Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Security kernel or utility
Reexamination Certificate
1998-12-04
2002-12-03
Barrón, Gilberto (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Security kernel or utility
C713S176000, C713S185000, C380S286000
Reexamination Certificate
active
06490680
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to systems that provide security and privacy for data. In particular, the present invention allows flexible access for authorized users of a communication system authorized while maintaining security for data at rest and in transit on the system.
BACKGROUND OF THE INVENTION
As an information security tool, cryptography can compliment changes in information technology. The growth of information systems has been phenomenal. However, today's cryptography and its key management have reached a crossroads as it attempts to adapt to the information system changes. The predominant public key management scheme of the 1980s and 1990s has shortcomings that will constrain the information industry from expanding into greater information sharing applications without a shift in public key application. A new direction in encryption is needed if the distributive enterprise solution, with its myriad information applications, is to be made effective.
By combining what has been learned in the implementations of public key management and pre-1980s key management, an expanded symmetrical core key management technology emerges as the better choice for bridging to the 21
st
century information applications that include data-at-rest and communications security models. Issues that confront future information protection models such as scalar, data separation, or role-based enforcement, system performance, and multiple enterprise authentication for the user or for the workstation can be satisfied by combining enterprise-wide information distribution with information control and access control capabilities while protecting the information.
An evolution in cryptographic technology is taking place. A symmetrical key management model that is particularly well suited for role-based access control systems that look to the roles users have within an organization, and to the information access that should be afforded those roles is being bound to an authentication key management model that incorporates the mathematical models of digital signatures and signed public certificates with physical properties of identification techniques as smart cards. The resultant key management technology is the basis for what will be referred to herein as Constructive Key Management (CKM).
In recent years, both government and industry have dramatically altered their perceptions of the development and expansion of information systems. The computer heralded the practical management of information. As its power and flexibility increased, the communications industry expanded its services and capabilities to accommodate the automated enterprise and its users. The rapid drop in prices and explosive development of both hardware and software compounded the computer's potential power.
Rapid growth is also evident in the conveyance of information on the software side. The entertainment world now produces games using terms like Virtual Reality and Cyberspace. This rapid advancement of information technologies has provided a somewhat uneven growth pattern, particularly in the sociological and legal arenas. Today, even the casual user has a headlong rush of information available at a level that did not exist ten years ago. We have moved from the radio-controller, to the microprocessor, and to today's multi-processor systems with complexities that even the most prescient PC gurus did not foresee. As we have become more familiar with the capabilities of our machinery, we have followed the most human of instincts: we attempt to share our discoveries.
The sharing of IDs has also extended to the sharing of workloads and the concept of distributive processing. The computer and communications communities responded to this demand. They have increased speed and provided connective opportunities enabling the booming of links, networks, LANs, WANs, and more and more acronyms that all mean “together.” The result today is that any computer user, with a reasonable amount of equipment, can connect with just about any information application over the Internet. The age of the Internet and “information warfare” is upon us. The protection of selected information and selected channels of information has become a paramount concern in defense and commerce. While this evolution has been taking place in information processing, cryptography has emerged as a premier protection technology.
Keys are an essential part of all encryption schemes. Their management can be the most critical element of any cryptography-based security. The true effectiveness of key management is the ability for keys to be maintained and distributed secretly without penalizing system performance, costs, or user interaction. The management of the keys must be scalar, must be capable of separating information flow, must include interoperability needs, and must be capable of providing information control.
A method of distributing keys predominantly used in the 1980s and 1990s is public key, or asymmetrical, cryptography. In this method, the conversion of information to cipher text and the conversion of basic properties of the public key method include separate encryption and decryption keys, difficulty in deriving one key from another, secret decryption keys, and public encryption keys. The implementation of public key information encrypting keys is the result of the mathematical combination of the encryption and decryption keys. Public key management was developed for a communications channel requirement to establish cryptographic connectivity between two points, after which a symmetrical cryptogen such as DES was to be executed. Over the years, public key implementations have demonstrated their effectiveness to authenticate between two entities. However, to take the authentication process to a global certificate process has not been successfully done. Stated in other words, public key management is effective in an information model that defines point-to-point communications channels where the information encrypted does not need to be recovered.
Many of the recent implementations of public key management have left users with an option to create their own pair-wise connectivity within the network. This action can leave an organization vulnerable, and in some cases liable, if that user leaves the organization without identifying the keys that were previously used for encrypted files or data. Also, to assure the integrity of the public key from misuse, a third-party infrastructure scheme has surfaced, that is, a certificate authority process is created to mathematically confirm that a particular public key was issued to a specific user. The exchange of certificates with a third party can significantly impact the performance of a network. Further, this raises the legal issue of whether an organization should give a third party control over the validation of corporate correspondence.
A negative aspect of the public key process is a high computation time, which can impact the performance of an information application. In many instances, hardware solutions have compensated for the high computational requirements. Semi-public key architecture historically has been a point-to-point design; moving to a distributive network with group sharing of information can create higher transmission costs and greater network impact. Although the older key management systems of the 80's and 90's worked well for point-to-point communications and one-to-one file transfer, they are too time consuming to use in a case wherein a single file is placed on a file server and decrypted by thousands of users. As the trend toward work groups and complex communications infrastructures continues, the need for more efficient information and communications key management technology becomes paramount.
Shared secret keys or symmetrical key is the earliest key management design and pre-dates public key management. The earlier versions of symmetrical designs suffered what was referred to as the “n-squared” problem in that the number of keys needed was very large
Domangue Ersin L.
Scheidt Edward M.
Barrón Gilberto
IP Strategies P.C.
TecSec Incorporated
LandOfFree
Access control and authorization system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Access control and authorization system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Access control and authorization system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2968153