Cryptographic key generation using a stored input value and a stored count value

US 9,800,409 B2
Filed: 03/03/2015
Issued: 10/24/2017
Est. Priority Date: 06/24/2009
Status: Active Grant

First Claim

Patent Images

1. A processor comprising:

non-volatile storage to store an input value comprising a random number, a first count value and a second count value;

a hardware key generation logic including at least one hardware circuit to generate a cryptographic key pair from the input value, the first count value and the second count value, including to generate a first seed value and a second seed value from the input value, seed a pseudo-random number generator with the first seed value, iteratively generate a first sequence of pseudo-random numbers based on the first count value, seed the pseudo-random number generator with the second seed value, iteratively generate a second sequence of pseudo-random numbers based on the second count value, and use a first output and a second output of the pseudo-random number generator to generate the cryptographic key pair, the hardware key generation logic to re-generate the cryptographic key pair one or more times; and

hardware execution logic having circuitry to execute instructions, the hardware execution logic to decrypt encrypted information using at least one key of the cryptographic key pair responsive to a decryption instruction and to encrypt information using at least one key of the cryptographic key pair responsive to an encryption instruction;

wherein the processor is to transmit a public key of the cryptographic key pair to a second system, and after power is removed and the cryptographic key pair is erased and power is restored to a first system including the processor, the processor is to receive encrypted information from the second system, re-generate the cryptographic key pair from the input value, the first count value and the second count value, and decrypt the encrypted information using a private key of the cryptographic key pair.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of an invention for cryptographic key generation using a stored input value and a stored count value have been described. In one embodiment, a processor includes non-volatile storage storing an input value and a count value, and logic to generate a cryptographic key based on the stored input value and the stored count value.

23 Citations

View as Search Results

16 Claims

1. A processor comprising:
- non-volatile storage to store an input value comprising a random number, a first count value and a second count value;
  
  a hardware key generation logic including at least one hardware circuit to generate a cryptographic key pair from the input value, the first count value and the second count value, including to generate a first seed value and a second seed value from the input value, seed a pseudo-random number generator with the first seed value, iteratively generate a first sequence of pseudo-random numbers based on the first count value, seed the pseudo-random number generator with the second seed value, iteratively generate a second sequence of pseudo-random numbers based on the second count value, and use a first output and a second output of the pseudo-random number generator to generate the cryptographic key pair, the hardware key generation logic to re-generate the cryptographic key pair one or more times; and
  
  hardware execution logic having circuitry to execute instructions, the hardware execution logic to decrypt encrypted information using at least one key of the cryptographic key pair responsive to a decryption instruction and to encrypt information using at least one key of the cryptographic key pair responsive to an encryption instruction;
  
  wherein the processor is to transmit a public key of the cryptographic key pair to a second system, and after power is removed and the cryptographic key pair is erased and power is restored to a first system including the processor, the processor is to receive encrypted information from the second system, re-generate the cryptographic key pair from the input value, the first count value and the second count value, and decrypt the encrypted information using a private key of the cryptographic key pair.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The processor of claim 1, wherein the processor comprises a hardware instruction logic having circuitry to receive and decode instructions.
  - 3. The processor of claim 2, wherein the hardware execution logic comprises the hardware key generation logic.
  - 4. The processor of claim 1, wherein the hardware key generation logic comprises a seed generator to generate the first seed value and the second seed value.
  - 5. The processor of claim 4, wherein the hardware key generation logic comprises a primality tester to test at least the first sequence of pseudo-random numbers for primality.
  - 6. The processor of claim 4, wherein the hardware key generation logic comprises a counter to count the first count value.
  - 7. The processor of claim 1, wherein the hardware key generation logic is to re-generate the cryptographic key pair based on the stored input value, the stored first count value, and the stored second count value, the cryptographic key pair not persistently stored in the system.

8. A method comprising:
- generating an input value in a true-random number generator of a processor;
  
  seeding a pseudo-random number generator of a hardware key generation logic of the processor with a first seed value based on the input value;
  
  determining whether an output value of the pseudo-random number generator is prime;
  
  feeding the output value of the pseudo-random number generator back to an input of the pseudo-random number generator, based on the determination of whether the output value of the pseudo-random number generator is prime;
  
  counting in a counter of the hardware key generation logic a number of times the output value of the pseudo-random number generator is fed back to the input of the pseudo-random number generator; and
  
  storing in a non-volatile memory the input value and a first count value corresponding to the number of times the output value of the pseudo-random number generator is fed back to the input of the pseudo-random number generator;
  
  seeding the pseudo-random number generator of the hardware key generation logic of the processor with a second seed value based on the input value;
  
  determining whether a second output value of the pseudo-random number generator is prime;
  
  feeding the second output value of the pseudo-random number generator back to the input of the pseudo-random number generator, based on the determination of whether the second output value of the pseudo-random number generator is prime;
  
  counting a second number of times the second output value of the pseudo-random number generator is fed back to the input of the pseudo-random number generator;
  
  storing in the non-volatile memory a second count value corresponding to the second number of times the second output value of the pseudo-random number generator is fed back to the input of the pseudo-random number generator, wherein the input value, the first count value and the second count value are used to generate a cryptographic key pair;
  
  sending a public key of the cryptographic key pair from a first system including the processor to a second system; and
  
  after the first system is restored with power after the cryptographic key pair is erased, receiving encrypted information from the second system, re-generating the cryptographic key pair using the input value, the first count value and the second count value, and decrypting the encrypted information using a private key of the cryptographic key pair.

9. A method comprising:
- reading an input value and a first count value from a non-volatile memory, the input value comprising a random value generated by a random number generator of a processor;
  
  seeding a pseudo-random number generator of the processor based on the input value;
  
  feeding an output of the pseudo-random number generator back to an input of the pseudo-random number generator a number of times indicated by the first count value;
  
  deterministically generating a cryptographic key in the processor based on an output value from the pseudo-random number generator output after the number of times indicated by the first count value;
  
  sending a public key of the cryptographic key to a second system; and
  
  thereafter deterministically re-generating the cryptographic key in the processor one or more times, including deterministically re-generating the cryptographic key using at least the input value and the stored first count value, and after the cryptographic key is erased and power is restored to a system including the processor decrypting encrypted information received from the second system using a private key of the cryptographic key.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, further comprising reading a second count value from the non-volatile memory.
  - 11. The method of claim 10, further comprising generating a first seed value and a second seed value from the input value in the pseudo-random number generator based on the input value.
  - 12. The method of claim 11, further comprising:
    - feeding the output value of the pseudo-random number generator back to the input of the pseudo-random number generator the number of times indicated by the first count value after seeding the pseudo-random number generator with the first seed value; and
      
      feeding the output value of the pseudo-random number generator back to the input of the pseudo-random number generator the number of times indicated by a second count value after seeding the pseudo-random number generator with a second seed value.
  - 13. The method of claim 12, further comprising:
    - using a first output value from the pseudo-random number generator as a first input to a key generator after feeding the output of the pseudo-random number generator back to the input of the pseudo-random number generator the number of times indicated by the first count value after seeding the pseudo-random number generator with the first seed value.
  - 14. The method of claim 13, further comprising:
    - using a second output value from the pseudo-random number generator as a second input to the key generator after feeding the output of the pseudo-random number generator back to the input of the pseudo-random number generator the number of times indicated by the second count value after seeding the pseudo-random number generator with the second seed value.
  - 15. The method of claim 14, wherein deterministically generating the cryptographic key includes using the first output value as a first prime number and using the second output value as a second prime number in an RSA key pair generation algorithm.

16. A non-transitory machine-readable medium including instructions that, when executed, cause a processing system to:
- read an input value and a first count value from a non-volatile memory;
  
  seed a pseudo-random number generator based on the input value;
  
  feed an output of the pseudo-random number generator back to an input of the pseudo-random number generator a number of times indicated by the first count value; and
  
  generate a cryptographic key comprising a RSA key pair based on an output value from the pseudo-random number generator at a conclusion of the number of times, including;
  
  using as a first prime number a first output value from the pseudo-random number generator after the output of the pseudo-random number generator is fed back to the input of the pseudo-random number generator the number of times indicated by the first count value after the pseudo-random number generator is seeded with a first seed value based on the input value;
  
  using as a second prime number a second output value from the pseudo-random number generator after the output of the pseudo-random number generator is fed back to the input of the pseudo-random number generator a number of times indicated by a second count value after the pseudo-random number generator is seeded with a second seed value based on the input value;
  
  send a public key of the RSA key pair to a second processing system; and
  
  after the cryptographic key is erased and a restore of power to the processing system and receipt of encrypted information from the second processing system, re-generate the cryptographic key comprising the RSA key pair using the input value, the first count value and the second count value and use a private key of the RSA key pair to decrypt the encrypted information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Nemiroff, Daniel
Primary Examiner(s)
Doan, Trang

Application Number

US14/636,717
Publication Number

US 20150188705A1
Time in Patent Office

966 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 7/582   Pseudo-random number genera...

G06F 7/588   Random number generators, i...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/72   Signcrypting, i.e. digital ...

H04L 9/0662   with particular pseudorando...

H04L 9/0861   Generation of secret inform...

H04L 9/0869   involving random numbers or...

H04L 9/3249   using RSA or related signat...

Cryptographic key generation using a stored input value and a stored count value

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Cryptographic key generation using a stored input value and a stored count value

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others