DYNAMIC DISTRIBUTED KEY SYSTEM AND METHOD FOR IDENTITY MANAGEMENT, AUTHENTICATION SERVERS, DATA SECURITY AND PREVENTING MAN-IN-THE-MIDDLE ATTACKS
First Claim
1. A method of encrypting a communication between a first source computer and a second destination computer, wherein said source and destination computers are each provided respectively with first and second private distributed keys, each associated with a first and second unique private key identifier, wherein a key storage server is provided with said first and second private distributed keys, each associated with said first and second unique private key identifiers, said method comprising:
- i) said source computer sending a request to said key storage server for a session key;
ii) said key storage server identifying said source computer and locating its associated private distributed key;
iii) said key storage server generating a unique session key for the session in question, identified by a unique session identifier;
iv) said key storage server encrypting the session key with said source computer private distributed key and sending it, with a session identifier, to said source computer;
v) said source computer using said source computer private distributed key to decrypt the session key and using the session key to encrypt said communication, which is sent to the destination computer along with said session identifier;
vi) said destination computer receives the encrypted communication and session identifier and sending a request to said key storage server for the session key associated with said session identifier;
vii) said key storage server determining from the session identifier whether it has the corresponding session key, and whether it has said destination computer'"'"'s private distributed key;
viii) if said key storage server determines from the session identifier that it has the corresponding session key, and has said destination computer'"'"'s private distributed key, said key storage server encrypting the session key said destination computer'"'"'s private distributed key and communicating it to said destination computer;
ix) said destination computer then decrypting the session key using its private distributed key and decrypting said communication using the decrypted session key.
0 Assignments
0 Petitions
Accused Products
Abstract
A distributed key encryption system and method is provided in which a key storage server provides a session key to the source and destination computers by encrypting the session key with unique distributed private keys that are associated with the respective source and destination computers by unique private key identifiers The destination computer then decrypts the encrypted session key using it'"'"'s distributed private key and then decrypts the communication using the decrypted session key.
-
Citations
16 Claims
-
1. A method of encrypting a communication between a first source computer and a second destination computer, wherein said source and destination computers are each provided respectively with first and second private distributed keys, each associated with a first and second unique private key identifier, wherein a key storage server is provided with said first and second private distributed keys, each associated with said first and second unique private key identifiers, said method comprising:
-
i) said source computer sending a request to said key storage server for a session key; ii) said key storage server identifying said source computer and locating its associated private distributed key; iii) said key storage server generating a unique session key for the session in question, identified by a unique session identifier; iv) said key storage server encrypting the session key with said source computer private distributed key and sending it, with a session identifier, to said source computer; v) said source computer using said source computer private distributed key to decrypt the session key and using the session key to encrypt said communication, which is sent to the destination computer along with said session identifier; vi) said destination computer receives the encrypted communication and session identifier and sending a request to said key storage server for the session key associated with said session identifier; vii) said key storage server determining from the session identifier whether it has the corresponding session key, and whether it has said destination computer'"'"'s private distributed key; viii) if said key storage server determines from the session identifier that it has the corresponding session key, and has said destination computer'"'"'s private distributed key, said key storage server encrypting the session key said destination computer'"'"'s private distributed key and communicating it to said destination computer; ix) said destination computer then decrypting the session key using its private distributed key and decrypting said communication using the decrypted session key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15)
-
-
12. The method of claim 12 wherein hacking is detected when, if a copy of a key is made, the offsets do not match between the legitimate key and the stolen key.
-
13. The method of claim 13 wherein a user account is revoked when hacking is detected.
-
16. A system for encrypting a communication between a first source computer and a second destination computer, wherein said source and destination computers are each provided respectively with first and second private distributed keys, each associated with a first and second unique private key identifier, said system further comprising
i) a key storage server provided with said first and second private distributed keys, each associated with said first and second unique private key identifiers: -
ii) means associated with said source computer for sending a request to said key storage server for a session key; iii) means associated with said key storage server for identifying said source computer and locating its associated private distributed key; iv) means associated with said key storage server for generating a unique session key for the session in question, identified by a unique session identifier; v) means associated with said key storage server for encrypting the session key with said source computer private distributed key and sending it, with a session identifier, to said source computer; vi) means associated with said source computer for using said source computer private distributed key to decrypt the session key and using the session key to encrypt said communication, which is sent to the destination computer along with said session identifier; vii) means associated with said destination computer for receiving the encrypted communication and session identifier and sending a request to said key storage server for the session key associated with said session identifier; viii) means associated with said key storage server for determining from the session identifier whether it has the corresponding session key, and whether it has said destination computer'"'"'s private distributed key, and if said key storage server determines from the session identifier that it has the corresponding session key, and has said destination computer'"'"'s private distributed key, said key storage server encrypting the session key said destination computer'"'"'s private distributed key and communicating it to said destination computer; ix) means associated with said destination computer for then decrypting the session key using its private distributed key and decrypting said communication using the decrypted session key.
-
Specification