Encryption methods and apparatus
US-2016119312-A1 · Apr 28, 2016 · US
Symmetric secret key protection
US9762388B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9762388-B2 |
| Application number | US-201414548218-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 19, 2014 |
| Priority date | Nov 19, 2014 |
| Publication date | Sep 12, 2017 |
| Grant date | Sep 12, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method includes obtaining a secret key at a processor of a device, obtaining a salt and an environmental variable, generating a cryptographically transformed derived key via the processor of the device using the secret key, the salt, and the environmental variable, storing the derived key in a memory of the device, and using the derived key for cryptographic communications via a network with another device.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method comprising: obtaining a secret key at a processor of a first device, the secret key being unique to and burnt into a memory of a remote second device; obtaining a salt and a first device environmental variable; generating a cryptographically transformed derived symmetric key via the processor of the first device using the secret key, the salt, and the environmental variable; storing the derived symmetric key in a memory of the first device; sending the salt and the environmental variable from the first device to the remote second device, the remote second device to generate a copy of the derived symmetric key using the secret key, the salt, and the environmental variable, wherein the derived symmetric key and copy of the derived symmetric key enable symmetric cryptographic communications via a network between the first device and the remote second device; obtaining a second environmental variable in response to a determination that the derived symmetric key was compromised; generating a second derived symmetric key based on the secret key, the salt, and the second environmental variable for use in secure communications; and sending the second environmental variable from the first device to the remote second device, the remote second device to generate a copy of the second derived symmetric key using the secret key, the salt, and the second environmental variable, wherein the second derived symmetric key and copy of the derived symmetric key enable symmetric cryptographic communications via a network between the first device and the remote second device. 2. The method of claim 1 wherein the first device is a server device coupled to communicate with multiple devices, wherein the server device generates a derived key from a different secret key for each of the multiple devices. 3. The method of claim 2 and further comprising removing the secret keys from storage accessible via the network following generation of the derived keys. 4. The method of claim 1 wherein generating the cryptographically transformed derived symmetric key comprises generating the derived symmetric key via a hashing algorithm. 5. The method of claim 4 wherein if the secret key is less than 256 bits long, adding padding bits to the secret key such that it is at least 256 bits long. 6. The method of claim 4 wherein the salt is a 64 bit or more random number. 7. The method of claim 1 wherein the environmental variable is a time stamp. 8. A machine readable storage device having instructions for execution by a processor of the machine to perform a method comprising: obtaining a secret key at a processor of a first device, the secret key being unique to and burnt into a memory of a remote second device; obtaining a salt and a first device environmental variable; generating a cryptographically transformed derived symmetric key via the processor of the first device using the secret key, the salt, and the environmental variable; storing the derived symmetric key in a memory of the first device; and sending the salt and the environmental variable from the first device to the remote second device, the remote second device to generate a copy of the derived symmetric key using the secret key, the salt, and the environmental variable, wherein the derived symmetric key and a copy of the derived symmetric key enable symmetric cryptographic communications via a network between the first device and the remote second device; obtaining a second environmental variable in response to a determination that the derived symmetric key was compromised; generating a second derived symmetric key based on the secret key, the salt, and the second environmental variable for use in secure communications; and sending the second environmental variable from the first device to the remote second device, the remote second device to generate a copy of the second derived symmetric key using the secret key, the salt, and the second environmental variable, wherein the second derived symmetric key and a copy of the derived symmetric key enable symmetric cryptographic communications via a network between the first device and the remote second device. 9. The machine readable storage device of claim 8 wherein the first device is a server device coupled to communicate with multiple devices, wherein the server device generates a derived key from a different secret key for each of the multiple devices. 10. The machine readable storage device of claim 9 and further comprising removing the secret keys from storage accessible via the network following generation of the derived keys. 11. The machine readable storage device of claim 8 wherein generating the cryptographically transformed derived symmetric key comprises generating the derived symmetric key via a hashing algorithm. 12. A device comprising: a processor; and a memory device coupled to the processor and having a program stored thereon for execution by the processor to: obtain a secret key at a processor of a first device, the secret key being unique to and burnt into a memory of a remote second device; obtain a salt and a first device environmental variable; generate a cryptographically transformed derived symmetric key via the processor of the first device using the secret key, the salt, and the environmental variable; store the derived symmetric key in the memory device; and send the salt and the environmental variable from the first device to the remote second device, the remote second device to generate a copy of the derived symmetric key using the secret key, the salt, and the environmental variable, wherein the derived symmetric key and a copy of the derived symmetric key enable symmetric cryptographic communications via a network with between the first device and the remote second device; obtains a second environmental variable in response to a determination that the derived symmetric key was compromised; generates a second derived symmetric key based on the secret key, the salt, and the second environmental variable for use in secure communications; and sends the second environmental variable from the first device to the remote second device, the remote second device to generate a copy of the second derived symmetric key using the secret key, the salt, and the second environmental variable, wherein the second derived symmetric key and a copy of the derived symmetric key enable symmetric cryptographic communications via a network between the first device and the remote second device. 13. The device of claim 12 the first device is a server device coupled to communicate with multiple devices, wherein the server device generates a derived key from a different secret key for each of the multiple devices. 14. The device of claim 13 wherein the processor further removes the secret keys from storage accessible via the network following generation of the derived keys. 15. The device of claim 12 wherein the cryptographically transformed derived symmetric key is generated via a hashing algorithm. 16. The device of claim 15 wherein the secret key is at least 256 bits long and the salt is a 64 bit or more random number.
Assignees
Inventors
Classifications
using geo-location information, e.g. location data, time, relative position or proximity to other entities · CPC title
- H04L9/0869Primary
involving random numbers or seeds · CPC title
Revocation or update of secret information, e.g. encryption key update or rekeying · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9762388B2 cover?
- A system and method includes obtaining a secret key at a processor of a device, obtaining a salt and an environmental variable, generating a cryptographically transformed derived key via the processor of the device using the secret key, the salt, and the environmental variable, storing the derived key in a memory of the device, and using the derived key for cryptographic communications via a ne…
- Who is the assignee on this patent?
- Honeywell Int Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0869. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 12 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).