Public key data communications system under control of a portable security device
First Claim
1. A communications systemin which messages are processed using public key cryptography with a private key unique to one or more users (130) under the control of a portable security device (120) held by the, or each, user,the system comprising:
- a server (130) for performing public key processing using the private key;
the server (130) being adapted for data communication with the portable security device (120);
characterised in thatthe server (130) comprises, or has access to, data storage means in which is stored in a secure manner the private key for the, or each, user in encrypted form only,the private key being encrypted with a key encrypting key,the server comprising secure processing means (360) to receive a message to be processed from the user, retrieve the encrypted private key for the user, decrypt the private key using the key encrypting key, perform the public key processing for the message using the decrypted private key, and delete the key encrypting key and decrypted private key after use,and in that each security device (120) comprises means for storing or generating the key encrypting key and providing the key encrypting key to the server (130) and means for specifying a message to be processed,the system being arranged so that communication of at least the key encrypting key to the server is secure and so that the server can only use the key encrypting key to process the message specified by the user.
1 Assignment
0 Petitions
Accused Products
Abstract
A data communications system is described in which messages are processed using public key cryptography with a private key unique to one or more users (150) under the control of a portable security device (120), such as a smart card, held by each user, the system comprising: a server (130) for performing public key processing using the private key. The server (130) stores, or has access to, the private key for the, or each, user in encrypted form only. The private key is encrypted with a key encrypting key and each security device (120) comprises means for storing or generating the key encrypting key and providing the key encrypting key to the server (130). The server comprises secure means (360) to retrieve the encrypted private key for the user, decrypt the private key using the key encrypting key, perform the public key processing using the decrypted private key, and delete the decrypted private key after use.
472 Citations
11 Claims
-
1. A communications system
in which messages are processed using public key cryptography with a private key unique to one or more users (130) under the control of a portable security device (120) held by the, or each, user, the system comprising: -
a server (130) for performing public key processing using the private key; the server (130) being adapted for data communication with the portable security device (120); characterised in that the server (130) comprises, or has access to, data storage means in which is stored in a secure manner the private key for the, or each, user in encrypted form only, the private key being encrypted with a key encrypting key, the server comprising secure processing means (360) to receive a message to be processed from the user, retrieve the encrypted private key for the user, decrypt the private key using the key encrypting key, perform the public key processing for the message using the decrypted private key, and delete the key encrypting key and decrypted private key after use, and in that each security device (120) comprises means for storing or generating the key encrypting key and providing the key encrypting key to the server (130) and means for specifying a message to be processed, the system being arranged so that communication of at least the key encrypting key to the server is secure and so that the server can only use the key encrypting key to process the message specified by the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for processing messages using public key cryptography with a private key unique to one or more users (150) under the control of a portable security device (120) held by the, or each, user, in a system comprising:
- a server (130) for performing public key processing using the private key, in which system the server (130) is adapted for data communication with the portable security device (120);
characterised by the steps of (a) storing in the server, or providing the server with access to, the private key for the, or each, user in encrypted form only, the private key being encrypted with a key encrypting key; (b) storing or generating in the security device the key encrypting key and providing the key encrypting key to the server (130) in a manner such that at least the key encrypting key is secure in communication to the server; and
,in a secure environment in the server (130); (c) receiving a message to be processed specified by the user; (d) retrieving the encrypted private key for the user; (e) verifying that the message was that specified by the user; (f) decrypting the private key using the key encrypting key; (g) performing the public key processing for the message using the decrypted private key; and (h) deleting the decrypted private key and the key encrypting key after use.
- a server (130) for performing public key processing using the private key, in which system the server (130) is adapted for data communication with the portable security device (120);
Specification