Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
2000-06-19
2001-09-18
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C380S255000, C380S259000, C713S002000, C713S168000, C713S170000, C705S064000, C705S074000, C705S075000
Reexamination Certificate
active
06292895
ABSTRACT:
TECHNICAL FIELD OF THE INVENTION
This invention relates in general to encryption of data in communication systems. In particular, this invention relates to a system and method for managing public/private key pairs within a cryptosystem having roaming user capability.
BACKGROUND OF THE INVENTION
Encrypted voice and data communication systems are well known in the art. These cryptosystems allow a user to digitally transmit information to one or more system users without it being intercepted and interpreted. This is accomplished by encrypting and decrypting the transmitted information with what is known as an encryption key. Encryption keys may be secret keys, where a single key is utilized for encryption and decryption, or public keys, where two or more keys are used.
Cryptosystems which utilize secret keys and public keys are well known in the art. Each type of cryptosystem provides some degree of privacy and authentication for digital communications. Secret-key cryptosystems utilize the traditional method known as symmetric key cryptography. In a symmetric key cryptosystem, a single electronic key is used both to encrypt and decrypt the transmitted information. Since only one key is used, the sender must provide the receiver with the key by some form of secure communication. The lack of a secure channel, which is usually why encryption is used in the first place, makes this system mostly obsolete in common practice these days.
Public-key cryptosystems, also referred to as asymmetric cryptosystems, provide another means of encrypting information. Such cryptosystems differ from secret-key cryptosystems in that two or more keys are required as opposed to one. In a public-key cryptosystem, each entity has a private key and a public key. Public keys are generally held in databases run by “Key Certificate Authorities” and are publicly known. However, each user's private key is known only by that user. Once a sender encrypts a message with a recipient's public key, it can only be decrypted using that recipient's private key. Because the computational power required to break a key increases exponentially with the length of key, longer keys provide greater security.
Private keys are usually between 512 and 4096 bits long, far too long for the average person to commit to memory. For this reason, most users of a public key cryptosystem store their private key on a personal computer or other personal device. The problem with this practice is that private key may be lost if the computer software crashes or computer hardware fails. In most cases, the user may have not “backed up” their data. This situation occurs more often than is convenient. In the event that the user wrote down the private key in a “safe” place and then lost it, the result is the same.
If or when this private key is lost or stolen, and thus compromised, a complicated “Key Revocation” process occurs. The user must perform the embarrassing task of informing all other users with whom he or she communicates with that the public/private key pair is no longer valid, and provide them with a new public key to use instead.
Another major drawback with current public key cryptosystems is that the users must have their private key with them to read any of their messages. This becomes a problem when the user is traveling and the private key is stored on their personal computer at home. In the current age of “roaming email” and other roaming communication, the technology is readily available for users to check their messages almost anywhere in the world. If the users do not have their private key with them, they cannot retrieve their messages. If the users do carry their private key with them while traveling, there is the risk that the private key may be lost or stolen. Furthermore, it is not always easy or convenient for users to carry around a piece of digital data with them that quickly integrates with other digital hardware worldwide.
SUMMARY OF THE INVENTION
The present invention provides a system and method for transmitting secure digital electronic messages over communication channels in a way that substantially eliminates or reduces disadvantages and problems associated with previously developed cryptosystems.
More specifically, the present invention provides a system and method for providing a public key cryptosystem having roaming user capability. The public key cryptosystem with roaming user capability comprises a network having multiple client computers and multiple encryption servers. The network allows secure communication between the client computers and the encryption servers.
In one embodiment, the client computer executes a New User computer program and an Enabler computer program to facilitate secure communication. Both the New User computer program and the Enabler computer program communicate with a Server computer program located on the encryption server. The New User computer program communicates with the Server computer program to generate a public/private key pair, a user identifier, and a user passphrase. The private key is then encrypted with the user passphrase yielding an encrypted private key, which is transmitted with the public key to the encryption server.
The Enabler computer program communicates with the Server computer program to enable a user to both read encrypted digital messages sent to him or her and send encrypted digital messages to other users. To read encrypted digital messages sent to a user, the user is first prompted for a passphrase. The passphrase is then hashed and transmitted to the encryption server for authentication. Once the hashed passphrase is authenticated, the encryption server transmits the user's encrypted private key back to the client computer, where it is decrypted. The user may now use the private key to read any digital messages he has received.
The Enabler computer program and the Server computer program also work in conjunction to send encrypted digital messages. Once a digital message is generated, it is encrypted with a client recipient's public key. The encrypted message is then transmitted to the client recipient computer.
The present invention provides an important technical advantage by providing a way to securely store a user's private key on an encryption server by symmetrically encrypting it with a passphrase so that no one but the user has access to it.
The present invention provides another important technical advantage by providing a way to securely store a user's private key on an encryption server so a user may access the private key from any client machine on the encryption server network, thus providing roaming capability.
The present invention provides another important technical advantage by providing a way to access an encrypted private key from any client machine on a network by simply remembering a user passphrase.
The present invention provides another important technical advantage by providing a way to store an encrypted private key on an encryption server instead of the user's client machine, thus preventing the loss of the private key in the event the client machine crashes or fails.
The present invention provides another important technical advantage by limiting the number of times a user may try to log-in to the network per hour so a hacker cannot break into the system and retrieve the user's encrypted private key.
The present invention provides another important technical advantage by providing a user friendly public key cryptosystem where the user need not understand how to generate, send, or receive a public/private key pair since all this is handled by the New User computer program, Enabler computer program and the Server computer program.
REFERENCES:
patent: 4200770 (1980-04-01), Hellman et al.
patent: 4405829 (1983-09-01), Rivest et al.
patent: 5619574 (1997-04-01), Johnson et al.
patent: 5748735 (1998-05-01), Ganesan
patent: 5757916 (1998-05-01), MacDoran et al.
patent: 5903652 (1999-05-01), Mital
patent: 5987440 (1999-11-01), O'Neil et al.
Gray Cary Wave and Freidenrich LLP
Hush Communication Corporation
Jack Todd
Peeso Thomas R.
LandOfFree
Public key cryptosystem with roaming user capability does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Public key cryptosystem with roaming user capability, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Public key cryptosystem with roaming user capability will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2504436