Method and apparatus for enhancing network security protection server performance
First Claim
1. A method for secure computer communications, comprising:
- generating a Rivest-Shamir-Adleman (“
RSA”
) algorithm public/private key pair at a web server, wherein <
N, e′
>
, represents the public key with N being the product of two distinct primes, p and q, and wherein the private key is represented by d;
sending a client hello message to the web server from a client requesting a secure network connection;
responding to the client with a server hello message comprising the RSA public key;
encrypting a random string R at the client using the RSA public key, wherein the resulting cipher-text C includes R;
sending the encrypted cipher-text to the web server;
decrypting the cipher-text at the web server using the RSA private key wherein d=r1mod(p−
1) and d=r2mod(q−
1), and wherein <
r1, r2>
are relatively small numbers on the order of 160 bits in length, wherein R′
1 equals the cipher-text raised to the ri power moduli one of the distinct prime numbers and R′
2 equals the cipher-text raised to the r2 power moduli the remaining prime number;
combining R′
1 and R′
2 to produce R using the Chinese Remainder Theorem wherein finding R′
1 and R′
2 is more efficient than using standard RSA keys;
and establishing a common session key between the web server and client using R.
1 Assignment
0 Petitions
Accused Products
Abstract
Presented is a method and system for improving the efficiency of network security protections communication protocols such as Secure Socket Layer (“SSL”) using enhanced Rivest-Shamir-Adleman (“RSA”) encryption and decryption techniques. During the establishment of the initial handshake of SSL communications, where a client is coupled to a server, the server generates a RSA public/private key pair. The public key is formed using two distinct prime numbers. By reducing the size of these prime numbers and arriving at the decrypted message using the Chinese Remainder Theorem, the efficiency of establishing a secure communications session is increased. Likewise if during generation of the public key, the prime numbers possess a mathematical relationship to the public key such that the prime numbers are on the order of a third of the size of the public key then the efficiency of establishing the initial handshake is again improved.
-
Citations
32 Claims
-
1. A method for secure computer communications, comprising:
-
generating a Rivest-Shamir-Adleman (“
RSA”
) algorithm public/private key pair at a web server, wherein <
N, e′
>
, represents the public key with N being the product of two distinct primes, p and q, and wherein the private key is represented by d;
sending a client hello message to the web server from a client requesting a secure network connection;
responding to the client with a server hello message comprising the RSA public key;
encrypting a random string R at the client using the RSA public key, wherein the resulting cipher-text C includes R;
sending the encrypted cipher-text to the web server;
decrypting the cipher-text at the web server using the RSA private key wherein d=r1mod(p−
1) and d=r2mod(q−
1), and wherein <
r1, r2>
are relatively small numbers on the order of 160 bits in length, wherein R′
1 equals the cipher-text raised to the ri power moduli one of the distinct prime numbers and R′
2 equals the cipher-text raised to the r2 power moduli the remaining prime number;
combining R′
1 and R′
2 to produce R using the Chinese Remainder Theorem wherein finding R′
1 and R′
2 is more efficient than using standard RSA keys;
andestablishing a common session key between the web server and client using R. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for performing an initial handshake during secure communications in a computer network comprising:
-
coupling a client to a web server;
generating a Rivest-Shamir-Adleman (“
RSA”
) algorithm public/private key pair at the web server, wherein the RSA public key is a product of two distinct prime numbers and the private key is a function of two random numbers, wherein each random number has a number of bits greater than or equal to 160 bits and less than a number of bits of the RSA key;
sending a client hello message to the web server requesting a secure network connection;
responding to the client with a server hello message containing the RSA public key;
encrypting a random string R at the client using the RSA public key, wherein the resulting cipher-text C includes R;
sending the encrypted cipher-text message to the web server;
separating cipher-text moduli of the two distinct prime numbers;
decrypting the moduli of the two distinct prime numbers individually using the two random numbers, wherein the results are combined using the Chinese Remainder Theorem, wherein computational efficiency is improved; and
establishing a common session key between the web server and the client using R. - View Dependent Claims (10, 11, 12, 13, 14, 18, 19, 20)
-
-
15. A method for secure communications, comprising:
-
generating a Rivest-Shamir-Adleman (“
RSA”
) algorithm public/private key pair at a web server, wherein the RSA public key is a product of two distinct prime numbers and the private key is a function of two random numbers;
receiving a client hello message from a client requesting a secure socket layer (“
SSL”
) coupling;
responding to the client with a server hello message containing the RSA public key;
encrypting a random string R at the client using the RSA public key, wherein the resulting cipher-text includes R;
receiving the encrypted cipher-text message at the web server;
separating cipher-text moduli of the two distinct prime numbers;
decrypting the moduli of the distinct prime numbers individually using the two random numbers, wherein the results are combined using the Chinese Remainder Theorem; and
establishing a common session key between the web server and client using R.
-
-
16. A method for secure computer communications, comprising:
-
coupling a web server to a client wherein the client requests the formation of a secure network connection;
generating a Rivest-Shamir-Adleman (“
RSA”
) algorithm public/private key pair, the public key comprising a root N, wherein N of the RSA public key is the product of two distinct n-bit prime numbers, p and q, wherein an encryption exponent e′
of the RSA public key is of the same order in size as the public key root, Nencrypting a plain-text message R using the RSA public key such that the resulting text is cipher-text C;
decrypting the cipher-text C using the RSA private key wherein the RSA private key is a function of two roots r1 and r2, wherein the two roots each are on the order of 160 bits in length; and
using the plain-text message R to determine a session encryption key and a session integrity key.
-
-
17. A method for Rivest-Shamir-Adleman (“
- RSA”
) decryption of secure network communications, comprising;
generating a RSA public/private key pair at a web server, wherein <
N, e>
represents the public key that is mathematically related to two distinct prime numbers;
keeping a size of N constant while reducing a size of the two distinct prime numbers by calculating N from a product of a first distinct prime number raised to the first power and a second distinct prime number wherein the first power is greater than one;
using the public key by a client to encrypt a plain-text message R to form a cipher-text message C;
decrypting the cipher-text C at the web server by using the RSA private key d to determine the plain-text message R by finding R′
1 and R′
2, wherein the private key is a function of two random numbers <
r1, r2>
, and wherein an additional R″
1 is constructed by using one of the two distinct prime numbers raised to a power greater than one, wherein efficiency of the decryption is increased in response to the reduced size of the two distinct prime numbers; and
computing the plain-text message using the Chinese Remainder Theorem.
- RSA”
-
21. A method for generating a Rivest-Shamnir-Adleman (“
- RSA”
) public/private key pair in secure network couplings, comprising;
generating two n-bit distinct prime numbers;
computing a public key root from a mathematical relationship between two distinct prime numbers;
reducing the size of the two distinct prime numbers while keeping the size of the public key root constant using exponentiation of the two distinct prime numbers;
forming a public RSA key pair by associating the public key root and a standard RSA encryption exponent; and
computing a private RSA key pair by mathematically combining the standard RSA encryption exponent and the n-bit distinct prime numbers. - View Dependent Claims (22, 23, 24)
- RSA”
-
25. A method for Rivest-Shamir-Adleman (“
- RSA”
) decryption of secure network communications, comprising;
generating a RSA public/private key pair at a web server, wherein <
N, e>
represents a public key that is mathematically related to two distinct prime numbers and d represents a private key that is mathematically related to two random numbers;
keeping a size of N constant while reducing a size of the two distinct prime number by calculating N from a product of a first distinct prime number raised to a power greater than one and the second distinct prime number;
using the public key at a client to encrypt a plain-text message R to form a cipher-text message C;
decrypting the cipher-text C at the web server using the RSA private key d to determine the plain-text message R by finding R′
1 l and R′
2, wherein an additional R″
1 is constructed by raising the first of the two distinct prime numbers to a power greater than one, wherein the efficiency of the decryption is increased due to a reduced size of the two distinct prime numbers using the private RSA key pair, wherein Hensle lifting compensates for altering a multiplicity of the distinct prime numbers; and
computing the plain-text message using the Chinese Remainder Theorem.
- RSA”
-
26. A method for Rivest-Shamir-Adleman (“
- RSA”
) decryption of secure network communications, comprising;
generating a RSA public/private key pair at the web server wherein <
N, e>
represents the public key that is mathematically related to two distinct prime numbers;
keeping a size of N constant while reducing a size of the two distinct prime numbers such that each of the two distinct prime numbers is on the order of one third of the size of N;
using the public key at a client to encrypt a plain-text message R to form a cipher-text message C;
decrypting the cipher-text C at the web server by using the RSA private key d, to determine the plain-text message R by finding R′
1 and R′
2, wherein an additional R″
1, is constructed by using the one of the two distinct prime numbers raised to a power greater than one, wherein the efficiency of the decryption is increased in response to the reduced size of the two distinct prime numbers using the private RSA key pair wherein Hensle lifting compensates for altering the multiplicity of the distinct prime numbers; and
computing the plain-text message using the Chinese Remainder Theorem.
- RSA”
-
27. A system for Rivest-Shamir-Adleman (“
- RSA”
) decryption of secure network communications, comprising;
a web server generating a RSA public/private key pair wherein <
N, e>
represents a public key that is mathematically related to two distinct prime numbers;
the web server keeping a size of N constant while reducing a size of the two distinct prime numbers by calculating N from the product of a first distinct prime number raised to a power greater than one and a second distinct prime number;
a client using the public key to encrypt a plain-text message R to form a cipher-text message C;
the web server decrypting the cipher-text C by using the RSA private key d to determine the plain-text message R by finding R′
1 and R′
2, wherein an additional R″
1 is constructed by using one of the two distinct prime numbers raised to a power greater than one wherein the efficiency of the decryption is increased in response to the reduced size of the two distinct prime numbers; and
the web server computing the plain-text message using the Chinese Remainder Theorem.
- RSA”
-
28. A system for using Rivest-Shamir-Adleman (“
- RSA”
) decryption of secure network communications in a computer network, comprising;
at least one web server;
at least one client processor coupled to the at least one web server, wherein the at least one web server generates a RSA public/private key pair, <
N, e>
, representing the public key that is mathematically related to two distinct prime numbers, wherein d represents the private key;
the at least one web server keeping a size of N constant while reducing a size of the two distinct prime numbers by calculating N from the product of a first distinct prime number raised to a power greater than one and a second distinct prime number;
the at least one client processor using the public key to encrypt a plain-text message R to form a cipher-text message C;
the at least one web server decrypting the cipher-text message C by using the RSA private key <
r1, r2>
to determine the plain-text message R by finding R′
1 and R′
2, wherein an additional R″
1 is constructed by using one of the two distinct prime numbers raised to a power greater than one wherein the efficiency of the decryption is increased in response to the reduced size of the two distinct prime numbers; and
the at least one web server computing the plain-text message using the Chinese Remainder Theorem.
- RSA”
-
29. A computer-readable medium, comprising executable instructions for Rivest-Shamir-Adleman (“
- RSA”
) decryption of secure network communications which, when executed in a processing system, causes the system to;
couple a web server to a client;
send a client hello message to the web server requesting a secure network connection;
generate a Rivest-Shamir-Adleman (“
RSA”
) algorithm public/private key pair at the web server wherein the RSA public key is the product of two distinct prime numbers wherein the RSA private key is a function of two random numbers wherein each random number has a number of bits greater than or equal to 160 bits and less than a number of bits of the RSA key;
respond to the client with a server hello message containing the RSA public key;
encrypt a random string R at the client using the RSA public key, wherein the resulting cipher-text C includes R;
send the encrypted cipher-text message C to the web server;
separate cipher-text C moduli of the two distinct prime numbers;
decrypt the moduli of the two distinct prime numbers individually using the two random numbers, wherein results are combined using the Chinese Remainder Theorem, wherein computational efficiency is improved and establish a common session key between the web server and the client using R.
- RSA”
-
30. An electromagnetic medium, comprising executable instructions for Rivest-Shamir-Adleman (“
- RSA”
) decryption of secure network communications which, when executed in a processing system, causes the system to;
couple a web server to a client;
send a client hello message to the web server requesting a secure network connection;
generate a Rivest-Sharnir-Adleman (“
RSA”
) algorithm public/private key pair at the web server wherein the RSA public key is the product of two distinct prime numbers, wherein the RSA private key is a function of two random numbers wherein each random number has a number of bits greater than or equal to 160 bits and less than a number of bits of the RSA key;
respond to the client with a server hello message containing the RSA public key;
encrypt a random string R at the client using the RSA public key, wherein the resulting cipher-text C includes R;
send the encrypted cipher-text message C to the web server;
separate cipher-text moduli of the two distinct prime numbers;
decrypt the moduli of the two distinct prime numbers individually using the two random numbers, wherein results are combined using the Chinese Remainder Theorem, wherein computational efficiency is improved; and
establish a common session key between the web server and the client using R.
- RSA”
-
31. A computer-readable medium, comprising executable instructions for Rivest-Shamir-Adleman (“
- RSA”
) decryption of secure network communications which, when executed in a processing system, causes the system to;
generate a RSA public/private key pair at the web server wherein <
N, e>
represents the public key that is mathematically related to two distinct prime numbers;
keep a size of N constant while reducing a size of the two distinct prime numbers such that each of the two distinct prime numbers is on the order of one third of the size of N;
use the public key at client to encrypt a plain-text message R to form a cipher-text message C;
decrypt the cipher-text C at the web server by using the RSA private key d to determine the plain-text message R by finding R′
1, and R′
2, wherein an additional R″
1, is constructed by using one of the two distinct prime numbers raised to a power greater than one, wherein the efficiency of the decryption is increased in response to the reduced size of the two distinct prime numbers using the private RSA key pair wherein Hensle lifting compensates for altering the multiplicity of the distinct prime numbers; and
compute the plain-text message using the Chinese Remainder Theorem.
- RSA”
-
32. An electromagnetic medium, comprising executable instructions for Rivest-Shamir-Adleman (“
- RSA”
) decryption of secure network communications which, when executed in a processing system, causes the system to;
generate a RSA public/private key pair at the web server wherein <
N, e>
represents the public key that is mathematically related to two distinct prime numbers;
keep a size of N constant while reducing a size of the two distinct prime numbers such that each of the two distinct prime numbers is on the order of one third of the size of N;
use the public key at a client to encrypt a plain-text message R to form a cipher-text message C;
decrypt the cipher-text C at the web server by using the RSA private key d to determine the plain-text message R by finding R′
1 and R′
2, wherein an additional R″
1 is constructed by using one of the two distinct prime numbers raised to a power greater than one, wherein the efficiency of the decryption is increased in response to the reduced size of the two distinct prime numbers using the private RSA key pair wherein Hensle lifting compensates for altering the multiplicity of the distinct prime numbers; and
compute the plain-text message using the Chinese Remainder Theorem.
- RSA”
Specification