Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-09-24
2004-10-05
Vu, Kim (Department: 2135)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000
Reexamination Certificate
active
06802013
ABSTRACT:
FIELD OF THE INVENTION
This invention relates in general to a cryptographic control system. Many encryption systems use a publicly known mathematical encryption algorithm that is initialized with a privately known, secret key or vector. The present invention in particular relates to a system of managing the encrypting keys, which is one of the means by which access to private information protected by cryptography is controlled. Because keys or vectors are usually lengthy alphanumeric numbers that are difficult to remember, many encryprtion systems use a rememberable word or phrase, called passwords or passphrases, respectively, to initiate a key generation system. The present invention also relates to a computer program and a programmed computer system which permits or denies access to protected data by the use of a passphrase. Sophisticated encryption systems usually, use labels, which are words or information that are related to the message being encrypted, that are encrypted and removeably, attached to the message. The present invention also relates to a commuter program and a programmed computer system that generates encrypted labels for attachment to a message as a header or trailer thereof. In addition, the present invention is related to a computer program and a programmed computer system that can reverse the process and decrypt a message, including the label information.
BACKGROUND OF THE INVENTION
Commercial privacy systems utilize cryptographic algorithms to protect information and limit access thereto. A standard cryptographic algorithm is the Data Encryption Standard (“DES”). As such, cryptographic privacy systems permit individuals within an organization to encode plain text information into “cipher text” using a cryptographic key. Cipher text is mixed up and unreadable. In an encrypted computer system, cipher text characters may be any of the standard ASCII characters that are used in modern computer systems.
A cryptographic process which produces cipher text is reversible and through the use of the appropriate key which was used to encrypt the plain text, can be regenerated by a person having that key into the original plain text form. Except for being unreadable, cipher text can be stored and transferred and manipulated just like any other file or data. By keeping the key and the identity of the cryptographic algorithm a secret, the ciphered text is kept from being unscrambled.
In addition to the difficulties of encrypting and decrypting plain text, there is also the problem of designating which ones of a number of organizations and divisions within those organizations, as well as the particular people in those divisions, who can have controlled, controllable access to written information and on-line communications obviously, a unique key can be used for each particular text and each particular use of that text. However, this gives rise to a tracking process that must be applied in order to keep track of the unique keys. This function or role is called key management. It can be manually intensive and it certainly affects organizational performance. Thus, key management is often the most costly part of an organizational security system.
The value of the performance of a key management system is the value of important organizational information reaching the right people at the right time in the right way. When there are a number of large groups of people communicating private or sensitive information that needs to be protected, tracking which of each of the unique keys that is used, by whom used, and the rationale for the use of a particular key is a difficult part of the key management process.
As a result of the complex array of keys necessary for such a large number of people divided into different, often overlapping, and often changing groups, who communicate for divergent reasons through many dynamic multi-media methods, key management is made extremely difficult if not nearly impossible. Additionally, the tracking of the key represented a simple assignment process of assigning a particular key to a project or to a particular station with no verification of the justification of the creation, generation or use of that key. In other words, once a key is generated, the reasons for its generation are often lost. It is just this independent tracking of keys which makes the conventional key management systems extremely difficult to maintain.
Thus, there is a need for a key management system which will not only keep track of the keys which are used with a particular message, but will also maintain the justification for the use of that key and the justification for the different categories of personnel access and the criteria used for selecting the communications system.
The principle problems with the use of traditional cryptographic systems today concerns their use that is associated with the context, intent and sensitivity of the information being distributed and stored using modern desktop multi-media methods. However, because the skill of the user of the information is usually non-technical, a very simplified, computerized system is needed to accomplish these purposes. The data or information being transmitted may have a substantial representation of rationality, but is incomplete because it can only convey self-referenced and internal information. The data may also not be complex enough to provide external references necessary for communicating the inferential components that provide the reason for the data and communication. There is thus also the need for a means to apply external rationalization for the purposes and use of the data or information.
In today's communication environment, a desktop multi-media system generates a very large amount of information, much of which may be sensitive, and all of which needs to be passed through inter-organizational networks and intra-organizational subnetworks. To some degree, all organizations require the compartmentalization of different types of information. The organizations have requirements for multi-level access to some or all of the sensitive information and the concept of that access usually involves a consideration of the need and capability of an individual to access the particular information. On the other hand, any information access limiting system cannot be so cumbersome or difficult to use that as a minimum discourages the use or access of the information and at the maximum prevents its access and utilization.
There is thus the need for an object oriented key management philosophy in which the data or information carries with it its reason for being and the rationale for access to it. This is sometimes called the need for a secured signature of the rational link between the key used in the algorithm and the cipher text product or its use.
Standard cryptographic privacy systems are traditionally based on manually indexed associations between an irrational key and often some narrow reason for its use. Keys are chosen from essentially random numbers and are used to initialize pointers in a cryptographic algorithm. Often, such keys are generated by a random number generator and are not known to the user, but are instead buried in the particular computer program which that user is using obviously, this type of system has the disadvantage in that the key is integral to the system which is generating or transmitting the data or information. By using an irrational key, that is a key comprised of characters which together have no meaning, it is very difficult to keep track of the reason for the existence of that key. With time, associated with situational conditions, the association between the reasons for the generation of the key and the data degenerates.
Furthermore, cryptographic keys are usually managed under systems that generally provide only a static distribution means. Keys are reused for significant periods of time for many reasons and for many types of messages. Traditional privacy systems are periodically secured, but not transactionally secured. This results in the privacy keys remaining the s
Ha Leynna
Novick Harold L.
Vu Kim
LandOfFree
Cryptographic access and labeling system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Cryptographic access and labeling system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Cryptographic access and labeling system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3331582