Entropy sharing in a large distributed system based on entropy verification by an entropy broker

US 9,979,794 B2
Filed: 09/17/2015
Issued: 05/22/2018
Est. Priority Date: 09/17/2015
Status: Active Grant

First Claim

Patent Images

1. A method for sharing entropy, the method comprising:

receiving, at an entropy broker, a communication from a client;

responsive to determining that the client provided entropy, processing the provided entropy, wherein processing the provided entropy comprisestesting the provided entropy for randomness,the entropy broker determining whether the provided entropy passes verification, andif the entropy passes verification, adding the provided entropy to an entropy pool; and

responsive to determining that the client requested entropy, adding the client to an entropy queue.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for sharing entropy between an entropy broker and various devices wherein the entropy broker receives a communication from a client. Responsive to determining that the client provided entropy, the entropy broker tests the provided entropy for randomness and stores provided entropy that passes verification and responsive to determining that the client requested entropy, the entropy broker adds the client to an entropy queue.

Citations

18 Claims

1. A method for sharing entropy, the method comprising:
- receiving, at an entropy broker, a communication from a client;
  
  responsive to determining that the client provided entropy, processing the provided entropy, wherein processing the provided entropy comprisestesting the provided entropy for randomness,the entropy broker determining whether the provided entropy passes verification, andif the entropy passes verification, adding the provided entropy to an entropy pool; and
  
  responsive to determining that the client requested entropy, adding the client to an entropy queue.
- View Dependent Claims (2, 3, 4)
- - 2. The method as recited in claim 1 wherein testing the provided entropy for randomness comprises performing one of a chi-square test, a Kolmogorov-Smirnov test and a serial correlation test.
  - 3. The method as recited in claim 1 wherein determining whether the provided entropy passed verification further comprises testing the provided entropy for repetition of previously received entropy from the client.
  - 4. The method as recited in claim 3 further comprising using a digital rights management system for securely transporting and storing the entropy.

5. A method for sharing entropy, the method being operable at an entropy broker and comprising:
- receiving a communication from a client;
  
  responsive to determining that the client provided entropy, processing the provided entropy;
  
  responsive to determining that the client requested entropy, adding the client to an entropy queue; and
  
  for a client in the entropy queue,determining whether the amount of entropy available at the entropy broker is greater than a first threshold, andif an amount of entropy available at the entropy broker is greater than a first threshold, allocating a first amount of unique entropy to the client.
- View Dependent Claims (6, 7, 8, 9, 10, 11)
- - 6. The method as recited in claim 5 further comprising, for a client in the entropy queue:
    - if the amount of entropy available at the entropy broker is less than or equal to the first threshold, determining whether the amount of entropy available is greater than a second threshold and responsive to determining that the amount of entropy is greater than a second threshold and that the client is in a position in the queue that is below a queue threshold, allocating a second amount of duplicate entropy to the client; and
      
      responsive to determining that the amount of entropy is less than the second threshold, denying the request for entropy.
  - 7. The method as recited in claim 6 further comprising:
    - responsive to determining that the communication requested other functionality, processing a part of the communication not related to entropy; and
      
      sending a response to the client.
  - 8. The method as recited in claim 6 further comprising:
    - determining whether a demand for entropy is high; and
      
      responsive to determining that the demand is high, recycling previously used entropy by combining one or more elements of a recycle pool of entropy via a mathematical operation.
  - 9. The method as recited in claim 7 further comprising prioritizing recipients'"'"' requests based on at least one of a group comprising a client type, client capabilities, and protection available on the client.
  - 10. The method as recited in claim 7 wherein the entropy broker is aware of the quality of entropy available on a client and provides information to a server regarding data to be delivered to the client.
  - 11. The method as recited in claim 7 further comprising limiting an amount of entropy that a given client can receive in a given time period.

12. A method for sharing entropy, the method being operable at a client device and comprising:
- securely collecting entropy at the client device from physical devices on the client device;
  
  determining whether the client device has collected enough entropy for the client device'"'"'s own use;
  
  responsive to determining that the client device has not collected enough entropy for the client device'"'"'s own use, requesting entropy from an entropy broker;
  
  determining whether the client device has excess entropy;
  
  responsive to determining that the client device has excess entropy, securely storing the excess entropy on the client device; and
  
  responsive to determining that a configurable amount of entropy has accumulated in local storage, securely sending the excess entropy to an entropy broker.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method as recited in claim 12 wherein a request for entropy includes a make, model, operating system (OS) and OS version of the client device.
  - 14. The method as recited in claim 12 further comprising:
    - determining whether the requested entropy has been received; and
      
      responsive to determining that the requested entropy has been received, securely storing excess entropy on the client device.
  - 15. The method as recited in claim 14 further comprising:
    - responsive to determining that the requested entropy has not been received, determining whether the available entropy is greater than a threshold; and
      
      if the available entropy is not greater than the threshold, performing one of a group of actions comprising aborting a process that requires the entropy and proceeding with a weaker entropy, the performing being based on a current configuration of the client device.
  - 16. The method as recited in claim 12 wherein one of excess entropy and a request for entropy is sent as part of a request for other services.

17. An entropy broker, comprising:
- a processor operably coupled to a memory;
  
  an entropy receiving module that receives entropy from a first client, tests the provided entropy for randomness, determines whether the provided entropy passes verification, and if the entropy passes verification, adds the provided entropy to an entropy pool; and
  
  an entropy request fulfillment module that receives a request for entropy from a second client that is different from the first client and provides a given amount of received entropy to the second client.

18. A client device comprising:
- a processor operably coupled to a memory;
  
  a communications system operably coupled to the processor; and
  
  an entropy manager that securely collects entropy from physical devices on the client device, provides entropy to applications operating on the device, responsive to determining that a configurable amount of excess entropy has accumulated in local storage, securely sends the excess entropy to an entropy broker and responsive to determining that the client device has not collected enough entropy for the client device'"'"'s own use, requests entropy from the entropy broker.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ericsson AB (Telefonaktiebolaget LM Ericsson)
Original Assignee
Ericsson AB (Telefonaktiebolaget LM Ericsson)
Inventors
Mikhailov, Mikhail, Nair, Raj
Primary Examiner(s)
Wasel, Mohamed A

Application Number

US14/856,863
Publication Number

US 20170085654A1
Time in Patent Office

978 Days
Field of Search
US Class Current
CPC Class Codes

G06F 7/58   Random or pseudo-random num...

G06F 7/76   Arrangements for rearrangin...

H04L 2209/26   Testing cryptographic entit...

H04L 63/123   received data contents, e.g...

H04L 67/51   Discovery or management the...

H04L 9/0869   involving random numbers or...

H04W 4/70   Services for machine-to-mac...

Entropy sharing in a large distributed system based on entropy verification by an entropy broker

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Entropy sharing in a large distributed system based on entropy verification by an entropy broker

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links