Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1997-02-24
2003-06-24
Darrow, Justin T. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S153000, C713S181000, C380S285000
Reexamination Certificate
active
06584563
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention generally relates to user support systems for cryptographic communication, and more particularly to a user support system for cryptographic communication wherein a communication is made by enciphering and deciphering the communication in a network system.
When making a communication in a network system in which an unspecified large number of computers are connected, there is a possibility that the communication content is tapped at a repeater site or, the communication is made by a person identifying himself as the authorized user. Because of such possibilities, it is necessary to guarantee the security of the communication by enciphering the communication or by adding to the communication content a certificate or proof which is given by a third party and which certifies or proves that the signature of the sender is that of himself, that is, the authorized user.
Various enciphering systems have been proposed. According to the DES system, a secret key which is common between the communicating users is prepared, and the enciphering is made by use of this secret key. The processing speed of this DES system is high, but the secret key must be held for each communicating user thereby making the key management difficult.
On the other hand, the RSA system prepares a secret key corresponding to a public key, and the enciphering is made by use of the public key or the secret key. The deciphering is made using the secret key when the enciphering is made using the public key, and the deciphering is made using the public key when the enciphering is made using the secret key. The number of required keys can be reduced according to this RSA system; however, the processing speed is low and a long processing time is necessary.
Accordingly, the PEM system which combines the DES system and the RSA system has been proposed.
FIG. 1
shows an example of a conventional cryptographic communication system employing the PEM system. The PEM system enciphers the mail text by a DES secret key according to the DES system, and enciphers this DES secret key by a public key of the receiving user according to the RSA system. The DES secret key is a session key which is generated at random, using time information and the like, when enciphering the mail. The receiving user obtains the mail, including the enciphered mail text of the transmitting user and the DES secret key, by a secret key of the receiving user. In other words, the receiving user deciphers the DES secret key using the DES secret key, and deciphers the enciphered mail text by using the deciphered DES secret key.
In
FIG. 1
, it is assumed for the sake of convenience that the cryptographic communication employing the PEM system is made from a transmitting (or sending) user A of a transmitting (or sending) system S to a receiving user B of a receiving system R so as to transmit a mail text (communication text)
300
.
In the transmitting system S, a DES secret key
301
is generated at random, using time information and the like, when enciphering the mail text
300
according to the DES system. A public key
301
′ of the user B is made by the user B and made public to the user A. A secret key of the user B, made in advance and secretly held by the user B, is provided in correspondence with the public key of the user B.
In
FIG. 1
, a process
302
enciphers the mail text
300
according to the DES system using the DES secret key
301
. A process
303
enciphers the DES secret key
301
according to the RSA system using the public key of the user B. Transmitting information
304
is the information to be transmitted in the network.
An enciphered DES secret key
305
is the DES secret key
301
which has been enciphered according to the RSA system. An enciphered mail text
306
is the mail text
300
which has been enciphered according to the DES system using the DES secret key
301
.
On the other hand, in the receiving system R, a secret key
307
of the user B is secretly held in correspondence with the public key of the user B. A process
307
′ deciphers the enciphered DES secret key
301
which has been enciphered according to the RSA system, using the secret key
305
of the user B. A process
308
deciphers the enciphered mail text
306
which has been enciphered according to the DES system, using the deciphered DES secret key
301
. A deciphered mail text
309
is the mail text which is obtained by the deciphering process
308
.
In the PEM system shown in
FIG. 1
, the transmitting user A of the transmitting system S makes (i.e., produces) the enciphered mail to be transmitted to the receiving user B of the receiving system R, and the receiving user B deciphers the enciphered mail in the following
First, the transmitting user A makes (i.e., produces) the mail text
300
, and starts an enciphering unit. The transmitting user A generates, the DES secret key
301
by a secret key generator which is not shown in
FIG. 1
but will be described later in conjunction with
FIG. 3A
, and enciphers the mail text
300
according to the DES system using the DES secret key
301
. Then, the transmitting user A obtains the public key
301
′ of the receiving user B, and enciphers the DES secret key
301
according to the RSA system using the public key
301
′ of the receiving user B. Usually, the public key
301
′ of the receiving user B is stored in a file such as a floppy disk.
The enciphered mail text
306
which has been enciphered according to the DES system and the enciphered DES secret key
305
which has been enciphered according to the RSA system are transmitted to the receiving user B.
The user B starts a deciphering unit when the receiving user B confirms that the enciphered mail text
306
is being transmitted to the receiving user B. The receiving user B obtains his own secret key
307
, which corresponds to the public key made public to the transmitting user A, and uses this secret key
307
to decipher the DES secret key
305
which has been enciphered using the public key of the receiving user B. Usually, the secret key
307
is secretly stored in a floppy disk or the like. In addition, the deciphered mail text
309
is output.
FIG. 2
shows an example of a conventional cryptographic communication system employing a signature check system. According to the signature check system, the transmitting user A enciphers the mail text, and adds his signature, when transmitting the enciphered mail text to the receiving user B.
In the transmitting system S shown in
FIG. 2
, a mail text
330
is to be transmitted to the receiving user B. A secret key
331
of the transmitting user A is formed in advance by the transmitting user A in correspondence with the public key of the transmitting user A, and is secretly stored in a floppy disk or the like. A public key
332
of the transmitting user A is formed by the transmitting user A and is made public to the destination of the communication, that is, the receiving user B. The public key
332
of the transmitting user A corresponds to the secret key
331
of the transmitting user A.
A digest
333
is regarded as the signature of the transmitting user A, and is obtained by subjecting the mail text
330
to a data compression. This digest
333
is enciphered into an enciphered digest
334
according to the RSA system using the secret key
331
of the transmitting user A. This enciphered digest
334
is regarded as an electronic signature (e.g., “form signature”) of the transmitting user A.
An enciphering unit
340
enciphers the mail text
330
, according to the PEM system, into an enciphered mail text
341
.
On the other hand, in the receiving system R, a process
335
deciphers the received signature using the public key
332
of the transmitting user A, and a deciphered digest
336
is obtained. A deciphering unit
342
employs the PEM system and deciphers the enciphered mail text
341
, which is transmitted from the transmitting user A, into a deciphered mail text
343
. A digest
344
of the deciphered mail text
343
is obtain
Aikawa Hideyuki
Kikuchi Hiroaki
Kuroda Yasutsugu
Darrow Justin T.
Fujitsu Limited
Staas & Halsey , LLP
LandOfFree
User support system for cryptographic communication in... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with User support system for cryptographic communication in..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and User support system for cryptographic communication in... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3148613