GB2504546A - Generating a random number from user inputs to be used in encryption. - Google Patents

Generating a random number from user inputs to be used in encryption. Download PDF

Info

Publication number
GB2504546A
GB2504546A GB1213797.2A GB201213797A GB2504546A GB 2504546 A GB2504546 A GB 2504546A GB 201213797 A GB201213797 A GB 201213797A GB 2504546 A GB2504546 A GB 2504546A
Authority
GB
United Kingdom
Prior art keywords
random number
random
quality
user
generated
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1213797.2A
Other versions
GB201213797D0 (en
Inventor
James Little
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PANGAEA MEDIA Ltd
Original Assignee
PANGAEA MEDIA Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PANGAEA MEDIA Ltd filed Critical PANGAEA MEDIA Ltd
Priority to GB1213797.2A priority Critical patent/GB2504546A/en
Publication of GB201213797D0 publication Critical patent/GB201213797D0/en
Publication of GB2504546A publication Critical patent/GB2504546A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/588Random number generators, i.e. based on natural stochastic processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Mathematical Analysis (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Numerical Control (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed is a method of generating a random number. The method starts by providing a user input means, such as a touch screen or an accelerometer, on an apparatus. The user generates random numerical data from user input. The apparatus then calculates the random quality of the inputs and the resultant random number. The apparatus then displays the random quality of the inputs to the user. The method may indicate to the user when the random number is satisfactory, and the means for the random quality may be a pattern recognition program. The random number may be generated by putting the user input into a hash algorithm. The random number may be used in an encryption algorithm. The method may be used to generate the same random number in at least two apparatus by holding them together, possibly using a holding device such as a rack or box.

Description

Random Number Generation and Secure Handshake between two Secure Data Devices
Description
S This invention is related to the secure storage of data, and processes for maintaining the security of that data, particularly when access or attempted access to the data is made, and also when it is desired to move data from one secure storage device to another.
As the storage and transmission of large data sets has become easier, data security is of more concern to those dealing with confidential information. When transferring data, including for the purpose of making a backup copy of information, there is a potential weak link' as the data is moved between two data storage devices. There is a potential for a man in the middle' data copy where a potential data breach comes from a third party listening to data as it moves from the safety of one secure storage device to another secure storage device.
The appropriate way of maintaining the integrity of data transferred is to appropriately encrypt it, and ensure that any device to which data is transferred is as secure as the device on which the data is originally stored.
Accordingly there is provided a method of generating a random number comprising the following steps: it providing an apparatus comprising a means of generating numerical data from user input and; ui having a user of the apparatus generate random numerical data via user input; characterised in that iii/ the apparatus further comprises means for calculating the random quality of the user inputs and/or the quality of a random number generated as a result of those inputs; iv! the apparatus further comprises means of indicating to the user the random quality of the input and/or the quality of the random number being generated.
One embodiment provides an apparatus for generating a random number comprising a touch screen and a means of converting inputs from the touch screen into numerical data. The apparatus further comprises a means for calculating the random quality of inputs made via the touch screen and/or the quality of the random number being generated from those inputs and a means of displaying either or both of those qualities.
Another embodiment provides that an apparatus is provided with at least one accelerometer and means for converting inputs from at least one accelerometer into numerical data. This numerical data may also, as with numerical data generated via a touch screen, be used to generate a random number, either directly or via some form of algorithm. Means may further be provided to calculating the random quality of such inputs and/or the quality of any random number thus generated. Further means may display any or all of these qualities or information.
Preferably, the apparatus comprises means for calculating when the random number generated is sufficient in length and/or sufficient in quality, and br whether sufficient input has been collected, and a means of displaying any or all of that information.
S Prior art random number generation techniques have required the user to draw pictures on a touch-screen or scribble a few circles and lines' as a means of controlling the input process in order to generate a suitable input for a random number. These methods have their shortcomings in that different users will take different amounts of time to draw a particular drawing or will have varying degrees of patience in the amount of scribbling they will do before stopping. So the prior art does not teach a method, when using such techniques, of precisely controlling the duration of the input thus provided, and also there is no way of controlling the randomness' of the user inputs.
In the current invention these rather imprecise methods of controlling an input process are improved upon because the apparatus involved is provided with a means of monitoring the inputs being generated by the user. This monitoring means is preferably in the form of an Artificial Intelligence (Al) means that is able to calculate whether the input of the user is truly random or not. For instance, where the input means is a touch screen, a user may simply choose to run a finger in a circular motion over the touch screen, which could conceivably be a motion that is replicated by another, possibly unauthorised, user. Another typical user input might be to simply wipe' a finger swiftly from side to side, or up and down. The Al, by means of pattern recognition, is able to detect that such an input, which may be described as obvious, too regular or patterned, is being made. Alternatively, where the input means is an accelerometer, the means of inputting data would be to move the apparatus about so as to generate numerical data. Again, a user may simply choose an easily replicable motion, such as a simple up and down, side to side, or circular motion of the apparatus. The Al, by means of pattern recognition, again is able to detect that such input is too regular or patterned.
In the preferred embodiment, the apparatus involved is further provided with a means of indicating to the user one or all of the following items of information; that the inputs the user is making are or are not random enough, that the random number generated is or is not random enough; that the random number generated is or is not adequate for a given purpose; and/or that the inputs have or have not been made for a sufficient period of time.
Preferably this would comprise an on-screen progress bar,' red-amber-green indicator, an on-screen message, an audible indicator, or some combination of these. In a preferred embodiment, there is an on-screen progress bar'. As the user input is being made, the Al monitors it and controls the progress bar. The bar changes colour according to the quality of the randomness of the input -from green for good randomness, through amber, to red for not random enough at all. The bar also comprises an indicator that moves from one side to another as the input continues -and as the Al registers more random input the bar becomes more complete. Once sufficient green' input has been collected, the bar shows completion and the user ceases the input. It will be readily recognised by those skilled in the art that other ways of indicating the quality of the input and/or the sufficiency of the quantity of the input may be provided, and the foregoing is merely by way of example.
The indicating means may also be used to indicate possible preferable methods of inputting S the data -for example, if the user is simply wiping their finger back and forth over a touch screen, a display means could indicate possible alternative patterns of finger movement such as arcs followed by straight lines -or if the input is via accelerometer, a display means may show possible ways in which the user could wave' the apparatus about in a 3-dimensional manner so as to achieve higher-quality input.
Accordingly the duration and quality of the user input is actively, rather than passively, controlled, and the user input activity only ceases when the user input has been sufficient, both in terms of quality and quantity, so that the random number generated is sufficiently random' for a particular purpose and the apparatus indicates that the user should stop. In a particular embodiment of the current invention, the duration and quality of the user input are controlled such that the random number generated is of sufficient quality to act as a cryptography input.
The random number generated is used alongside other user inputted data to salt one or more hash algorithms. These hash algorithms may be of varying levels of complexity. The level of sensitive data being stored and transferred between devices determines the different slated hash algorithms used.
There is therefore further provided a method of maintaining the security and/or integrity of data on a data storage device by two means. Firstly there is the automatic establishment by a first data storage device of the appropriate level of security in existence on a second data storage device. Secondly there is the automatic transfer of data in a secure encrypted manner.
Typically and in a preferred embodiment an apparatus is provided comprising a data storage device and a data encryption engine. The apparatus further comprises a touchscreen, touchscreen keypad, or keypad entry system. The data storage device, in a further preferred embodiment, comprises a solid state drive (SSD) such as a flash memory NAND based drive.
In a preferred embodiment, the apparatus is initially set up through a series of questions put to the user by the apparatus. The user is required to select a PIN code digit length and a number of allowable PIN code re-tries, followed by the PIN code itself which the user chooses.
The random number generation process as previously described, using a touchscreen or accelerometer, is then prompted.
These four variables -PIN length, PIN re-tries, PIN code and random number are not stored on the device but are used within hash algorithms at the time they are generated or inputted.
The PIN code is subject to a hash algorithm (SDHash_Lo) which is salted by the PIN length and PIN re-tries variables to create a 256-bit digest. This digest becomes the initial signature validation point, stored on that apparatus and initially unique to that apparatus, but re-creatable on another device provided the same input values are provided. The device then creates a second unique hashed 256-bit digest (SDHash-Hi) by taking the PIN code and salting it with the random generated number. This second digest is unique to that apparatus but this time virtually impossible to replicate due to the nature of the random number generation S process.
User authentication then occurs when the apparatus is provided with a PIN code input. The input is subject to the SDHash_Lo algorithm, and the result is compared with the stored SDHash_Lo digest. If the digests match then the apparatus allows access.
In a further embodiment, the apparatus uses the SDHash_Lo digest as a means of determining the authenticity of a second apparatus before allowing any communication, or in particular any data transfer, between the two apparatuses. In this way the first apparatus requires any second apparatus to identify itself before any data transfer is permitted. This is achieved by a pairing authentication process. If the first apparatus receives a pairing' request from a second apparatus, it responds by generating a 256-bit random string. A copy of this string is sent to the second apparatus and another copy is run through the SDHash_Lo algorithm on the first apparatus to create a first result. If the second apparatus is an authentic' device it will also contain the means of running the SDHash_Lo algorithm. On receipt of the copy of the 256-bit random string the second apparatus passes it through the SDHash_Lo algorithm to create a second result, and returns the second result to the first apparatus. The first apparatus compares the first result with the second result. If the values match, then the first apparatus accepts that the pairing' request is from a trusted source, and initial pairing of the devices is allowed.
In a further embodiment, any actual transfer of data between a first apparatus and a second apparatus, once authenticated and paired, is subject to an increased level of hashing, and therefore security, by means of a transfer of the randomly generated number from the first apparatus to the second apparatus. This transfer may be enabled by means of a one-time keypad input from the user. Once the second apparatus has been provided with the random generated number, it is able to replicate the SDHash-Hi digest. All further communications between the devices are then through, or enabled by, use of the SDHash-Hi digest. When the two apparatuses are connected, the authentication process is initiated, and on successful completion any date encrypted on one apparatus may be transferred to the other in its raw, encrypted format.
In a variant embodiment of the current invention, wherein an apparatus is provided with an accelerometer, identical random numbers may be generated on a number of such apparatuses simultaneously by holding two or more such apparatuses together, or placing them in some form of rack or box or other holding means which keeps them in fixed spatial relationship to each other, and then providing random motions to the two or more apparatuses. In that way, each device is provided with an identical random number, and pairing of the devices via the random number or any algorithm using it is possible. Other means of holding the apparatuses together may include, non-exhaustively, straps, hook and eye strips, screws, nut and bolt combinations, clips, male/female connections, brackets, catches, locks, press fitments (including stud and hole fitments as found on children's building blocks), or pin and socket connections.
In a further variant embodiment, the apparatus is provided in two parts: a first part comprising a data storage device and a data encryption engine (the storage part); and a separate second part (token) comprising a touchpad or other data entry system. The token communicates wirelessly with the storage part to control access to data stored on the storage part. The storage part, in a preferred embodiment, comprises a solid state drive (SSD) such as a flash memory NAND based drive.
In these variant embodiments, the user selects a PIN code digit length, number of re-tries, and a PIN as prompted by the token part of the apparatus. The token is then moved in a random manner in conjunction with the storage part. Each part (token and storage) is provided with an accelerometer and thus each part generates an identical random number in accordance with any of the previously noted procedures. The random number is used as previously described in order to validate or pair the devices and/or within various levels of cryptography, but with the possibility of obviating the need for a specific pairing step due to the presence of the same random number on both apparatus parts. It is notable that this process can include multiple tokens and/or storage parts all held together in the random number generation stage, allowing multiple tokens with one storage part or, conversely, one token with multiple storage parts. This would be of particular use to large organisations desiring administrative control of data storage via tokens, or data storage, to be distributed.

Claims (26)

  1. Claims 1. A method of generating a random number comprising the following steps: i/ providing an apparatus comprising a means of capturing user input; S ii! having a user of the apparatus generate random numerical data from user input; characterised in that iv! the apparatus further comprises means for calculating the random quality of the inputs and/or the quality of a random number being generated as a result of those inputs; v/the apparatus further comprises means of indicating to the user the quality of the input and/or the quality of a random number being generated from the input.
  2. 2. A method as in claim 1 wherein the apparatus further indicates to the user when the random number generated is satisfactory.
  3. 3. A method as claimed in claim 1 or 2 wherein the means for calculating the random quality of the inputs and/or the quality of the random number being generated is an artificial intelligence or pattern recognition programme.
  4. 4. A method as claimed in any preceding claim wherein the means of capturing user input comprises a touchscreen or touchscreen keypad.
  5. 5. A method as claimed in any of claims 1-3 wherein the means of capturing user input comprises an accelerometer
  6. 6. An apparatus for generating a random number comprising a means of capturing random user input and a means of converting those inputs into a random number, characterised in that the apparatus further comprises a means for calculating the quality of the inputs made via the input means and/or the quality of the random number being generated and a means of indicating that quality.
  7. 7. Apparatus as claimed in claim 6 wherein the apparatus further comprises means for calculating when the random number generated is sufficiently random and /or sufficient input has been collected, and a means of imparting that information to the user.
  8. 8. Apparatus as claimed in claim 6 or 7 wherein the means for calculating the random quality of the inputs and/or the quality of the random number generated is an artificial intelligence or pattern recognition programme.
  9. 9. Apparatus as claimed in any of claims 6-8 wherein the means of capturing random user input is a touchscreen or touchscreen keypad.
  10. 10. Apparatus as claimed in any of claims 6-8 wherein the means of capturing random user input is an accelerometer.
  11. 11. A method of generating a random number comprising the following steps: i/ providing an apparatus comprising a means of capturing user input; ii! having a user of the apparatus randomly generate such user input; characterised in that; iii! the apparatus comprises monitoring means and monitors the random inputs; iv! the apparatus calculates the quality of the random number being generated as a result of those inputs; iv! the apparatus further comprises means for indicating to the user that the random number generated is or is not of satisfactory quality; v/the apparatus indicates to the user either to continue with random inputs in order to generate more input, or to cease the movement as the number generated is satisfactory.
  12. 12. A method as claimed in Claim 11 wherein the monitoring means is an artificial intelligence or pattern recognition programme.
  13. 13. A method as claimed in claim 11 or 12 wherein the means of capturing user input is a touchscreen, touchscreen keypad or accelerometer.
  14. 14. A method of generating a random number using any of the methods or apparatuses in any of claims ito 13 wherein user input is used to generate a random number by means of salting a hash algorithm with the user input.
  15. 15. A method of encryption using a random number as generated in claim 14.
  16. 16. A method of pairing apparatuses utilising the random number or encryption as generated in either of claims 14 or 15.
  17. 17. A method as claimed in claims wherein the method used by the user to generate the input is to shake or otherwise move the apparatus around so as to produce an output from the accelerometer which constitutes the random numerical data.
  18. 18. A method of simultaneously generating the same random number in more than one apparatus by means of the method of claim 17 wherein more than one items of apparatus are held together and shaken or otherwise moved around
  19. 19. A method as described in claim 18 wherein the more than one items of apparatus are held together by means of a holding device.
  20. 20. A method as described in claim 19 wherein the holding device is a rack or box or a means of attaching the apparatuses together.
  21. 21. A method as described in claim 18 wherein the more than one items of apparatus are held together by hand.
  22. 22. A method of simultaneously generating the same random number in more than one devices by means of holding two or more apparatuses as described in claim 10 together and shaking or otherwise moving them around.
  23. 23. A method as claimed in claim 22 wherein the means of holding the two or more apparatuses together is a holding device.
  24. 24. A method as claimed in claim 23 wherein the holding device is a rack or box.
  25. 25. A method as claimed in claim 23 wherein the holding device is a means of attaching the apparatuses together.
  26. 26. A method as claimed in claim 22 wherein the means of holding one or more apparatuses together is by hand.
GB1213797.2A 2012-08-02 2012-08-02 Generating a random number from user inputs to be used in encryption. Withdrawn GB2504546A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1213797.2A GB2504546A (en) 2012-08-02 2012-08-02 Generating a random number from user inputs to be used in encryption.

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1213797.2A GB2504546A (en) 2012-08-02 2012-08-02 Generating a random number from user inputs to be used in encryption.

Publications (2)

Publication Number Publication Date
GB201213797D0 GB201213797D0 (en) 2012-09-12
GB2504546A true GB2504546A (en) 2014-02-05

Family

ID=46881589

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1213797.2A Withdrawn GB2504546A (en) 2012-08-02 2012-08-02 Generating a random number from user inputs to be used in encryption.

Country Status (1)

Country Link
GB (1) GB2504546A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6353669B1 (en) * 1995-12-04 2002-03-05 Sun Microsystems, Inc. Method and apparatus that processes a video signal to generate a random number generator seed
US20050084110A1 (en) * 2003-10-21 2005-04-21 Palmer Thomas E. System and method for n-dimensional encryption
US20070071238A1 (en) * 2005-09-29 2007-03-29 Research In Motion Limited System and method for providing an indication of randomness quality of random number data generated by a random data service
EP1821196A1 (en) * 2006-02-15 2007-08-22 CryptoGraf Co., Ltd. Method and apparatus for seeding a cryptographic random number generator

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6353669B1 (en) * 1995-12-04 2002-03-05 Sun Microsystems, Inc. Method and apparatus that processes a video signal to generate a random number generator seed
US20050084110A1 (en) * 2003-10-21 2005-04-21 Palmer Thomas E. System and method for n-dimensional encryption
US20070071238A1 (en) * 2005-09-29 2007-03-29 Research In Motion Limited System and method for providing an indication of randomness quality of random number data generated by a random data service
EP1821196A1 (en) * 2006-02-15 2007-08-22 CryptoGraf Co., Ltd. Method and apparatus for seeding a cryptographic random number generator

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Halfbakery: Shake N Bake Cryptophone, One time pad generated by accelerometers on physically mated phones, Cowtamer 20 Jul 2007. *
RENE MAYRHOFER and HANS GELLERSON, Shake well before use: two implementations for implicit context authentication *

Also Published As

Publication number Publication date
GB201213797D0 (en) 2012-09-12

Similar Documents

Publication Publication Date Title
CN107888384B (en) Identity data management method, system and computer readable storage medium
US9673975B1 (en) Cryptographic key splitting for offline and online data protection
CN103647645B (en) The dynamic password authentication method of many certificate servers, system and device
CN109104440A (en) The cloud storage big data integrity verification method of internet of things oriented mobile terminal device
CN109936552B (en) Key authentication method, server and system
CN102364888B (en) Setting method, setting system, terminal and authentication server for dynamic token key factor
CN113708935B (en) Internet of things equipment unified authentication method and system based on block chain and PUF
WO2018048411A1 (en) Establishing shared key data for wireless pairing
CN108173648A (en) Security processing method, equipment and storage medium based on private key escrow
CN111161075B (en) Blockchain transaction data proving and supervising method, system and related equipment
CN104753682B (en) A kind of generation system and method for session code key
CN103384249B (en) Network access verifying method, Apparatus and system, certificate server
CN103138923B (en) A kind of internodal authentication, Apparatus and system
CN107040923B (en) A kind of authentication method and device of wearable device
GB2504546A (en) Generating a random number from user inputs to be used in encryption.
CN106355088B (en) Account management application strengthening method and device using same
CN116318687A (en) Data dynamic encryption method based on bidirectional mapping matrix
CN103414567A (en) Information monitoring method and system
CN111092935A (en) Data sharing method and virtual training device for machine learning
CN115603891A (en) Independently controllable ciphertext data security calculation method and system
CN112738129B (en) Identity verification and authentication method and system for network user
CN115865426A (en) Privacy intersection method and device
CN106685643B (en) The method and device of public key verifications under CRT mode
CN108881269A (en) A kind of management method of seed key, system and token manufacturer process units
CN114219479A (en) Block chain editable and correctable system and method for distributed environment

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)