Security breach management
First Claim
1. A method for handling a breach in security, the method comprising the steps of:
- prior to the breach, a first party sending to a second party data that identifies a plurality of public keys, including a current public key that corresponds to a current private key;
prior to the breach, the second party using said current public key and the first party using the current private key to exchange electronic messages securely;
in response to the breach, performing the steps of the first party invalidating said current private key;
the first party sending a message to said second party to instruct said second party to invalidate said current public key, and to establish another public key in said plurality of public keys as a new current public key;
after said second party receives said message, said second party using said new current public key and said first party using a corresponding new current private key to exchange electronic messages securely.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for handling a breach in security are disclosed. According to one technique, prior to the breach, a first party sends to a second party data that identifies a plurality of public keys, including a current public key that corresponds to a current private key. The second party uses the current public key and the first party uses the current private key to exchange electronic messages securely. Other keys, including a session key, may also be used to ensure the security of the exchange. According to one technique, digital signatures are attached to every outgoing message during the secure exchange, and verified on every incoming message. In response to a breach involving the current private key, (1) the first party invalidates the current private key, (2) the first party sends a message to the second party to instruct the second party to invalidate the current public key, and to establish another public key in the plurality of public keys as a new current public key. After the second party receives the message, the second party uses the new current public key and the first party uses a corresponding new current private key to exchange electronic messages securely.
-
Citations
14 Claims
-
1. A method for handling a breach in security, the method comprising the steps of:
-
prior to the breach, a first party sending to a second party data that identifies a plurality of public keys, including a current public key that corresponds to a current private key;
prior to the breach, the second party using said current public key and the first party using the current private key to exchange electronic messages securely;
in response to the breach, performing the steps of the first party invalidating said current private key;
the first party sending a message to said second party to instruct said second party to invalidate said current public key, and to establish another public key in said plurality of public keys as a new current public key;
after said second party receives said message, said second party using said new current public key and said first party using a corresponding new current private key to exchange electronic messages securely. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for conducting a secure exchange of electronic information, the method comprising the steps of:
-
a first party sending to a second party a first message that is encrypted using a first public encryption key, the first message containing a session key;
said second party using a first private decryption key to decrypt said first message and extract said session key;
establishing a secure session between said first party and said second party using said session key, wherein all messages communicated between said parties during said session are encrypted using said session key;
said first party signing each message sent to said second party in said secure session using digital signatures generated using a first private digital signature key, wherein said first private digital signature key corresponds to a first public digital signature key;
said second party signing each message sent to said first party in said secure session using digital signatures generated using a second private digital signature key, wherein the second private digital signature key corresponds to a second public digital signature key;
said first party verifying that each message received during said secure session is authentic by applying said second public digital signature key to digital signatures received by said first party during said secure session; and
said second party verifying that each message received during said secure session is authentic by applying said first public digital signature key to digital signatures received by said second party during said secure session.
-
-
8. A system for handling a breach in security, the system comprising:
-
a first computer system associated with a first party;
a second computer system associated with a second party;
a network operatively connection said first computer system to said second computer system, wherein access to said network is not exclusively controlled by said first party or said second party;
wherein said first computer system is configured to, prior to said breach, send to said second computer system data that identifies a plurality of public keys, including a current public key that corresponds to a current private key;
wherein the first and second computer systems are configured to exchange electronic messages securely, prior to said breach, in a session during which said second computer uses said current public key and the first computer system uses the current private key;
wherein the first and second computers are configured to respond to the breach by performing the following steps;
the first computer system invalidates said current private key;
the first computer system sends a message to said second computer system to instruct said second computer system to invalidate said current public key, and to establish another public key in said plurality of public keys as a new current public key;
the second computer system invalidates said current public key and establishes the other public key as the new current public key;
wherein, after said second computer system receives said message, said second computer system uses said new current public key and said first computer system uses a corresponding new current private key to exchange electronic messages securely. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A system for conducting a secure exchange of electronic information, the system comprising:
-
a first computer system configured to send to a second computer system a first message that is encrypted using a first public encryption key, the first message containing a session key;
said second computer system configured to use a first private decryption key to decrypt said first message and extract said session key;
wherein said first and second computer systems establish a secure session using said session key, wherein all messages communicated between said first and second computer systems during said session are encrypted using said session key;
said first computer system signing each message sent to said second computer system in said secure session using digital signatures generated using a first private digital signature key, wherein said first private digital signature key corresponds to a first public digital signature key;
said second computer system signing each message sent to said first computer system in said secure session using digital signatures generated using a second private digital signature key, wherein the second private digital signature key corresponds to a second public digital signature key;
said first computer system verifying that each message received during said secure session is authentic by applying said second public digital signature key to digital signatures received by said first computer system during said secure session; and
said second computer system verifying that each message received during said secure session is authentic by applying said first public digital signature key to digital signatures received by said second computer system during said secure session.
-
Specification