Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-09-14
2001-10-30
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S171000, C380S255000
Reexamination Certificate
active
06311270
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates in general to cryptographic techniques for securing electronic communications, and in particular to a cryptographic protocol which may be utilized in combination with a security processor in order to secure the transmission of communications over an insecure communication channel, such as the internet.
2. Description of the Prior Art
Currently, the internet is receiving increased attention as a medium for providing content to consumers and other end users. The content may comprise sound or video recordings, computer programs, computer games, news and information such as electronic magazines, stock information, and the like. Additionally, the internet is being used increasingly for the conduct of electronic commerce, which results in transactions which include order and payment information which are communicated over the insecure communication channel of the internet. A variety of technologies are being developed in order to further facilitate the communication of content and to facilitate the conduct of electronic commerce over the internet, cable, satellites and other insecure communication channels.
In accordance with one prior art technique, a special purpose security processor has been developed which is installed in the data processing system which is under the control of a content consumer, which serves a “gate keeping” function within the consumer's data processing system in order to receive encrypted content, decrypt the content, execute program instructions, and pass the digital content on to the data processing system for further processing and utilization by the consumer. The prior art security processor includes a microcontroller, an on-board ROM and RAM, a cryptographic module (such as a triple DES engine), a real-time clock, and an interface system. It utilizes a shared-secret encryption algorithm to encrypt the content before it is passed over the internet to the consumer. Upon receipt at the consumer's data processing system, the security processor utilizes the encryption engine and the shared-secret key which is maintained in memory in the security processor in order to decrypt the content and to pass it to the consumer's data processing system for further processing.
Systems which operate on shared-secret key cryptographic protocols are of special interest to hackers, since a key library must be maintained in confidence for the protocol to be effective. The key library maintained by the content provider provides an attractive target for hackers, especially when consumer content such as computer programs, audio recordings, video recordings have considerable market value and are subject to considerable amounts of piracy in general.
The present invention is an improved protocol for use in combination with the prior art security processor devices which enhances the overall security.
SUMMARY OF THE INVENTION
It is one objective of the present invention to provide an enhanced security protocol which may be utilized in combination with prior art security processors in order to enhance overall security of content and information passed between a content provider and a content consumer.
It is another objective of the present invention to provide an improved method and apparatus for communicating content between a content provider and a data processing system which is under the control of a content consumer, to allow communication over an insecure communication channel, wherein a public-private key cryptographic protocol is utilized in communications between the content provider and the data processing system under the control of the content consumer, and wherein shared-secret key encryption protocols are utilized to control communications between a security processor maintained in the data processing system under the control of the content consumer and the data processing system itself.
These and other objectives are achieved as is now generally described. A security cryptographic protocol is provided to allow communication between a content provider and a content consumer. The content consumer utilizes a data processing system in order to process digital content. The content provider utilizes an insecure communication channel, such as the internet, in order to pass encrypted communications, including executable program instructions and digital content, to the content consumer. A security processor is provided and installed in the data processing system which is under the control of the content consumer. The security processor receives and preprocesses encrypted content received over the insecure communication channel. Preferably, the security processor includes a central processing unit for executing program instructions contained in the digital content. Furthermore, the security processor preferably includes a hard-ware based shared-secret decryption engine for receiving encrypted content and for utilizing a shared-secret key for producing decrypted content. Furthermore, the security processor includes a memory means for maintaining securely the shared-secret key within the security processor. Preferably, the shared-secret key is maintained in memory in a manner which renders it insusceptible to reverse engineering in order to determine its identity. In other words, the security processor is manufactured in a manner which destroys the content of the memory location for the shared-secret key when the chip is reverse-engineered. In accordance with the present invention, a security program is also provided which is loaded onto the security processor. The security program is executable by the security processor. The security program includes a shared-secret encryption engine for receiving an input and for utilizing the shared-secret key to produce a cypheroutput based upon the input. Additionally, the security program includes a public key-private key decryption engine for receiving an encrypted input and utilizing a known public key and a secure private key to generate a decrypted output.
In accordance with the present invention, a public key-private key encryption protocol is utilized to secure communications over the insecure communication channel between the content provider and the security program which is resident in the security processor. This allows content to be passed over the insecure communication channel utilizing the public key-private key encryption protocol which is generally considered to be more secure than the shared-secure key protocol. In accordance with the preferred embodiment of the present invention, the public-private key decryption engine of the security program is utilized to receive and decrypt the encrypted content. Additionally, and in accordance with the preferred embodiment of the present invention, the communication between the security program and the security processor is secured utilizing the shared-secret encryption protocol. In accordance with the present invention, the shared-secret encryption engine of the security program is utilized to encrypt the content utilizing the shared-secret key prior to passage of the content to the security processor. Upon receipt of the encrypted content, the security processor utilizes the shared-secret key and the encryption engine to decrypt the content changing it from cyphertext to plain text, prior to passing the content to the central processing unit of the security processor for execution of the program instructions. The security processor will interact with the consumer's data processing system to allow processing in a manner which allows the consumer to utilize the digital content.
REFERENCES:
patent: 5835592 (1998-11-01), Chang et al.
patent: 5850450 (1998-12-01), Schweitzer et al.
patent: 5943422 (1999-08-01), Wie et al.
patent: 5949876 (1999-09-01), Ginter et al.
patent: 5987131 (1999-11-01), Clapp
patent: 5991406 (1999-11-01), Lipner et al.
Schneier, “Applied Cryptography”, 1995, pp. 71, 180, 587.
Challener David Carroll
Desai Dhruv Manmohandas
Rohatgi Pankaj
Safford David Robert
Bracewell & Patterson LLP
International Business Machines - Corporation
Peeso Thomas R.
Schelkopf J. Bruce
LandOfFree
Method and apparatus for securing communication utilizing a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for securing communication utilizing a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for securing communication utilizing a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2613574