Cryptography – Key management – Key distribution
Reexamination Certificate
1999-10-08
2004-03-23
Darrow, Justin T. (Department: 2132)
Cryptography
Key management
Key distribution
C380S277000
Reexamination Certificate
active
06711264
ABSTRACT:
BACKGROUND OF THE INVENTION
A. Field of the Invention
The present invention relates to a technology that improves security of communications that take place in a computer network such as an intranet or the internet. More specifically, the present invention relates to a technology that improves security of conversations that take place in a chat system.
B. Definition of Terms
Hereinafter, a chat system refers to a system which includes a chat server and a plurality of chat clients, where a plurality of users can communicate each other simultaneously sharing a single channel. A channel is a virtual space where users are logically divided into a group, and what one of the users comments is broadcasted to all of the users who share the channel. A nickname is a name that identifies a user in a chat system. A channel operator property is an authority to administer users and modes within a channel. A bot is a software robot that participates in a channel to provide various services therein.
C. Description of the Related Art
Conventionally, in a chat system having a chat server and a plurality of chat clients, security of conversations between chat clients has been protected by encrypting conversation messages with a common key. The common key can be, for instance, a channel encryption key created by the chat server and distributed to a plurality of chat clients.
Also, there has been known a security method where a bot is connected to the server as one of chat clients, and the bot creates, distributes, and administers channel encryption keys. Another security method has been known where chat clients are provided with channel encryption keys in advance.
PROBLEM TO BE SOLVED BY THE INVENTION
In the above described method where the chat server creates channel encryption keys and distributes them to chat clients, security of conversation is protected in a communication path between the clients and the server. However, since the server has the channel encryption key, conversation messages may be decrypted on the server.
With the method where the bot administers the channel encryption keys, conversation messages can not be decrypted on the chat server, but may be decrypted on the bot. Also, it is troublesome to operate the bot, which has to be operated separately from the server. Although the method where chat clients are provided with channel encryption keys is simple, it does not allow the key to be updated. Therefore there is a higher possibility of the key being decrypted.
In view of the above, there exists a need for an improved security system for a chat system which overcomes the above mentioned problems in the prior art. This invention addresses this need in the prior art as well as other needs, which will become apparent to those skilled in the art from this disclosure.
SUMMARY OF THE INVENTION
One object of the present invention is to provide a method of and a device for improving security of conversation messages encrypted/decrypted with a channel encryption key, by making decryption of the channel encryption key difficult, while decreasing burden of administering the channel encryption key.
In accordance with one aspect of the present invention, a security method for ensuring privacy and security in a communication system where communication devices are configured to conduct simultaneous two-way communication via a single network. The security improvement method comprises steps of:
(A) generating an encryption key at at least one of the communication devices, where the encryption key is adapted to encrypt and decrypt communication contents within the network;
(B) requesting the encryption key from one of the other communication devices after a communication device joins the network;
(C) upon receiving a request for the encryption key from one of the communication devices, giving the generated encryption key to the requesting communication device; and
(D) encrypting and decrypting communication contents exchanged between the communication devices within the network.
If the security improvement method is applied to a chat system, a channel encryption key is generated by a user who opened a channel. A user who joined the channel afterward requests the channel encryption key from the first user. The first user grants the encryption key upon receiving the request. In the present invention, the cannel encryption key is distributed in this manner, whereby channel encryption is not deciphered at the server or the bot.
Preferably, the security system of the present invention is utilized in a communication device that is configured to conduct simultaneous two-way communication with other communication devices sharing a single network. The security system preferably comprises memorizing means, encrypting means, decrypting means, user administering means, key obtaining means and key distributing means.
The memorizing means memorizes an encryption key adapted to encrypt and decrypt communication contents within the shared network. The encrypting means obtains communication contents from the communication device and encrypts the communication contents with the encryption key. The decrypting means obtains communication contents from the communication device and decrypts the communication contents with the encryption key.
The user administering means obtains from the communication device predetermined user information when the communication device participates in the network, and stores the user information in the memorizing means. The user information includes at least a list of other communication devices that participate in the network. The key obtaining means selects a communication device from one of the other communication devices in the list, requests an encryption key from the selected communication device, and stores the encryption key in the memorizing means when the encryption key is sent from the selected communication device upon the request. The key distributing means retrieves an encryption key from the memorizing means and distributes the encryption key to another communication device when the another communication device sent a request for the encryption key.
When the security system is utilized with a chat client, the user administering means obtains from the chat client user information including a list of nicknames of users who participate in the channel. The key obtaining means selects a user from the nickname list, and requests a channel encryption key from the user. At the user terminal, which received the request, the key distributing means retrieves a channel encryption key from the memorizing means, and sends the channel encryption key to the requesting user terminal. At the requesting user terminal, the key obtaining means receives the channel encryption key, and stores the channel encryption key in the memorizing means. The encrypting means and the decrypting means thereafter encrypt and decrypt conversation messages using the channel encryption key stored in the memorizing means.
Preferably, the security system is adapted to be coordinated with coordinating means of the communication device. The coordinating means is adapted to relay between the communication device and the security system a request for an encryption key, the encryption key sent upon the request, information regarding the user information and communication contents. The communication contents are relayed only when a predetermined condition is met.
When communication content received in encrypted, the coordinating means sends the communication content to the security system. After the communication content is decrypted in the security system, the decrypted communication content is sent from the security system to the communication device via the coordinating means, and is displayed in a similar manner as in the case of regular communication content. When communication content needs to be encrypted, the coordinating means sends the inputted communication content to the security system. After the communication content is encrypted in the security system, the encrypted communication content is sent fro
Matsui Kazuki
Matsumoto Tatsuro
Darrow Justin T.
Fujitsu Limited
Staas & Halsey , LLP
LandOfFree
Security improvement method and security system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Security improvement method and security system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Security improvement method and security system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3282086