Device with multiple one-time pads and method of managing such a device

US 8,842,839 B2
Filed: 07/21/2006
Issued: 09/23/2014
Est. Priority Date: 09/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method of managing a device arranged to carry out security-related tasks using one-time pad data, the method comprising:

holding a plurality of one-time pads, each pad having a different security rating and being intended for use by the device in executing a task to that security rating,obtaining new secret random data by a process with an associated security rating; and

using the new secret random data to provision a particular said one-time pad with one-time pad data;

the method further comprising matching one of said particular one-time pad and said process such that the security rating of said process is as least as good as that of said particular one-time pad.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device is arranged to carry out security-related tasks using one-time pad data. The device has a memory for holding multiple one-time pads, each pad having a different security rating and being intended for use by the device in executing a task to that security rating. Provisioning of the pads with one-time pad data involves carrying out a process for obtaining new secret random data. This process has a security rating with the value of this rating varying according to the nature and parameters of the process concerned. The security rating of the process used to obtain the new secret random data is matched to that of the pad to be provisioned with one-time data, or the other way around, such that the security rating of the process is as least as good as that of the pad to be provisioned.

48 Citations

View as Search Results

20 Claims

1. A method of managing a device arranged to carry out security-related tasks using one-time pad data, the method comprising:
- holding a plurality of one-time pads, each pad having a different security rating and being intended for use by the device in executing a task to that security rating,obtaining new secret random data by a process with an associated security rating; and
  
  using the new secret random data to provision a particular said one-time pad with one-time pad data;
  
  the method further comprising matching one of said particular one-time pad and said process such that the security rating of said process is as least as good as that of said particular one-time pad.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1, wherein the particular one-time pad is matched to said process by the particular one-time pad being selected on the basis of the security rating of the process used to obtain the secret random data.
  - 3. A method according to claim 1, wherein following identification of said particular one-time pad, said process is matched to this pad by said process being chosen or set up such that it has an appropriate security rating relative to that of said particular one-time pad.
  - 4. A method according to claim 1, further comprising choosing said process for obtaining the new secret random data from at least two of the following processes:
    - a quantum key distribution process;
      
      a wired, point-to-point, data transfer process;
      
      an encrypted wireless data transfer process;
      
      a physical media transfer process.
  - 5. A method according to claim 1, wherein said process is a quantum key distribution process, herein a QKD process;
    - the security rating of the QKD process being determined by the value of a safety parameter used during a privacy amplification procedure of the QKD process.
  - 6. A method according to claim 5, wherein the security rating of the QKD process is set by a user setting the value of said safety parameter, and said particular one-time pad is automatically selected from said plurality of one-time pads as a said pad which has a security rating no better than the security rating of the QKD process.
  - 7. A method according to claim 5, wherein following identification of said particular one-time pad, the value of the safety parameter used in the QKD process is automatically set to result in a security rating of the process at least as good as that of said particular one-time pad.
  - 8. A method according claim 1, wherein the new secret random data is used to provision said particular one-time pad with one-time pad data by merging the new secret random data with any pre-existing one-time pad data of that pad according to a predetermined merge function, the merge function being such that a party with knowledge of the new secret random data, cannot derive any part of the merged data without also having knowledge of the pre-existing one-time pad data.
  - 9. A method according to claim 1, wherein upon the device executing a said task, the one-time pad data to be used in executing the task is taken from the one-time pad that has a security rating corresponding to that pre-specified for the type of the task concerned.
  - 10. A method according to claim 1, wherein upon the device executing a said task, the one-time pad data to be used in executing the task is taken from the one-time pad that has a security rating corresponding to a security rating chosen by a user of the device for executing the task.

11. A device comprising:
- a memory for holding multiple one-time pads each with a different security rating,a provisioning arrangement for carrying out a process to obtain new secret random data and for using this data to provision a particular said one-time pad with one-time pad data, the provisioning arrangement being arranged to match one of said particular one-time pad and said process such that the security rating of said process is as least as good as that of said particular one-time pad; and
  
  a consumption arrangement for carrying out a security-related task using a said one-time pad with a security rating suitable for said task.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. A device according to claim 11, wherein the provisioning arrangement is arranged to match particular one-time pad to said process by selecting the particular one-time pad on the basis of the security rating of the process used to obtain the secret random data.
  - 13. A device according to claim 11, wherein the provisioning arrangement is arranged to match said process to said particular one-time pad by choosing or setting up said process such that it has an appropriate security rating relative to that of said particular one-time pad.
  - 14. A device according to claim 11, wherein the device is adapted to enable said new secret random data to be obtained by at least two of the following processes:
    - a quantum key distribution process;
      
      a wired, point-to-point, data transfer process;
      
      an encrypted wireless data transfer process;
      
      a physical media transfer process;
      
      the process to be used to obtain said new secret random data being user selectable from the processes for which the device is enabled.
  - 15. A device according to claim 11, wherein the provisioning arrangement comprises a quantum key distribution subsystem, herein QKD subsystem, for carrying out said process;
    - the security rating of the process being determined by the value of a safety parameter used during a privacy amplification procedure which the QKD subsystem is arranged to carry out as part of said process.
  - 16. A device according to claim 15, further comprising a user interface for enabling a user to set the security rating of said process by setting the value of the safety parameter, the provisioning arrangement being arranged to automatically select said particular one-time pad from said plurality of one-time pads as a said pad which has a security rating no better than the security rating of the QKD process.
  - 17. A device according to claim 15, further comprising means for automatically setting the value of the safety parameter to result in a security rating of the process at least as good as that of said particular one-time pad.
  - 18. A device according to claim 11, wherein the provisioning arrangement is arranged to use the new secret random data to provision said particular one-time pad with one-time pad data by merging the new secret random data with any pre-existing one-time pad data of that pad according to a predetermined merge function, the merge function being such that a party with knowledge of the new secret random data, cannot derive any part of the merged data without also having knowledge of the pre-existing one-time pad data.
  - 19. A device according to claim 11, wherein the consumption arrangement is arranged, prior to executing a said task, to determine a security rating pre-specified for that type of task and to thereupon to use one-time data from the correspondingly rated pad in executing said task.
  - 20. A device according to claim 11, further comprising a user interface for enabling a user to specify a security rating to be met when executing a said task, the consumption arrangement being arranged to execute said task using one-time data taken from the one-time pad that has a security rating corresponding to the one specified by the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Harrison, Keith Alexander, Munro, William John, Tofts, Christopher, Spiller, Timothy Paul
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Ambaye, Samuel

Application Number

US11/490,853
Publication Number

US 20080031456A1
Time in Patent Office

2,986 Days
Field of Search

380/278, 380/46, 380/49, 713/171, 713/169
US Class Current

380/278
CPC Class Codes

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 2209/80   Wireless network architectu...

H04L 9/0656   Pseudorandom key sequence c...

H04L 9/0852   Quantum cryptography transm...

Device with multiple one-time pads and method of managing such a device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Device with multiple one-time pads and method of managing such a device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links