Cryptographic key generation using a stored input value and a stored count value
First Claim
Patent Images
1. A processor comprising:
- non-volatile storage to store an input value comprising a random number, a first count value and a second count value;
a hardware key generation logic including at least one hardware circuit to generate a cryptographic key pair from the input value, the first count value and the second count value, including to generate a first seed value and a second seed value from the input value, seed a pseudo-random number generator with the first seed value, iteratively generate a first sequence of pseudo-random numbers based on the first count value, seed the pseudo-random number generator with the second seed value, iteratively generate a second sequence of pseudo-random numbers based on the second count value, and use a first output and a second output of the pseudo-random number generator to generate the cryptographic key pair, the hardware key generation logic to re-generate the cryptographic key pair one or more times; and
hardware execution logic having circuitry to execute instructions, the hardware execution logic to decrypt encrypted information using at least one key of the cryptographic key pair responsive to a decryption instruction and to encrypt information using at least one key of the cryptographic key pair responsive to an encryption instruction;
wherein the processor is to transmit a public key of the cryptographic key pair to a second system, and after power is removed and the cryptographic key pair is erased and power is restored to a first system including the processor, the processor is to receive encrypted information from the second system, re-generate the cryptographic key pair from the input value, the first count value and the second count value, and decrypt the encrypted information using a private key of the cryptographic key pair.
0 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of an invention for cryptographic key generation using a stored input value and a stored count value have been described. In one embodiment, a processor includes non-volatile storage storing an input value and a count value, and logic to generate a cryptographic key based on the stored input value and the stored count value.
23 Citations
16 Claims
-
1. A processor comprising:
-
non-volatile storage to store an input value comprising a random number, a first count value and a second count value; a hardware key generation logic including at least one hardware circuit to generate a cryptographic key pair from the input value, the first count value and the second count value, including to generate a first seed value and a second seed value from the input value, seed a pseudo-random number generator with the first seed value, iteratively generate a first sequence of pseudo-random numbers based on the first count value, seed the pseudo-random number generator with the second seed value, iteratively generate a second sequence of pseudo-random numbers based on the second count value, and use a first output and a second output of the pseudo-random number generator to generate the cryptographic key pair, the hardware key generation logic to re-generate the cryptographic key pair one or more times; and hardware execution logic having circuitry to execute instructions, the hardware execution logic to decrypt encrypted information using at least one key of the cryptographic key pair responsive to a decryption instruction and to encrypt information using at least one key of the cryptographic key pair responsive to an encryption instruction; wherein the processor is to transmit a public key of the cryptographic key pair to a second system, and after power is removed and the cryptographic key pair is erased and power is restored to a first system including the processor, the processor is to receive encrypted information from the second system, re-generate the cryptographic key pair from the input value, the first count value and the second count value, and decrypt the encrypted information using a private key of the cryptographic key pair. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
generating an input value in a true-random number generator of a processor; seeding a pseudo-random number generator of a hardware key generation logic of the processor with a first seed value based on the input value; determining whether an output value of the pseudo-random number generator is prime; feeding the output value of the pseudo-random number generator back to an input of the pseudo-random number generator, based on the determination of whether the output value of the pseudo-random number generator is prime; counting in a counter of the hardware key generation logic a number of times the output value of the pseudo-random number generator is fed back to the input of the pseudo-random number generator; and storing in a non-volatile memory the input value and a first count value corresponding to the number of times the output value of the pseudo-random number generator is fed back to the input of the pseudo-random number generator; seeding the pseudo-random number generator of the hardware key generation logic of the processor with a second seed value based on the input value; determining whether a second output value of the pseudo-random number generator is prime; feeding the second output value of the pseudo-random number generator back to the input of the pseudo-random number generator, based on the determination of whether the second output value of the pseudo-random number generator is prime; counting a second number of times the second output value of the pseudo-random number generator is fed back to the input of the pseudo-random number generator; storing in the non-volatile memory a second count value corresponding to the second number of times the second output value of the pseudo-random number generator is fed back to the input of the pseudo-random number generator, wherein the input value, the first count value and the second count value are used to generate a cryptographic key pair; sending a public key of the cryptographic key pair from a first system including the processor to a second system; and after the first system is restored with power after the cryptographic key pair is erased, receiving encrypted information from the second system, re-generating the cryptographic key pair using the input value, the first count value and the second count value, and decrypting the encrypted information using a private key of the cryptographic key pair.
-
-
9. A method comprising:
-
reading an input value and a first count value from a non-volatile memory, the input value comprising a random value generated by a random number generator of a processor; seeding a pseudo-random number generator of the processor based on the input value; feeding an output of the pseudo-random number generator back to an input of the pseudo-random number generator a number of times indicated by the first count value; deterministically generating a cryptographic key in the processor based on an output value from the pseudo-random number generator output after the number of times indicated by the first count value; sending a public key of the cryptographic key to a second system; and thereafter deterministically re-generating the cryptographic key in the processor one or more times, including deterministically re-generating the cryptographic key using at least the input value and the stored first count value, and after the cryptographic key is erased and power is restored to a system including the processor decrypting encrypted information received from the second system using a private key of the cryptographic key. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory machine-readable medium including instructions that, when executed, cause a processing system to:
-
read an input value and a first count value from a non-volatile memory; seed a pseudo-random number generator based on the input value; feed an output of the pseudo-random number generator back to an input of the pseudo-random number generator a number of times indicated by the first count value; and generate a cryptographic key comprising a RSA key pair based on an output value from the pseudo-random number generator at a conclusion of the number of times, including; using as a first prime number a first output value from the pseudo-random number generator after the output of the pseudo-random number generator is fed back to the input of the pseudo-random number generator the number of times indicated by the first count value after the pseudo-random number generator is seeded with a first seed value based on the input value; using as a second prime number a second output value from the pseudo-random number generator after the output of the pseudo-random number generator is fed back to the input of the pseudo-random number generator a number of times indicated by a second count value after the pseudo-random number generator is seeded with a second seed value based on the input value; send a public key of the RSA key pair to a second processing system; and
after the cryptographic key is erased and a restore of power to the processing system and receipt of encrypted information from the second processing system, re-generate the cryptographic key comprising the RSA key pair using the input value, the first count value and the second count value and use a private key of the RSA key pair to decrypt the encrypted information.
-
Specification