Strong encryption
First Claim
Patent Images
1. A method comprising:
- providing, by a processing device, a user interface in response to receiving a token;
receiving a user selection of one of a plurality of security modes via the user interface;
in response to a user selection of a first security mode,generating a first cryptographic key based on a pseudo-random number, and a second cryptographic key based on a password of a user;
encrypting private data of the user with the first cryptographic key to create wrapped private data; and
encrypting the first cryptographic key with the second cryptographic key to create a wrapped pseudo-random cryptographic key; and
in response to a user selection of a second security mode,generating a third cryptographic key based on a password of a user;
generating an exponent;
encrypting the exponent based on the third cryptographic key;
generating a fourth cryptographic key based on a time expanding function using the encrypted exponent, wherein the time-expanding function is ge mod p, g is a generator, e is the encrypted exponent, p is a prime number, and mod is a modulo operator; and
encrypting private data of the user with the fourth cryptographic key to create wrapped private data,wherein in the second security mode, a time to attack the fourth cryptographic key increases with value of p.
1 Assignment
0 Petitions
Accused Products
Abstract
An embodiment generally relates to a method of strong encryption. The method includes generating a first cryptographic key based on a random number and generating a second cryptographic key based on a password. The method also includes encrypting private data with the first cryptographic key to arrive at wrapped private data and encrypting the first cryptographic key with the second cryptographic key to arrive at a wrapped first cryptographic key.
206 Citations
14 Claims
-
1. A method comprising:
-
providing, by a processing device, a user interface in response to receiving a token; receiving a user selection of one of a plurality of security modes via the user interface; in response to a user selection of a first security mode, generating a first cryptographic key based on a pseudo-random number, and a second cryptographic key based on a password of a user; encrypting private data of the user with the first cryptographic key to create wrapped private data; and encrypting the first cryptographic key with the second cryptographic key to create a wrapped pseudo-random cryptographic key; and in response to a user selection of a second security mode, generating a third cryptographic key based on a password of a user; generating an exponent; encrypting the exponent based on the third cryptographic key; generating a fourth cryptographic key based on a time expanding function using the encrypted exponent, wherein the time-expanding function is ge mod p, g is a generator, e is the encrypted exponent, p is a prime number, and mod is a modulo operator; and encrypting private data of the user with the fourth cryptographic key to create wrapped private data, wherein in the second security mode, a time to attack the fourth cryptographic key increases with value of p. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus comprising:
-
a memory to contain instructions; and a processor coupled to the memory and to execute the instructions to perform operations comprising; providing a user interface in response to receiving a token; receiving a user selection of one of a plurality of security modes via the user interface; in response to a user selection of a first security mode, generating a first cryptographic key based on a pseudo-random number, and a second cryptographic key based on a password of a user; encrypting private data of the user with the first cryptographic key to create wrapped private data; and encrypting the first cryptographic key with the second cryptographic key to create a wrapped pseudo-random cryptographic key; and in response to a user selection of a second security mode, generating a third cryptographic key based on a password of a user; generating an exponent; encrypting the exponent based on the third cryptographic key; generating a fourth cryptographic key based on a time expanding function using the encrypted exponent, wherein the time-expanding function is ge mod p, g is a generator, e is the encrypted exponent, p is a prime number, and mod is a modulo operator; and encrypting private data of the user with the fourth cryptographic key to create wrapped private data, wherein in the second security mode, a time to attack the fourth cryptographic key increases with value of p.
-
-
7. A non-transitory computer-readable medium comprising instructions to cause a processing device to perform operations comprising:
-
providing, by the processing device, a user interface in response to receiving a token; receiving a user selection of one of a plurality of security modes via the user interface; in response to a user selection of a first security mode, generating a first cryptographic key based on a pseudo-random number, and a second cryptographic key based on a password of a user; encrypting private data of the user with the first cryptographic key to create wrapped private data; and encrypting the first cryptographic key with the second cryptographic key to create a wrapped pseudo-random cryptographic key; and in response to a user selection of a second security mode, generating a third cryptographic key based on a password of a user; generating an exponent; encrypting the exponent based on the third cryptographic key; generating a fourth cryptographic key based on a time expanding function using the encrypted exponent, wherein the time-expanding function is ge mod p, g is a generator, e is the encrypted exponent, p is a prime number, and mod is a modulo operator; and encrypting private data of the user with the fourth cryptographic key to create wrapped private data, wherein in the second security mode, a time to attack the fourth cryptographic key increases with value of p.
-
-
8. A method comprising:
-
receiving a private key of a user; generating, by a processor, a first cryptographic key based on a password of the user; generating an exponent; encrypting the exponent based on the first cryptographic key; generating a second cryptographic key based on a time expanding function using the encrypted exponent, wherein the time-expanding function is ge mod p, g is a generator, e is the encrypted exponent, p is a prime number, and mod is a modulo operator; encrypting the private key of the user with the second cryptographic key to create wrapped private key; and storing the encrypted exponent and the wrapped private key in separate protected locations, wherein a time to attack the second cryptographic key increases with value of p. - View Dependent Claims (9, 10)
-
-
11. A system comprising:
-
a server to execute a token management system, the token management system to generate and manage cryptographic keys; at least one client to couple with the server; and a security client to be executed on the at least one client, wherein the security client is to provide a user interface in response to receiving a token; receive a user selection of one of a plurality of security modes via the user interface; in response to a user selection of a first security mode, generate a first cryptographic key based on a pseudo-random number, and a second cryptographic key based on a password of a user, encrypt private data of the user with the first cryptographic key to create wrapped private data, and encrypt the first cryptographic key with the second cryptographic key to create a wrapped pseudo-random cryptographic key, and in response to a user selection of a second security mode, generate a third cryptographic key based on a password of a user, generate an exponent, encrypt the exponent based on the third cryptographic key, generate a fourth cryptographic key based on a time expanding function using the encrypted exponent, wherein the time-expanding function is ge mod p, g is a generator, e is the encrypted exponent, p is a prime number, and mod is a modulo operator, and encrypt private data of the user with the fourth cryptographic key to create wrapped private data, wherein in the second security mode, a time to attack the fourth cryptographic key increases with value of p. - View Dependent Claims (12, 13, 14)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeRed Hat, Inc. (International Business Machines Corporation)
-
Original AssigneeRed Hat, Inc. (International Business Machines Corporation)
-
InventorsRelyea, Robert
-
Primary Examiner(s)SHAW, YIN CHEN
-
Application NumberUS11/466,763Publication NumberTime in Patent Office2,890 DaysField of Search380 28- 30, 380284-285, 380/44, 713/150, 713168-171US Class Current380/30CPC Class CodesH04L 9/0822 using key encryption keyH04L 9/0894 Escrow, recovery or storing...
