The above-identified patent applications disclose hand-held sonic-based “tokens” that a person can manipulate to transmit an acoustic signal representing secret information to a device, referred to as an “authenticator”, “verifier”, or “receiver”, to authenticate the person based on the signal. As recognized in those applications, the advantage of sonic-based tokens is that a large installed infrastructure already exists to receive and transmit sound and electronic signals derived from sound. Specifically, the global telephone system exists to transmit data representative of acoustic information, and apart from telephones many computing devices that are now linked by this same system (as embodied in the Internet) have microphones and speakers (or can easily be modified to have them).
As recognized herein, sonic tokens have the advantage of transmitting the private information on the token in a fashion that prevents the receiver from knowing the private information without a confidential key. Specifically, the above-referenced applications disclose sonic tokens that digitally sign a message using private key/public principles. More specifically, the sonic tokens digitally sign a message by combining the message with secret information (a private key) and with a pseudorandom number (PN) to render a signed message that can be verified as authentic only by an entity possessing the public key that corresponds to the private key.
As further recognized herein, the above-discussed properties of sonic tokens render them suitable for use as pseudorandom oracles for encryption purposes. More particularly, the present invention recognizes that if an application requires a relatively strong encryption key, it selectively can be granted access to the token by a user of the token to obtain, for use as an encryption key, the product of the secret information in the token, but not the secret information itself, thereby keeping it secure.