Electrical computers and digital processing systems: support – Multiple computer communication using cryptography
Reexamination Certificate
1998-04-09
2003-11-18
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
C380S277000, C380S285000
Reexamination Certificate
active
06651166
ABSTRACT:
FIELD OF THE INVENTION
The invention relates to the field of electronic document encryption. More particularly, the invention relates to techniques for the secure delivery of electronic documents to remote recipients.
BACKGROUND OF THE INVENTION
The development of computerized information sources, such as those provided through the Internet or other on-line sources, has led to a proliferation of electronically available information. The desired or required security for the secure distribution of information and documents across networks has led to a variety of architectures and techniques to protect this information.
Encryption is a basic technique to scramble information or documents to prevent unsolicited access to that information.
FIG. 1
is a block diagram of secret key encryption
10
a
, wherein a document
12
is encrypted, or scrambled, with a secret key
14
, producing an encrypted document
20
. The encrypted document
20
can then be transferred to a recipient. Secret key encryption, sometimes referred to as symmetric key cryptography, employs a technique of scrambling information to prevent unsolicited access, using a unique, secret key
14
.
FIG. 2
is a block diagram of secret key decryption
10
b
, wherein the same, unique secret key
14
is required to unscramble
22
the encrypted document
20
, to reproduce a copy of the original document
12
. Without access to the secret key
14
, an encrypted document
20
remains secure from tampering.
One potential issue with secret key encryption
10
a
and
10
b
is the challenge of distributing the secret key
14
securely. For example, suppose a sender uses secret key encryption to encrypt a document
12
, and then sends a recipient the encrypted document
20
. The recipient needs the secret key
14
to decrypt
22
the encrypted document
20
. If the secret key
22
is sent over a non-secure channel, then the integrity of the security is compromised. For most applications, telephone or fax provides a secure enough means of delivering secret keys
14
, while the encrypted document
20
can be delivered over the internet using Posta™. In some instances, however, senders and recipients require a more robust or convenient means of distributing a secret key
14
.
Public key encryption facilitates a more robust, and typically a more convenient means, of delivering information securely. With public key encryption, each recipient owns a pair of keys, called a public key
32
and a private key
40
. The key pair's owner (the recipient) publishes the public key
32
, and keeps the private key
40
a secret.
FIG. 3
is a block diagram of public key encryption
30
a
, wherein a document
12
is encrypted, or scrambled
34
, with a public key
32
, producing an encrypted document
36
. To send information to a recipient, a sender uses the published public key
32
of the intended recipient to encrypt
34
the information, and then the recipient uses their own private key
40
to decrypt the information. Hence, the private key
40
(which is necessary to decrypt the information) is not distributed.
FIG. 4
is a block diagram of private key decryption
30
b
, wherein the private key
40
is required to unscramble
38
the encrypted document
36
, to reproduce a copy of the original document
12
. Without access to the private key
40
, an encrypted document
36
remains secure from tampering.
Public key encryption
30
a
and
30
b
typically exploits a mathematical relationship between the public and private keys
32
,
40
, which allows a public key
32
to be published, without risking the derivation of the private key
40
from the published public key
32
.
Public key encryption algorithms are typically complex, and hence may be too time consuming to be of practical use for many users. Secret key encryption
10
a
,
10
b
is typically much faster than public key encryption
30
a
,
30
b
, but requires the transmission the secret key
14
from the sender to the recipient.
In a digital envelope system, a user encrypts a document
12
with a secret key
14
, and then encrypts the secret key
14
with the public key
32
of the intended recipient. The recipient of the encrypted document
20
then uses their private key
40
to decrypt the secret key
14
, and then uses the secret key
14
to decrypt the document.
It is often useful to verify if a document has not been altered during transmission, or to verify who sent or received a given document. Hashing algorithms (or message digests) and public key technologies facilitate solutions to document integrity and transport verification.
Digital certificates can also be used to provide enhanced security for encrypted information. Suppose a recipient owns a public/private key pair and wishes to publish the public key
32
so others can use the public key
32
, either to encrypt information to be sent to the recipient, or to verify the digital signature of the recipient. A secure technique for the recipient to publish the public key
32
is to register the public key
32
with a trusted authority. The trusted authority can then certify that a particular public key
32
belongs to the recipient. A digital certificate connects a recipient, or other entity, with a particular public key
32
.
A digital certificate, as disclosed later, is a record of a public key and an identity, and the association of the two as attested to by a third party by means of a digital signature. The private key is not in the certificate, but only one private key can match a given public key. A public/private key pair is actually a pair of numbers with the following properties:
The private key cannot be derived easily from the public key; and
The public key can be used to cipher data which can only be deciphered by knowing the private key (some public keys algorithms, such as RSA, also have the inverse property, which makes them suitable for use a digital signatures).
A trusted or certificate authority issues and maintains digital certificates.
The disclosed prior art systems and methodologies thus provide some methods for the encryption and secure delivery of documents, but fail to provide a simple digital certificate generation and enrollment system that is implemented and controlled by a sender. The development of such a digital certificate system would constitute a major technological advance.
SUMMARY OF THE INVENTION
A sender driven certificate enrollment system and methods of its use are provided, in which a sender controls the generation of a digital certificate, which can be used to encrypt and send a document to a recipient in a secure manner. The sender compares previously stored recipient information to gathered information from the recipient. If the information matches, the sender transfers key generation software to the recipient, which produces the digital certificate, comprising a public and private key pair. The sender can then use the public key to encrypt and send the document to the recipient, wherein the recipient can use the matching private key to decrypt the document. In a preferred embodiment, a server is interposed between the sender and the recipient, to provide increased levels of system security, automation, and integrity.
REFERENCES:
patent: 4289930 (1981-09-01), Connolly et al.
patent: 4532588 (1985-07-01), Foster
patent: 4713780 (1987-12-01), Schultz et al.
patent: 4754428 (1988-06-01), Schultz et al.
patent: 4837798 (1989-06-01), Cohen et al.
patent: 4868877 (1989-09-01), Fischer
patent: 5008814 (1991-04-01), Mathur
patent: 5105184 (1992-04-01), Pirani et al.
patent: 5210824 (1993-05-01), Putz et al.
patent: 5247661 (1993-09-01), Hager et al.
patent: 5276869 (1994-01-01), Forrest et al.
patent: 5283887 (1994-02-01), Zachery
patent: 5293250 (1994-03-01), Okumura et al.
patent: 5341426 (1994-08-01), Barney et al.
patent: 5355472 (1994-10-01), Lewis
patent: 5367621 (1994-11-01), Cohen et al.
patent: 5379374 (1995-01-01), Ishizaki et al.
patent: 5404231 (1995-04-01), Bloomfield
patent: 5406557 (1995-04-01), Baudoin
patent: 5416842 (1995-05-01), Aziz
patent: 5418908 (1995-05-01)
Bandini Jean-Christophe
Smith Jeffrey C.
Hayes Gail
Seal James
Skadden, Arps Slate Meagher & Flom LLP
Tumbleweed Software Corp.
LandOfFree
Sender driven certification enrollment system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Sender driven certification enrollment system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Sender driven certification enrollment system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3175928