Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-12-29
2003-07-01
Barrón, Gilberto (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C380S286000, C713S156000
Reexamination Certificate
active
06587946
ABSTRACT:
TECHNICAL FIELD
This invention relates to quorum controlled asymmetric proxy cryptography for use in encrypting and decrypting transcripts.
BACKGROUND OF THE INVENTION
Blaze et al. introduce the notion of proxy cryptography in M. Blaze, G. Bleumer, M. Strauss, “Atomic Proxy Cryptography,”
EUROCRYPT '
98, pp. 127-144. In their model of proxy cryptography, there is an entity—the proxy—that can transform a transcript from being associated with a primary recipient to afterwards being associated with at least one secondary recipient. A “transcript” can be any type of electronic file that is sent from an originator to the primary recipient via a communications system. As a result, the transcript will have “associated” with it the primary recipient's address that is used within the communications system. Examples of a transcript that it may be valuable to transform in this manner are E-mail messages, encryptions, identification proofs, and signatures. For E-mail messages and encryptions, the transcript may be transformed from an encryption using the proxy's key to an encryption of the same message using the secondary recipient's key; for identification proofs and signatures, the transcripts may be transformed from being associated with the originator, to instead being associated with the proxy. Blaze et al. define both symmetric and asymmetric proxy cryptography. For “symmetric proxy cryptography,” given the key used for transformation, the secret key of one party of the transformation can be derived from the secret key of the other. Conversely, in “asymmetric proxy cryptography,” each party only needs to know his or her own secret key, or some transformation key derived from this. Therefore, asymmetric proxy cryptography is naturally better suited for many applications. However, while several symmetric constructions are provided by Blaze et al., there is merely a suggestion that asymmetric proxy cryptography exists.
Information is available on cryptographic techniques used in proactive security (for example, Y. Frankel, P. Gemmell, P. MacKenzie, M. Yung, “Proactive RSA,”
Proc. of CRYPTO '
97, pp. 440-454; A. Herzberg, S. Jarecki, H. Krawcyk, M. Yung, “Proactive Secret Sharing, or How to Cope with Perpetual Leakage,”
CRYPTO '
95, pp. 339-352; and A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk, M. Yung, “Proactive Public Key and Signature Systems,”
Proceedings of the
4
th ACM Conference on Computer and Communications Security,
1997, pp. 100-110), on methods for undeniable signatures (for example, D. Chaum, H. Van Antwerpen, “Undeniable Signatures,”
CRYPTO '
89, pp. 212-216; and D. Chaum, “Zero-Knowledge Undeniable Signatures,” EUROCRYPT '90, pp. 458-464), Schnorr signatures (C. P. Schnorr, “Efficient Signature Generation for Smart Cards,”
Advances in Cryptology—Proceedings of CRYPTO '
89, pp. 239-252), methods for information-theoretical secret sharing (T. P. Pedersen, “A threshold cryptosystem without a trusted party,” D. W. Davies, editor,
Advances in Cryptology—EUROCRYPT '
91, volume 547 of
Lecture Notes in Computer Science,
pp. 522-526. Springer-Verlag, 1991), and mobile attackers (R. Ostrovsky and M. Yung, “How to withstand mobile virus attacks,”
Proceedings of the
10
th ACM Symposium on the Principles of Distributed Computing,
1991, pp. 51-61.
Shamir introduces a (k,n) threshold scheme in A. Shamir, “How to Share a Secret,”
Communications of the ACM,
Vol. 22, 1979, pp. 612-613. See also, T. P. Pedersen,
EUROCRYPT '
91, pp. 522-526.
ElGamal introduces the ElGamal encryption algorithm in T. ElGamal, “A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,”
CRYPTO '
84, pp. 10-18.
Bellare et al. introduce methods that show how a non-interactive proof can be proven zero-knowledge in the random oracle model in M. Bellare, P. Rogaway, “Random Oracles are Practical: a paradigm for designing efficient protocols,” 1
st ACM Conference on Computer and Communications Security,
pp. 62-73, 1993.
The shortcomings of existing E-mail systems are well known, for example, in one existing E-mail system incoming E-mail messages are protected with a public key encryption and sent directly to the primary recipient's mailbox. A problem with this scheme arises when the primary recipient leaves or is absent for an extended period of time and E-mails sent to the primary recipient are needed. In this instance, the contents of the E-mails can not be accessed by any other users, unless they have the absent primary recipient's secret key. Thus, the information contained in these E-mails, regardless of how urgently it is needed or vitally important it is to an organization is inaccessible until the primary recipient returns or his secret key is obtained.
Another existing E-mail system uses a single system administrator to distribute incoming E-mail messages to the intended primary recipients. This configuration can experience similar problems with those of the above described system if, for example, distribution of the E-mail is controlled by a single system administrator with the secret key and this system administrator leaves or is absent. In addition, in this system, the system administrator has total, unrestricted access to all E-mail messages in the system. While the problem of a missing system administrator can be overcome by having multiple E-mail system administrators (all of whom possess knowledge of the secret key), it multiplies the security problems by increasing the number of people who have unrestricted access to the E-mail system and, thus, makes confidential communications between parties less secure.
In another existing E-mail system, a group of system administrators are needed to distribute the E-mail. Incoming E-mail can be decrypted by the group of system administrators only if the entire group agrees and each uses their portion of the secret key to decrypt their associated portion of the E-mail message. Therefore, if an E-mail message in the primary recipient's mailbox needs to be forwarded on, and the primary recipient is not available, all of the group of system administrators must decrypt their respective portions of the message, combine the results, and then forward the message to the necessary secondary recipients. A major problem with this system is that all of the system administrators must be available and once the decryption is finished, each system administrator in the group of system administrators has unrestricted access to the complete E-mail message.
Finally, in an existing symmetric proxy encryption system the proxy holds a key that allows him to transform the transcripts, but which also allows him to compute the secret key of the secondary recipient, given knowledge of the proxy's own secret key. This, also, allows the secondary recipient to compute the secret key of the primary recipient or proxy server in a similar manner. This type of proxy encryption is disadvantageous in situations where there is no symmetric trust (or little trust at all). It also forces the participants to establish the shared transformation key ahead of time. The only advantage of a solution of this type appears to lie mainly in a potential improvement in efficiency, caused by the merging of the two decrypt and encrypt operations into one re-encryption operation performed during the transformation phase.
The above techniques and systems fail to provide effective and secure access to and forwarding of received transcripts from the primary recipient when the primary recipient is not available. Therefore, there is a need for a system and new techniques to provide asymmetric proxy cryptography for use in encrypting and decrypting transcripts.
SUMMARY OF THE INVENTION
My work extends the work of Blaze et al., that introduces the notion of proxy cryptography, demonstrates that symmetric proxy transformations exist, and conjectures that asymmetric proxy transformations also do exist. I demonstrate that asymmetric proxy transforms do indeed exist.
A proxy is an entity that is compos
Barrón Gilberto
Lucent Technologies - Inc.
Meislahn Douglas
LandOfFree
Method and system for quorum controlled asymmetric proxy... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for quorum controlled asymmetric proxy..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for quorum controlled asymmetric proxy... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3017137