Key derivation functions to enhance security
First Claim
Patent Images
1. An apparatus comprising:
- an input port to receive a master key;
an implementation of a universal hash algorithm;
an implementation of a secure hash algorithm;
means for generating a derivative key from said master key using the implementation of said universal hash algorithm and said secure hash algorithm; and
an output port to output said derivative key.
3 Assignments
0 Petitions
Accused Products
Abstract
Key derivation algorithms are disclosed. In one key derivation application, a segment of the master key is hashed. Two numbers of derived from another segment of the master key. A universal hash function, using the two numbers, is applied to the result of the hash, from which bits are selected as the derived key. In another embodiment, an encoded counter is combined with segments of the master key. The result is then hashed, from which bits are selected as the derived key.
-
Citations
79 Claims
-
1. An apparatus comprising:
-
an input port to receive a master key; an implementation of a universal hash algorithm; an implementation of a secure hash algorithm; means for generating a derivative key from said master key using the implementation of said universal hash algorithm and said secure hash algorithm; and an output port to output said derivative key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus comprising:
-
an input port to receive a master key; a first calculator to implement a universal hash algorithm; a second calculator to implement a secure hash algorithm; a key deriver to generate a derivative key from said master key using the first calculator and the second calculator; and an output port to output said derivative key. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus, comprising:
-
an input port to receive a master key; a divider to divide said master key into a first segment and a second segment; a concatenator to concatenate said first segment and a counter to produce a modified first segment; a hasher to securely hash said modified first segment into a hash value; a determiner to determine a first number and a second number from said second segment; a calculator including an implementation of an arithmetic formula to compute a result using said hash value, said first number, and said second number; and a bit selector to select a set of bits from said result as a derivative key. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A data security device, comprising:
-
a key deriver, including; an input port to receive a master key; a divider to divide said master key into a first segment and a second segment; a concatenator to concatenate said first segment and a counter to produce a modified first segment; a hasher to securely hash said modified first segment into a hash value; a determiner to determine a first number and a second number from said second segment modulo a modulus; a calculator including an implementation of an arithmetic formula to compute a result using said hash value, said first number, and said second number; and a bit selector to select a set of bits from said result as a derivative key; and an encrypter to encrypt data using said derivative key. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A method for performing key derivation, comprising:
-
securely hashing a master key using a processor to produce a hash value; determining a first number and a second number from the master key; computing a universal hash function of the hash value, the first number, and the second number to produce a result; and selecting a derivative key from bits in the result. - View Dependent Claims (28, 29, 30, 31, 32, 33)
-
-
34. A method for encrypting data using a derivative key, comprising:
-
generating the derivative key, including; dividing the master key into a first segment and a second segment; securely hashing the first segment using a processor to produce a hash value; determining a first number and a second number from the second segment; computing a product of the first number and the hash value; computing a sum of the product and the second number; computing a result as the sum modulo a modulus; and selecting the derivative key from bits in the result; and encrypting data using the derivative key. - View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
-
47. An apparatus, comprising:
-
an input port to receive a master key; a combiner to combine said master key and a value to produce a modified master key; a hasher to hash said modified master key into a hash value; and a bit selector to select a set of bits from said hash value as a derivative key. - View Dependent Claims (48, 49, 50, 51, 52, 76)
-
-
53. A data security device, comprising:
-
a key deriver, including; an input port to receive a master key; a divider to divide said master key into a first segment and a second segment; a repeater to repeat a value to form an encoded value as a longer bit pattern; an implementation of a first bitwise binary function operative on said first segment and said encoded value to produce a first result; an implementation of a second bitwise binary function operative on said second segment and said encoded value to produce a second result; a combiner to combine said first result, said second result, and said encoded value to produce said modified master key; a hasher to hash said modified master key into a hash value; and a bit selector to select a set of bits from said result as a derivative key; and an encrypter to encrypt data using said derivative key. - View Dependent Claims (54, 55, 56, 77)
-
-
57. A method for performing key derivation, comprising:
-
combining a master key with a value to produce a modified master key; hashing the modified master key using a processor to produce a hash value; and selecting a derivative key from bits in the hash value. - View Dependent Claims (58, 59, 60, 61, 62, 78)
-
-
63. A method for encrypting a derivative key, comprising:
-
combining a master key with a value to produce a modified master key; hashing the modified master key using a processor to produce a hash value; selecting a derivative key from bits in the hash value; and encrypting data using the derivative key. - View Dependent Claims (64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 79)
-
Specification