Cryptography – Key management
Reexamination Certificate
2005-10-18
2005-10-18
Song, Hosuk (Department: 2135)
Cryptography
Key management
C380S281000, C380S282000
Reexamination Certificate
active
06956950
ABSTRACT:
A digital wallet stores an cryptographically camouflaged access-controlled datum, e.g., a private key encrypted under the user's PIN. Entry of the correct PIN will correctly decrypt the stored key. Entry of certain pseudo-valid PINs will also decrypt the stored key, but improperly so, resulting in a candidate key indistinguishable from the correct key. Such pseudo-valid PINs are spread thinly over the space of PINs, so that the user is unlikely to realize a pseudo-valid PIN via a typographical error in entering the correct PIN. In existing wallet technologies, which lack pseudo-valid PINs, only the correct PIN produces a decrypted key; thus, hackers can find the correct PIN by entering all possible PINs until a key is produced. The present invention's plurality of candidate keys prevent a hacker from knowing when he has found the correct key. In addition, hacker detection may be moved off-line into devices accepting messages signed with candidate keys, and/or the lockout threshold may be increased. Thus, the wallet can be forgiving of typographic or transposition errors, yet a hacker trying large numbers of PINs will eventually guess a pseudo-valid (but still incorrect) PIN and recover a candidate private key whose fraudulent use will be detected. The wallet may be used with associated key generation, certification, and verification technologies. Such technologies may include pseudo-public keys embedded in pseudo-public certificates, i.e., public keys that are not generally known and which are contained in certificates that are verifiable only by entities so authorized by the certifying authority.
REFERENCES:
patent: 3798605 (1974-03-01), Feistel
patent: 5142578 (1992-08-01), Matyas et al.
patent: 5206905 (1993-04-01), Lee et al.
patent: 5535276 (1996-07-01), Ganesan
patent: 5604801 (1997-02-01), Dolan et al.
patent: 5668876 (1997-09-01), Falk et al.
patent: 5745574 (1998-04-01), Muftic
patent: 5761306 (1998-06-01), Lewis
patent: 5815573 (1998-09-01), Johnson et al.
patent: 5818936 (1998-10-01), Mashayekhi
patent: 5894519 (1999-04-01), Clemot et al.
patent: 6002768 (1999-12-01), Albanese et al.
patent: 6408388 (2002-06-01), Fischer
patent: 2747208 (1997-10-01), None
patent: WO 96/02993 (1996-02-01), None
Hoover, D.N. et al., “Software Smart Cards via Cryptographic Camouflage,” Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp. 208-215.
Translation of FR 2747208.
Bruce Schneier, “Applied Cryptography: Protocols, Algorithms, and Source Code in C,” 1st edition, John Wiley and Sons, N.Y. (1992) pp. 415-417 (section 17.3).
Arcot Systems, Inc.
Song Hosuk
Townsend and Townsend / and Crew LLP
LandOfFree
Computer readable medium having a private key encryption... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Computer readable medium having a private key encryption..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Computer readable medium having a private key encryption... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3446185