FIELD OF INVENTION

The subject disclosure relates to components and systems for generating cryptographic tokens (keys) generated out of hardware based True Random Number Generator (TRNG), Statistical tests to weed out weak keys, number-to-image transformation followed by new steganographic methods of injecting into an Image carrier and splitting into shares using Visual Cryptographic methods. More particularly the present invention relates to an improved token shares creation and a storage process which is significantly better than PKI, wherein the share keys are in an image form with enhanced security and integrity.

BACKGROUND ART

In the prior art, a PCT publication W09636163 discloses steganography systems. The improvements include facilitating scale and rotation registration for steganographic decoding by use of rotationally symmetric steganographically embedded patterns and subliminal digital graticules; improved techniques for decoding without access to unencoded originals; improving robustness of steganographic coding in motion pictures and/or in the presence of lossy compression/decompression; and representing data by patterned bit cells whose energy in the spatial domain facilitates decoding registration. Applications include enhanced-security financial transactions, counterfeit resistant identification cards, fraud deterrent systems for cellular telephony, covert modem channels in video transmission, photo duplication kiosks with automatic copyright detection, and hotlinked image objects (e.g. with embedded URLs) for use on the internet.

It is further known to encrypt an image in order to prevent the image being recognized or to prevent its contents being read by unauthorized persons. One technique of encrypting an image is disclosed in, for example, European Patent Application EP 0 260 815. This technique, also known as visual cryptography, employs two patterns or"shares", each of which cannot be recognized individually, which are overlaid to produce a recognizable image. To this end, the original image is transformed into two randomized image patterns, neither of which contains any perceptible image information. One of these patterns is printed on a transparency to act as a key. When such patterns are overlaid, the patterns are combined and thus"decrypted"in the eye of the viewer

Rather than working with transparencies which are cumbersome when larger amounts of individually encrypted images are to be viewed, it has been proposed to use a decrypting (decryption) device. Two types of image decrypting devices can be distinguished: transparent and non-transparent devices. Transparent decrypting devices essentially mimic the transparent sheets used in the Prior Art and display one pattern ("share") of the encrypted image. As the decrypting device is at least partially transparent, the other pattern of the image can be seen through the device and the two image patterns are combined in the eye of the viewer as before.

Further in the prior art steganographic methods currently known generally involve fullydeterministic or "exact" prescriptions for passing a message. Another way to say this is that it is abasic assumption that for a given message to be passed correctly in its entirety, the receiver of the information needs to receive the exact digital data file sent by the sender, tolerating no bit errors orloss" of data. By definition, "lossy" compression and decompression on empirical signals defeat suchsteganographic methods. (Prior art, such as the previously noted Komatsu work, are the exceptionshere.)

The principles of this technology can also be utilized as an exact form of steganographyproper.lt is suggested that such exact forms of steganography, whether those of prior art or those ofthis technology, be combined with the relatively recent art of the "digital signature" and/or the DSS(digital signature standard) in such a way that a receiver of a given empirical data file can first verify that not one single bit of information has been altered in the received file, and thus verify that the contained exact steganographicmessage has not been altered. The simplest way to use the principles of this technology in an exact steganographic system isto utilize the previously discussed "designed" master noise scheme wherein the master snowy code isnot allowed to contain zeros. Both a sender and a receiver of information would need access to both the master snowy code signal and the original unencoded original signal. The receiver of theencoded signal merely subtracts the original signal giving the difference signal and the techniques ofsimple polarity checking between the difference signal and the master snowy code signal, data sampleto data sample, producing a the passed message a single bit at a time. Presumably data samples withvalues near the "rails" of the grey value range would be skipped (such as the values 0,1,254 and 255in 8-bit depth empirical data).

The need for the receiver of a steganographic embedded data file to have access to the originalsignal can be removed by turning to what the inventor refers to as "statistical steganography." In thisapproach, the methods of this technology are applied as simple a priori rules governing the reading ofan empirical data set searching for an embedded message. This method also could make good use of itcombination with prior art methods of verifying the integrity of a data file, such as with the DSS.(See, e.g., Walton, "Image Authentication for a Slippery New Age," Dr. Dobb's Journal, April, 1995,p. 18 for methods of verifying the sample-by-sample, bit-by-bit, integrity of a digital image.)

Statistical steganography posits that a sender and receiver both have access to the same mastersnowy code signal. This signal can be entirely random and securely transmitted to both parties, orgenerated by a shared and securely transmitted lower order key which generates a larger quasi-randommaster snowy code signal. It is a priori defined that 16 bit chunks of a message will be passed withincontiguous 1024 sample blocks of empirical data, and that the receiver will use dot product decodingmethods as outlined in this disclosure.The sender of the information pre-checks that the dot product approach indeed produces the accurate 16 bit values (that is, the sender pre-checks that the cross-talk between the carrier image and the message signal is not such that the dot product operation will produce an unwanted inversion of any of the 16 bits). Some fixed numbers of 1024 sample blocks are transmitted and the same number times 16 bits of message is therefore transmitted. DSS techniques can be used to verify the integrity of a message when the transmitted data is known to only exist in digital form, whereas internal checksum and error correcting codes can be transmitted in situations where the data may be subject to change and transformation in its transmission. In this latter case, it is best to have longer blocks of samples for any given message content size (such as 10K samples for a 16 bit message chunk, purely as an example).

The images used for synchronization purposes may show an identification token, such as a number, letter or name, to allow an easy recognition of the correctly decrypted image. This token could identify a key on the display device which could be pressed to identify the correctly decrypted image.

Although various ways of receiving user input can be envisaged, it is preferred that the display device receives the user indication via a pointing device and/or a keyboard. A suitable pointing device is a so-called mouse, although other pointing devices, such as a "track baH"ora"touch-pad mouse"can also be used. The term"keyboard"as used here is meant to include other key arrangements, such as key pads. Alternatively, the use of touch- screen technology may be advantageous.

The images used for synchronization according to the present invention may be monochrome images or color images. Although various techniques may be used for rendering color images in visual cryptography and similar applications.

SUMMARY OF INVENTION

The present invention therefore provides a system for generating secure tokens and transmission based on True random number generator (TRNG) using image transformation, steganography and Visual cryptographic algorithms. For every key generated a pair of share tokens is generated.

Therefore such as herein described there is disclosed a method of generating secure tokens and transmission based on (TRNG) generated tokens and split into shares, the method comprising steps of:generating the keys by a hardware based True Random number Generator (TRNG); sieving filtering the generated keys using statistical tests suite and are orthogonal amongst the created selecting the random numbers of required width as tokens;applying number to image transformation for the said tokens;applying steganography methods of injecting into a image carrier to the selected tokens; andsplitting the steganographic contents into at least two shares using visual cryptographic methods.

As per another object of the present invention there is provided a method for generating secure tokens and transmission based on True random number generator (TRNG) using image transformation, steganography and Visual cryptographic algorithms.
For every key generated a pair of share tokens is generated, the system comprising :

means for generating the keys by a hardware based True Random number Generator (TRNG);

means for sieving / filtering the generated keys using statistical tests suite;

means for selecting the random numbers of required width as tokens;

means for applying number to image transformation for the said tokens;means for applying steganography methods of injecting into a image carrier to the selected tokens; and

means for splitting the steganographic contents into at least two shares using visual cryptographic methods.

Also it is an object of the present invention to provide share keys which are in an image form, unlike the regular ASCII form as is the case with most existing key solutions. This results in enhanced security and integrity

Further object of the present invention is to provide a cryptographic method which is easier to implement. The implementation disclosed herein is completely at the user control. No third party or vendor required for continuous usage of this solution.

As per an exemplary embodiment of the present invention is to provide random number sanctity. A True Random Number Generator is used to generate the base random numbers (which are further converted into image and then shares in situ using KGA) which are true numbers in nature, unlike pseudo random numbers. The disclosed TRNG and KGA together could produce significantly large number of orthogonally different keys (0.5 million every 15 minutes), which is significantly better compared to alternatives such as PKI.

A system of this kind allows a quick and convenient synchronization.

Still further object of the present invention is to provide a cryptographic and decryptographic method wherein the whole process is done programmatically and no human intervention for decision is needed.

BRIEF DESCRIPTON OF THE ACCOMPANYING DRAWINGS

The present invention will further be explained below with reference to exemplary embodiments illustrated in the accompanying drawings, in which:

Fig. 1 (a) schematically shows token shares creation and storage process according to the present invention;

Fig 2 illustrates the token shares decryption process according to the present invention;

Fig 3 illustrates the modified F5 algorithm in accordance with the present invention.

DETAILED DESCRIPTION

The present patent application relates to the field of Cryptographic tokens (keys) generated out of a hardware based True Random Number Generator, Statistical tests to weed out weak keys, number-to-image transformation, new steganographic methods of injecting into a Image carrier and splitting into shares using Visual Cryptographic method. The present disclosure is not restrictive just for the whole process flow and also for the tokens generated thereupon for distribution in smartcard media or USB flash drives or in smart mobile applications. The total flow of work is depicted in Fig [1a and Fig 1b] with illustrations.

The TRNG (True Random Number Generator) is implemented using FPGA based generator built with a Thermal Noise Generator. The hardware appliance generates continuous keys of required lengths. The keys generated are sieved through statistical tests and are orthogonal amongst the created are only good candidates are chosen as tokens or Keys.

In the TRNG (True Random Number Generator) based on Thermal noise circuit wherein the TRNG numbers are not generated at all Frequencies. Some Frequencies are not
suitable for TRNG numbers generation. It may be appreciated that the following frequencies only generate good TRNG sequences (frequencies: 1 to 6MHZ). Further the Von Neumann method is used to sample bits (sample two bits and discard them if they are equal. If they are not equal, then one of the bit is accumulated). The generated numbers if they don't undergo the Die-Hard Test suite, the appropriate frequency of generation is dropped. There is a closed loop link between generation process and statistical testing suite of Die-Hard to quantify the usable frequencies for TRNG number generation. This generation process is unique and yields good quality of TRNG sequences.

The Secret sharing is one type of key establishment protocols. TheTrusted Authority (TA) divides the token or keys (secret) into pieces and distributes the pieces to different users. These pieces are called shares. Shares contain partial information about the secret. However, shares are constructed in such a way that although the secret can be reconstructed by combining a number of shares, simply examining individual user's share will not reveal the secret information at all.

Token shares are generated in-situ from the good candidate keys using Image transformation, steaganography and Visual cryptographic algorithms and is carried out vide a plurality of dedicated programmed processors. For every key generated a pair of share tokens is generated. At least a pair of share tokens are generated.

The tokens generated as described in aforesaid para can be used as symmetric keys for certificate-less cryptographic applications. Certificate-less cryptography is a promising technology for solving the key escrow problem in identity-based cryptography.

One share token, the stegano content (Carrier and the TRNG key number) and the original cryptographic key can be at server level, including the procedures for reversing steganographic procedure , combining procedure for getting back the original number out of the two shares using Visual cryptography and verifying with original key.

The other share can be infused into media like Smart cards, USB flash drives, with or without biometric fingerprint scanner or any other media as per PKCS#11 standards of key distribution.

During verification of the keys at server level, two level authentication is carried out. At the first level when the reconstructed image of the two shares reveals the Stegano carrier Image and second, the original TRNG value getting reconstructed after dispensing the stegano carrier as referred to in Fig 1b.

Visual cryptography (M. Naor, A. Shamir: Visual Cryptology, Eurocrypt '94, Springer- Verlag LNCS Vol. 950, Springer-Verlag, 1995, pp1-12) can briefly be. described as follows. An image is split into two randomized parts, the image plus a randomization and the randomization itself. Either part contains no information on the original image because of the randomization. However, when both parts are physically overlaid the original image is reconstructed.

If the two parts do not fit together, no information on the original image is revealed and a random image is produced. Therefore if two parties want to communicate using visual cryptography, they have to share the randomization. A basic implementation would be to give a receiving party a transparency containing the randomization. The sender would then use this randomization to randomize the original message, and transmit the randomized message to the receiver, on a transparency or any other means. The receiver puts the two transparencies on top of each other and recovers the message. This scheme can be compared to a OTP.

In the regeneration process from the shares the Image processing methods are used for the cleaning the salt and pepper noise after overlaying the shares, doing a raster to vectorization process to get back the ASCII value from the raster content, to reconstruct the token and compare with the original. This is done as the whole process is done programmatically and no human intervention for decision is needed.

Modified F5 Algorithm Details for Stegnography:

The Token (Random Number Key) data as described in aforesaid paragraphs is the stego message that's needs to be embedded in the cover image (Implemented as Logo Images of Different Enterprises)i.e. the raster image before the activation of Visual cryptography algorithm is initiated. For this a modified F5 algorithm is used as shown in fig. 3. The modified F5 algorithm is the most improved way of implementing steganographic processes for JPEG quality images vide a programmed processor.

The Enterprise Logo as Image is chosen as a carrier to embed the TRNG sequences within it using modified F5 algorithm. This process also is used as an authentication method strongly associating the enterprise. In the event of hacking or breach the step would only reveal the Logo of the enterprise rather than the associated- TRNG Token within it.

The Logo with the embedded token is split using non-linear algorithm of splitting into two or more shares by a configured processor means . Different Non-linear algorithms will result in different pairs of orthogonally different numbers of shares (2 or more depending on the splitting methods). This ensures reusability of the Logo with embedded tokens for multiple authentication processes. The shares generated are as equivalent to PKI certificates generated. No third party need to be involved is such shares (tokens) generation unlike in conventional certificaterTokens/Key generation process.
There are two major extensions in this proposed algorithm from the published algorithm.

They are:

• Permutative Straddling

• Matrix Encoding

The objective is for practical embedding method for JPEG images that would provide high steganographic capacity without sacrificing security using a configured processor. Guided by the x2 attack(chi square), this algorithm challenges the paradigm of replacing bits of information in the cover-image with the secret message while proposing a different paradigm of incrementing image components to embed message bits. Instead of replacing the LSBs of quantized DCT coefficients with the message bits, the absolute value of the coefficient is decreased by one. This type of embedding cannot be detected using their x2 statistical attack.

The F5 algorithm embeds message bits into randomly-chosen DCT coefficients and employs matrix embedding that minimizes the necessary number of changes to embed a message of certain length. According to the modified F5 algorithm, the program accepts five inputs to a configured processor for carrying out the embedding process.

• Quality factor of the stego-image Q;

• Input file (TIFF, BMP, JPEG, or GIF);

• Output file name;

• File containing the secret message;

• User password to be used as a seed for PRNG;

• Comment to be inserted in the header.

In the embedding process, the message length and the number of non-zero non-DC coefficients are used to determine the best matrix embedding that minimizes the number of modifications of the cover-image. Matrix embedding has three parameters (c, n, k), where c is the number of changes per group of n coefficients, and k is the number of embedded bits. A simple matrix embedding (1, 2k-1, k) using a "hash" function that outputs k bits when applied to 2/c-1 coefficients.

The embedding process starts with deriving a seed for a PRNG from the user password and generating a random walk through the DCT coefficients of the cover image. The PRNG is also used to encrypt the value k using a stream cipher and embed it in a regular manner together with the message length in the beginning of the message stream. The body of the message is embedded using matrix embedding, inserting k message bits into one group of 2/c—1 coefficients by decrementing the absolute value of at most one coefficient from each group by one.

The embedding process consists of the following six steps:

1. Get the RGB representation of the input image.

A color value is normally a three-component vector in a color space(a set of possible colors). A well known color space is RGB. Since the colors red, green, and blue are
additive primaries, every color can be specified as a weighted sum of a red, green, and a blue component. A vector in RGB space describes the intensities of these components. Another space, known as YCbCr, distinguishes between a luminance (X) and two chrominance (Cb.Crj components. Whereas the Y component accounts for the brightness of a color, Cband Cr distinguish between the color grades. A color vector in RGB can be converted to YCbCr using the transform:

2. Calculate the quantization table corresponding to quality factor Q and compress
the image while storing the quantized DCT coefficients.

3. Compute the estimated capacity with no matrix embedding

4. C = hDCT- hDCT/64 - h(0) -h( 1) + 0.49fi(1), whereftDCTis the number of all DCT coefficients, h(0) is the number of AC DCT coefficients equal to zero, h(1) is the number of AC DCT coefficients with absolute value 1, hDCT/64 is the number of DC coefficients, and -h(1)+0.49h(1) = -0.51 h(1) is the estimated loss due to shrinkage (see Step 5). The parameter C and the message length together determine the best matrix embedding.

5. The user-specified password is used to generate a seed for a PRNG that determines the random walk for embedding the message bits. The PRNG is also used to generate a pseudo-random bit-stream that is XOR-ed with the message to make it a randomized bit stream. During the embedding, DC coefficients and coefficients equal to zero are skipped.

6. The message is divided into segments of k bits that are embedded into a group of 2/c-1 coefficients along the random walk. If the hash of that group does not match the message bits, the absolute value of one of the coefficients in the group is decreased by one to obtain a match. If the coefficient becomes zero, the event is called shrinkage, and the same k message bits are re-embedded in the next group of DCT coefficients (note that LSB(d)= d mod 2, for d > 0, and LSB(c/)=1- d mod 2, for d < 0).

7. If the message size fits the estimated capacity, the embedding proceeds, otherwise an error message showing the maximal possible length is displayed.

INNOVATION

(a) Existing digital certificate validation methods and PKI (public key private key) methods are assymetric in nature and private keys used by users are generated based on root keys (usually held at the provider of PKI solutions to users). Same is the case with digital certificates, where root certificate data is stored on certificate provider database. When the databases of these providers are breached (as has been in several cases recently), the sanctity and integrity of the private keys or certificates is questionable. With the disclosed symmetric key architecture, outlined earlier, there is no root key or certificate held on third party or provider databases, resulting in higher integrity.

(b) Herein disclosed share keys are in an image form, unlike the regular ASCII form as is the case with most existing key solutions. This results in enhanced security and integrity

(c) Easier to implement: The implementation of the cryptography is completely at the user control. No third party or vendor required for continuous usage of this solution.

(d) Random number sanctity : A True Random Number Generator is used to generate the base random numbers which are true numbers in nature, unlike pseudo random numbers.

(e) Throughput : The disclosed TRNG could produce significantly large number of
orthogonally different keys (0.5 million every 15 minutes), which is significantly
better compared to alternatives such as PKI.

(f) The complete process of steps involving TRNG generation, embedding enterprise logo with TRNG numbers, splitting into shares using non-linear algorithms of Visual Cryptographic process and system based verification process is unique.

ABREVIATIONS USED

Numerous modifications may be made to the present invention, which still fall within the
intended scope hereof. Thus, it should be apparent that there has been provided in accordance with the present invention a method and apparatus for welding with a
robotic system that fully satisfies the objectives and advantages set forth above. Although the invention has been described in conjunction with specific embodiments thereof, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, it is intended to embrace all such alternatives, modifications and variations that fall within the spirit and broad scope of the appended
claims.

We Claim:

1. A method of generating secure tokens and transmission based on (TRNG) generated tokens and split into shares, the method comprising steps of:

generating the keys by a hardware based True Random number Generator (TRNG);
sieving filtering the generated keys using statistical tests suite and are orthogonal amongst the created;

selecting the random numbers of required width as tokens;

applying number to image transformation for the said tokens;

applying steganography methods of injecting into image carrier to the selected tokens; and

splitting the steganographic contents into at least two shares using Share Generation Appliance (SGA), which is based on visual cryptographic methods.

2. The method as claimed in claim 1, wherein the key generation appliance is based on FPGA based generator build with a Thermal noise generator with frequencies preferably 1 to 6MHZ.

3. The method as claimed in claim 1, wherein Von Neumann method is applied to generated keys which include discarding them under condition that the two sample (keys) bits are equal and accumulating one of the bits (keys) if they are not equal.

4. The method as claimed in claim 1, wherein the generated numbers (keys)under condition that they don't undergo the Die-Hard Test suite then the appropriate frequency of generation is dropped.

5. The method as claimed in claim 1, wherein there is a closed loop link between generation process and statistical testing suite of Die-Hard to quantify the usable frequencies for TRNG number generation.

6. The method as claimed in claim 1, wherein the splitting of the shares contains partial information about the secret.

7. The method as claimed in claim 1, wherein for every key, a pair of share tokens is created.

8. The method as claimed in claim 1, wherein, one share token, .the stegano content (Carrier and the TRNG key number) and the original cryptographic key is stored at server level, including the procedures for reversing steganographic procedure, combining procedure for getting back the original number out of the two shares using Visual cryptography and verifying with original key.

9. The method as claimed in claim 1, wherein, the second share token, is stored into media like Smart cards, USB flash drives, with or without biometric fingerprint scanner or any other media as per PKGS#11 standards of key distribution.

10. The method as claimed in claim 1, wherein, the either shares contains no full information on the original image because of the randomization and the original image is revealed under condition that the shares gets physically overlaid and are fit together.

11. The method as claimed in claim 10, wherein, under condition that either sharedo not fit together, then no information on the original image is revealed and a random image is produced.

12. The method as claimed in claim 1, wherein, the share token is the stego message and is embedded in the cover image (Implemented as Logo Images of Different Enterprises) before the activation of Visual cryptography algorithm is initiated using a modified F5 algorithm.

13. The method as claimed in claim 12, wherein any event of hacking or breach would only reveal the Logo of the enterprise rather than the associated TRNG Token within it.

14. The method as claimed in claim 12, wherein the Logo with the embedded token is split using non-linear algorithm of splitting into two or more shares and the different Non-linear algorithms results in different pairs of orthogonally different numbers of shares (two or more depending on the splitting methods).

15. The method as claimed in claim 1, wherein, the F5 algorithm embeds message bits into randomly-chosen DCT coefficients and employs matrix embedding that minimizes the necessary number of changes to embed a message of certain length including inputs as:
• Quality factor of the stego-image Q;

• Input file (TIFF, BMP, JPEG, or GIF);

• Output file name;

• File containing the secret message;

• User password to be used as a seed for PRNG;

• Comment to be inserted in the header.

16. The method as claimed in claim 15, wherein, the matrix embedding has three parameters (c, n, k), where c is the number of changes per group of n coefficients, and k is the number of embedded bits including simple matrix embedding (1, 2/c-1, k) using a "hash" function that outputs k bits when applied to 2/c-1 coefficients.

17. The method as claimed in claim 16, wherein, the embedding process includes the steps of:

selecting the RGB representation of the input image;

calculating the quantization table corresponding to quality factor Q and compressing the image while storing the quantized DCT coefficients;

computing the estimated capacity with no matrix embedding;

generating a seed for a PRNG using a user-specified password that determines the random walk for embedding the message bits; wherein the message is divided into segments of k bits that are embedded into a group of 2/c-1 coefficients along the random walk and under condition that the hash of that group does not match the message bits, the absolute value of one of the coefficients in the group is decreased by one to obtain a match and if the coefficient becomes zero, the same k message bits are re-embedded in the next group of DCT coefficients (LSB(d)= d mod 2, for d > 0, and LSB(d)=1- d mod 2, for d < 0) and further if the message size fits the estimated capacity, the embedding proceeds, otherwise an error message showing the maximal possible length is displayed.
8. The method as claimed in claim 17, wherein the step of computing is carried out ith following equation:

C = hDCT- hDCT/64 - h(0) - + 0.49/7(1), whereftDCTis the number of all DCT coefficients, h(0) is the number of AC DCT coefficients equal to zero, h(1) is the number of AC DCT coefficients with absolute value 1, hDCT/64 is the number of DC coefficients, and -h(1)+0.49h(1) = -0.51h(1) is the estimated loss due to shrinkage and the parameter C and the message length together determine the best matrix embedding.

19. The method as claimed in claim 17, wherein the PRNG also generates a pseudo random bit-stream that is XOR-ed with the message to make it a randomized bit stream.

20. The method as claimed in claim 17, wherein during the process of embedding, DC coefficients and coefficients equal to zero are skipped.

21. The method as claimed in any of the preceding claims further comprising the step of verifying the keys at the server level.

22. The method as claimed in claim 21, wherein, during verification of the keys at server level, two level authentication is carried out wherein at the first level when the reconstructed image of the two shares reveals the Stegano carrier Image and second, the original TRNG value gets reconstructed after dispensing the stegano carrier.

23. The method as claimed in any of the preceding claims wherein the shares generated are as equivalent to PKI certificates generated and no third party required to be involved is such shares (tokens) generation unlike in conventional certificate/Tokens/Key generation process.

24. The method as claimed in claim 21, wherein in the verification process from the shares the Image processing methods are applied for cleaning the salt and pepper noise after overlaying the shares and doing a raster to vectorization process to get back the ASCII value from the raster content, to reconstruct the token and compare with the original.

25. A system of generating secure tokens and transmission based on (TRNG) generated tokens and split into shares, the system comprising of:

means for generating the keys by a hardware based True Random number Generator (TRNG);

means for sieving / filtering the generated keys using statistical tests suite;

means for selecting the random numbers of required width as tokens;

means for applying number to image transformation for the said tokens;

means for applying steganography methods of injecting into a image carrier to the selected tokens; and

means for splitting the steganographic contents into at least two shares using visual cryptographic methods.

26. The system as claimed in claim 25, wherein the key generation appliance is based on FPGA based generator build with a Thermal noise generator with frequencies preferably 1 to 6MHZ.

27. The system as claimed in any of the preceding claims, wherein the shares generated are as equivalent to PKI certificates generated and no third party required to be involved is such shares (tokens) generation unlike in conventional certificate/Tokens/Key generation process.

28. The claimed in any of the preceding claims, wherein in the event of hacking or
breach the step would only reveal the Logo of the enterprise rather than the associated
TRNG Token within it.

29. The method as claimed in claim 12, wherein the Logo with the embedded token
is split using non-linear algorithm of splitting into two or more shares and the different
Non-linear algorithms will result in different pairs of orthogonally different numbers of
shares (2 or more depending on the splitting methods).

30. The system as claimed in claim 25, further comprising means for verifying the
keys at the server level.

31. The system as claimed in claim 24, wherein, one share token, the stegano content and the original cryptographic key is stored at server level, including the procedures for reversing steganographic procedure, combining procedure for getting back the original number out of the two shares using Visual cryptography and verifying with original key and the second share token, is stored into media like Smart cards, USB flash drives, with or without biometric fingerprint scanner or any other media as per PKCS#11 standards of key distribution.