Cryptography – Key management – Having particular key generator
Reexamination Certificate
1999-06-02
2004-02-03
Barron, Gilberto (Department: 2132)
Cryptography
Key management
Having particular key generator
C380S030000
Reexamination Certificate
active
06687375
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to cryptography and more particularly to the generation of cryptographic key values and/or pseudo random numbers.
BACKGROUND OF THE INVENTION
In cryptography it is often useful to generate a key value for use in the cryptographic process. Such key values are typically generated by a pseudo random number generator utilizing a secret seed value. Problems may arise, however, if the cryptographic code is broken by an unauthorized party. For example, if the unauthorized party learned the secret seed value, the unauthorized party could then duplicate the cryptographic key value utilizing the secret seed value. In such a case, there may be no way to audit the source of the encrypted information to determine whether the information was generated by an authorized party or an unauthorized party. Furthermore, there may be no mechanism for authenticating the cryptographic key based on an individual user. Also, when the encryption key of a single user of a group of users which share encryption methodologies is compromised, the entire group may be compromised as the encryption is not dependent on the identity of the user within the group.
In general, mechanisms for differentiating between users are known. For example, a particular individual can be identified or verified through a user identifier (such as a globally unique name) or biometric data (such as fingerprint, hand geometry, iris pattern, facial features, voice characteristics, handwriting dynamics, earlobe characteristics, etc.).
As is well known to those having skill in the art, biometric information is one or more behavioral and/or physiological characteristics of an individual. Biometric identification and/or verification uses a data processing system to enable automatic identification and/or verification of identity by computer assessment of a biometric characteristic. In biometric verification, biometric information is verified for a known individual. In biometric identification, biometric information for an individual is compared to known biometric information for many individuals in order to identify the individual.
Biometric identification/verification systems, methods and computer program products can measure one or more of the following behavioral and/or physiological characteristics of an individual: fingerprint, hand geometry, iris pattern, facial features, voice characteristics, handwriting dynamics, earlobe characteristics and keystroke dynamics. Other biometric characteristics may be used. Applications using biometric technologies include biometric check cashing machines, payment systems that substitute biometric data for personal identification numbers, access control systems that use biometric data, biometric employee time and attendance recording and biometric passenger control for transportation. Many other applications may utilize biometric information for identification and/or verification. See the publications entitled “Biometrics, Is it a Viable Proposition for Identity Authentication and Access Control”, to Kim, Computers & Security, Vol. 14, 1995, pp. 205-214; “A Robust Speaker Verification Biometric”, to George et al., Proceedings, the IEEE 29
th
International Carnahan Conference on Security Technology, October 1995, pp. 41-46; “On Enabling Secure Applications Through Off-line Biometric Identification”, to Davida et al., Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, 1998, pp.
148-157; and “Biometric Encryption: Information Privacy in a Networked World”, to Brown et al., EDI Forum: The Journal of Electronic Commerce, v.
10, No. 3, 1997, pp. 37-43. However, while biometric identification and user identification may allow for identification of users, these existing uses may not allow for authentication of the source of encryption keys.
In the above cited Davida et al. publication, in Section 5.2 it was proposed that biometrics could be used with or as keys. However, Davida et al. assumes that the biometric information is secret information. Furthermore, Davida et al. may not work for any size key and describes a procedure which may not allow for precomputing information for generation of a key value. Furthermore, the proposal of Davida et al. may allow two users to generate the same key values and, thus, does not assure that the generated keys are disjoint.
In light of the above discussion, a need exists for improvements in the generation of encryption keys.
SUMMARY OF THE INVENTION
In view of the above discussion, it is an object of the present invention to provide cryptographic values which may be authenticated.
A further object of the present invention is to provide for the generation of cryptographic values which may be audited to determine the user which generated the cryptographic values.
These and other objects of the present invention may be provided by methods, systems and computer program products which generate a cryptographic value utilizing user specific information to generate a user dependent value. The user specific information may be a globally unique user identification or biometric information associated with a user. In particular embodiments of the present invention a seed value is modified with biometric information to generate a user dependent key value. In alternative embodiments a cryptographic value is hashed or otherwise modified with user specific information or user specific information is hashed and then combined with the cryptographic value to generate the user dependent cryptographic value. In still another embodiment of the present invention cryptographic values are generated in a user specific subspace of the space of potential cryptographic values. Thus, the generated cryptographic values for different users may be guaranteed to be disjoint.
In specific embodiments of the present invention, user specific information about a user is obtained and a seed value of a key generation procedure is modified with the user specific information so that the key generation procedure generates a user dependent cryptographic key. The key generation procedure may be a pseudo random number generator (PRNG) in which case the seed value for the PRNG is modified with the user specific information.
In a particular embodiment of the present invention, the seed value is modified by concatenating the user specific information with the seed value so as to provide a user specific seed value. Furthermore, the seed value may be further modified by mixing bits of the user specified seed value so as to increase the uniformity of a distribution of entropy in the user specified seed value.
In an alternative embodiment of the present invention, a cryptographic value is generated by obtaining non-secret user specific information about a user and obtaining an initial cryptographic value by, for example, obtaining a pseudo random number from a pseudo random number generator. The initial cryptographic value is then modified with the non-secret user specific information so as to provide a user dependent cryptographic value. In particular, the initial cryptographic value may be modified by hashing the initial cryptographic value and the non-secret user specific information utilizing a one-way hash operation so as to generate the user dependent cryptographic value.
In a still further embodiment of the present invention, the user dependent cryptographic value (S) comprises n bits, the results of the hash operation provides h bits and the step of hashing involves determining an intermediate hash value (Z) utilizing the concatenation of hash values defined by,
Z=H
(
R,B
)∥
H
(
R
+1
,B
)∥
H
(
R
+2
,B
)∥ . . .
H
(
R+a,B
)
where H is the one way hash operation, B is the non-secret user specific information and a is the largest integer smaller than n/h. The user dependent cryptographic value is then generated by selecting n bits from Z to provide the user dependent cryptographic value.
In one embodiment the selected n bits are the n most significant bits of Z.
In another alternative embodime
Matyas, Jr. Stephen Michael
Peyravian Mohammad
Roginsky Allen Leonid
Zunic Nevenko
Barron Gilberto
International Business Machines - Corporation
Lanier Benjamin E
Myers Bigel Sibley & Sajovec P.A.
Ray-Yarletts Jeanine S.
LandOfFree
Generating user-dependent keys and random numbers does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Generating user-dependent keys and random numbers, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Generating user-dependent keys and random numbers will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3338833