US20030217268A1 - System and method for using acoustic digital signature generator as oracle - Google Patents

System and method for using acoustic digital signature generator as oracle Download PDF

Info

Publication number
US20030217268A1
US20030217268A1 US10/171,960 US17196002A US2003217268A1 US 20030217268 A1 US20030217268 A1 US 20030217268A1 US 17196002 A US17196002 A US 17196002A US 2003217268 A1 US2003217268 A1 US 2003217268A1
Authority
US
United States
Prior art keywords
challenge
token
signed
requesting application
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/171,960
Inventor
Alexander Gantman
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Inc
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Priority to US10/171,960 priority Critical patent/US20030217268A1/en
Assigned to QUALCOMM INCORPORATED reassignment QUALCOMM INCORPORATED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: GANTMAN, ALEXANDER
Priority to BR0309953-9A priority patent/BR0309953A/en
Priority to CN038148188A priority patent/CN1663171B/en
Priority to KR10-2004-7018418A priority patent/KR20050003461A/en
Priority to EP03726904A priority patent/EP1510029A4/en
Priority to PCT/US2003/015612 priority patent/WO2003098865A1/en
Priority to CA002485892A priority patent/CA2485892A1/en
Priority to AU2003229316A priority patent/AU2003229316C1/en
Priority to JP2004506235A priority patent/JP2005526449A/en
Publication of US20030217268A1 publication Critical patent/US20030217268A1/en
Priority to IL16507404A priority patent/IL165074A0/en
Priority to HK05111737.0A priority patent/HK1079926A1/en
Priority to US11/349,328 priority patent/US7669053B2/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K1/00Secret communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/65Environment-dependent, e.g. using captured environmental data

Definitions

  • the present invention relates generally to pseudorandom oracles.
  • sonic tokens have the advantage of transmitting the private information on the token in a fashion that prevents the receiver from knowing the private information without a confidential key.
  • the above-referenced applications disclose sonic tokens that digitally sign a message using private key/public principles. More specifically, the sonic tokens digitally sign a message by combining the message with secret information (a private key) and with a pseudorandom number (PN) to render a signed message that can be verified as authentic only by an entity possessing the public key that corresponds to the private key.
  • PN pseudorandom number
  • the above-discussed properties of sonic tokens render them suitable for use as pseudorandom oracles for encryption purposes. More particularly, the present invention recognizes that if an application requires a relatively strong encryption key, it selectively can be granted access to the token by a user of the token to obtain, for use as an encryption key, the product of the secret information in the token, but not the secret information itself, thereby keeping it secure.
  • a method for essentially converting an easy to remember challenge to a pseudorandom encryption key using a hand-held sonic token as a pseudorandom oracle.
  • the pseudorandom encryption key that is generated by the sonic token is a relatively strong key that is difficult for unauthorized parties to violate.
  • a method for encryption includes generating a challenge, and acoustically sending the challenge to a portable token.
  • the method further includes deciding whether to allow the token to function as a pseudorandom oracle, and if so, causing the token to digitally sign the challenge to render a signed challenge.
  • the signed challenge is acoustically transmitted for use thereof to encrypt data.
  • the challenge is generated by a requesting application which encrypts data using the signed challenge.
  • the challenge may be displayed in human readable form to help a user decide whether to allow the token to be used as a pseudorandom oracle.
  • the token digitally signs the challenge at least in part by combining the challenge with a private key.
  • the private key can be a secret and can have a corresponding public key.
  • the signed challenge can be generated using a process that always renders the same signed challenge when presented with the same challenge.
  • the token can digitally sign the challenge by combining the challenge with the private key and with a pseudorandom number (PN), and when a challenge is signed, the PN can be stored for reuse upon a second receipt of the same challenge for, e.g., decryption purposes.
  • PN pseudorandom number
  • a system for encryption includes a requesting application transmitting a challenge to a token using a wireless communication path.
  • a token receives the challenge and digitally signs it with a private key to render a signed challenge.
  • the token then transmits the signed challenge to the requesting application using a wireless communication path, so that the requesting application can use the signed challenge to encrypt data.
  • an encryption system includes acoustic means for transmitting a challenge from a requesting application, and means for receiving the challenge and generating a signed challenge in response. Acoustic means are provided for transmitting the signed challenge to the requesting application. Means are also provided for encrypting data associated with the requesting application using the signed challenge.
  • FIG. 1 is a block diagram of the present system
  • FIG. 2 is a flow chart of the encryption logic
  • FIG. 3 is a flow chart of the decryption logic.
  • a system is shown, generally designated 10 , that includes a portable hand-held token 12 that can be configured as a key fob or other small device.
  • the present invention applies to other token configurations, such as mobile communication stations including laptop computers, wireless handsets or telephones, data transceivers, or paging and position determination receivers that can be hand-held or portable as in vehicle-mounted (including cars, trucks, boats, planes, trains), as desired.
  • Wireless communication devices are also sometimes referred to as user terminals, mobile stations, mobile units, subscriber units, mobile radios or radiotelephones, wireless units, or simply as “users” and “mobiles” in some communication systems.
  • the preferred token 12 includes a visual display 14 and an electronic data store 16 .
  • the token 12 can include a pseudorandom number (PN) generator 18 .
  • a token microprocessor 20 accesses the PN generator 18 and data store 16 , and can cause the display 14 to present alpha-numeric or graphical information that a user can read or hear.
  • PN pseudorandom number
  • the token microprocessor 20 can receive electronic signals from a microphone 22 , which generates the electronic signals by transforming received sound waves 24 received by the microphone 22 . Also, the token microprocessor 20 can send electronic signals to a speaker 26 , which transforms the electronic signals to transmitted sound signals 28 . As disclosed further below, the received sound signals 24 might represent a challenge (e.g., a request for encryption key) from a user component 30 , and the transmitted sound signals 28 might represent a signed challenge (e.g., the requested encryption key). While an acoustic wireless communication is preferred, other wireless paths, e.g., rf paths, might be used.
  • a challenge e.g., a request for encryption key
  • the transmitted sound signals 28 might represent a signed challenge (e.g., the requested encryption key). While an acoustic wireless communication is preferred, other wireless paths, e.g., rf paths, might be used.
  • the user component 30 can be, e.g., a computer that includes a requesting microprocessor 32 which executes a software-implemented user application 34 .
  • the user application 34 can be, e.g., a word processing application or other document-generating or more generally data-generating application that might wish to encrypt the generated data with a relatively strong encryption key.
  • the user component 30 can include a speaker 36 for transmitting an acoustic representation of a challenge and a microphone 38 for receiving an acoustic representation of the response. Both the speaker 36 and microphone 38 communicate with the requesting microprocessor 32 .
  • the signature algorithm in the token 12 can combine a private key with a message to be signed and with a random number “k” from the PN generator 18 to render a digital signature which is a random pair (r,s).
  • the token microprocessor 20 executes the signature algorithm upon receipt of activation signals from, e.g., one or more activation elements 40 such as toggle switches, voice activation devices, or pushbuttons.
  • the token microprocessor 20 can include a digital processor proper as well as necessary clocks, analog to digital conversion circuitry, and digital to analog conversion circuitry known in the art.
  • the token microprocessor 20 accesses the data store 16 , such that when multiple activation elements 40 are used, one or more can be associated with a respective private key in the store 16 .
  • the data store 16 may hold public key IDs, and if desired PNs that have already been generated and used to sign challenges, along with a correlation of the PNs to the challenges, in accordance with one non-limiting exemplary embodiment disclosed below.
  • FIG. 2 shows the encryption logic of the present invention.
  • a challenge e.g., an easy to remember challenge such as the word “password”
  • the token 12 can display the challenge and, if desired, the source of the challenge in human readable form on the display 14 , so that a user may decide, at decision diamond 46 , whether to allow the token 12 to function as a pseudorandom oracle. If the user decides against allowing the application 34 to access the token 12 for oracle purposes, the logic ends at state 48 .
  • the token 12 uses a signing process that always renders the same signed challenge when presented with the same challenge.
  • the token 12 might combine the challenge with a private key in the data store 16 but not with a PN from the PN generator 18 .
  • the conventional private key protocol might be followed, wherein the signed challenge is generated by combining the challenge with both the private key and with a PN, but with the PN subsequently being stored in the data store 16 along with a correlation of the PN to the particular challenge with which it was used, for purposes to be shortly disclosed.
  • the token 12 sends the signed challenge to the user component 30 using the communication paths disclosed above for use of the signed challenge as an encryption key by the user application 34 to encrypt data at block 54 using, e.g., DES encryption principles known in the art.
  • the application then proceeds to block 56 to delete the signed challenge from its memory and from any peripheral storage devices (e.g., hard disk drives) associated with the user component 30 on which the signed challenge might have been stored.
  • peripheral storage devices e.g., hard disk drives
  • the logic of FIG. 3 is invoked.
  • the same challenge that was used in FIG. 2 is sent by the user component 30 to the token 12 .
  • the token 12 can display the challenge in human readable form on the display 14 , so that a user may decide, at decision diamond 62 , whether to allow the token 12 to function as a pseudorandom oracle for decryption purposes. If the user decides against this, the logic ends at state 64 . Otherwise, the logic proceeds to block 66 , wherein the token digitally signs the challenge to render a signed challenge.
  • the token can, e.g., regenerate the same signed challenge as was generated for encryption using a signing process that does not require a PN, or it can regenerate the same signed challenge using conventional private key protocol, with the following exception.
  • the PN that was used to generate the signed challenge during encryption and that was subsequently stored in the data store 16 (along with a correlation of the challenge) can be retrieved at block 66 based on the challenge and then combined with the challenge and the private key to render the signed challenge.
  • the token 12 sends the signed challenge to the user component 30 for use of the signed challenge by the user application 34 to decrypt data at block 70 .
  • the application then proceeds to block 72 to delete the signed challenge from its memory and from any peripheral storage devices (e.g., hard disk drives) associated with the user component 30 on which the signed challenge might have been stored.
  • peripheral storage devices e.g., hard disk drives

Abstract

A hand-held sonic token can be used as a pseudorandom oracle for a requesting application, which can generate a challenge that is sent to the token. The user of the token decides whether to allow the token to function as an oracle, and if so, the user causes the token to digitally sign the challenge and send it back to the requesting application, for use of the digitally signed challenge as an encryption key. After encryption the requesting application deletes the signed challenge, with subsequent decryption essentially following the encryption process.

Description

    RELATED APPLICATIONS
  • This application is related to co-pending U.S. patent application Ser. No. 10/077,365, filed Feb. 15, 2002, for an invention entitled “Method and Apparatus for Simplified Audio Authentication”, is related to co-pending U.S. patent application Ser. No. 09/611,569, filed Jul. 7, 2000, for an invention entitled “Method and Apparatus for Simplified Audio Authentication”, and is related to co-pending U.S. provisional patent application serial No. 60/380,652, filed May 15, 2002, for an invention entitled “System and Method for Using Acoustic Digital Signature Generator as Oracle”, all of which are incorporated herein by reference.[0001]
    • I. FIELD OF THE INVENTION
  • The present invention relates generally to pseudorandom oracles. [0002]
    • II. BACKGROUND OF THE INVENTION
  • The above-identified patent applications disclose hand-held sonic-based “tokens” that a person can manipulate to transmit an acoustic signal representing secret information to a device, referred to as an “authenticator”, “verifier”, or “receiver”, to authenticate the person based on the signal. As recognized in those applications, the advantage of sonic-based tokens is that a large installed infrastructure already exists to receive and transmit sound and electronic signals derived from sound. Specifically, the global telephone system exists to transmit data representative of acoustic information, and apart from telephones many computing devices that are now linked by this same system (as embodied in the Internet) have microphones and speakers (or can easily be modified to have them). [0003]
  • As recognized herein, sonic tokens have the advantage of transmitting the private information on the token in a fashion that prevents the receiver from knowing the private information without a confidential key. Specifically, the above-referenced applications disclose sonic tokens that digitally sign a message using private key/public principles. More specifically, the sonic tokens digitally sign a message by combining the message with secret information (a private key) and with a pseudorandom number (PN) to render a signed message that can be verified as authentic only by an entity possessing the public key that corresponds to the private key. [0004]
  • As further recognized herein, the above-discussed properties of sonic tokens render them suitable for use as pseudorandom oracles for encryption purposes. More particularly, the present invention recognizes that if an application requires a relatively strong encryption key, it selectively can be granted access to the token by a user of the token to obtain, for use as an encryption key, the product of the secret information in the token, but not the secret information itself, thereby keeping it secure. [0005]
    • SUMMARY OF THE INVENTION
  • A method is disclosed for essentially converting an easy to remember challenge to a pseudorandom encryption key using a hand-held sonic token as a pseudorandom oracle. The pseudorandom encryption key that is generated by the sonic token is a relatively strong key that is difficult for unauthorized parties to violate. [0006]
  • Accordingly, a method for encryption includes generating a challenge, and acoustically sending the challenge to a portable token. The method further includes deciding whether to allow the token to function as a pseudorandom oracle, and if so, causing the token to digitally sign the challenge to render a signed challenge. The signed challenge is acoustically transmitted for use thereof to encrypt data. [0007]
  • In a preferred, non-limiting embodiment, the challenge is generated by a requesting application which encrypts data using the signed challenge. If desired, the challenge may be displayed in human readable form to help a user decide whether to allow the token to be used as a pseudorandom oracle. [0008]
  • In exemplary non-limiting embodiments, the token digitally signs the challenge at least in part by combining the challenge with a private key. The private key can be a secret and can have a corresponding public key. [0009]
  • If desired, the signed challenge can be generated using a process that always renders the same signed challenge when presented with the same challenge. For instance, the token can digitally sign the challenge by combining the challenge with the private key and with a pseudorandom number (PN), and when a challenge is signed, the PN can be stored for reuse upon a second receipt of the same challenge for, e.g., decryption purposes. [0010]
  • In another aspect, a system for encryption includes a requesting application transmitting a challenge to a token using a wireless communication path. A token receives the challenge and digitally signs it with a private key to render a signed challenge. The token then transmits the signed challenge to the requesting application using a wireless communication path, so that the requesting application can use the signed challenge to encrypt data. [0011]
  • In yet another aspect, an encryption system includes acoustic means for transmitting a challenge from a requesting application, and means for receiving the challenge and generating a signed challenge in response. Acoustic means are provided for transmitting the signed challenge to the requesting application. Means are also provided for encrypting data associated with the requesting application using the signed challenge. [0012]
  • The details of the present invention, both as to its structure and operation, can best be understood in reference to the accompanying drawings, in which like reference numerals refer to like parts, and in which:[0013]
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a block diagram of the present system; [0014]
  • FIG. 2 is a flow chart of the encryption logic; and [0015]
  • FIG. 3 is a flow chart of the decryption logic.[0016]
    • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
  • Referring initially to FIG. 1, a system is shown, generally designated [0017] 10, that includes a portable hand-held token 12 that can be configured as a key fob or other small device. The present invention, however, applies to other token configurations, such as mobile communication stations including laptop computers, wireless handsets or telephones, data transceivers, or paging and position determination receivers that can be hand-held or portable as in vehicle-mounted (including cars, trucks, boats, planes, trains), as desired. Wireless communication devices are also sometimes referred to as user terminals, mobile stations, mobile units, subscriber units, mobile radios or radiotelephones, wireless units, or simply as “users” and “mobiles” in some communication systems.
  • In any case, the [0018] preferred token 12 includes a visual display 14 and an electronic data store 16. Also, the token 12 can include a pseudorandom number (PN) generator 18. A token microprocessor 20 accesses the PN generator 18 and data store 16, and can cause the display 14 to present alpha-numeric or graphical information that a user can read or hear.
  • As shown in FIG. 1, the [0019] token microprocessor 20 can receive electronic signals from a microphone 22, which generates the electronic signals by transforming received sound waves 24 received by the microphone 22. Also, the token microprocessor 20 can send electronic signals to a speaker 26, which transforms the electronic signals to transmitted sound signals 28. As disclosed further below, the received sound signals 24 might represent a challenge (e.g., a request for encryption key) from a user component 30, and the transmitted sound signals 28 might represent a signed challenge (e.g., the requested encryption key). While an acoustic wireless communication is preferred, other wireless paths, e.g., rf paths, might be used.
  • The [0020] user component 30 can be, e.g., a computer that includes a requesting microprocessor 32 which executes a software-implemented user application 34. The user application 34 can be, e.g., a word processing application or other document-generating or more generally data-generating application that might wish to encrypt the generated data with a relatively strong encryption key. In any case, the user component 30 can include a speaker 36 for transmitting an acoustic representation of a challenge and a microphone 38 for receiving an acoustic representation of the response. Both the speaker 36 and microphone 38 communicate with the requesting microprocessor 32.
  • In accordance with private key/public key principles known in the art and set forth in, e.g., the National Institute for Standards and Technology (NIST) Federal Information Processing Standards Publication 186-2, January, 2000, the signature algorithm in the token [0021] 12 (executed by the token microprocessor 20) can combine a private key with a message to be signed and with a random number “k” from the PN generator 18 to render a digital signature which is a random pair (r,s). Preferably, the token microprocessor 20 executes the signature algorithm upon receipt of activation signals from, e.g., one or more activation elements 40 such as toggle switches, voice activation devices, or pushbuttons. It is to be understood that the token microprocessor 20 can include a digital processor proper as well as necessary clocks, analog to digital conversion circuitry, and digital to analog conversion circuitry known in the art.
  • The [0022] token microprocessor 20 accesses the data store 16, such that when multiple activation elements 40 are used, one or more can be associated with a respective private key in the store 16. In addition to one or more private keys of private key/public key pairs, the data store 16 may hold public key IDs, and if desired PNs that have already been generated and used to sign challenges, along with a correlation of the PNs to the challenges, in accordance with one non-limiting exemplary embodiment disclosed below.
  • FIG. 2 shows the encryption logic of the present invention. Commencing at [0023] block 42, a challenge (e.g., an easy to remember challenge such as the word “password”) is generated by, e.g., the user application 34 and is sent by the user component 30 to the token 12 using the communication pathway discussed above in reference to FIG. 1. If desired, at block 44 the token 12 can display the challenge and, if desired, the source of the challenge in human readable form on the display 14, so that a user may decide, at decision diamond 46, whether to allow the token 12 to function as a pseudorandom oracle. If the user decides against allowing the application 34 to access the token 12 for oracle purposes, the logic ends at state 48.
  • On the other hand, if the user decides to allow the [0024] token 12 to function as an oracle, the user can so indicate by, e.g., manipulating the activation element 40. The logic then proceeds from decision diamond 46 to block 50, wherein the token digitally signs the challenge to render a signed challenge. In some preferred, non-limiting embodiments, the token uses a signing process that always renders the same signed challenge when presented with the same challenge. For instance, the token 12 might combine the challenge with a private key in the data store 16 but not with a PN from the PN generator 18. Or, the conventional private key protocol might be followed, wherein the signed challenge is generated by combining the challenge with both the private key and with a PN, but with the PN subsequently being stored in the data store 16 along with a correlation of the PN to the particular challenge with which it was used, for purposes to be shortly disclosed.
  • Moving to block [0025] 52, the token 12 sends the signed challenge to the user component 30 using the communication paths disclosed above for use of the signed challenge as an encryption key by the user application 34 to encrypt data at block 54 using, e.g., DES encryption principles known in the art. Preferably, the application then proceeds to block 56 to delete the signed challenge from its memory and from any peripheral storage devices (e.g., hard disk drives) associated with the user component 30 on which the signed challenge might have been stored.
  • When it is desired to decrypt the data, the logic of FIG. 3 is invoked. Commencing at [0026] block 58, the same challenge that was used in FIG. 2 is sent by the user component 30 to the token 12. If desired, at block 60 the token 12 can display the challenge in human readable form on the display 14, so that a user may decide, at decision diamond 62, whether to allow the token 12 to function as a pseudorandom oracle for decryption purposes. If the user decides against this, the logic ends at state 64. Otherwise, the logic proceeds to block 66, wherein the token digitally signs the challenge to render a signed challenge. In the above-mentioned preferred, non-limiting embodiments wherein it is desired that the token always generates the same signed challenge when presented with the same input challenge, the token can, e.g., regenerate the same signed challenge as was generated for encryption using a signing process that does not require a PN, or it can regenerate the same signed challenge using conventional private key protocol, with the following exception. The PN that was used to generate the signed challenge during encryption and that was subsequently stored in the data store 16 (along with a correlation of the challenge) can be retrieved at block 66 based on the challenge and then combined with the challenge and the private key to render the signed challenge.
  • Moving to block [0027] 68, the token 12 sends the signed challenge to the user component 30 for use of the signed challenge by the user application 34 to decrypt data at block 70. Preferably, the application then proceeds to block 72 to delete the signed challenge from its memory and from any peripheral storage devices (e.g., hard disk drives) associated with the user component 30 on which the signed challenge might have been stored.
  • While the particular SYSTEM AND METHOD FOR USING ACOUSTIC DIGITAL SIGNATURE GENERATOR AS ORACLE as herein shown and described in detail is fully capable of attaining the above-described objects of the invention, it is to be understood that it is the presently preferred embodiment of the present invention and is thus representative of the subject matter which is broadly contemplated by the present invention, that the scope of the present invention fully encompasses other embodiments which may become obvious to those skilled in the art, and that the scope of the present invention is accordingly to be limited by nothing other than the appended claims, in which reference to an element in the singular is not intended to mean “one and only one” unless explicitly so stated, but rather “one or more”. All structural and functional equivalents to the elements of the above-described preferred embodiment that are known or later come to be known to those of ordinary skill in the art are expressly incorporated herein by reference and are intended to be encompassed by the present claims. Moreover, it is not necessary for a device or method to address each and every problem sought to be solved by the present invention, for it to be encompassed by the present claims. Furthermore, no element, component, or method step in the present disclosure is intended to be dedicated to the public regardless of whether the element, component, or method step is explicitly recited in the claims. No claim element herein is to be construed under the provisions of 35 U.S.C. §112, sixth paragraph, unless the element is expressly recited using the phrase “means for” or, in the case of a method claim, the element is recited as a “step” instead of an “act”.[0028]

Claims (20)

What is claimed is:
1. A method for encryption, comprising:
generating a challenge;
acoustically sending the challenge to a portable token;
deciding whether to allow the token to function as a pseudorandom oracle, and if so, causing the token to digitally sign the challenge to render a signed challenge;
acoustically transmitting the signed challenge; and
using the signed challenge to encrypt data.
2. The method of claim 1, wherein the challenge is generated by a requesting application, the requesting application encrypting data using the signed challenge and deleting the signed challenge after use.
3. The method of claim 2, wherein the challenge is displayed in human readable form to facilitate the deciding act.
4. The method of claim 1, wherein the token digitally signs the challenge at least in part by combining the challenge with a private key.
5. The method of claim 4, wherein the private key is a secret and has a corresponding public key.
6. The method of claim 4, wherein the signed challenge is generated using a process that always renders a first signed challenge when presented with a first challenge.
7. The method of claim 6, wherein the token digitally signs the challenge at least in part by combining the challenge with the private key and with a pseudorandom number (PN), and the method further comprises:
storing the PN and reusing the PN upon a second receipt of the challenge to sign the challenge.
8. A system for encryption, comprising:
at least one requesting application transmitting at least one challenge to at least one token using a wireless communication path; and
at least one token receiving the challenge and digitally signing it with at least one private key to render a signed challenge, the token transmitting the signed challenge to the requesting application using a wireless communication path, the requesting application using the signed challenge to encrypt data.
9. The system of claim 8, wherein the requesting application deletes the signed challenge after encrypting data.
10. The system of claim 8, wherein the token displays the challenge to a user to facilitate the user deciding whether to permit the token to sign the challenge and/or to transmit the challenge.
11. The system of claim 8, wherein the wireless communication path is an acoustic path.
12. The system of claim 8, wherein the signed challenge is generated using a process that always renders a first signed challenge when presented with a first challenge.
13. The system of claim 12, wherein the token digitally signs the challenge at least in part by combining the challenge with the private key and with a pseudorandom number (PN), and the token stores the PN after signing the challenge and reuses the PN upon a second receipt of the challenge to sign the challenge.
14. An encryption system, comprising:
acoustic means for transmitting a challenge from a requesting application;
means for receiving the challenge and generating a signed challenge in response;
acoustic means for transmitting the signed challenge to the requesting application; and
means for encrypting data associated with the requesting application using the signed challenge.
15. The system of claim 14, wherein the means for receiving and generating generates the signed challenge only in response to receiving authorization to do so from a user.
16. The system of claim 14, wherein the means for receiving and generating always generates the same signed challenge in response to the challenge.
17. The system of claim 14, wherein the means for receiving and generating includes a hand-held sonic token.
18. The system of claim 15, further comprising means for displaying the challenge.
19. The system of claim 14, wherein the means for receiving and generating digitally signs the challenge at least in part by combining the challenge with a private key and with a pseudorandom number (PN).
20. The system of claim 19, further comprising:
means for, when a challenge is signed, storing the PN and reusing the PN upon a second receipt of the challenge to sign the challenge.
US10/171,960 2002-05-15 2002-06-13 System and method for using acoustic digital signature generator as oracle Abandoned US20030217268A1 (en)

Priority Applications (12)

Application Number Priority Date Filing Date Title
US10/171,960 US20030217268A1 (en) 2002-05-15 2002-06-13 System and method for using acoustic digital signature generator as oracle
JP2004506235A JP2005526449A (en) 2002-05-15 2003-05-15 System and method using acoustic electronic signature generator as oracle
CA002485892A CA2485892A1 (en) 2002-05-15 2003-05-15 System and method for using acoustic digital signature generator as oracle
CN038148188A CN1663171B (en) 2002-05-15 2003-05-15 System and method for using acoustic digital signature generator as oracle
KR10-2004-7018418A KR20050003461A (en) 2002-05-15 2003-05-15 System and method for using acoustic digital signature generator as oracle
EP03726904A EP1510029A4 (en) 2002-05-15 2003-05-15 System and method for using acoustic digital signature generator as oracle
PCT/US2003/015612 WO2003098865A1 (en) 2002-05-15 2003-05-15 System and method for using acoustic digital signature generator as oracle
BR0309953-9A BR0309953A (en) 2002-05-15 2003-05-15 System and method for using a digital signature acoustic generator as an oracle
AU2003229316A AU2003229316C1 (en) 2002-05-15 2003-05-15 System and method for using acoustic digital signature generator as oracle
IL16507404A IL165074A0 (en) 2002-05-15 2004-11-07 System and method for using acoustic digal signature generator as oracle
HK05111737.0A HK1079926A1 (en) 2002-05-15 2005-12-20 System and method for using acoustic digital signature generator as oracle
US11/349,328 US7669053B2 (en) 2002-05-15 2006-02-06 System and method for using acoustic digital signature generator as oracle

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US38065202P 2002-05-15 2002-05-15
US10/171,960 US20030217268A1 (en) 2002-05-15 2002-06-13 System and method for using acoustic digital signature generator as oracle

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US11/349,328 Continuation US7669053B2 (en) 2002-05-15 2006-02-06 System and method for using acoustic digital signature generator as oracle

Publications (1)

Publication Number Publication Date
US20030217268A1 true US20030217268A1 (en) 2003-11-20

Family

ID=29423113

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/171,960 Abandoned US20030217268A1 (en) 2002-05-15 2002-06-13 System and method for using acoustic digital signature generator as oracle
US11/349,328 Expired - Fee Related US7669053B2 (en) 2002-05-15 2006-02-06 System and method for using acoustic digital signature generator as oracle

Family Applications After (1)

Application Number Title Priority Date Filing Date
US11/349,328 Expired - Fee Related US7669053B2 (en) 2002-05-15 2006-02-06 System and method for using acoustic digital signature generator as oracle

Country Status (11)

Country Link
US (2) US20030217268A1 (en)
EP (1) EP1510029A4 (en)
JP (1) JP2005526449A (en)
KR (1) KR20050003461A (en)
CN (1) CN1663171B (en)
AU (1) AU2003229316C1 (en)
BR (1) BR0309953A (en)
CA (1) CA2485892A1 (en)
HK (1) HK1079926A1 (en)
IL (1) IL165074A0 (en)
WO (1) WO2003098865A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070162743A1 (en) * 2006-01-12 2007-07-12 Savant Protection, Inc. Sliding acoustical signatures
US20090060179A1 (en) * 2007-08-29 2009-03-05 Red Hat, Inc. Method and an apparatus to generate pseudo random bits from polynomials
US20090060180A1 (en) * 2007-08-29 2009-03-05 Red Hat, Inc. Method and an apparatus to generate pseudo random bits for a cryptographic key
US20090214024A1 (en) * 2008-02-21 2009-08-27 Schneider James P Block cipher using multiplication over a finite field of even characteristic
US20090220083A1 (en) * 2008-02-28 2009-09-03 Schneider James P Stream cipher using multiplication over a finite field of even characteristic
US20090292751A1 (en) * 2008-05-22 2009-11-26 James Paul Schneider Non-linear mixing of pseudo-random number generator output
US20100135486A1 (en) * 2008-11-30 2010-06-03 Schneider James P Nonlinear feedback mode for block ciphers
US8588412B2 (en) 2008-05-23 2013-11-19 Red Hat, Inc. Mechanism for generating pseudorandom number sequences
US20200374277A1 (en) * 2019-05-24 2020-11-26 AVAST Software s.r.o. Secure authentication in adverse environments

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
USD835203S1 (en) 2013-07-17 2018-12-04 Hmd Entertainment, Llc Top surface of a gaming table
US20170289197A1 (en) * 2016-03-31 2017-10-05 Qualcomm Incorporated Transport layer security token binding and trusted signing
FR3075534B1 (en) * 2017-12-14 2020-01-10 CopSonic DIGITAL KEY STORAGE DEVICE FOR SIGNING TRANSACTIONS ON A BLOCK CHAIN

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4601011A (en) * 1981-12-30 1986-07-15 Avigdor Grynberg User authorization verification apparatus for computer systems including a central device and a plurality of pocket sized remote units
US4800590A (en) * 1985-01-14 1989-01-24 Willis E. Higgins Computer key and computer lock system
US6016476A (en) * 1997-08-11 2000-01-18 International Business Machines Corporation Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security
US6088450A (en) * 1996-04-17 2000-07-11 Intel Corporation Authentication system based on periodic challenge/response protocol
US6173400B1 (en) * 1998-07-31 2001-01-09 Sun Microsystems, Inc. Methods and systems for establishing a shared secret using an authentication token
US6484259B1 (en) * 1999-07-23 2002-11-19 Microsoft Corporation Methods and arrangements for mapping widely disparate portable tokens to a static machine concentric cryptographic environment
US6607136B1 (en) * 1998-09-16 2003-08-19 Beepcard Inc. Physical presence digital authentication system

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5491752A (en) * 1993-03-18 1996-02-13 Digital Equipment Corporation, Patent Law Group System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens
US5432851A (en) * 1993-10-21 1995-07-11 Tecsec Incorporated Personal computer access control system
EP0727894B1 (en) * 1994-08-30 2004-08-04 Kokusai Denshin Denwa Co., Ltd Certifying system
US5957669A (en) * 1995-06-15 1999-09-28 United States Filter Corporation Diaphragm pump including improved drive mechanism and pump head
JPH09312643A (en) * 1996-05-22 1997-12-02 Matsushita Electric Ind Co Ltd Key sharing method and ciphering communication method
US5787154A (en) * 1996-07-12 1998-07-28 At&T Corp Universal authentication device for use over telephone lines
US6035406A (en) * 1997-04-02 2000-03-07 Quintet, Inc. Plurality-factor security system
CN1272934A (en) * 1997-09-02 2000-11-08 科迪科思公司 Digital signature generating server and method
JP3599552B2 (en) * 1998-01-19 2004-12-08 株式会社日立製作所 Packet filter device, authentication server, packet filtering method, and storage medium
US6804786B1 (en) * 1999-09-10 2004-10-12 Canon Kabushiki Kaisha User customizable secure access token and multiple level portable interface
DE10008973B4 (en) * 2000-02-25 2004-10-07 Bayerische Motoren Werke Ag Authorization procedure with certificate
IL138109A (en) * 2000-08-27 2009-11-18 Enco Tone Ltd Method and devices for digitally signing files by means of a hand-held device
US20090282259A1 (en) * 2006-04-11 2009-11-12 Koninklijke Philips Electronics N.V. Noisy low-power puf authentication without database

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4601011A (en) * 1981-12-30 1986-07-15 Avigdor Grynberg User authorization verification apparatus for computer systems including a central device and a plurality of pocket sized remote units
US4800590A (en) * 1985-01-14 1989-01-24 Willis E. Higgins Computer key and computer lock system
US6088450A (en) * 1996-04-17 2000-07-11 Intel Corporation Authentication system based on periodic challenge/response protocol
US6016476A (en) * 1997-08-11 2000-01-18 International Business Machines Corporation Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security
US6173400B1 (en) * 1998-07-31 2001-01-09 Sun Microsystems, Inc. Methods and systems for establishing a shared secret using an authentication token
US6607136B1 (en) * 1998-09-16 2003-08-19 Beepcard Inc. Physical presence digital authentication system
US6484259B1 (en) * 1999-07-23 2002-11-19 Microsoft Corporation Methods and arrangements for mapping widely disparate portable tokens to a static machine concentric cryptographic environment

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070162743A1 (en) * 2006-01-12 2007-07-12 Savant Protection, Inc. Sliding acoustical signatures
US20090060179A1 (en) * 2007-08-29 2009-03-05 Red Hat, Inc. Method and an apparatus to generate pseudo random bits from polynomials
US20090060180A1 (en) * 2007-08-29 2009-03-05 Red Hat, Inc. Method and an apparatus to generate pseudo random bits for a cryptographic key
US8265272B2 (en) * 2007-08-29 2012-09-11 Red Hat, Inc. Method and an apparatus to generate pseudo random bits for a cryptographic key
US8781117B2 (en) * 2007-08-29 2014-07-15 Red Hat, Inc. Generating pseudo random bits from polynomials
US20090214024A1 (en) * 2008-02-21 2009-08-27 Schneider James P Block cipher using multiplication over a finite field of even characteristic
US8416947B2 (en) 2008-02-21 2013-04-09 Red Hat, Inc. Block cipher using multiplication over a finite field of even characteristic
US20090220083A1 (en) * 2008-02-28 2009-09-03 Schneider James P Stream cipher using multiplication over a finite field of even characteristic
US7945049B2 (en) 2008-02-28 2011-05-17 Red Hat, Inc. Stream cipher using multiplication over a finite field of even characteristic
US20090292751A1 (en) * 2008-05-22 2009-11-26 James Paul Schneider Non-linear mixing of pseudo-random number generator output
US8560587B2 (en) 2008-05-22 2013-10-15 Red Hat, Inc. Non-linear mixing of pseudo-random number generator output
US8588412B2 (en) 2008-05-23 2013-11-19 Red Hat, Inc. Mechanism for generating pseudorandom number sequences
US20100135486A1 (en) * 2008-11-30 2010-06-03 Schneider James P Nonlinear feedback mode for block ciphers
US8358781B2 (en) 2008-11-30 2013-01-22 Red Hat, Inc. Nonlinear feedback mode for block ciphers
US20200374277A1 (en) * 2019-05-24 2020-11-26 AVAST Software s.r.o. Secure authentication in adverse environments

Also Published As

Publication number Publication date
CN1663171A (en) 2005-08-31
US20070180243A1 (en) 2007-08-02
KR20050003461A (en) 2005-01-10
JP2005526449A (en) 2005-09-02
EP1510029A1 (en) 2005-03-02
AU2003229316A1 (en) 2003-12-02
WO2003098865A1 (en) 2003-11-27
IL165074A0 (en) 2005-12-18
US7669053B2 (en) 2010-02-23
CA2485892A1 (en) 2003-11-27
HK1079926A1 (en) 2006-04-13
AU2003229316C1 (en) 2009-08-27
CN1663171B (en) 2010-05-05
BR0309953A (en) 2005-04-05
AU2003229316B2 (en) 2008-11-06
EP1510029A4 (en) 2007-01-31

Similar Documents

Publication Publication Date Title
US7669053B2 (en) System and method for using acoustic digital signature generator as oracle
JP4565840B2 (en) Acoustic two-factor authentication system and method
US7929702B2 (en) System and method for generating reproducible session keys
KR100952551B1 (en) Method and apparatus for simplified audio authentication
EP2416524A2 (en) System and method for secure transaction of data between wireless communication device and server
US20090046860A1 (en) Integrated data transceiver and sensor for the generation of a symmetrical cryptographic key
JP2005518721A5 (en)
JP2002026899A (en) Verification system for ad hoc wireless communication
KR20060056334A (en) Digital authentication over acoustic channel
WO2008095761A1 (en) Authenticating security parameters
JP2005531090A (en) System and method for audio tickets
CN112242977A (en) Data transmission method and data transmission system
KR20050048936A (en) Method for protecting local wireless communication in wireless communication terminal
KR20040011695A (en) Security handfree kit and security communication system and method using public key infrastructure
CN115694804A (en) Method, device and equipment for realizing safety communication between equipment
JP2013251762A (en) Information communication device, information communication system, and information communication method

Legal Events

Date Code Title Description
AS Assignment

Owner name: QUALCOMM INCORPORATED, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GANTMAN, ALEXANDER;REEL/FRAME:013200/0912

Effective date: 20020620

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION