BACKGROUND

The invention relates generally to the field of cryptography. Specifically, the invention relates to a system and method for generating a session key that can be used for encryption and decryption.

Generating a session key from a known shared master key is known in the art. However, the present method has a number of limitations. For example, storing a large number of keys for session communication has an impact over the performance of a system and may also make the system vulnerable if the security of the system is jeopardized. Another way of creating a session key is by using one way hash functions. However, generating a session key using a single way hash function requires a complex mathematical operation that comes at the expense of computation time. Yet another method of creating a session key, which is known in the art, is by exchanging a random signal between each of the communicating users and then using the exchanged random signals to form the new key. However, this method causes an overhead as both parties or communicators are required to compute random numbers for generating the key. Accordingly, there is a need for a method and system of generating a session key so that both the computing time and the memory requirement can be reduced.

SUMMARY OF THE INVENTION

The invention discloses a method for generating a cryptographic session key based on a known master key shared between a sender communicator and a receiver communicator in a communication network. The method includes the steps of receiving a request from the receiver communicator, by the sender communicator, to establish a communication session between the sender and the receiver communicator. The method further includes generating an open random number signal at the sender communicator and combining the generated open random number signal with the known master key to generate the cryptographic session key.

The invention discloses a system for generating a cryptographic session key wherein the system comprises at least a sender communicator and a receiver communicator. Each of the sender communicator and the receiver communicator comprise: a transceiver configured to send and receive a request to generate an open random signal, a signal generation module configured to generate the open random signal, a plurality of extraction modules configured to create a subset of the open random number signal and a master key; and a splitter module configured to combine the generated open random signal with the master key to generate the cryptographic session key.

Further advantages and features of the present invention will become evident from the description below taken in conjunction with the attached drawings and the patent claims attached.

DRAWINGS

FIG. l is a flowchart illustrating a method for encrypting data using a session key, in accordance with an embodiment of the present invention;

FIG.2 is a flow chart illustrating a method for generating a session key using a random signal and status information, in accordance with an embodiment of the present invention;

FIG. 3 is a block diagram of an environment 300 in which the present invention may be practiced;

FIG.4 is a block diagram of a system 400 for generating a session key, in accordance with an embodiment of the present invention;

FIG. 5 is a block diagram of a system 500 for generating a session key, in
accordance with another embodiment of the present invention; and

FIG. 6 illustrates a generalized example of a computing environment 600.

DETAILED DESCRIPTION

The following description is the full and informative description of the best method and system presently contemplated for carrying out the present invention which is known to the inventors at the time of filing the patent application. Of course, many modifications and adaptations will be apparent to those skilled in the relevant arts in view of the following description in view of the accompanying drawings and the appended, claims. While the system and method described herein are provided with a certain degree of specificity, the present technique may be implemented with either greater or lesser specificity, depending on the needs of the user. Further, some of the features of the present technique may be used to get an advantage without the corresponding use of other features described in the following paragraphs. As such, the present description should be considered as merely illustrative of the principles of the present technique and not in limitation thereof, since the present technique is defined solely by the claims.

The present invention provides a mechanism to generate unique session keys easily and with lesser transactional communications between a sender communicator and a receiver communicator. The method includes generating an open random signal and combining it with a known master key to generate a unique session key. The method further includes combining the open random signal by splitting the master key and inserting at least a part of the open random signal with each portion of the split master key.

FIG. l is a flowchart illustrating a method for encrypting data using a session key, in accordance with an embodiment of the present invention. At step 101, a communication session is established between a sender communicator and a receiver communicator. Once the communication session is established, at step 103, data is inputted. At step 105, it is checked whether a session key has been generated. If the session key has been generated, the input data is encrypted using the session key at step 107. However, if the session key has not been generated yet, the session key is generated at step 109 and control flows to step 105. Details of how the session key is generated are described in subsequent paragraphs.

FIG.2 is a flow chart illustrating a method for generating a session key using a random signal and status information, in accordance with an embodiment of the present invention. At step 202, a communication session is established between a sender communicator and a receiver communicator. At step 204, a master key is shared between the sender communicator and the receiver communicator. At step 206, the sender communicator and the receiver communicator are synchronized on the following modules: Pseudo Random Number Generator (PRNG) module, Sieve A, and Sieve B. Details of these modules have been explained in conjunction with Fig. 4. At step 208, a random signal is generated at the sender communicator end. At step 210,
the generated random signal is transmitted over a communication channel without any encryption to the recipient communicator. At step 212, a session key is formed at the sender communicator end and this key is used to encrypt data. At step 214, the encrypted data is transmitted to the recipient communicator. At step 216, a session key is formed at the recipient communicator by combining the random signal (received from sender communicator) and status information. At step 218, the data is decrypted using the session key generated at the recipient communicator end. It should be noted that in a peer-to-peer network, the communication may also be initiated at the receiver's end, that is, the roles of the sender communicator and receiver communicator described earlier may be reversed. In case of client-server architecture, the server, which typically has higher computing power than the client, generates the random signal using the PRNG module.

FIG.3 is a block diagram of an environment 300 in which the present invention may be practiced. The system includes a sender 303 and a receiver 309. Sender 303 and receiver 309 further include a transceiver 301 and a transceiver 307 respectively. Sender 303 and receiver 309 are connected through a network 305. The typical exemplary network 305 includes a plurality of computers all inter-connected via a communication network such as Intranet or via a larger communication network including the global TCP/IP network commonly referred to as the Internet.

FIG.4 is a block diagram of a system 400 for generating a session key, in accordance with an embodiment of the present invention. FIG. 4 includes sender 303 and receiver 309. Sender 303 includes transceiver 301, whereas receiver 309 includes transceiver 307. Transceiver 301 further includes a signal generation module 402, an extraction module 404 and a splitter module 406. Transceiver 307 includes a signal generation module 408, an extraction module 410 and a splitter module 412.

Signal generation module 402 creates a random number signal. Extraction module 404 may be any sieve function known in the art. A sieve, as is known, is an algorithm that allows creation of a subset or a new restricted section from a given random signal or a master key. For example, given a set of {1,2,3,4,5,6,7,8,9,0}, the sieve function is a mathematical operator to obtain a given subset such as {1,4,7}. However, this operation of a sieve is determined by its present state which can be changed in the future. Splitter module 406 determines a section of the master key used in forming the session key. Signal generation module 408, extraction module 410 and splitter module 412 are similar to signal generation module 402, extraction module 404 and splitter module 406 respectively and are not described again for the sake of brevity.

FIG. 5 is a block diagram of a system 500 for generating a session key, in accordance with another embodiment of the present invention. System 500 includes sender 303 and receiver 309. Sender 303 includes a PRNG (Pseudo Random Number Generator) module 603, a master key 605, a sieve A 607, a sieve B 609, a splitter 611, an encryption and decryption module 613, and data 615. PRNG module 603 generates a random number signal, which is input to sieve A 607. Master key 605, which is known to both sender 303 and receiver 309, is input to sieve B 609. The output of sieve A 607 and sieve B 609 is input to splitter 611. Splitter 611 mathematically combines master key 605 with the randomly generated signal to form a unique session key. Encryption and decryption module 613 encrypts (or decrypts) data 615 using the generated unique session key. The state of PRNG module 619 in receiver 309 depends on PRNG module 603. The random signal generated by PRNG module 603 of sender 303 is input to sieve A 623 of receiver 309. Master key 621, which is known to both sender 303 and receiver 309, is input to sieve B 625 of receiver 309. The output of sieve A 623 and sieve B 625 is input to a splitter 627. Splitter 627 mathematically combines master key 521 with the randomly generated signal to form a unique session key. The session key thus formed is used to decrypt data.

In accordance with an embodiment of the present invention, the mathematical operation performed on open random signal and a known master key is shown in Table 1.1 below.


In Table 1.1, (P) denotes the master key, (S) denotes the random signal and (+) is an operator used to signify a combination and can be any mathematical or logical operation. The state to shift is predefined and is shared beforehand between sender 303 and receiver 309 communicator to uniquely identify the sequence. The XXX (State Bits) is switched from time to time to achieve perturbation of the key.

In an embodiment, when the initial state of XXX (State Bits) is 000, it implies an append operation of the master key and the random signal. For example, if the master key (P) is {3,1,7,4,5,9} and the random signal is {P,A,X,Y,Z,B}, then as per the present state 000 the new session key will be generated as {3,1,7,4,5,9,P,A,X,Y,Z,B}.

In the next state, when the last bit is switched to one, the state of XXX (State Bits) will become 001. This implies an inversion operation of the master key and the random signal. For example, if the If the master key (P) is {3,1,7,4,5,9} and the random signal is {P,A,X,Y,Z,B} then as per the present state 000 the new session key will be generated as {P,A,X,Y,Z,B,3,1,7,4,5,9}.

In the next state, the penultimate bit is switched to one so that the next state of XXX (State Bits) is 010. This implies a splitter operation to be performed on the master key and the random signal. For example, if the If the master key (P) is {3,1,7,4,5,9} and the random signal is {P,A,X,Y,Z,B} and the split position (n) is three then as per the present state 010 the new session key will be generated as {3,1,7,P,A,X,4,5,9,Y,Z,B}. Similarly, when the state of XXX (State Bits) is 011, it implies a split and inversion operation. For example, if the master key (P) is {3,1,7,4,5,9} and the random signal is {P,A,X,Y,Z,B} and the split position (n) is three then as per the present state 010 the new session key will be generated as {P,A,X,4,5,9,Y,Z,B,3,1,7}.
In all of the embodiments, sieve A 607 and sieve B 609 of sender 303 are synchronized with sieve A 623 and sieve B 625 of receiver 309. The XXX bit information is switched from time to time to achieve perturbation of the key. When the state of XXX (State Bits) is 100 it will switch the splitting mechanism to the next state in such a manner that the sieves of both sender 303 and receiver 309 are synchronized in accordance with the next state.

Thus, the present invention provides an alternative mechanism for generating a session key. The method and system address reduction in computation time, space requirements and the round trip delays for exchange of seeds required to achieve security. In addition the method and system provides a mechanism to achieve a degree of security before the encrypting module uses the key. This would allow generation of session keys more easily and without requiring frequent changes to the master key.

The method uses sharing a random signal from one of the communicators involved in the communication and creates unique session keys based on the publically sent random signal. This method requires that each of the pair of communicators share a unique master key prior to any session communication. The master key is mathematically combined with the randomly generated public signal to form the unique session key.

The present invention has number of advantages over the existing mechanism of generating session key that can be used for encryption and decryption. The invention provides a mechanism to generate session keys more easily and with lesser transactional communications between the communicators. Not only does this method provide a faster way to generate and manage keys compared to the existing technology but also helps is creating a large subset of session keys similar to using one time pads.

Exemplary Computing Environment

One or more of the above-described techniques can be implemented in or involve one or more computer systems. FIG. 6 illustrates a generalized example of a computing environment 600. The computing environment 600 is not intended to suggest any limitation as to scope of use or functionality of described embodiments.

With reference to Fig. 6, the computing environment 600 includes at least one processing unit 610 and memory 620. In Fig. 6, this most basic configuration 630 is included within a dashed line. The processing unit 610 executes computer-executable instructions and may be a real or a virtual processor. In a multi-processing system, multiple processing units execute computer-executable instructions to increase processing power. The memory 620 may be volatile memory (e.g., registers, cache, RAM), non-volatile memory (e.g., ROM, EEPROM, flash memory, etc.), or some combination of the two. In some embodiments, the memory 620 stores software 680 implementing described techniques.

A computing environment may have additional features. For example, the computing environment 600 includes storage 640, one or more input devices 650, one or more output devices 660, and one or more communication connections 670. An interconnection mechanism (not shown) such as a bus, controller, or network interconnects the components of the computing environment 600. Typically, operating system software (not shown) provides an operating environment for other software executing in the computing environment 600, and coordinates activities of the components of the computing environment 600.

The storage 640 may be removable or non-removable, and includes magnetic disks, magnetic tapes or cassettes, CD-ROMs, CD-RWs, DVDs, or any other medium which can be used to store information and which can be accessed within the computing environment 600. In some embodiments, the storage 640 stores instructions for the software 680.
The input device(s) 650 may be a touch input device such as a keyboard, mouse, pen, trackball, touch screen, or game controller, a voice input device, a scanning device, a digital camera, or another device that provides input to the computing environment 600. The output device(s) 660 may be a display, printer, speaker, or another device that provides output from the computing environment 600.

The communication connection(s) 670 enable communication over a communication medium to another computing entity. The communication medium conveys information such as computer-executable instructions, audio or video information, or other data in a modulated data signal. A modulated data signal is a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media include wired or wireless techniques implemented with an electrical, optical, RF, infrared, acoustic, or other carrier.

Implementations can be described in the general context of computer-readable media. Computer-readable media are any available media that can be accessed within a computing environment. By way of example, and not limitation, within the computing environment 600, computer-readable media include memory 620, storage 640, communication media, and combinations of any of the above.

Having described and illustrated the principles of our invention with reference to described embodiments, it will be recognized that the described embodiments can be modified in arrangement and detail without departing from such principles. It should be understood that the programs, processes, or methods described herein are not related or limited to any particular type of computing environment, unless indicated otherwise. Various types of general purpose or specialized computing environments may be used with or perform operations in accordance with the teachings described herein.

Elements of the described embodiments shown in software may be implemented in hardware and vice versa.

As will be appreciated by those ordinary skilled in the art, the foregoing example, demonstrations, and method steps may be implemented by suitable code on a processor base system, such as general purpose or special purpose computer. It should also be noted that different implementations of the present technique may perform some or all the steps described herein in different orders or substantially concurrently, that is, in parallel.

Furthermore, the functions may be implemented in a variety of programming languages. Such code, as will be appreciated by those of ordinary skilled in the art, may be stored or adapted for storage in one or more tangible machine readable media, such as on memory chips, local or remote hard disks, optical disks or other media, which may be accessed by a processor based system to execute the stored code. Note that the tangible media may comprise paper or another suitable medium upon which the instructions are printed. For instance, the instructions may be electronically captured via optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.

The following description is presented to enable a person of ordinary skill in the art to make and use the invention and is provided in the context of the requirement for a obtaining a patent. The present description is the best presently-contemplated method for carrying out the present invention. Various modifications to the preferred embodiment will be readily apparent to those skilled in the art and the generic principles of the present invention may be applied to other embodiments, and some features of the present invention may be used without the corresponding use of other features. Accordingly, the present invention is not intended to be limited to the embodiment shown but is to be accorded the widest scope consistent with the principles and features described herein.

We Claim:

1. A method for generating a cryptographic session key based on a known master key shared
between a sender communicator and a receiver communicator in a communication network,

the method comprising the steps of:

receiving a request from the receiver communicator, by the sender communicator, to establish a communication session between the sender and the receiver communicator;

generating an open random number signal at the sender communicator; and
combining the generated open random number signal with the known master key to generate the cryptographic session key.

2. The method as recited in claim 1, wherein the open random number signal and the master key are combined by splitting the master key and inserting at least a part of the open random number signal within each split part of the master key.

3. The method as recited in claim 1, wherein the sender and the receiver communicator form a client-server network.

4. The method as recited in claim 1, wherein the sender and the receiver communicator form a peer-to-peer network.

5. The method as recited in claim 1, wherein the sender communicator sending the request to generate the open random signal is a client.

6. The method as recited in claim 1, wherein the receiver communicator receiving the request to generate the open random signal is a server.

7. The method as recited in claim 1, wherein the master key is shared between the sender and the receiver communicator prior to any session communication.

8. The method as recited in claim 1, wherein each of the sender and the receiver communicator is synchronized to switch its state at periodic intervals.

9. A system for generating a cryptographic session key, the system comprising at least a sender communicator and a receiver communicator, each of the sender communicator and the receiver communicator comprising:

a transceiver configured to send and receive a request to generate an open random signal;

a signal generation module configured to generate the open random signal;
a plurality of extraction modules configured to create a subset of the open random number signal and a master key; and

a splitter module configured to combine the generated open random signal with the master key to generate the cryptographic session key.

10. The system as recited in claim 9, wherein the sender and the receiver communicator form a client-server network.

11. The system as recited in claim 9, wherein the sender and the receiver communicator form a peer-to-peer network.

12. The system as recited in claim 9, wherein the sender communicator sending the request to generate the open random signal is a client.

13. The system as recited in claim 9, wherein the receiver communicator receiving the request to generate the open random signal is a server.

14. The system as recited in claim 9, wherein each of the server and the receiver communicator further comprises an encryption/decryption module.

15. The system as recited in claim 9, wherein at least one of the extraction modules takes the open random signal as an input.

16. The system as recited in claim 9, wherein at least one of the extraction modules takes the master key as an input.

17. The system as recited in claim 9, wherein each of the extraction modules of the sender communicator and the receiver communicator is synchronized to switch its state at periodic intervals.

18. The system as recited in claim 9, further comprising a splitter module to determine a section of the master key used in forming the session key.

19. A computer program product for use with a computer, the computer program product comprising a computer usable medium having a computer readable program code embodied therein for generating a cryptographic session key based on a known master key shared between a sender communicator and a receiver communicator in a communication network, the computer readable program code storing a set of instructions configured for:

receiving a request from the receiver communicator, by the sender communicator, to establish a communication session between the sender and the receiver communicator;

generating an open random number signal at the sender communicator; and
combining the generated open random number signal with the known master

key to generate the cryptographic session key.

20. The computer program product as recited in claim 19, wherein the sender and the receiver communicator form a client-server network.