Electrical computers and digital processing systems: support – Multiple computer communication using cryptography
Reexamination Certificate
2000-07-06
2004-06-22
Vu, Kim (Department: 2135)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
C713S167000
Reexamination Certificate
active
06754819
ABSTRACT:
TECHNICAL FIELD OF THE INVENTION
The present invention relates to the field of cryptographic systems. More specifically, the present invention relates to providing cryptographic services within a distributed application supported by a multiprocessor platform.
BACKGROUND OF THE INVENTION
An encryption system converts data into a disguised or encrypted form to render it unintelligible to anyone without a decryption key. Its intended purpose is to ensure privacy by keeping the information hidden from anyone for whom it is not intended. Many techniques and functions are known for the conversion of the original data, referred to herein as plain text data, into its encrypted form, referred to herein as cipher text data.
Encryption systems are conventionally implemented in a combination of software functions and custom encryption hardware that contains redundant encryption functions. The redundant encryption functions of the custom encryption hardware include operational checks that ensure that the plain text is being effectively encrypted. In some environments, for example in wireless communication devices, it is undesirable to implement the custom encryption hardware for security due to size and power constraints.
To reduce the size and power constraints associated with custom encryption hardware, some encryption systems are implemented entirely as software cryptographic functions. These cryptographic functions can then be programmed into memory of the existing processor equipment, thereby reducing the size and power constraints. However, encryption systems implemented in software have traditionally been perceived to be less secure than hardware implementations because software encryption functions can become modified or corrupted. Moreover, software encryption functions generally do not contain the same operational checks as functions implemented in the custom encryption hardware. Thus, it is difficult to ensure that the correct software encryption functions are being properly executed.
In addition, it is difficult to verify that the prior art cryptographic algorithms are operating in real time. The term “real time” refers to the ability of the encryption system to output cipher text data at substantially the same rate as the plain text data is being input into the system. Accordingly, the conversion of plain text data to cipher text data may not occur within the time constraints of the system, for example, a radio communications system resulting in poor or non-existent communications. Moreover, conventional software encryption algorithms are unable to detect this loss of separation between the plain text data and this poor or non-existent communication, which is an undesirable situation.
Cryptographic functions have been typically employed in communication networks such as wireless/wire-line, and voice and/or data networks. In addition, emerging technologies such as financial applications (banking/electronic funds transfer), Internet electronic commerce applications, and secured database applications typically employ cryptographic services such as access control and privacy enforcement.
A distributed application is an application for which the collection of software components, or processing elements, is distributed between two or more interconnected processors. These interconnected processors, resident on one or more machines or cards, form a multiprocessor platform for simultaneously executing two or more software components of the distributed application. The increasing use of distributed applications in systems where data security is imperative, such as the aforementioned communications networks, financial applications (banking/electronic funds transfer), Internet electronic commerce applications, and secured database applications, has led to the inclusion of cryptographic services within the distributed applications.
A distributed application which manipulates cryptographic data suffers from many of the same problems found in conventional encryption systems. That is, the distributed application conventionally employs a secure operating system, custom hardware, or a combination of a secure operating system and custom hardware to provide for a secure separation of plain text data (also referred to as RED data) from cipher text data (also referred to as BLACK data). This requires that the developer of the distributed application understand exactly how the underlying multiprocessor platform is designed. Furthermore, the developer is required to develop the distributed application for the specific combination of hardware and software. This results in a customized distributed application having cryptographic functions for manipulating cryptographic data. Unfortunately, such customization results in a distributed application with little portability to other multiprocessor platforms, having a long development time, being costly to maintain, and being costly to add new cryptographic capabilities as cryptographic functions evolve.
Accordingly, what is needed is a system and a method for providing cryptographic services in a multiprocessor platform separate from a distributed application supported by the multiprocessor platform. In addition, what is needed is a system and a method that ensure the separation of plain text data from cipher text data in the multiprocessor platform. Furthermore, a system and method are needed that provide for a flexible environment for the development and execution of security enabled distributed applications, allow for reduced maintenance costs, and allow for the extension of cryptographic capabilities.
REFERENCES:
patent: 5029206 (1991-07-01), Marino et al.
patent: 5253297 (1993-10-01), Press
patent: 5365591 (1994-11-01), Carswell et al.
patent: 5369702 (1994-11-01), Shanton
patent: 5386471 (1995-01-01), Bianco
patent: 5764982 (1998-06-01), Madduri
patent: 5781633 (1998-07-01), Tribble et al.
patent: 5940516 (1999-08-01), Mason et al.
patent: 5946399 (1999-08-01), Kitaj et al.
patent: 5995628 (1999-11-01), Kitaj et al.
patent: 6055636 (2000-04-01), Hillier et al.
patent: 0435094 (1991-07-01), None
Gutmann, Peter, “An Open-source Cryptographic Coprocessor”, 9thUSENIX Security Symposium Paper 2000, pp. 97-112 of the Proceedings.*
XP-001017161, T. Peacock, “Features and Utilization of Motorola's Advanced INFOSEC Machine, AIM, in Embedded Encryption Applications,” IEEE 2000 International Performance, Computing and Communications Conference, Feb. 20, 2000, pp. 423-429.
Harbin Donald B.
Krummel Karl
Osborn Gregory R.
Perona Richard A.
Williams Clifford A.
Baum Ronald
General Dynamics Decision Systems, Inc.
Gresham Lowell W.
Meschkow Jordan M.
Meschkow & Gresham PLC
LandOfFree
Method and system for providing cryptographic services in a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for providing cryptographic services in a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for providing cryptographic services in a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3317594