Microsoft Corporation
SYSTEMS AND METHODS FOR ENHANCING SECURITY OF DEVICE-INTERNAL ENCRYPTION WITH EXTERNALLY GENERATED ENTROPY

Abstract:

Enhancing security achieved via encryption that is performed within an encryption device by combining entropy that is generated within the encryption device with additional entropy, that is generated external to the encryption device, into the generation of an encryption key. Prior to an encryption device utilizing a deterministic algorithm to generate the encryption key, multiple random numbers may be obtained from different entropy sources--at least one of which is internal to the encryption device and at least one of which is external to the encryption device. The encryption device combines the multiple random numbers into a combined entropy input that cannot be determined from either one of the random numbers alone. This combined entropy input is then utilized to generate the encryption key that is ultimately used to perform the device-internal encryption.