Electrical computers and digital processing systems: multicomput – Remote data accessing
Reexamination Certificate
2000-03-27
2003-12-16
Wiley, David (Department: 2193)
Electrical computers and digital processing systems: multicomput
Remote data accessing
C709S201000, C709S203000, C709S226000, C707S793000, C707S793000
Reexamination Certificate
active
06665709
ABSTRACT:
FIELD OF THE INVENTION
This invention relates generally to the field of data transmission over computer networks and more particularly to a universally adaptable server-side software system for an automatically encrypted and decrypted, password controlled secure transfer of data from a source host to a destination host across any internetwork.
BACKGROUND OF THE INVENTION
In recent years, the widespread adoption of public and private networks has modernized the manner is which organizations communicate and conduct business. Advanced networks provide an attractive medium for communication and commerce because of their global reach, accessability, use of open standards, and ability to permit interactions on a concurrent basis. Additionally, networks allow businesses a user-friendly, low cost way to conduct a wide variety of commercial functions electronically.
A computer network is basically a collection of computers that are physically and logically connected together to exchange data or “information.” The network may be local area network, connected by short segments of ethernet or to the same network hub, or wide area network, separated by a considerable distance. An internetwork is a network of computer networks, of which the Internet is commonly acknowledged as the largest.
The Internet is based on standard protocols that allow computers to communicate with each other even if using different software vendors, thus allowing anyone with a computer easy accessability to everything else connected to the Internet world wide. As a result of this global access, it is becoming increasingly useful for businesses and individuals to transmit information via networks and internetworks from one site to another.
The interconnected computers exchange information using various services, for example, the World Wide Web (WWW)and electronic mail. The WWW created a way for computers in various locations to display text that contained links to other files. The WWW service allows a server computer system (Web server or Web site) to send graphical Web pages of information to a remote client computer system. The remote client computer system can then display the Web pages.
In a standard e-mail system, a user's computer is connected to a provider of Internet services, and the user's computer provides an e-mail password when polling the provider's computer for new mail. The mail resides on the provider's computer in plain text form where it can be read by anyone. In both examples, the information, if unsecured, is replicated at many sites in the process of being transmitted to a destination site and thereby is made available to the public.
Organizations are increasingly utilizing these networks, to improve customer service and streamline business communication through applications such as e-mail, messaging, remote access, intranet based applications, on-line support and supply chain applications. The very openness and accessibility that has stimulated the use of public and private networks has also driven the need for network security.
Presently, to provide for a secure transfer of information, it may be encrypted at the sending host's end and decrypted at the receiver's end. Encryption algorithms transform written words and other kinds of messages so that they are unintelligible to unauthorized recipients. An authorized recipient can then transform the words or messages back into a message that is perfectly understandable. Currently, there are two basic kinds of encryption algorithms (1) symmetric key algorithms and (2) public key algorithms.
Symmetric (or private) key algorithms use the same key to encrypt and decrypt the message. Generally, they are faster and easier to implement than public keys. However, for two parties to securely exchange information, those parties must first securely exchange an encryption key. Examples of symmetric key algorithms include DES, DESX, Triple-DES, Blowfish, IDEA, RC2, RC4, and RC5.
Public key algorithms use one key (public key) to encrypt the message and another key (private key) to encrypt it. The public key is made public and is used by the sender to encrypt a message sent to the owner of the public key then the message can only be decrypted by the person with the private key. Unfortunately, public keys are very slow, require authentication, and do not work well with large files.
A third type of system is a hybrid of the public and private systems. The slower public key cryptography is used to exchange a random session key, which is then used as the basis of a symmetric (private) key algorithm. The session key is used only for a single encryption session and is then discarded. Nearly all practical public key cryptography implementations in use today are actually hybrid systems.
Finally, message digest functions are used in conjunction with public key cryptography. A message digest function generates a unique pattern of bits for a given input. The digest distills the information contained in a file into a single large number, typically 128 and 256 bits in length. The digest value is computed in such a way that finding an input that will exactly generate a given digest is computationally infeasible.
Message digest algorithms are not used for encryption or decryption but for creation of digital signatures, messages authentication codes (MAC), and the creation of encryption keys from passphrases. For example, Pretty Good Privacy (PGP) uses message digests to transform a passphrase provided by a user in to an encryption key that is used for symmetric encryption. (PGP uses symmetric encryption for its “conventional encryption” function as well as to encrypt the user's private key). A few digest in use are HMAC, MD2, MD4, MD5, SHA, and SHA-1.
Working cryptographic systems can be divided into two categories; (1) programs and protocols that are used for encryption of e-mail messages such as PGP and S/MIME and (2) cryptographic systems used for providing confidentiality, authentication, integrity, and nonrepudiation in a network environment. The latter requires real-time interplay between a client and a server to work properly. Examples include Secure Socket Layer (SSL) a general-purpose cryptographic protocol that can be used with any TCP/IP service and PCT a transport layer security protocol for use with TCP/IP service, PCT, S-HTTP, SET, Cybercash, DNSSEC, Ipsec, IPv6, Kerberos, and SSH.
Although the present means of securing the electric transfer of information provides a level of security, the security provided can be easily breached. Symmetric encryption algorithms are vulnerable to attack by (1) key search or brute force attacks, (2) cryptanalysis, and (3) systems-based attacks. First, in a key search, the cracker simply tries every possible key, one after and other, until the he/she is allowed into the system or the ciphertext is decrypted. There is no way to defend against this but a 128 bit key is highly resistant because of the large number of possible keys to be tried.
Second, in cryptanalysis, the algorithm can be defeated by using a combination of sophisticated mathematics and computer power. Many encrypted messages can be deciphered without knowing the key. Finally, the cryptographic system itself is attacked without actually attacking the algorithm.
Public key algorithms are theoretically easier to attack then symmetric key algorithms because the attacker has a copy of the public key that was used to encrypt the message. Also, the message presumable identifies which public key encryption algorithm was used to encrypt the message. These attacks are (1) factoring attacks and (2) algorithmic attacks. First, factoring attacks attempt to derive a private key from its corresponding public key. This attack can be performed by factoring a number that is associated with the public key.
Second, an algorithm attack consists of finding a fundamental flaw or weakness in the mathematical problem on which the encryption system is based. Although not often done, it has been accomplished.
Message digest functions can be attacked by (1)
McHale & Slavin P.A.
Nguyen Phuoc
Securit-E-Doc, Inc.
Wiley David
LandOfFree
Method, apparatus, and system for secure data transport does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method, apparatus, and system for secure data transport, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method, apparatus, and system for secure data transport will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3137171