Cryptography – Key management – Having particular key generator
Reexamination Certificate
1998-06-24
2002-09-03
Hayes, Gail (Department: 2131)
Cryptography
Key management
Having particular key generator
C380S043000, C380S260000
Reexamination Certificate
active
06445794
ABSTRACT:
FIELD AND BACKGROUND OF THE INVENTION
The present invention relates to a system, a device and a method of providing secure communication between two parties, and in particular for providing such secure communication over a communication network.
Secure communication between two parties has always been an important but difficult task. The moment information is shared between two parties, a third, unauthorized party may be able to access this information as well. The problem is magnified when the two authorized parties are separated by a distance, so that information must be passed in the form of messages rather than by direct communication. Historically, the content of messages has sometimes been protected by cryptography, in which the content is altered by transformation into another form which is understandable only by the intended recipient or recipients of the message.
As the technology for transferring information has become increasingly complex and sophisticated, so has the technology of cryptography. Currently, cryptography may be performed by encoding the original message into an incomprehensible protected message according to mathematical algorithms using a particular key. Only the correct recipient should have both the same algorithm and the particular key needed to decode the protected message into the original message. Thus, the incomprehensible encoded message can be freely transmitted over a relatively insecure communication channel such as a telephone network, while remaining secure to all but the correct recipient.
Of course, the security of the encoded message depends both upon the possession of the key and the ability of the algorithm to resist being broken by an unauthorized third party. A third party could try to guess the identity of the key, in effect copying it, and then use the actual key to decode the message. Also, just as a door may be broken without having the key to the lock, so can a cryptography algorithm be broken in the absence of the correct mathematical key. In both cases, the longer the key, the more difficult either guessing attacks or brute force attacks become.
However, as computer technology has become ever faster, many heretofore “impregnable” algorithms have yielded to brute force attacks. For example, the DES (Data Encryption Standard) algorithm with a 56-bit key was thought to be impregnable at the time of its inception in 1976. By 1993, DES with the 56-bit key could theoretically have been broken in 7 hours by brute force with a highly sophisticated computer. To solve the problem, the key was lengthened to 128 bits. Other algorithms have proven to be susceptible to brute force attacks, and are now used with longer keys to reduce their vulnerability to attacks.
Since computer technology is still becoming increasingly powerful and faster, there is no reason to expect that the “impregnable” algorithms of today will not fall to a brute force attack tomorrow. Furthermore, certain algorithms have become easier to crack by the discovery of new mathematical functions, such as new factoring algorithms, which cannot be easily anticipated. Such functions can render “secure” cryptography algorithms vulnerable to attack. Thus, expecting mathematical algorithms alone to provide all of the security for information transfer is clearly not sufficient.
An additional layer of security is provided by using public key-private key pairs. In this system, used for example in the PGP (Pretty Good Privacy) cryptography software, the sender encrypts the message using the public key, and the recipient decrypts it with the private key.
As noted previously, such security measures through cryptography are important for sending secure messages over insecure communication channels. For example, voice and facsimile transmissions are typically sent over telephone networks, which can be tapped. The problem is magnified for such highly insecure communication channels as cellular phones, which are easy to access with hardware, such as a scanner, which can be purchased “off the shelf” at an electronics store. Thus, devices and methods for securing communication on insecure channels are important.
One example of such a method is disclosed in U.S. Pat. No. 5,473,689 to Eberhard. In this method, two electronic devices generate and exchange two random numbers, so that each device knows both numbers. Both numbers are then encrypted and compared, by exchanging a portion of each encrypted number. Communication only occurs if both encrypted numbers match. One problem with this method is that both sides must have the same key for the encryption and decryption of the random numbers. Thus, this key is vulnerable to theft by an unauthorized party, particularly if the key is exchanged.
U.S. Pat. No. 5,564,106 to Puhl et al. describes a method of providing blind access to an encryption key, such that the key of a first group member is provided to a second group without the first group knowing the identity of the first group member. Such a method is useful for enabling a government organization which is investigating an employee of a business to access the key of that employee, without enabling the business to know the identity of the employee under investigation. However, this method is not helpful for secure communication over an insecure channel, since it presupposes the security of the original encryption method.
One drawback of some currently available encryption methods for communication over an insecure channel is that they require the user to perform a number of steps before communication occurs. If such encryption were to be performed automatically, for example by a semiconductor chip contained with a communication device, the user would not need to actively perform the encryption before communication would occur. One example of such a device is disclosed in U.S. Pat. No. 5,539,828 to Davis. This device has both a pair of keys, public and private, and a digital certificate which includes the public key encrypted with the private key. Essentially, this device has automated public key encryption, so that again communication through the device is only as secure as the encryption method.
Other commercially available hardware devices, or hardware/software systems, suffer from the same potential drawback: the devices and systems are only as secure as the encryption method which is employed. Examples of such devices and systems include the information security products of Litronic (Costa Mesa, Calif., USA), which include both smartcard readers and cryptographic device drivers, and software for encrypting textual and database information; the network security products of Cylink Corp. (San Francisco, Calif., USA), which help ensure security on LAN (Local Area Networks) and WAN (Wide Area Networks), through the use of the DES encryption algorithm; and the products of Cylink (Sunnyvale, Calif., USA), which provide rapid encryption for digital networks, again using either DES or a proprietary encryption algorithm. These are only a sampling of the many such products available on the market today, indicating the wide-spread popularity of, and commercial need for, products for secure communication and encryption.
Unfortunately, as noted previously, all of these products are only as secure as the encryption method employed. Furthermore, all of the encryption methods employed are based upon mathematical algorithms and keys, which means that they can potentially be cracked by a brute force attack. As computer technology becomes more sophisticated and as new mathematical functions related to these algorithms become available, such brute force attacks become easier to manage, thereby rendering the encrypted data vulnerable to unauthorized interception.
There is one type of encryption, however, which is theoretically unbreakable by a brute force attack on the encrypted message itself. This type of encryption involves random numbers which are as long as the message itself. There is no potentially breakable algorithm. Rather, the message is encoded according to a random number of the same length as
DiLorenzo Anthony
Graeser D'Vorah
Hayes Gail
Ron Benyamin
LandOfFree
System and method for synchronizing one time pad encryption... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for synchronizing one time pad encryption..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for synchronizing one time pad encryption... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2894348