Computer system for securing communications using split private key asymmetric cryptography
First Claim
1. An article of manufacture for securing communications between users of a crypto-system having a plurality of users, each of said plurality of users having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion, comprising:
- computer readable storage medium; and
computer programming stored on said storage medium;
wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to;
generate a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion;
encrypt said second temporary key portion with the first private key portion of a first user crypto-key associated with a first user to form a first encrypted message;
direct issuance of said first encrypted message to a second user having access to the second private key portion of the first user crypto-key, wherein the second temporary key portion is obtainable by application of the second private key portion of the first user crypto-key to the first encrypted message to thereby authenticate the first user to the second user; and
apply the public key portion of the first user crypto-key to decrypt a second encrypted message, which includes the first encrypted message encrypted with the second private key portion of the first user crypto-key, to thereby authenticate the second user to the first user.
3 Assignments
0 Petitions
Accused Products
Abstract
A programmed computer secures communications between users of a crypto-system in which each user has an associated asymmetric crypto-key with a public key portion accessible to all system users and a corresponding private key portion having a first private key portion known only to the associated user and a corresponding second private key portion. The computer includes a processor programmed to generate a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion. The computer then encrypts the second temporary key portion with the first private key portion of a first user crypto-key associated with a first user to form a first encrypted message. The processor directs the issuance of the first encrypted message to a second user having access to the second private key portion of the first user crypto-key. The processor next applies the public key portion of the first user crypto-key to decrypt a second encrypted message generated by the second user, which includes the first encrypted message encrypted with the second private key portion of the first user crypto-key, to thereby authenticate the second user to the first user. The computer also includes a storage medium for storing the first temporary key portion, and the public key portion of the first user crypto-key.
-
Citations
27 Claims
-
1. An article of manufacture for securing communications between users of a crypto-system having a plurality of users, each of said plurality of users having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion, comprising:
-
computer readable storage medium; and computer programming stored on said storage medium; wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to; generate a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion; encrypt said second temporary key portion with the first private key portion of a first user crypto-key associated with a first user to form a first encrypted message; direct issuance of said first encrypted message to a second user having access to the second private key portion of the first user crypto-key, wherein the second temporary key portion is obtainable by application of the second private key portion of the first user crypto-key to the first encrypted message to thereby authenticate the first user to the second user; and apply the public key portion of the first user crypto-key to decrypt a second encrypted message, which includes the first encrypted message encrypted with the second private key portion of the first user crypto-key, to thereby authenticate the second user to the first user. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A programmed computer for securing communications between users of a crypto-system having a plurality of users, each of said plurality of users having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion, comprising:
-
a processor for generating a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion, for encrypting said second temporary key portion with the first private key portion of a first user crypto-key associated with a first user to form a first encrypted message, for directing issuance of said first encrypted message to a second user having access to the second private key portion of the first user crypto-key, and for applying the public key portion of the first user crypto-key to decrypt a second encrypted message, which includes the first encrypted message encrypted with the second private key portion of the first user crypto-key, to thereby authenticate the second user to the first user; and storage medium for storing the first temporary key portion, and the public key portion of the first user crypto-key. - View Dependent Claims (7, 8, 9, 10)
-
-
11. An article of manufacture for jointly signing communications between users in a crypto-system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion, comprising:
-
computer readable storage medium; and computer programming stored on said storage medium; wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to; generate a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion; apply to the first private key portion of a first user crypto-key associated with a first user to encrypt said second temporary key portion to form a first encrypted message; direct issuance of the first encrypted message to a second user having access to the second private key portion of the first user crypto-key; apply the first private key portion of the first user crypto-key to encrypt a hash message to form a second encrypted message, and thereby place a signature of the first user on the hash message; apply said first temporary key portion to encrypt said second encrypted message to form a third encrypted message; direct issuance of the third encrypted message to the second user; and apply the public key portion of the first user crypto-key to decrypt a fourth encrypted message, which includes the second encrypted message encrypted with the second private key portion of the first user crypto-key, to obtain the hash message to thereby verify the joint signatures of the first and the second users on the hash message; wherein, the second temporary key portion is obtainable by applying the second private key portion of the first user crypto-key to decrypt the first encrypted message and thereby authenticate the first user to the second user, and the second encrypted message is obtainable by applying said second temporary key portion to decrypt the third encrypted message.
-
-
12. A programmed computer for jointly signing communications between users of a crypto-system having a plurality of users, each of said plurality of users having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion, comprising:
-
a processor (i) for generating a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion, (ii) for applying the first private key portion of a first user crypto-key associated with a first user to encrypt said second temporary key portion to form a first encrypted message, (iii) for directing issuance of the first encrypted message to a second user having access to the second private key portion of the first user crypto-key, (iv) for applying the first private key portion of the first user crypto-key to encrypt a hash message to form a second encrypted message, and thereby place a signature of the first user on the hash message, (v) for applying said first temporary key portion to encrypt said second encrypted message to form a third encrypted message, (vi) for directing to issuance of the third encrypted message to the second user, and (vii) for applying the public key portion of the first user crypto-key to decrypt a fourth encrypted message, which includes the second encrypted message encrypted with the second private key portion of the first user crypto-key, to obtain the hash message and thereby verify the joint signatures of the first and the second users on the hash message; and storage medium for storing the first temporary key portion, and the public key portion of the first user crypto-key; wherein, the second temporary key portion is obtainable by applying the second private key portion of the first user crypto-key to decrypt the first encrypted message and thereby authenticate the first user to the second user, and the second encrypted message is obtainable by applying said second temporary key portion to decrypt the third encrypted message.
-
-
13. An article of manufacture, for authenticating users of a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a trusted third party, comprising:
-
computer readable storage medium; and computer programming stored on said storage medium; wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to; apply the first private key portion of a first user crypto-key associated with a first user to encrypt a first message to form a first encrypted message; direct issuance of said first encrypted message to said trusted third party; and apply the public key portion of the first user crypto-key to decrypt to a second encrypted message, which includes the first encrypted message encrypted with the second private key portion of the first user crypto-key, to obtain the first message and thereby authenticate the trusted third party to the first user; wherein the first message is obtainable by applying the second private key portion of the first user crypto-key to decrypt the first encrypted message and thereby authenticate the first user to the trusted third party. - View Dependent Claims (14)
-
-
15. A programmed computer for authenticating users of a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a trusted third party, comprising:
-
a processor (i) for applying the first private key portion of a first user crypto-key associated with a first user to encrypt a first message to form a first encrypted message, (ii) for directing issuance of said first encrypted message to said trusted third party, and (iii) for applying the public key portion of the first user crypto-key to decrypt a second encrypted message, which includes the first encrypted message encrypted with the second private key portion of the first user crypto-key, to obtain the first message and thereby authenticate the trusted third party to the first user; and storage medium for storing the public key portion of the first user crypto-key and the first message; wherein the first message is obtainable by applying the second private key portion of the first user crypto-key to decrypt the first encrypted message and thereby authenticate the first user to the trusted third party. - View Dependent Claims (16)
-
-
17. An article of manufacture for securing communications between users of a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a trusted third party, comprising:
-
computer readable storage medium; and computer programming stored on said storage medium; wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to; generate a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion; apply the first private key portion of a first user crypto-key associated with a first user to encrypt said second temporary key portion to form a first encrypted message; direct issuance of said first encrypted message to the trusted third party; apply said first temporary key portion to encrypt a first communication to form a first encrypted communication or to decrypt a second communication, including a communication encrypted with said second temporary key portion, to obtain said second communication; and direct issuance of said first encrypted communication to a second user; wherein, said second temporary key portion is obtainable by applying the public key portion of the first user crypto-key to decrypt a second encrypted message, which includes the first encrypted message encrypted with a second private key portion of the first user crypto-key.
-
-
18. A programmed computer for securing communications between users of a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a trusted third party, comprising:
-
a processor (i) for generating a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion, (ii) for applying the first private key portion of a first user crypto-key associated with a first user to encrypt said second temporary key portion to form a first encrypted message, (iii) for directing issuance of said first encrypted message to the trusted third party, (iv) for applying said first temporary key portion to encrypt a first communication to form a first encrypted communication or to decrypt a second communication, including a communication encrypted with said second temporary key portion, to obtain the second communication, and (v) for directing issuance of said first encrypted communication to a second user; and storage medium for storing said first temporary key portion; wherein, said second temporary key portion is obtainable by applying the public key portion of the first user crypto-key to decrypt a second encrypted message, which includes the first encrypted message encrypted with a second private key portion of the first user crypto-key.
-
-
19. An article of manufacture for authenticating users of a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a third party, comprising:
-
computer readable storage medium; and computer programming stored on said storage medium; wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to; apply the second private key portion of a first user crypto-key associated with a first user to decrypt a first encrypted message, which includes a first message encrypted with the first private key portion of the first user crypto-key, and thereby authenticate the first user to the third party; encrypt the first encrypted message with the second private key portion of the first user crypto-key to form a second encrypted message; and direct issuance of the second encrypted message to the first user, wherein the first message is obtainable by application of the public key portion of the first user crypto-key to decrypt the second encrypted message and thereby authenticate the third party to the first user. - View Dependent Claims (20)
-
-
21. A programmed computer for authenticating users of a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a third party, comprising:
-
a storage medium for storing the second private key portion of a first user crypto-key associated with a first user; and a processor (i) for applying the second private key portion of the first user crypto-key to decrypt a first encrypted message, which includes a first message encrypted with the first private key portion of the first user crypto-key, and thereby authenticate the first user to the third party, (ii) for encrypting the first encrypted message with the second private key portion of the first user crypto-key to form a second encrypted message, and (iii) for directing issuance of the second encrypted message to the first user, wherein the first message is obtainable by application of the public key portion of the first user crypto-key to decrypt the second encrypted message and thereby authenticate the third party to the first user. - View Dependent Claims (23, 24, 26, 27)
-
-
22. An article of manufacture for authenticating users of a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a third party, comprising:
-
computer readable storage medium; and computer programming stored on said storage medium; wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to; apply the second private key portion of a first user crypto-key associated with a first user to encrypt a first encrypted message, which includes a first message encrypted with a first private key portion of a first user crypto-key, to form a second encrypted message; and direct issuance of said second encrypted message to a second user, wherein the first message is obtainable by applying the public key portion of the first user crypto-key to decrypt the second encrypted message and thereby authenticate the first user to the second user.
-
-
25. A programmed computer for authenticating users of a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a third party, comprising:
-
storage medium for storing the second private key portion of a first user crypto-key associated with a first user; and a processor for applying the second private key portion of the first user crypto-key to encrypt a first encrypted message, which includes a first message encrypted with the first private key portion of the first user crypto-key, to form a second encrypted message, and for issuing said second encrypted message to a second user, wherein the first message is obtainable by applying the public key portion of the first user crypto-key to decrypt the second encrypted message and thereby authenticate the first user to the second user.
-
Specification