As computer electronics continue to reduce in cost and size, the applications for embedded processing devices are continuing to increase, and there now exists many types of manufactured products that contain some type of embedded processing device, whether microprocessor based or otherwise. Some embedded devices are designed to undergo data communication with one or more external, possibly remote devices. In some cases, it is desirable to establish authenticated, secure data communications in which the exchanged data is encrypted. Although various approaches can be used, cryptographic keys are perhaps most commonly used for this purpose. In public key cryptography, a public-private key pair is created with the public key then being available for use by anyone desiring encrypted communication with the holder of the private key. Digital certificates issued by a trusted third party (certificate authority) can also be used to authenticate the public key to a particular entity.
The generation of strong cryptographic keys typically involves the use of random data that cannot be later discerned or uncovered. For this purpose, general purpose computers such as desktop, laptop, and notebook personal computers can include entropy hardware or software engines that generate entropy data as a quantifiable form of random or near-random data for use in generating the cryptographic keys. This entropy data can be obtained in a variety of different ways, such as through software by, for example, timing the intervals between a user's keystrokes, detecting the user's movement of a mouse or other serial input device, or timing the arrival of packets at the computer from an attached network. Such data can also be obtained through entropy hardware engines in the computer that, for example, generate random data based on measured physical effects such as thermal noise (e.g., temperature variations about some given threshold). The cryptographic keys can then be generated using this entropy data since it is both transient and at least nearly truly random.
As applied to embedded processing devices, the generation of the cryptographic keys can be problematic because they typically do not have entropy hardware or software engines of the type found in personal computers. Instead pseudo random number generators (PRNG) are typically used. These PRNGs are generally implemented in software and require a seed value that is used to generate a pseudo-random number. This generated number is then used to produce the cryptographic keys. The generation of strong keys using PRNGs generally necessitates the use of a seed value that cannot later be discovered. For an embedded processing device having restricted computing capabilities, obtaining such a seed value can be problematic.