Method and apparatus providing registered mail features in an electronic communication system
First Claim
1. A method for providing a security feature in an electronic communication system, wherein said communication system contains a first and a second terminal and a conmmunication network, wherein said first terminal is provided for sending a message to said second terminal, wherein said second terminal is provided for receiving said message, and wherein a security service station is provided to communicate with said first and second terminal via said communication network, comprising the steps of:
- (a) in said first terminal (A), generating a key (K) at random;
(b) in said first terminal (A), encrypting said message (MSG) with said random key (K), thereby obtaining a first encrypted message;
space="preserve" listing-type="equation"><
MSG>
.sub.K ;
(c) in said first terminal (A), deriving a first quantity of data (CS.A=<
MSG>
K in FIG.
1) defining said first encrypted message (<
MSG>
K) and composing from said first quantity of data (CS.A) and from said key (K) a composed data quantity;
(K, CS.A)(d) in said first terminal (A), encrypting said composed data quantity with a first secret key (SK.A) which is specifically assigned to said first terminal (A), thereby obtaining a first encrypted composed quantity of data;
space="preserve" listing-type="equation">{K,CS.A}SK.A(e) sending said first encrypted compound quantity of data ({K,CS.A}SK.A) from said first terminal (A) to said security service station (SSS);
(f) sending said first encrypted message (<
MSG>
K) from said first terminal (A) to said second terminal (B);
(g) in said second terminal (B), deriving a second quantity of data (CS.B=<
MSG>
K in FIG.
1) defining said first encrypted message (<
MSG>
K) received from said first terminal (A) and encrypting said second quantity of data with a second secret key (SK.B) which is specifically assigned to said second terminal (B), thereby obtaining a second encrypted quantity of data;
space="preserve" listing-type="equation">CR.3={<
MSG>
.sub.K }SK.B;
(h) sending said second encrypted quantity of data (CR.3) from said second terminal (B) to said security service station (SSS);
(i) in said security service station (SSS), decrypting said first encrypted composed quantity of data ({K,CS.A}SK.A) received from said first terminal (A) with a first predetermined key (PK.A) which is specifically assigned to said first terminal (A), thereby obtaining said first quantity of data (CS.A) and said random key (K);
(j) in said security service station (SSS), decrypting said second encrypted quantity of data (CR.3) received from said second terminal (B) with a second predetermined key (PK.B) which is specifically assigned to said second terminal (B), thereby obtaining said second quantity of data (CS.B);
(k) in said security service station (SSS), determining if said first quantity of data (CS.A) is equal to said second quantity of data (CS.B);
(l) if so (CS.A =CS.B),in said security service station (SSS), composing a receipt information (RC in FIG.
1) comprising said random key (K) and said first quantity of data (CS.A);
space="preserve" listing-type="equation">RC=K,CS.A;
(m) in said security service station (SSS), encrypting said information (RC) with a secret network key (SK.N) specifically assigned to said security service station (SSS),thereby obtaining a receipt (RCPT);
space="preserve" listing-type="equation">RCPT(K)={RC}SK.N;
(n) sending said receipt (RCPT) from said security service station (SSS) to said first terminal (A);
(o) sending said receipt (RCPT) and random key information (K) from said security service station (SSS) to said second terminal (B);
(p) in said second terminal (B), extracting said random key (K) from said random key information; and
(q) in said second terminal (B), decrypting said first encrypted message (<
MSG>
K) with said random key (K), thereby obtaining said message (MSG) in clear text. (FIG.
1).
1 Assignment
0 Petitions
Accused Products
Abstract
The method and the apparatus provide a security feature in an electronic communication system which contains a first and a second terminal and a communication network. The first terminal is designed for sending a message to the second terminal. A security service station is provided to communicate with the first and second terminals via the communication network. In the first terminal a key is generated at random which is used for encrypting the message, thereby obtaining a first encrypted message. A first quantity of data defining this first encrypted message and the random key form a composed data quantity which is encrypted with a first secret key. This key is specifically assigned to the first terminal. A first encrypted composed quantity of data is obtained which is sent from the first terminal to the security service station.
The first encrypted message is transmitted from the first terminal to the second terminal. Here, a second quantity of data defining the first encrypted message is derived. This quantity of data is encrypted with a second secret key which is specifically assigned to the second terminal. Thereby, a second encrypted quantity of data is obtained which is sent to the security service station.
243 Citations
16 Claims
-
1. A method for providing a security feature in an electronic communication system, wherein said communication system contains a first and a second terminal and a conmmunication network, wherein said first terminal is provided for sending a message to said second terminal, wherein said second terminal is provided for receiving said message, and wherein a security service station is provided to communicate with said first and second terminal via said communication network, comprising the steps of:
-
(a) in said first terminal (A), generating a key (K) at random; (b) in said first terminal (A), encrypting said message (MSG) with said random key (K), thereby obtaining a first encrypted message;
space="preserve" listing-type="equation"><
MSG>
.sub.K ;(c) in said first terminal (A), deriving a first quantity of data (CS.A=<
MSG>
K in FIG.
1) defining said first encrypted message (<
MSG>
K) and composing from said first quantity of data (CS.A) and from said key (K) a composed data quantity;
(K, CS.A)(d) in said first terminal (A), encrypting said composed data quantity with a first secret key (SK.A) which is specifically assigned to said first terminal (A), thereby obtaining a first encrypted composed quantity of data;
space="preserve" listing-type="equation">{K,CS.A}SK.A(e) sending said first encrypted compound quantity of data ({K,CS.A}SK.A) from said first terminal (A) to said security service station (SSS); (f) sending said first encrypted message (<
MSG>
K) from said first terminal (A) to said second terminal (B);(g) in said second terminal (B), deriving a second quantity of data (CS.B=<
MSG>
K in FIG.
1) defining said first encrypted message (<
MSG>
K) received from said first terminal (A) and encrypting said second quantity of data with a second secret key (SK.B) which is specifically assigned to said second terminal (B), thereby obtaining a second encrypted quantity of data;
space="preserve" listing-type="equation">CR.3={<
MSG>
.sub.K }SK.B;(h) sending said second encrypted quantity of data (CR.3) from said second terminal (B) to said security service station (SSS); (i) in said security service station (SSS), decrypting said first encrypted composed quantity of data ({K,CS.A}SK.A) received from said first terminal (A) with a first predetermined key (PK.A) which is specifically assigned to said first terminal (A), thereby obtaining said first quantity of data (CS.A) and said random key (K); (j) in said security service station (SSS), decrypting said second encrypted quantity of data (CR.3) received from said second terminal (B) with a second predetermined key (PK.B) which is specifically assigned to said second terminal (B), thereby obtaining said second quantity of data (CS.B); (k) in said security service station (SSS), determining if said first quantity of data (CS.A) is equal to said second quantity of data (CS.B); (l) if so (CS.A =CS.B),in said security service station (SSS), composing a receipt information (RC in FIG.
1) comprising said random key (K) and said first quantity of data (CS.A);
space="preserve" listing-type="equation">RC=K,CS.A;(m) in said security service station (SSS), encrypting said information (RC) with a secret network key (SK.N) specifically assigned to said security service station (SSS),thereby obtaining a receipt (RCPT);
space="preserve" listing-type="equation">RCPT(K)={RC}SK.N;(n) sending said receipt (RCPT) from said security service station (SSS) to said first terminal (A); (o) sending said receipt (RCPT) and random key information (K) from said security service station (SSS) to said second terminal (B); (p) in said second terminal (B), extracting said random key (K) from said random key information; and (q) in said second terminal (B), decrypting said first encrypted message (<
MSG>
K) with said random key (K), thereby obtaining said message (MSG) in clear text. (FIG.
1). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus for message acknowledgement in a communication system which is provided for transmitting digital data, comprising in combination:
-
(a) a communication network (10) for transmitting said digital data; (b) a first terminal (4) connected to said communication network (10), said first terminal (4) containing (b1) a first central processing unit (42) having a first memory (18) for storage of a program, of a first predetermined user key (PK.A), of a first secret user key (SK.A), and of variables (PK.B,etc.); (b2) first non-volatile storage means (43) for storing a message (MSG) and a receipt (RCPT); (b3) input means (40) for introducing said message (MSG) into said first memory (18) under the control of said first processing unit (42); (b4) a first cryptomodule (45) connected to said first central processing unit (42), said first cryptomodule (45) being adapted to encrypt and decrypt data received from said first memory (18) under the control of said first central processing unit (42), said first cryptomodule (45) thereby encrypting said message (MSG); (c) a second terminal (6) connected to said communication network (10), said second terminal (6) containing (c1) a second central processing unit (52) having a second memory (28) for storage of a program, of a second predetermined user key (PK.B), of a second secret user key (SK.B), and of variables (PK.A;
etc.);(c2) second non-volatile storage means (53) for storing said message (MSG) and said receipt (RCPT); (c3) a second cryptomodule (55) connected to said second control processing unit (52), said second cryptomodule (55) being adapted to encrypt and decrypt data received from said second memory (28) under the control of said second central processing unit (52), said second cryptomodule (55) thereby decrypting said message (MSG); (c4) output means (50) for delivering said message (MSG); (d) a security service station (8) containing (d1) a third central processing unit (62) having a third memory (38) for storage of a program, of a secret network key (SK.N), of predetermined user keys (PK.A;
PK.B), and of variables;(d2) third non-volatile storage means (63) connected to said third central processing unit (62) for temporarily storing digital data; and (d3) a third cryptomodule (65) connected to said third central processing unit (62), said third cryptomodule (65) being adapted to encrypt and decrypt data received from said third memory (38) under the control of said third central processing unit (62). - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification