Methods and systems for entropy collection for server-side key generation
First Claim
Patent Images
1. A method comprising:
- receiving entropy bits from a plurality of remote sources of entropy;
receiving an identification number associated with a token;
combining, by a processor, the entropy bits to form a combined stream of bits, wherein a number of bits in the combined stream of bits is based on a profile associated with a subject private key;
generating a subject key pair based on the combined stream of bits wherein the subject key pair comprises a subject public key and the subject private key;
encrypting the subject private key with a session key;
forwarding the encrypted subject private key for delivery to the token;
deriving a key encryption key based on a server master key and the identification number;
generating the session key based on the plurality of sources of entropy; and
encrypting the session key with the key encryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for providing a multiple source entropy feed for a PRNG that is used to generate server-side encryption keys are disclosed. A data recovery manager may collect additional entropy sources that feed into the PRNG between each key generation. The entropy may be collected from a variety of sources, for example, high-resolution timer intervals between input/output interrupts, hard disk access operations, and the like. The number of bits of entropy collected may be configured for each key generation.
-
Citations
27 Claims
-
1. A method comprising:
-
receiving entropy bits from a plurality of remote sources of entropy; receiving an identification number associated with a token; combining, by a processor, the entropy bits to form a combined stream of bits, wherein a number of bits in the combined stream of bits is based on a profile associated with a subject private key; generating a subject key pair based on the combined stream of bits wherein the subject key pair comprises a subject public key and the subject private key; encrypting the subject private key with a session key; forwarding the encrypted subject private key for delivery to the token; deriving a key encryption key based on a server master key and the identification number; generating the session key based on the plurality of sources of entropy; and encrypting the session key with the key encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
a security server device to interface with a security client, wherein the security server device is further to receive entropy bits from a plurality of remote sources of entropy;
receive an identification number associated with a token;
combine the entropy bits to form a combined stream of bits, wherein a number of bits in the combined stream of bits is based on a profile associated with a subject private key;
generate a subject key pair within the security server device based on the combined stream of bits wherein the subject key pair comprises a subject public key and the subject private key;
encrypt the subject private key with a session key;
forward the encrypted subject private key for delivery to the token;
derive a key encryption key based on a server master key and the identification number;
generate the session key based on the plurality of sources of entropy; and
encrypt the session key with the key encryption key.- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
23. A non-transitory computer readable storage medium having instructions that, when executed by a processor, cause the processor to perform operations comprising:
-
receiving entropy bits from a plurality of remote sources of entropy; receiving an identification number associated with a token; combining, by a processor, the entropy bits to form a combined stream of bits, wherein a number of bits in the combined stream of bits is based on a profile associated with a subject private key; generating a subject key pair based on the combined stream of bits wherein the subject key pair comprises a subject public key and the subject private key; encrypting the subject private key with a session key; forwarding the encrypted subject private key for delivery to the token; deriving a key encryption key based on a server master key and the identification number; generating the session key based on the plurality of sources of entropy; and encrypting the session key with the key encryption key. - View Dependent Claims (24, 25, 26, 27)
-
Specification