Search

US-12621134-B2 - Key establishment and secure communications based on satellite entropy sources

US12621134B2US 12621134 B2US12621134 B2US 12621134B2US-12621134-B2

Abstract

Systems and techniques for secure communications and distribution of random values, produced from at least two satellite entropy sources, are described. These random values may be provided by respective quantum random number generators (QRNGs) at separate satellites, and optionally combined with values from ground-based entropy sources (e.g., QRNGs at terrestrial locations). An example method includes: receiving a first random value and a second random value via at least one satellite communication, where the first random value is generated by a first QRNG at a first satellite, and the second random value is generated by a second QRNG at a second satellite; and generating a cryptographic key based on the first random value and the second random value. The cryptographic key may be produced by a key derivation function that combines the random values, and the cryptographic key may be used to establish a secure communication session.

Inventors

  • Peter Burton Bordow
  • David Marc Delfiner
  • Michael Erik MEINHOLZ
  • Abhijit Rao
  • Bradford A. SHEA
  • Jeff J. Stapleton
  • Richard Toohey

Assignees

  • WELLS FARGO BANK, N.A.

Dates

Publication Date
20260505
Application Date
20240222

Claims (20)

  1. 1 . A method performed by a computing system operating at a terrestrial location for generating a cryptographic key based on satellite-generated entropy values, the method comprising: receiving a first satellite-generated random value and a second satellite-generated random value via at least one satellite communication, the first satellite-generated random value generated by a first quantum random number generator at a first satellite, and the second satellite-generated random value generated by a second quantum random number generator at a second satellite; generating a cryptographic key based on the first satellite-generated random value and the second satellite-generated random value; and establishing an encrypted communication session between the terrestrial location and a second terrestrial location based on use of the cryptographic key; wherein the cryptographic key is a symmetric key that is separately generated at the terrestrial location and the second terrestrial location based on the first satellite-generated random value and the second satellite-generated random value, and wherein generation of the symmetric key at the second terrestrial location occurs in response to receipt of the first satellite-generated random value and the second satellite-generated random value from the first satellite and from the second satellite via at least one other satellite communication.
  2. 2 . The method of claim 1 , wherein the first satellite-generated random value and the second satellite-generated random value are provided in respective transmissions from the first satellite and the second satellite to the terrestrial location.
  3. 3 . The method of claim 1 , wherein the second satellite-generated random value is provided from the second satellite to the first satellite, and wherein the at least one satellite communication is provided from the first satellite to the terrestrial location.
  4. 4 . The method of claim 1 , further comprising: receiving a third satellite-generated random value via the at least one satellite communication, the third satellite-generated random value generated by a third quantum random number generator at a third satellite, and wherein the third satellite-generated random value is provided in a respective transmission from the third satellite to the terrestrial location.
  5. 5 . The method of claim 4 , wherein the first satellite, the second satellite, and the third satellite operate in a mesh of a plurality of satellites.
  6. 6 . The method of claim 1 , wherein generating the cryptographic key includes: performing a key derivation function based on the first satellite-generated random value and the second satellite-generated random value.
  7. 7 . The method of claim 6 , wherein the key derivation function is performed on a result of a Boolean function that provides a combination of the first satellite-generated random value and the second satellite-generated random value.
  8. 8 . The method of claim 1 , further comprising: receiving at least one additional random value; wherein generating the cryptographic key is further based on the at least one additional random value.
  9. 9 . The method of claim 1 , wherein the encrypted communication session provides data associated with at least one financial transaction.
  10. 10 . The method of claim 1 , wherein the at least one satellite communication is conducted with at least one low earth orbit (LEO) satellite, and wherein the terrestrial location comprises a ground station used for communication with the at least one LEO satellite or a computer system associated with the ground station.
  11. 11 . The method of claim 10 , wherein generating the cryptographic key is based on key generation parameters provided from the at least one LEO satellite, and wherein the key generation parameters are determined by the at least one LEO satellite or another terrestrial location.
  12. 12 . A non-transitory machine-readable medium comprising instructions, which when executed by a machine operating at a terrestrial location, cause the machine to: identify a first satellite-generated random value and a second satellite-generated random value received via at least one satellite communication, the first satellite-generated random value generated by a first quantum random number generator at a first satellite, and the second satellite-generated random value generated by a second quantum random number generator at a second satellite; and generate a cryptographic key based on the first satellite-generated random value and the second satellite-generated random value; and establish an encrypted communication session between the terrestrial location and a second terrestrial location based on use of the cryptographic key; wherein the cryptographic key is a symmetric key that is separately generated at the terrestrial location and the second terrestrial location based on the first satellite-generated random value and the second satellite-generated random value; and wherein generation of the symmetric key at the second terrestrial location occurs in response to receipt of the first satellite-generated random value and the second satellite-generated random value from the first satellite and from the second satellite via at least one other satellite communication.
  13. 13 . The machine-readable medium of claim 12 , wherein the first satellite-generated random value and the second satellite-generated random value are provided in respective transmissions from the first satellite and the second satellite to the terrestrial location.
  14. 14 . The machine-readable medium of claim 12 , wherein the second satellite-generated random value is provided from the second satellite to the first satellite, and wherein the at least one satellite communication is provided from the first satellite to the terrestrial location.
  15. 15 . The machine-readable medium of claim 12 , wherein the instructions, which when executed by the machine, cause the machine to: identify a third satellite-generated random value received via the at least one satellite communication, the third satellite-generated random value generated by a third quantum random number generator at a third satellite, and wherein the third satellite-generated random value is provided in a respective transmission from the third satellite to the terrestrial location.
  16. 16 . The machine-readable medium of claim 15 , wherein the first satellite, the second satellite, and the third satellite operate in a mesh of a plurality of satellites.
  17. 17 . The machine-readable medium of claim 12 , wherein to generate the cryptographic key includes to perform a key derivation function based on the first satellite-generated random value and the second satellite-generated random value.
  18. 18 . The machine-readable medium of claim 17 , wherein the key derivation function is performed on a result of a Boolean function that provides a combination of the first satellite-generated random value and the second satellite-generated random value.
  19. 19 . The machine-readable medium of claim 12 , wherein the instructions, which when executed by the machine, cause the machine to: identify at least one additional random value; wherein to generate the cryptographic key is further based on the at least one additional random value.
  20. 20 . The machine-readable medium of claim 13 , wherein the encrypted communication session provides data associated with at least one financial transaction.

Description

TECHNICAL FIELD Embodiments described herein generally relate to cryptographic key establishment and techniques, secure communication sessions established with the use of cryptographic keys, and related encrypted communications provided among satellite (non-terrestrial) and Earth-based (terrestrial) networks. BACKGROUND A variety of techniques have been identified as a source of entropy for random number generators. Entropy in this context refers to a measure of the amount of randomness in a system, specifically in the form of a random input that is collected and provided as a seed to an algorithm that generates a cryptographic key (e.g., an algorithm that generates a symmetric key). Some techniques have captured variable inputs as a source of entropy for random number generators, such as variable input from a user's keyboard timing or mouse movement, physical measurements from sensors that measure electric or electronic noise, and other types of measurements of unpredictable events. However, despite the variation in such input, the use of these inputs as a seed to a random number generator has been shown to produce output that is deterministic and predictable (and thus, will not be truly random). As a result, the underlying cryptographic keys that are produced with such random number generators can be compromised in some scenarios. Improvements to random number generators have been researched and developed. Some of the most sophisticated methods of random number generators being developed involve the use of quantum random number generators (QRNGs). QRNGs are understood to produce fully random values, in theory, due to the intrinsic randomness at the core of quantum mechanics. BRIEF DESCRIPTION OF THE DRAWINGS In the drawings, which are not necessarily drawn to scale, like numerals may describe similar components in different views. Like numerals having different letter suffixes may represent different instances of similar components. The drawings illustrate generally, by way of example, but not by way of limitation, various embodiments discussed in the present document. FIG. 1 illustrates an example communication environment among entities using terrestrial and non-terrestrial systems. FIG. 2 illustrates multiple approaches for implementing secure communications with quantum-resistant security. FIG. 3 illustrates an example secure communication scenario involving multiple entities and systems, with the use of ground-based entropy sources. FIG. 4 illustrates an example communication environment among multiple entities and systems, with the use of a satellite-based entropy source in addition to multiple ground-based entropy sources. FIG. 5 illustrates an example communication environment among multiple entities and systems, with the use of multiple satellite-based entropy sources. FIG. 6 illustrates multiple approaches for the use of key generation parameters. FIG. 7 illustrates example hardware and software components at satellite and ground stations used for the exchange of random values and key establishment. FIG. 8 illustrates additional software and hardware components provided among ground station and satellite station locations. FIGS. 9A and 9B illustrate operational data flows among hardware components among ground station and satellite station locations. FIG. 10 illustrates a flowchart of an example method performed by a computing system operating at a terrestrial location for generating a cryptographic key based on satellite-provided random values. FIG. 11 illustrates a flowchart of an example method performed by a computing system operating at a satellite (non-terrestrial) location for communicating random values used in cryptographic key generation. FIG. 12 illustrates a flowchart of an example method performed by a computing system operating at a terrestrial location for generating a cryptographic key based on multiple satellite-generated random values. FIG. 13 illustrates a flowchart of a method performed by a computing system operating at a satellite (non-terrestrial) location for providing entropy used in cryptographic key generation, based on multiple satellite-generated random values. FIG. 14 illustrates a flowchart of a method performed by a computing system operating at a terrestrial location for generating a cryptographic key based on a key generation scheme. FIG. 15 illustrates a flowchart of a method performed by a computing system operating at a satellite (non-terrestrial) location to enable cryptographic generation based on a key generation scheme. FIG. 16 is a block diagram illustrating an example of a computing machine upon which one or more embodiments may be implemented. DETAILED DESCRIPTION The systems and techniques discussed herein discuss approaches for the generation, communication, and use of random values from quantum random number generators (QRNGs) based on quantum-derived entropy, including values exchanged via satellite networking transmissions to separate geographic l