Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-02-12
2001-08-07
Swann, Tod (Department: 2767)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S160000, C713S170000, C713S155000, C713S152000, C380S286000, C380S277000, C380S059000
Reexamination Certificate
active
06272632
ABSTRACT:
BACKGROUND OF THE INVENTION
Field of the Invention
The present invention relates generally to data encryption, and more particularly to data recovery.
Related Art
Data encryption is critical to ensuring the confidentiality of sensitive information. Various symmetric and asymmetric encryption methodologies can be used alone or in combination to implement the security functions.
Historically, encryption systems that have been used to protect sensitive information have been implemented as separate hardware devices, usually outboard “boxes” between a computer or communications system and a communications circuit. Such devices are designed with a high level of checking for operational integrity in the face of failures or malicious attack, and with especially careful measures for the protection of cryptographic functions and keys.
Software encryption systems have historically been viewed with suspicion because of their limited ability to protect their algorithms and keys. Over and above these issues is the fact that an encryption algorithm implemented in software is subject to a variety of attacks. The computer's operating system or a user can modify the code that implements the encryption algorithm to render it ineffective, steal secret cryptographic keys from memory, or, worst of all, cause the product to leak its secret cryptographic keys each time it sends or receives an encrypted message.
The principal disadvantage of using encryption hardware, and therefore the primary advantage of integrated software implementations, is cost. When encryption is implemented in hardware, whether a chip, a board or peripheral (such as a PCMCIA card) or a box, end users have to pay the price. Vendors must purchase chips and design them into devices whose costs go up because of the additional “real estate” required for the chip. End users must purchase more expensive devices with integrated encryption hardware, or must buy PCMCIA cards or similar devices and then pay the price for adding a device interface to their computing systems or dedicating an existing interface to encryption rather than another function such as that performed by a modem or disk.
A second advantage of software implementations is simplicity of operation. Software solutions can be readily integrated into a wide variety of applications. Generally, the mass market software industry, which attempts to sell products in quantities of hundreds of thousands or millions, seeks to implement everything it can in software so as to reduce dependencies on hardware variations and configurations and to provide users with a maximum of useful product for minimum cost.
SUMMARY OF THE INVENTION
The present invention is generally directed to a system and method for controlling access to a user secret. A user secret generally represents an arbitrary piece of confidential information to which a user wishes to control access. In one embodiment, the user secret represents a secret key (KS) that is used to encrypt a piece of data, D. In a communication application, the data, D, represents a message, M, to be transmitted to a receiving entity. In a storage application, the data, D, represents a file, F, that is encrypted and subsequently stored.
More specifically, according to an embodiment of the present invention, an encrypting system encrypts D using KS to produce encrypted data or cipher text C. The encrypting system then generates a key recovery field (KRF). The KRF includes an access rule index (ARI) and the KS. The KS is protected by a key recovery center (KRC) public key (KRCpub). KRCpub is acquired in a registration phase. During this registration phase, an access rule defining system defines an access rule (AR) that controls subsequent access to the secret KS. After the KRC receives the AR from the AR defining system, the KRC returns an ARI. The ARI can be included in one or more KRFs attached to subsequent encrypted files.
To decrypt encrypted data C that is encrypted with KS, a decrypting system must have access to the secret KS. If the decrypting system does not have knowledge of the secret KS, then emergency access is achieved via the KRF. In one recovery scenario, the emergency decrypting system extracts the KRF attached to the encrypted message and sends the KRF to the KRC. The KRC presents a challenge to the emergency decrypting system based on the AR that is referenced by the ARI included within the KRF. If the emergency decrypting system successfully meets the challenge, the KRC sends the secret KS to the emergency decrypting system.
In another recovery scenario, the emergency decrypting system sends both the encrypted data C and the KRF to the KRC. In a similar manner, the KRC presents a challenge to the emergency decrypting system based on the AR that is referenced by the ARI included within the KRF. If the emergency decrypting system successfully meets the challenge, the KRC uses the KS to decrypt the encrypted data C and sends the decrypted data D to the emergency decrypting system.
The KRF includes an unencrypted header section and an encrypted payload section. In one embodiment, the payload section includes a concatenation of an ARI (selected by the encrypting system) with a secret KS. The payload section is then encrypted using a KRCpub. The unencrypted header section includes a KRC identifier and a key identifier (KI). The KI uniquely identifies the KRCpub used to encrypt the payload section.
In a second embodiment, the unencrypted header section includes the KRC identifier, KI and the ARI. As the ARI does not represent authentication information it can be included within the KRF as clear text. To prevent the ARI (and/or other header information) from being exchanged, altered, or corrupted, the header section also includes an ARI binding digest. The ARI binding digest protects the integrity of the ARI and other header information in the unencrypted header section and securely binds it with the encrypted payload section that includes the KS.
The ARI binding digest does not represent authentication information. Consequently, the ARI binding digest can be, and preferably is, included within the KRF as clear text.
In alternative scenarios, access to a user secret can be achieved through one or more KRFs that are generated using a plurality of KRCpubs. Here, each KRCpub can be associated with a separate KRC. In these scenarios, multiple KRCs individually control, in whole or in part, the recovery of the US. Three multiple KRC scenarios include OR-Access, AND-Access, and Quorum-Access.
Generally, the user secret within a KRF is not limited to an encryption key but rather can include any arbitrary piece of confidential information. In all cases, the KRC limits access to emergency decrypting systems that can meet the challenge that is defined by the AR referenced by the ARI in the KRF containing the US.
Further features and advantages of the present invention, as well as the structure and operation of various embodiments of the present invention, are described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers indicate identical or functionally similar elements.
REFERENCES:
patent: 4200770 (1980-04-01), Hellman et al.
patent: 4386233 (1983-05-01), Smid et al.
patent: 4405829 (1983-09-01), Rivest et al.
patent: 4590470 (1986-05-01), Koenig
patent: 4607137 (1986-08-01), Jansen et al.
patent: 4868877 (1989-09-01), Fischer
patent: 4910774 (1990-03-01), Barakat
patent: 4926480 (1990-05-01), Chaum
patent: 4947430 (1990-08-01), Chaum
patent: 4996711 (1991-02-01), Chaum
patent: 5005200 (1991-04-01), Fischer
patent: 5144665 (1992-09-01), Takaragi et al.
patent: 5191611 (1993-03-01), Lang
patent: 5200999 (1993-04-01), Matyas et al.
patent: 5210795 (1993-05-01), Lipner et al.
patent: 5214702 (1993-05-01), Fischer
patent: 5224163 (1993-06-01), Gasser et al.
patent: 5226080 (1993-07-01), Cole et al.
patent: 5263157 (1993-11-01), Janis
patent: 5265163 (1993-11-01), Golding et al.
patent: 5265164 (1993-11-01), Matyas et al.
patent: 5267313 (1993-11-01), Hirata
patent: 5276736 (1994-01-01), C
Balenson David M.
Carman David W.
Tajalli Homayoon
Walker Stephen T.
Callahan Paul E.
Cooley & Godward LLP
Network Associates, Inc.
Swann Tod
LandOfFree
System and method for controlling access to a user secret... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for controlling access to a user secret..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for controlling access to a user secret... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2519970