Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-08-03
2002-05-21
Peeso, Thomas R. (Department: 3642)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S185000, C380S277000
Reexamination Certificate
active
06393565
ABSTRACT:
FIELD OF INVENTION
The invention relates generally to systems that employ cryptographic key history data and more particularly to systems that employ cryptographic history data wherein some of the key history data is stored on a limited capacity memory device, such as a portable storage device.
BACKGROUND OF THE INVENTION
Cryptographic systems are known that employ the storage of cryptographic key history data, such as decryption private key history data in a public/private key pair system. The decryption private key history data is physically stored in a secure database, or other medium so that a user who has obtained encrypted information using a previous public key of a public/private encryption key pair, can decrypt older messages. It is known in the art to generate additional private keys when the life time of an encryption public key of the public/private key pair has expired or has been revoked due to a detected compromise or some other condition. A key pair generating mechanism, for example, a secure server, may generate a new public/private encryption key pair upon notification of a lifetime expiration of the private encryption key or public encryption key. Hence, in a public key cryptography system a secure authority generates encryption key pairs and sends the new encryption key pair to a subscriber when a subscriber's key pair expires. This may occur quite frequently, such as every several months depending upon the level of security required in the given system.
In many cryptographic systems, hardware tokens such as smartcards are employed which contain the private decryption key of a public key pair to store the secret key in a secure storage location. A subscriber then may keep the smartcard on their person to ensure that an attacker cannot obtain the secret private decryption key information. However, a problem arises with conventional hardware tokens because they typically have limited storage capabilities and cannot store large private key histories. Consequently, when a subscriber having the hardware token wishes to decrypt all of their messages using their smartcard, they are unable to encrypt some older messages since the smartcard cannot hold enough key history data to accommodate all pertinent expired or revoked decryption keys. Conventional hardware tokens typically have their memory configured such that once the memory is filled to capacity, no additional decryption private keys can be stored. Such systems do not typically allow overwrites or additional updates after the memory is full. As such, the subscriber has no access to the full key history information to allow use of older encrypted documents. Therefore, in current systems, the cryptographic system simply rejects the key history update process when the memory on the hardware token is filled. This typically results in the subscriber having to buy a more expensive hardware token containing larger memory storage capabilities or prevents the subscriber from decrypting older messages.
Consequently, there exists a need for a data management system for a limited capacity cryptographic storage unit that can detect when the storage unit can no longer accommodate additional cryptographic data. It would be advantageous if such a system could detect a cryptographic data overflow condition of a limited capacity storage unit and maintain data storage for information useful to the subscriber without requiring additional memory added to the limited capacity device.
REFERENCES:
patent: 4972472 (1990-11-01), Brown et al.
patent: 5442704 (1995-08-01), Holtey
patent: 5987489 (1999-11-01), Monier
Menezes et al, “Handbook of Applied Cryptography”, CRC Press, Oct. 17, 1996.*
Rankl et al, “Smart Card Handbook”, 1997, Wiley & Sons, general disclusure.*
Simmons et al, “Contempory Cryptology”, 1992, IEEE Press, general disclosure.*
Luis Zoreda et al, “Smart Cards”, 1994, Artech House Inc, general disclosure.*
Hendry, “Smart Card Security and Applications”, 1997, Artech House Inc, general disclosure.
Lockhart Roland T.
Wiener Michael J.
Entrust Technologies Limited
Peeso Thomas R.
Vedder Price Kaufman & Kammholz
LandOfFree
Data management system and method for a limited capacity... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Data management system and method for a limited capacity..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Data management system and method for a limited capacity... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2899564