Electrical computers and digital processing systems: support – System access control based on user identification by...
Reexamination Certificate
1999-10-01
2004-11-30
Darrow, Justin T. (Department: 2132)
Electrical computers and digital processing systems: support
System access control based on user identification by...
C380S277000, C380S278000, C380S260000, C380S273000, C713S171000, C713S168000
Reexamination Certificate
active
06826689
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates in general to an information exchange technology, more specifically, to a method and system for transferring a secret code or secret information between two hardware modules. The transfer process is called secret code emulation. These two hardware modules are capable of secretly communicating with each other by using the original secret code and the emulated secret code only known by them.
2. Description of the Related Art
Key distribution is an important and fundamental issue in modern cryptosystems. The purpose of the key distribution is to distribute useful encryption/decryption information (or called encryption/decryption keys) over communication hosts for communicating with each other and to prevent illegal hosts or persons from intercepting the key-related information, thereby eavesdropping communication data or forging certificates. Modern cryptosystems can be categorized into two classes, where one is named as symmetric or secret-key systems and another is named as asymmetric or public-key systems. Implementations of the key distribution for these two kinds of cryptosystems are respectively described as follows with reference to the accompanying drawings.
FIG. 1
(Prior Art) is a schematic diagram of a conventional symmetric system, such as DES (Data Encryption Standard), for illustrating the key distribution scheme thereof. In the symmetric system, the sender (data source) and the receiver (data destination) use the same key, KEYC, to encrypt/decrypt private data. In
FIG. 1
, communication host
1
acts as the sender and communication host
2
acts as the receiver. Communication host
1
involves cipher
3
, which uses KEY
C
to encrypt plaintext
10
into ciphertext
20
. Ciphertext
20
can be distributed over public networks, such as LANs or the Internet, by setting communication host
2
to be the destination host. In addition, communication host
2
involves cipher
4
. After fully receiving ciphertext
20
, cipher
4
uses the same key KET
C
to decipher ciphertext
20
to obtain recovered text
12
. In the symmetric cryptosystem, it is assumed that the common key KEY
C
, shared by both ends is distributed in a private and secure manner and cannot be intercepted during the distribution process. In reality, however, it is difficult to find out a transmission medium that can completely comply with this security requirement. It also reveals that crackers are capable of breaking through such cryptosystem by stealing the encryption key from the distrusted transmission medium.
FIG. 2
(Prior Art) is a schematic diagram of the conventional asymmetric cryptosystem system, such as the RSA system. Unlike the symmetric cryptosystem, asymmetric cryptosystems use different public keys and private keys for encryption and decryption, respectively. As shown in
FIG. 2
, communication hosts
1
and
2
employ the ciphers (
5
,
6
) and (
7
,
8
) to implement practical data encryption/decryption processes, which are similar to that of the symmetric cryptosystem does. However, each of the communication-hosts owns its private/public key pair. The private key and the public key of communication hosts
1
are denoted as KETA
PRI
and KETA
PUB
, and those of communication host
2
are denoted as KETB
PRI
and KETB
PUB
, respectively. It is noted that private keys are confidentially contained in their communication hosts, but public keys must be released to the public. In the case shown in
FIG. 2
, public key KEYA
PUB
of communication host
1
is acquired by communication host
2
, and public key KEYB
PUB
of communication host
2
is also acquired by communication host
1
.
Data transmission examples are now illustrated. Suppose that communication host
1
is ready to transmit a document to communication
2
in a secure manner. The first step is that cipher
5
employs public key KETB
PUB
of communication host
2
to encrypt this document. After encryption, the cipher document is transmitted from communication host
1
to communication host
2
over the interconnection network. Because communication host
2
sustains private key KEYB
PR
paired with public key KETB
PUB
applied to encrypt this document, the cipher document can be deciphered by cipher
6
using private key KETB
PRI
. In the similar manner, communication host
2
can use public key KETA
PUB
of communication host
1
to decrypt secret data, and communication host
1
can use its private key KETA
PRI
to decrypt the secret data. It is noted that key distribution can be readily achieved by disseminating these public keys to the public. The basic security assumption in conventional asymmetric cryptosystems is that the release of public keys will not cause protection defect of the cryptosystem.
As described above, the conventional symmetric cryptosystem and the asymmetric cryptosystem adopt different approaches to handling the key-distribution issue. In the symmetric system, the key-related information must be kept confidential and exchanged by means of a secure transmission medium. However, it is almost impossible to guarantee the privacy of the key exchange process in the real world. Therefore, from the aspect of key distribution, there is a security hole in the conventional symmetric cryptosystem. On the other hand, key distribution can be achieved by freely releasing the public keys in the conventional asymmetric cryptosystems. In other words, key exchange can be performed straightforwardly. Therefore, key distribution of the asymmetric cryptosystem can be fulfilled in an easier way than that of the symmetric cryptosystem.
In addition, most of the conventional cryptosystems use the cryptographic algorithms based on mathematics to encrypt data, especially in the asymmetric cryptosystems. For example, the RSA cryptosystem is designed on the basis of prime factoring problems. Therefore, the most common implementations of such cryptosystems are written by software. In the case shown in
FIG. 2
, ciphers
5
and
6
usually represent software packages that are designed for performing the required cryptographic algorithms and executed in communication hosts
1
and
2
, respectively. Necessary keys, including KEYA
PUB
, KEYA
PRI
, KEYB
PUB
and KEYB
PRI
are supplied by users or automatically generated by key-generating software. Sometimes ciphers can be implemented by hardware for speeding up processing. No matter how these conventional cryptosystems are implemented, the fundamentals of the keys are still unchanged, that is, the determination of these keys strongly depends on the cryptographic algorithms and the keys can be accessed by the users.
According to the above description, the cryptographic algorithms of the conventional cryptosystems are known, but decryption keys are unknown. Therefore, the security performance of a cryptosystem involves two things: ensuring that nobody can decipher decrypted data based on the known cryptographic algorithms and the public keys, and carefully hiding the private key in the public-key cryptosystem and the secret key in the secret-key cryptosystem. It is obvious that a system is unsafe if its key information is reached by crakers. In fact, current cryptosystems still use user-defined keys, or allow users to acquire key information in some situations. It takes an advantage of device-independence and users can easily use their keys in any system supporting the same cryptographic algorithms. This feature, however, also provides a path for crackers to reach the hidden information.
A better solution to this problem is to plunge these keys in the hardware and to restrict the access path to these keys, thereby blocking the illegal access to the keys. However, embedding the keys in the hardware also introduces a problem, how to share key information between two hardware modules having the feature. The present invention deals with the key-exchange issue in such situation.
SUMMARY OF THE INVENTION
Therefore, an objective of the present invention is to provide a system and method for emulating a secret code
Darrow Justin T.
Geneticware Co. Ltd.
Knobbe Martens Olson & Bear LLP
Stulberger Cas
LandOfFree
Method and system for emulating a secret code between two... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for emulating a secret code between two..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for emulating a secret code between two... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3298019