US2010195824A1PendingUtilityA1

Method and Apparatus for Dynamic Generation of Symmetric Encryption Keys and Exchange of Dynamic Symmetric Key Infrastructure

45
Assignee: AUTHENEX INCPriority: Oct 26, 2001Filed: Feb 2, 2010Published: Aug 5, 2010
Est. expiryOct 26, 2021(expired)· nominal 20-yr term from priority
H04L 9/0877H04L 9/0838
45
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method and apparatus for dynamically generating data encryption keys for encrypting data files and for decrypting encrypted data files via a key exchange method is provided. A dynamically generated an encryption key is generated for each encryption event, so that the key cannot be produced or reproduced. A key exchange component of the invention ensures that only an intended recipient has the means to decrypt a file encrypted with the dynamically generated symmetric encryption keys.

Claims

exact text as granted — not AI-modified
1 . A method ( 50 ) for generating dynamic encryption keys for encrypting data files using detachable token devices, comprising:
 (a) coupling ( 54 ) a detachable token device ( 30 ) to a computer ( 14 ), wherein said token device comprises symmetric shared secrets previously embedded in a key storage region ( 39 ), and an on-board processor ( 32 ) for advanced encryption standard (AES) processing ( 70 );   (b) using said computer ( 14 ) to generate ( 58 ) a challenge in the form of a number chosen from the group consisting of a challenge puzzle, a key ID, a random number, and a user code;   (c) transmitting ( 58 ) the challenge to the token device ( 30 );   (d) using said token device to generate ( 68 ) an encrypted puzzle key responsive to receipt of the challenge and said symmetric shared secrets;   (e) using said token device to generate a dynamic file key ( 71 ) based upon the encrypted puzzle key and challenge;   (f) encrypting a data file with the dynamic file key after decomposing said file into data blocks ( 74 ) and generating encrypted data blocks ( 74 E); and   (g) appending decryption information ( 78 ) to an encrypted data file ( 53 E).   
   
   
       2 . The method of  claim 1  wherein the decryption information ( 78 ) comprises information identifying the token device ( 30 ) and the challenge. 
   
   
       3 . The method of  claim 1 , wherein the token device is a detachable USB token device that is attached to the computer by a computer USB port, and wherein the method is designed to frustrate man in the middle (MITM) attacks by functioning without the necessity of exchanging the actual encryption keys over a network. 
   
   
       4 . The method of  claim 1 , wherein the file is encrypted by the token device using the token device's on-board processor for advanced encryption standard (AES) processing. 
   
   
       5 . The method of  claim 1 , wherein the encrypted data file ( 53 E) is stored in the detachable token device ( 30 ). 
   
   
       6 . A method to dynamically generate symmetric encryption keys for encrypting data files, comprising:
 providing a computer and a detachable hardware token that can connect to the computer;   said hardware token comprising a token encryption processor and token memory, said token memory comprising a previously entered shared secret and a token identification number;   said computer comprising a computer processor, computer memory, and encryption software;   wherein said computer encryption software generates a challenge and transmits it to the hardware token, and wherein said hardware token uses this challenge, the previously entered shared secret, and the token encryption processor, to dynamically generate a symmetric encryption key.   
   
   
       7 . The method of  claim 6 , in which the dynamic symmetric encryption key is used to encrypt said file, and in which the identification number of the token and the challenge are added to the encrypted file. 
   
   
       8 . The method of  claim 6 , in which said hardware token transmits said symmetric encryption key to said computer, and wherein said computer processor uses said symmetric encryption key to encrypt said file. 
   
   
       9 . The method of  claim 6 , in which wherein said file is transmitted to said hardware token, and said hardware token uses said symmetric encryption key to encrypt said file using said token encryption processor, and then returns the encrypted file to said computer; 
   
   
       10 . The method of  claim 6 , wherein said detachable hardware token is a USB token that attaches to said computer via a USB port. 
   
   
       11 . The method of  claim 6 , wherein said challenge is selected from the group consisting of random numbers, challenge puzzles, key identifications (ID) and user codes.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.