Cryptography – Key management
Reexamination Certificate
1997-09-03
2004-01-20
Sheikh, Ayaz (Department: 2131)
Cryptography
Key management
C380S278000, C713S171000
Reexamination Certificate
active
06681017
ABSTRACT:
FIELD OF THE INVENTION
The invention relates generally to electronic transactions over computer networks, and more particularly to techniques for ensuring security of electronic transactions without the need for key exchange or other complex arrangements for each transaction.
BACKGROUND OF THE INVENTION
Transaction security has become an increasingly important aspect of communication over the Internet and other types of wide area computer networks. A number of security techniques developed recently operate at the transport/session layer of a computer network operating in accordance with the Transmission Control Protocol/Internet Protocol (TCP/IP) standard. These techniques include the Secure HyperText Transport protocol (S-HTTP), described in E. Rescorla and A. Schiffman, “The Secure HyperText Transport Protocol,” Internet Draft, draft-ietf-wts-shttp-00.txt, July 1995, the Secure Shell (SSH) protocol, described in T. Ylonen, “SSH—Secure Login Connections Over the Internet,” USENIX Workshop on Security, 1996, and the Secure Socket Layer (SSL) protocol, described in P. Karlton, A. Freier and P. Kocher, “The SSL Protocol,” 3.0, Internet Draft, March 1996. These and other security mechanisms implemented at the transport/session layer generally have the advantage of providing universal security “primitives” which have a wide applicability. For example, the SSL and SSH protocols can be used in conjunction with any TCP connection in the network. However, this universality comes at the expense of a lack of flexibility in the complexity and cost of transactions, and a lack of user mobility. More particularly, transactions which are within the same client-server relationship but execute at different times will generally appear to the network transport layer as unrelated transactions, or may require the storage of data in secure long-term memory at the client side.
Emerging applications in electronic commerce often involve very low-cost transactions, which execute in the context of an ongoing, extended client-server relationship. The increase in low-cost electronic transactions and the need for “low-cost crypto” is described in, for example, R. Rivest, “Perspectives on Financial Cryptography,” Invited Lecture, Proc. of Financial Cryptography '97, Springer-Verlag. For these low-cost transactions, the above-noted general-purpose security mechanisms tend to be prohibitively expensive. In particular, both the S-HTTP and SSL security mechanisms involve a handshake-based key distribution which utilizes complex public key cryptography techniques. A user desiring to conduct a series of low-cost secure transactions with a vendor over the Internet is therefore required to utilize complex and costly arrangements, even though the transactions are carried out within an ongoing client-server relationship.
A need therefore exists for improved security techniques for electronic transactions, which take advantage of an ongoing client-server relationship to provide transaction security without the complexity and cost associated with conventional public key techniques.
SUMMARY OF THE INVENTION
The invention provides security protocols that are particularly well-suited for providing security in a series of low-cost transactions carried out between a client and a server within an on-going client-server relationship. In one embodiment of the invention, a novel simplified key establishment protocol (SKEP) is used to establish a shared key which may be used for the series of transactions. The client generates the shared key by computing, for example, the Janus function of (i) a client identifier, (ii) a server identifier and (iii) secret client information, encrypts the shared key using a public key of the server, and sends the encrypted shared key to the server. The server responds by incorporating server information into a response which is encrypted using the shared key and sent to the client. The client decrypts the response, verifies that the server has accepted the shared key, and then encrypts and sends additional client information such as a credit card number to the server using encryption based on the shared key. The server may in turn respond with an encrypted signature which may be used to provide a non-repudiation feature, such that the server cannot later deny having entered into the series of transactions with the client.
The client can use the shared key generated in accordance with the SKEP protocol in all of its subsequent transactions with the server, by simply recomputing the shared key via the Janus function. This eliminates the need for a separate key exchange for each transaction, and also eliminates the need to store shared keys between different transactions. The invention thereby considerably reduces the complexity and cost associated with providing secure client-server communications over the Internet and in numerous other applications. Moreover, because the client need not rely on data stored in secure memory, the security techniques of the invention are well-suited for use in mobile computing applications.
The subsequent client-server transactions may be conducted in accordance with a simplified or extended data delivery protocol (SDDP or EDDP) based on the above-described shared key. In the SDDP protocol, the client requests information, and the server supplies the information encrypted using the shared key. The client sends certain additional information, such as a random nonce, with its data delivery request, such that the client can readily verify that the response is associated with that request. The EDDP protocol operates in a similar manner, but requires that the client demonstrate possession of the shared key to the server before the server responds to a data delivery request, and also prevents third parties from determining the type of information requested by the client.
The generation and use of a shared key in accordance with the invention may be made substantially transparent to the client through the use of a client-side web proxy. The web proxy may, for example, query the client for its identifier and secret information at the beginning of a browsing session and then use the identifier and secret information to generate session keys for each server the client interacts with during the browsing session. After a given shared key is established, the web proxy automatically regenerates the shared key each time the client initiates a transaction with the corresponding server. In this manner, the use of the shared key can be made substantially transparent to the client, and the storage and computation overheads associated with the use of the shared key are minimized.
REFERENCES:
patent: 4405829 (1983-09-01), Rivest et al.
patent: 4807139 (1989-02-01), Liechti
patent: 5268962 (1993-12-01), Abadi et al.
patent: 5479509 (1995-12-01), Ugon
patent: 5491750 (1996-02-01), Bellare et al.
patent: 5657390 (1997-08-01), Elgamal et al.
patent: 5949876 (1999-09-01), Ginter et al.
patent: 6424718 (2002-07-01), Holloway
patent: 973299 (2000-01-01), None
patent: 9934553 (1999-07-01), None
“UK Firms Drive Trick Through US Encryption Law.” Newsbytes News Network. Mar. 24, 1997.*
Bruce Schneier, Applied Cryptography, 2nd ed., p. 48, 1995.*
E. Rescorla and A. Schiffman, “The Secure HyperText Transport Protocol,” Internet Draft, draft-ietf-wts-shttp-00.txt, Jul. 1995.
T. Ylonen, “SSH—Secure Login Connections Over the Internet,” USENIX Workshop on Security, 1996.
P. Karlton, A. Freier and P. Kocher, “The SSL Protocol,” 3.0 Internet Draft, Mar. 1996.
R. Rivest, “Perspectives on Financial Cryptography,” Invited Lecture, Proc. of Financial Cryptography '97, Springer-Verlag.
Gabber, P. Gibbons, Y. Matias and A. Mayer, “How to Make Personalized Web Browsing Simple, Secure and Anonymous,” Proceedings of Financial Cryptography '97, Springer-Verlag, 1997.
A. Aziz and M. Patterson, “Design and Implementation of SKIP (Simple Key Management for Internet Protocols),” Proceedings of the INET '95 Conference, 1995.
R. Rivest and A. Shamir, “Pay Word and MicroMint: Two Simple Micropayment
Matias Yossi
Mayer Alain Jules
Silberschatz Abraham
Lucent Technologies - Inc.
Sheikh Ayaz
Song Hosuk
LandOfFree
Simplified secure shared key establishment and data delivery... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Simplified secure shared key establishment and data delivery..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Simplified secure shared key establishment and data delivery... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3259263