Abstract: An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

Abstract: Methods, systems, and computer programs for performing key agreement operations in a communication system are described. In some aspects, a wireless network operator receives a mobile device identifier and accesses a secret key associated with the mobile device. A message authentication code function is evaluated based on the secret key to produce an output value. A session key and a challenge value are obtained based on the output value. In some aspects, a mobile device accesses a secret key in response to receiving the challenge value from the wireless network operator. A message authentication code function is evaluated based on the secret key to produce an output value. A response value and a session key are obtained based on the output value. The response value is transmitted to the wireless network operator.

Abstract: In some aspects, an encryption method comprises encrypting a first portion of a message using a first secret key. The first secret key is generated based on the public key of an entity. A one-way function is used to generate a second secret key from the first secret key, and the first secret key is subsequently discarded. A second portion of the message is encrypted using the second secret key. The encrypted first portion of the message and the encrypted second portion of the message are provided to the entity.

Abstract: During generation of an implicit certificate for a requestor, a certificate authority incorporates information in the public-key reconstruction data, where the public-key reconstruction data is to be used to compute the public key of the requestor. The information may be related to one or more of the requestor, the certificate authority, and the implicit certificate. The certificate authority reversibly encodes the public-key reconstruction data in the implicit certificate and sends it to the requestor. After receiving the implicit certificate from the certificate authority, the requestor can extract the incorporated information from the public-key reconstruction data. The implicit certificate can be made available to a recipient, and the recipient can also extract the incorporated information.

Abstract: Methods, systems, and computer programs for performing key agreement operations in a communication system are described. In some aspects, a wireless network operator receives a mobile device identifier and accesses a secret key associated with the mobile device. A message authentication code function is evaluated based on the secret key to produce an output value. A session key and a challenge value are obtained based on the output value. In some aspects, a mobile device accesses a secret key in response to receiving the challenge value from the wireless network operator. A message authentication code function is evaluated based on the secret key to produce an output value. A response value and a session key are obtained based on the output value. The response value is transmitted to the wireless network operator.

Abstract: During generation of a signature on a message to create a signed message, a signer determines one of the signature components such that particular information can be extracted from the signature component. The particular information may be related to one or more of the signer and the message to be signed. After receiving a signed message purported to be signed by the signer, a verifier can extract the particular information from the signature component.

Abstract: An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

Abstract: A system and method of providing authenticity to a radio frequency identification (RFID) tag are provided. The method comprises generating a plurality of digital signatures, wherein each digital signature is generated using an index value unique to that digital signature and using information associated with the RFID tag; and storing the plurality of digital signatures on the RFID tag in association with respective index values to enable a desired digital signature to be selected according to a provided index value. Also provided are a system and method of enabling an RFID reader to authenticate an RFID tag, which utilize a challenge comprising an index value to request one of the stored signature and authenticating same. Also provided is an RFID tag that is configured to participate in the challenge-response protocol.

Abstract: A method is disclosed for performing key agreement to establish a shared key between correspondents and for generating a digital signature. The method comprises performing one of key agreement or signature generation, and using information generated in said one of key agreement or signature generation in the other of said key agreement or said signature generation. By doing this, computations and/or bandwidth can be saved.

Abstract: Methods, systems, and computer programs for generating a digital signature are disclosed. In some aspects, a symmetric key is accessed. The symmetric key is based on an ephemeral public key. The ephemeral public key is associated with an ephemeral private key. A ciphertext is generated based on the symmetric key and a message. An input value is obtained based on the ciphertext independent of a hash function. A digital signature is generated from the ephemeral private key, the input value, and a long term private key.

Abstract: A method for a device to determine that it has been lost is provided. The method comprises the device determining its current location, the device comparing its current location to a plurality of stored locations, and the device determining that it has been lost when its current location is a stored location that has been designated as a location where the device is unlikely to be located or is not a stored location that has been designated as a location where the device is likely to be located.

Abstract: Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and that v=w/z. The verification equality R=uG+vQ may then be computed as ?zR+(uz mod n)+wQ=O with z and w of reduced bit length This is beneficial in digital signature verification where increased verification can be attained.

Abstract: The invention provides a method of verifiable generation of public keys. According to the method, a self-signed signature is first generated and then used as input to the generation of a pair of private and public keys. Verification of the signature proves that the keys are generated from a key generation process utilizing the signature. A certification authority can validate and verify a public key generated from a verifiable key generation process.

Abstract: Systems, methods, software, and combinations thereof for evaluating entropy in a cryptography system are described. In some aspects, sample values are produced by an entropy source system. A typicality can be determined for each of the sample values. A grading is determined for preselected distributions based on the typicalities of the sample values. A subset of the preselected distributions are selected based on the gradings. An entropy of the entropy source system is calculated based on the subset of the plurality of distributions.

Abstract: A method for a device to determine that it has been lost is provided. The method comprises the device determining its current location, the device comparing its current location to a plurality of stored locations, and the device determining that it has been lost when its current location is a stored location that has been designated as a location where the device is unlikely to be located or is not a stored location that has been designated as a location where the device is likely to be located.

Abstract: Systems, methods, software, and combinations thereof for evaluating entropy in a cryptography system are described. In some aspects, sample values are produced by an entropy source system. A typicality can be determined for each of the sample values. A grading is determined for preselected distributions based on the typicalities of the sample values. A subset of the preselected distributions are selected based on the gradings. An entropy of the entropy source system is calculated based on the subset of the plurality of distributions.

Abstract: During generation of a signature on a message to create a signed message, a signer determines one of the signature components such that particular information can be extracted from the signature component. The particular information may be related to one or more of the signer and the message to be signed. After receiving a signed message purported to be signed by the signer, a verifier can extract the particular information from the signature component.

Abstract: In a method of generating a digital signature of a message m, a signature component s of the digital signature is calculated by first masking the long-term private key d using a single additive operation to combine the key d with a first value. The masked value is then multiplied by a second value to obtain component s. The first value is calculated using the message m and another component of the digital signature, and the second value is derived using the inverse of a component of the first value. In this way, the signature component s is generated using a method that counters the effectiveness of side channel attacks, such as differential side channel analysis, by avoiding a direct multiplication using long-term private key d.

Abstract: A system and method of providing authenticity to a radio frequency identification (RFID) tag are provided. The method comprises generating a plurality of digital signatures, wherein each digital signature is generated using an index value unique to that digital signature and using information associated with the RFID tag; and storing the plurality of digital signatures on the RFID tag in association with respective index values to enable a desired digital signature to be selected according to a provided index value. Also provided are a system and method of enabling an RFID reader to authenticate an RFID tag, which utilize a challenge comprising an index value to request one of the stored signature and authenticating same. Also provided is an RFID tag that is configured to participate in the challenge-response protocol.

Abstract: A system, device and method for authenticating a user. The system, device and method may employ a computing device for providing credentials required for access to an on-line resource available over a network. The computing device may connect to the on-line resource to register a user. The computing device may receive from the on-line resource at least one request for a credential to identify the user. In response to the request, the computing device may generate a random credential, store the random credential in association with an on-line resource identifier and the request in a data store accessible to the computing device and, submit the random credential to the on-line resource to register the user.