Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Central trusted authority provides computer authentication
Reexamination Certificate
1998-11-20
2002-05-28
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Central trusted authority provides computer authentication
C713S158000, C713S168000
Reexamination Certificate
active
06397329
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a method for efficiently revoking digital identities such as certificates generated by a public-key cryptography system.
2. Discussion of Related Art
Digital Identities
Digital identities (and author-identities of messages) which identify a particular person or entity are important for business, private, and government use of the Internet. For example, digital identities are needed for on-line shopping, business-to-business transactions, on-line banking, code-authentication, company-internal identities, and other network and world wide web related transactions. The U.S. Federal government, NIST, the U.S. Post Office, Visa and Master Card, some major banks, and private companies (like VeriSign, SIAC, IBM, GTE, and Microsoft) are all building digital identity infrastructures. Although the general design of all these schemes is similar, and typically relies on public-key cryptography and Certificate Authority services (both of which are described below), the details (and hence the efficiency) of what it means for a digital identity to be valid, and how it can be revoked differs from scheme to scheme.
Public Key Cryptography
It is often desirable to encrypt a message, such as a digital message, so that only certain authorized persons may access the message. All others are unable to access the message. One way this may be done is by taking the message, called a plain text message, and encrypting it into a cipher text message. The cipher text message appears as gibberish. The cipher text message may be decrypted back into the plain text message only by those having the corresponding private key (described below). Public key cryptography is a well known way to encrypt messages in this way.
Public key cryptography may also be used to provide a “digital signature” to a message. The digital signature is an author identity which verifies that the message originated from the party signing the document. This may be done by a party using its private key to sign a message. The signature may be verified by anyone having the party's public key, but may only be signed by the party having the private key (public and private keys are described below).
In a typical public key cryptography system (also referred to herein as a “public key cryptosystem”), each user u has a public key (or exponent) PK
u
and a secret key (or exponent) SK
u
. For a particular party i, party i's public key PK
i
is known to everyone, but the secret key SK
i
is known only to party i. A plain text message m to user i is encrypted to form the cipher text message x using a public operation P which makes use of the public key PK
i
known to everyone, i.e., x=P(m,PK
i
). The cipher text message x is decrypted using a decryption operation D which makes use of the secret key SK
i
, i.e., m=D(x,SK
i
). Anyone given the public key can encrypt a message using the public operation. Only party i who has the secret key SK
i
can perform the secret operation to decrypt efficiently the encrypted message x to obtain clear text message m.
A digital signature may be added to a message m to identify that the party “signing” the message is user i, the party identified as the message originator, and not an imposter. A digital signature may be associated with a message m by applying a signing algorithm S on the message m using the signing party's secret key SK
i
i.e., =S(m, SK
i
). Anyone given that party's public key PK
i
may verify the authenticity of the signature by applying a verification algorithm V on the signature using the signing party's public key PK
i
, i.e. V(PK
i
, m,) {valid or not valid}.
FIG. 1
is a block diagram of a typical cryptography device
100
, such as may be used in a public key cryptosystem. The device
100
has a processor
102
including one or more CPUs
102
, a main memory
104
, a disk memory
106
, an input/output device
108
, and a network interface
110
. The devices
102
-
110
are connected to a bus
120
which transfers data, i.e., instructions and information between each of these devices
102
-
110
. The processor
102
may use instructions in the memories
104
,
106
to perform functions on data, which data may be found in the memories
104
,
106
and/or received via the I/O
108
or the network interface
110
.
For example, a plain text message (or unsigned message) may be input via the I/O
108
or received via the network interface
110
. The plain text message (or unsigned message) may then be encrypted (or digitally signed) using the processor
102
and perhaps software stored in the main memory
104
or the disk memory
106
. The encrypted message (or digitally signed message) may be transmitted to another party via the network interface
110
connected to a local area network (LAN) or wide area network (WAN). Similarly, a cipher text message (or digitally signed message) may be received via the network interface
110
and decrypted using the processor
102
and perhaps software stored in the main memory
104
or the disk memory
106
. The decrypted message, now in plain text, or signature verification may be, for example, viewed on a monitor.
FIG. 2
illustrates a network
200
over which cryptography devices
100
may communicate. Two or more cryptography devices
100
,
100
,
100
may be connected to a communications network
202
, such as a wide area network which may be the Internet, a telephone network, or leased lines; or a local area network, such as an Ethernet network or a token ring network. Each cryptography device
100
may include a modem, network interface card, or other network communication device
204
to send encrypted or digitally signed messages over the communications network
202
. A cryptography device
100
may be a gateway to a sub-network
206
. That is, the device
100
may be an interface between a wide area network
202
and a local area (sub) network
206
.
As discussed in more detail below, in a public key cryptosystem, two communicating parties, such as cryptography devices
100
and
100
may communicate with a third party, such as cryptography device
100
, to certify that each party is not an imposter. This third party is often called a certification authority.
One problem with public key cryptography is that for one party, say party A, to communicate with another party, say party B, A needs to obtain party B's public key PK
B
. A may do this in a number of ways, for example, A's cryptography device may obtain PK
B
(1) directly from B's cryptography device, (2) from A's cryptography device's own database (if, for example, A and B have previously communicated), such as disk memory
106
, or (3) from a trusted third party such as a certification authority. A security problem arises if B's digital identity is stolen or canceled before it expires.
Certification Authorities
In some public-key cryptosystems, this security problem is avoided by having public keys certified by a trusted third party. This trusted party is often referred to as a certification Authority (CA). A CA issues a public key certificate (PKC), which contains a party's public key, information about the party, such as its name, address, account or serial number, certificate expiration date, the CA's identity, and the CA's digital signature certifying that the public key belongs to the party presenting the certificate. Thus, if A wishes to communicate with B, B sends A its public key PK
B
and its public key certificate. A checks the authenticity of PK
B
and the public key certificate by checking them against the public keys for B and CA.
Digital identities, such as PKCs, are not unlike credit cards (and indeed may represent a credit card account) in that they typically have an expiration date. Moreover, a digital identity, just like a credit card, may be revoked due to a change in the party's status, a security breach, or other reason. Without a method for certificate revocation, these digital iden
Aiello William
Lodha Sachin
Ostrovsky Rafail
Falk James W.
Giordano Joseph
Peeso Thomas R.
Telcordia Technologies Inc.
LandOfFree
Method for efficiently revoking digital identities does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for efficiently revoking digital identities, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for efficiently revoking digital identities will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2857515