Data processing apparatus and method

US 8,607,056 B2
Filed: 10/01/2010
Issued: 12/10/2013
Est. Priority Date: 02/14/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A system for providing a cryptographic key using an external key, the system comprising:

a first data store for storing an authorization key;

a second data store, separate from the first data store, for storing a secure key and a public key, wherein the secure key comprises one of the cryptographic key and a number required to generate the cryptographic key, and wherein the public key is associated with an associated private key by an asymmetric encryption algorithm;

an access controller operable to allow access to the secure key stored in the second data store only to an access request accompanied by a digital signature generated using the private key corresponding to the stored public key;

a key generator operable to receive an external key and to generate the private key using the received external key and the stored authorization key using a mapping function; and

an access request signal generator operable to generate a digital signature using the private key and to transmit an access request, including the generated digital signature, to the access controller in order to retrieve the secure key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Generating a cryptographic key, for example using a received external key. A system to generate a cryptographic key may include a first data store which may store an authorization key. A system may include a second data store which may store a secure key and/or a public key. A system may include an access controller, which may allow access to a secure key, for example to an access request which may be accompanied by a digital signature. A system may include a key generator, which may generate a private key, for example using a received external key, a stored authorization key and/or a mapping function. A system may include an access request signal generator which may generate a digital signature and/or which may transmit an access request, for example including a generated digital signature, to an access controller to retrieve a secure key.

Citations

13 Claims

1. A system for providing a cryptographic key using an external key, the system comprising:
- a first data store for storing an authorization key;
  
  a second data store, separate from the first data store, for storing a secure key and a public key, wherein the secure key comprises one of the cryptographic key and a number required to generate the cryptographic key, and wherein the public key is associated with an associated private key by an asymmetric encryption algorithm;
  
  an access controller operable to allow access to the secure key stored in the second data store only to an access request accompanied by a digital signature generated using the private key corresponding to the stored public key;
  
  a key generator operable to receive an external key and to generate the private key using the received external key and the stored authorization key using a mapping function; and
  
  an access request signal generator operable to generate a digital signature using the private key and to transmit an access request, including the generated digital signature, to the access controller in order to retrieve the secure key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A system according to claim 1, wherein the key generator is a first key generator, wherein the mapping function is a first mapping function, wherein the secure key comprises a number required to generate the cryptographic key, wherein the second data store further comprises a further number, said further number and said secure key having a greater entropy than the external key, and wherein the system further comprises a second key generator operable to combine said further number and the external key to generate a combined key, and to generate the cryptographic key using the combined key and the secure key in accordance with a second mapping function.
  - 3. A system according to claim 1, wherein the first mapping function and the second mapping function are the same function.
  - 4. A system according to claim 1, wherein the access controller is operable to log unsuccessful access requests and to deny all further access requests if the logged unsuccessful access requests satisfy a predetermined criterion.
  - 5. A system according to claim 1, wherein the access request signal generator is arranged to include in the access request a third cryptographic key for symmetric encrypted communication between the key generator and the second data store.
  - 6. A system according to claim 1, wherein the apparatus is formed from multiple devices connected to a computer network.
  - 7. A system according to claim 1, further comprising a decrypter operable to decrypt an encrypted message using the generated cryptographic key.
  - 8. A system according to claim 1, further comprising a digital signature generator operable to generate a digital signature using the generated cryptographic key.
  - 9. A system according to claim 1, further comprising an external key generator operable to generate the external key from received data representative of an analogue source.
  - 10. A system according to claim 9, further comprising a sensor operable to generate biometric data representative of a feature of a human being, wherein the external key generator is operable to generate the external key from said biometric data.

11. A system for providing a cryptographic key using an external key, the system comprising:
- a first server having a first data store for storing an authorization key;
  
  a second server having;
  
  a second data store for storing a secure key wherein the secure key comprises a number required to generate the cryptographic key; and
  
  an access controller operable to allow access to the secure key stored in the second data store only to an access request accompanied by a digital signature generated using a private key corresponding to the stored secure key; and
  
  a network device having;
  
  a key generator operable to generate an external key and to generate the private key using the generated external key and the authorization key using a mapping function; and
  
  an access request signal generator operable to generate a digital signature using the private key and to transmit an access request, including the generated digital signature, to the access controller in order to retrieve the secure key, anda cryptographic key generator operable to generate the cryptographic key using the external key and the secure key.
- View Dependent Claims (12, 13)
- - 12. A system according to claim 11, wherein the network device further comprises:
    - a sensor operable generate biometric data representative of a feature of a human being; and
      
      an external key generator operable to generate the external key from said biometric data.
  - 13. A system according to claim 12, wherein the key generator is a first key generator, wherein the mapping function is a first mapping function,wherein the second data store further comprises a further number, said further number and said secure key having a greater entropy than the external key, andwherein the cryptographic key generator is operable to combine said further number and the external key to generate a combined key, and to generate the cryptographic key using the combined key and the secure key in accordance with a second mapping function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Genkey Netherlands BV
Original Assignee
Genkey Netherlands BV
Inventors
Duffy, Dominic Gavan, Goodwin, Carl Christopher, Jones, Aled Wynne, Binks, Dominic Frank Julian
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
BAYOU, YONAS A

Application Number

US12/896,101
Publication Number

US 20110022847A1
Time in Patent Office

1,166 Days
Field of Search

713/179
US Class Current

713/179
CPC Class Codes

G06V 40/1365   Matching; Classification

G06V 40/18   Eye characteristics, e.g. o...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/0866   involving user or device id...

H04L 9/3073   involving pairings, e.g. id...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

Data processing apparatus and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing apparatus and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links