DYNAMIC IDENTITY VERIFICATION AND AUTHENTICATION CONTINUOUS, DYNAMIC ONE-TIME-PAD/ONE-TIME PASSWORDS AND DYNAMIC DISTRIBUTED KEY INFRASTRUCTURE FOR SECURE COMMUNICATIONS WITH A SINGLE KEY FOR ANY KEY-BASED NETWORK SECURITY CONTROLS

摘要

A method of using a single, one-time pre-distributed and pre-authenticated symmetric Whitenoise key structure or other exponential key or deterministic random number generator to establish secure key-based communications between a first source computer and a second destination computer (endpoint, sensor or smart component) to provide continuous, dynamic, one-time-pad authentication throughout a session (not just at sign-in or login). By polling ahead in an exponential key stream with specific indexes, pointers or dynamic offsets the method creates an infinite number of identifiable one-time-pad tokens that have never been created or used before and deterministic, random key streams of functionally limitless length that will easily outlive the life of the person or device deploying it. The source and destination computers each with an identical copy of a unique pre-distributed symmetric stream cipher key and a first valid offset. The offset is a pointer or index into the unique key stream to an unused and never created portion of key stream for dynamic-one-time-pad authentication or to a specific static portion of key stream as a constant identifier like the portion of the key stream to encrypt or decrypt a specific file or the secure session. The distributed key structure is a unique, deterministic random number generator that creates exponentially long, deterministic, random key streams that can have an unlimited number of offsets into the same key stream to provide any key-based network security control. The provision of this key is a one-time, non-pki key distribution generally using Identity Proofing 3 or 4 levels for pre-provisioning and pre-authentication purposes. There is never key (complete key or key structure) distribution again. The destination computer sends the source computer a random, previously unused token of variable length from the pre-distributed key beginning at the destination computer's last valid current offset. The source computer generates the corresponding token from the last valid offset for the corresponding key in respect of the destination computer. It compares the tokens bit by bit and if they are identical the source computer authenticates the destination computer. After each authentication call that is successful, the source and destination computers update there current dynamic offsets independently without any key or offset transfer by the length of the token plus 1 or some arithmetic function that moves the offset forward to an unused portion of the key stream. Communications can be sent encrypted using the same distributed key and using a similar technique to the primary authentication function.