System and method for key generation in security tokens

Evans, Philip G.; Humble, Travis S.; Paul, Nathanael R.; Pooser, Raphael C.; Prowell, Stacy J.

Title: System and method for key generation in security tokens

Abstract

Functional randomness in security tokens (FRIST) may achieve improved security in two-factor authentication hardware tokens by improving on the algorithms used to securely generate random data. A system and method in one embodiment according to the present invention may allow for security of a token based on storage cost and computational security. This approach may enable communication where security is no longer based solely on onetime pads (OTPs) generated from a single cryptographic function (e.g., SHA-256).

Inventors:: Evans, Philip G.; Humble, Travis S.; Paul, Nathanael R.; Pooser, Raphael C.; Prowell, Stacy J.

Issue Date:: 2015-10-27

Research Org.:: Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1224205

Patent Number(s):: 9172698

Application Number:: 14/052,065

Assignee:: UT-Battelle, LLC (Oak Ridge, TN)

Patent Classifications (CPCs):: H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING

Show more

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/083 - {using passwords
H04L2463/082 - applying multi-factor authentication

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F21/34 - involving the use of external additional devices, e.g. dongles or smart cards

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04W - WIRELESS COMMUNICATION NETWORKS
H04W12/06 - Authentication

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/0853 - {using an additional device, e.g. smartcard, SIM or a different communication terminal

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F21/31 - User authentication

Show less

DOE Contract Number:: AC05-00OR22725

Resource Type:: Patent

Resource Relation:: Patent File Date: 2013 Oct 11

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING

Citation Formats


                    Evans, Philip G., Humble, Travis S., Paul, Nathanael R., Pooser, Raphael C., and Prowell, Stacy J. System and method for key generation in security tokens.  United States: N. p., 2015. 
        Web.

Copy to clipboard


                    Evans, Philip G., Humble, Travis S., Paul, Nathanael R., Pooser, Raphael C., & Prowell, Stacy J. System and method for key generation in security tokens.  United States.

Copy to clipboard


                    Evans, Philip G., Humble, Travis S., Paul, Nathanael R., Pooser, Raphael C., and Prowell, Stacy J. Tue .  
        "System and method for key generation in security tokens".  United States.  https://www.osti.gov/servlets/purl/1224205.

Copy to clipboard


                    
@article{osti_1224205,

  title        = {System and method for key generation in security tokens},

  author       = {Evans, Philip G. and Humble, Travis S. and Paul, Nathanael R. and Pooser, Raphael C. and Prowell, Stacy J.},

  abstractNote = {Functional randomness in security tokens (FRIST) may achieve improved security in two-factor authentication hardware tokens by improving on the algorithms used to securely generate random data. A system and method in one embodiment according to the present invention may allow for security of a token based on storage cost and computational security. This approach may enable communication where security is no longer based solely on onetime pads (OTPs) generated from a single cryptographic function (e.g., SHA-256).},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2015},

  month        = {10}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

A fast and compact quantum random number generator
journal, April 2000

Jennewein, Thomas; Achleitner, Ulrich; Weihs, Gregor
Review of Scientific Instruments, Vol. 71, Issue 4
https://doi.org/10.1063/1.1150518

Quantum Random-number Generation and Key Sharing
journal, December 1994

Rarity, J. G.; Owens, P. C. M.; Tapster, P. R.
Journal of Modern Optics, Vol. 41, Issue 12
https://doi.org/10.1080/09500349414552281

Quantum random number generator based on photonic emission in semiconductors
journal, January 2007

Stipčević, M.; Rogina, B. Medved
Review of Scientific Instruments, Vol. 78, Issue 4
https://doi.org/10.1063/1.2720728

Low-bias high-speed quantum random number generator via shaped optical pulses
journal, January 2010

Wayne, Michael A.; Kwiat, Paul G.
Optics Express, Vol. 18, Issue 9
https://doi.org/10.1364/OE.18.009351

Similar Records in DOE Patents and OSTI.GOV collections:

Secure generation and inversion of tokens

Patent Solis, John Hector

Described herein are various technologies related to secure generation of tokens and secure inversion of tokens. A tokenization system executes in a secure execution environment, and is configured to receive a string and an encrypted tokenization function. The tokenization system decrypts the encrypted tokenization function, and executes the tokenization function over the string to generate a token. The token is transmitted to a logically separate computing environment, and the tokenization system deletes the tokenization function and the string.
Full Text Available
Methods and apparatuses for self-generating fault-tolerant keys in spread-spectrum systems

Patent Moradi, Hussein; Farhang, Behrouz; Subramanian, Vijayarangam

Self-generating fault-tolerant keys for use in spread-spectrum systems are disclosed. At a communication device, beacon signals are received from another communication device and impulse responses are determined from the beacon signals. The impulse responses are circularly shifted to place a largest sample at a predefined position. The impulse responses are converted to a set of frequency responses in a frequency domain. The frequency responses are shuffled with a predetermined shuffle scheme to develop a set of shuffled frequency responses. A set of phase differences is determined as a difference between an angle of the frequency response and an angle ofmore » « less
Full Text Available
Policy-based secure communication with automatic key management for industrial control and automation systems

Patent Chernoguzov, Alexander; Markham, Thomas R.; Haridas, Harshal S.

A method includes generating at least one access vector associated with a specified device in an industrial process control and automation system. The specified device has one of multiple device roles. The at least one access vector is generated based on one or more communication policies defining communications between one or more pairs of devices roles in the industrial process control and automation system, where each pair of device roles includes the device role of the specified device. The method also includes providing the at least one access vector to at least one of the specified device and one ormore » « less
Full Text Available
Apparatus and method for managing digital resources by passing digital resource tokens between queues

Patent Crawford, Henry J [Berkeley, CA]; Lindenstruth, Volker [El Cerrito, CA]

A method of managing digital resources of a digital system includes the step of reserving token values for certain digital resources in the digital system. A selected token value in a free-buffer-queue is then matched to an incoming digital resource request. The selected token value is then moved to a valid-request-queue. The selected token is subsequently removed from the valid-request-queue to allow a digital agent in the digital system to process the incoming digital resource request associated with the selected token. Thereafter, the selected token is returned to the free-buffer-queue.
Full Text Available
Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

Patent Muller, George; Perkins, Casey J.; Lancaster, Mary J.; ...

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversingmore » « less
Full Text Available

Similar Records

Title: System and method for key generation in security tokens

Abstract

Citation Formats

A fast and compact quantum random number generator journal, April 2000

Quantum Random-number Generation and Key Sharing journal, December 1994

Quantum random number generator based on photonic emission in semiconductors journal, January 2007

Low-bias high-speed quantum random number generator via shaped optical pulses journal, January 2010

A fast and compact quantum random number generator
journal, April 2000

Quantum Random-number Generation and Key Sharing
journal, December 1994

Quantum random number generator based on photonic emission in semiconductors
journal, January 2007

Low-bias high-speed quantum random number generator via shaped optical pulses
journal, January 2010