 wherein the stored representation of the higher-level key results from a prior-performed cryptographic operation based on a next-higher-level key;
    - and wherein deriving the current representation of the higher-level key includes;
      
      performing a present cryptographic operation based on a stored representation of the next-higher-level key, the present cryptographic operation resulting in the current representation of the higher-level key.
  - 7. A method as in claim 6, further comprising:
    - in response to the signal indicating that the current representation of the higher-level key matches the stored representation of the higher-level key, deriving a new key based on the higher-level key.
  - 8. A method as in claim 6, further comprising:
    - in response to the signal indicating that the current representation of the higher-level key does not match the stored representation of the higher-level key, (i) deriving a current representation of the next-higher-level key and (ii) providing a signal indicating whether the current representation of the next-higher-level key matches the stored representation of the next-higher-level key.
  - 12. A method as in claim 1, further comprising:
    - selecting, as a current representation of a master key, a predominant value among master key values stored in separate master key storage locations of a memory of the electronic apparatus.
  - 13. A method as in claim 12 wherein selecting the predominant value among the master key values includes:
    - in response to the corruption detection signal indicating that the current representation of the derived key does not match the stored representation of the derived key, (i) reading the master key values from the memory of the electronic apparatus, and (ii) choosing, as the predominant value, the master key value which occurs most often among the master key values.
  - 14. A method as in claim 13 wherein choosing the master key value includes:
    - polling at least three master key values read from the memory of the electronic apparatus.
  - 15. A method as in claim 14 wherein the memory of the electronic apparatus includes static random access memory (SRAM);
    - and wherein reading the master key values from the memory includes;
      
      loading the master key values from the SRAM, the master key values having been stored in the SRAM prior to acquiring, performing and providing.
  - 18. A method as in claim 1 wherein the electronic apparatus is a hardware authenticator, the hardware authenticator including an electronic controller, memory coupled to the electronic controller, and a hand holdable casing having a set of peripheral walls which defines an internal space, the electronic controller and the memory being disposed within the internal space;
    - andwherein the method further comprises;
      
      after acquiring, performing, and providing are accomplished by the electronic controller in combination with the memory while the electronic controller and the memory reside within the internal space defined by the casing to enable, providing a password to authenticate the hardware authenticator with an authentication server, the password being based, at least in part, on the higher-level key.

9. In an electronic apparatus, a method of carrying out key derivation, comprising:
- acquiring, by the electronic apparatus, a stored representation of a derived key, the stored representation of the derived key resulting from an earlier-performed cryptographic operation based on a higher-level key;
  
  performing a current cryptographic operation based on a stored representation of the higher-level key, the current cryptographic operation resulting in a current representation of the derived key;
  
  providing a corruption detection signal indicating whether the current representation of the derived key matches the stored representation of the derived key;
  
  in response to the corruption detection signal indicating that the current representation of the derived key matches the stored representation of the derived key, deriving a new key based on the stored representation of the higher-level key; and
  
  in response to the corruption detection signal indicating that the current representation of the derived key does not match the stored representation of the derived key, determining whether the stored representation of the higher-level key is corrupted and, if so, replacing the stored representation of the higher-level key with a current representation of the higher-level key prior to deriving the new key based on the higher-level key.
- View Dependent Claims (10, 11)
- - 10. A method as in claim 9 wherein the electronic apparatus is a portable token device having an output;
    - and wherein the method further comprises;
      
      outputting, on the output of the portable token device, an authentication code based on the new key to enable a user to remotely authenticate to an authentication server.
  - 11. A method as in claim 9 wherein the electronic apparatus is an authentication server;
    - and wherein the method further comprises;
      
      using the new key to authenticate an authentication code outputted by a portable token device attempting to remotely authenticate to the authentication server.

16. A hardware authenticator, comprising:
- an electronic controller;
  
  memory coupled to the electronic controller; and
  
  a hand holdable casing having a set of peripheral walls which defines an internal space, the electronic controller and the memory being disposed within the internal space;
  
  the electronic controller being arranged to;
  
  acquire a stored representation of a derived key from the memory, the stored representation of the derived key resulting from an earlier-performed cryptographic operation based on a higher-level key;
  
  perform a current cryptographic operation based on a stored representation of the higher-level key, the current cryptographic operation resulting in a current representation of the derived key; and
  
  provide a corruption detection signal indicating whether the current representation of the derived key matches the stored representation of the derived key;
  
  wherein, in response to the corruption detection signal indicating that the current representation of the derived key matches the stored representation of the derived key, the electronic controller is arranged to derive a new key based on the stored representation of the higher-level key; and
  
  wherein, in response to the corruption detection signal indicating that the current representation of the derived key does not match the stored representation of the derived key, the electronic controller is arranged to determine whether the stored representation of the higher-level key is corrupted and, if so, replace the stored representation of the higher-level key with a current representation of the higher-level key prior to deriving the new key based on the higher-level key.

17. An authentication server to perform authentication, comprising:
- a network interface;
  
  memory; and
  
  a processing circuit coupled to the network interface and the memory, the processing circuit being arranged to;
  
  acquire a stored representation of a derived key from the memory, the stored representation of the derived key resulting from an earlier-performed cryptographic operation based on a higher-level key,perform a current cryptographic operation based on a stored representation of the higher-level key, the current cryptographic operation resulting in a current representation of the derived key,provide a corruption detection signal indicating whether the current representation of the derived key matches the stored representation of the derived key, andusing the derived key, respond to an authentication request received from a hardware authenticator through the network interface, the authentication request attempting to authenticate with the authentication server;
  
  wherein, in response to the corruption detection signal indicating that the current representation of the derived key matches the stored representation of the derived key, the processing circuit is arranged to derive a new key based on the stored representation of the higher-level key; and
  
  wherein, in response to the corruption detection signal indicating that the current representation of the derived key does not match the stored representation of the derived key, the processing circuit is arranged to determine whether the stored representation of the higher-level key is corrupted and, if so, replace the stored representation of the higher-level key with a current representation of the higher-level key prior to deriving the new key based on the higher-level key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RSA Security LLC (Symphony Technology Group LLC)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Duane, William M.
Primary Examiner(s)
Shiferaw; Eleni
Assistant Examiner(s)
Branske; Hilary

Application Number

US11/864,001
Time in Patent Office

1,509 Days
Field of Search

380/44, 380/45, 380/281, 380/284, 380/286, 713/166
US Class Current

380/45
CPC Class Codes

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 9/0869   involving random numbers or...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3234   involving additional secure...

H04L 9/50   using hash chains, e.g. blo...

Techniques for carrying out seed or key derivation

First Claim

23 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for carrying out seed or key derivation

First Claim

23 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links