Cryptography – Key management
Utility Patent
1997-02-28
2001-01-02
Swann, Tod R. (Department: 2767)
Cryptography
Key management
C380S278000, C380S259000, C380S260000, C380S284000, C380S285000, C380S030000, C705S051000, C705S057000, C713S165000, C713S162000, C713S152000
Utility Patent
active
06169805
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to communication networks. More particularly, the invention relates to systems and methods for providing users security on-demand over unsecure networks.
2. Background Discussion
One of the greatest problems in data networking and data internetworking is the need to ensure security on-demand for communications between entities or parties that have not previously agreed to a given security scheme. At least two types of networks are available for the transmission of confidential information between entities or parties. The Public Switch Telephone Network (PSTN) is generally accepted as suitable for communicating a large percentage of commercially confidential information. Confidential information may be exchanged between parties in person-to-person calls or on conference calls. For highly confidential information, voice encryption mechanisms are available which require special hardware. However, such mechanisms are not generally employed in the normal course of business between parties.
Data networks, including the Internet, are less secure than the PSTN due to the ability of the data to be intercepted by third parties. Security schemes do exist that provide encryption for confidential information on data networks. When encryption is implemented, the parties, in advance of communication, must agree to an encryption algorithm or the parties enroll in a service provided by a trusted third party.
Prior art related to secure communications over a data network include the following:
U.S. Pat. No. 5,550,984 by E. J. Gelb, issued Aug. 27, 1996, discloses a system for preventing unauthorized communications between two computer networks. Each network includes a motherboard having a network interface adapter for communication with the network. Each motherboard has a transfer adapter for the other motherboard which is identical and matched. Each motherboard has network operating software to prevent transmission of routing services information between the network interface adapter of each motherboard. Protocol conversion software in each motherboard prevents upper level layer protocol information and originating source and destination address information from being passed between the network interface adapter and the transfer adapter of each motherboard.
U.S. Pat. No. 5,548,646 of Aziz et al., issued Aug. 20, 1996, discloses a system of secure transmission of data packets which automatically encrypt and decrypt between sites on the Internet or other computer networks. Messages or packets requiring security are automatically encrypted without any separate action on the part of the user so that no one on a public network can determine the contents of the message or the packets.
European Patent 693,836-A1 to Ashar Aziz issued Jan. 24, 1996, discloses a key management procedure for Internet protocols in connecting data processing devices via private networks to the Internet. Each data processing device connected to the Internet at a node includes a secure value for allowing access to the other node.
None of the prior art allows parties with no prior agreement, and without the intervention of a third party service to exchange information at the security level of the PSTN. Accordingly, a need exists to provide voice and data conferencing over the PSTN and Internet at a security level of the PSTN without prior security arrangements among the parties exchanging the confidential information.
SUMMARY OF THE INVENTION
An object of the invention is a communications network and method of operation which provides security on-demand between parties exchanging confidential information without prior arrangements.
Another object is a communications network and method of operation using interpretive encryption/decryption software stored in a network and accessed “on-demand” by the parties for exchanging confidential information.
Another object is a system and a method of operation which uses two communication channels for exchanging confidential information, one channel providing an encryption/decryption software and the other channel transmitting a security key for the encryption/decryption software.
Another object is a system and method for exchanging confidential information in a data network, on-demand, without prior security arrangements where the confidential information may be exchanged synchronously, near-synchronously or store and forward.
These and other objects, features and advantages are achieved in a communication network without built-in security in which a sending party is connected to the network through a computer. The sender prepares a file, for example designated “X”, containing confidential information for secure transmission over the network to one or more receivers. In one embodiment, the sender downloads encryption/decryption or “crypto” software stored at a location on data network, e.g. the Internet at a location “U” in a Uniform Resource Locator (URL). Alternatively, the Internet-stored “crypto” software may be resident at the sending machine. Preferably, the “crypto” software is written in an interpretive language in which the “crypto” software is interpreted directly by a software interpreter which runs on a receiver machine. The sender selects a key “K” and encrypts the plain text file “X” into cipher text using the “crypto” software. Before or after transmitting the cipher text to the receiver(s), the sender notifies the receiver(s) over a communication network e.g. a PSTN of the URL U where the “crypto” software is located and the key “K” for decrypting the file “X” using the “crypto” software. After the telephone call, the receiver accesses URL location “U” on the Internet using his computer and a standard web browser. The URL location “U” points to the Hyper Text Mark-Up (HTML) text which is displayed on the receiver's screen. The “crypto” software is downloaded to the receiver terminal equipment. The HTML page requests the key “K” which the receiver enters and the file “X” is downloaded, decrypted and displayed at the receiver's screen using the key “K”.
REFERENCES:
patent: 3962539 (1976-06-01), Ehrsam et al.
patent: 4484025 (1984-11-01), Ostermann et al.
patent: 5548646 (1996-08-01), Aziz et al.
patent: 5550984 (1996-08-01), Gelb
patent: 5757911 (1998-05-01), Shibata
patent: 693836 A1 (1996-01-01), None
patent: PCT/US85/00132 (1985-08-01), None
Menezes et al., Handbook of Applied Cryptography, CRC Press, p. 16, 1997.
TommySoftware, Cloaking Device, Edition 1.10e, http://www.tommysoftware.com, 1996.
Schneier, Applied Cryptography, John Wiley & Sons, Inc., 2nd edition, pp. 28-29, Oct. 1995.*
Dunn James M.
Ganek Alan G.
Stern Edith H.
Willner Barry E.
Callahan Paul E
International Business Machines - Corporation
Morgan & Finnegan , LLP
Redmond, Jr. Joseph C.
Swann Tod R.
LandOfFree
System and method of operation for providing user's... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method of operation for providing user's..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method of operation for providing user's... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2524579