Key replacement in a public key cryptosystem
First Claim
1. A method of secure public key replacement in a public key cryptography system, wherein secure messages are transmitted from a first node to a second node over a network presumed to be insecure, the method comprising the steps of:
- generating, at the first node, an active key pair comprising an active private key and an active public key, wherein the active key pair is used to secure messages between the first and second nodes according to a public key scheme;
generating, at the first node, a replacement key pair comprising a replacement private key and a replacement public key;
generating at the first node, a mask of the replacement public key;
sending the active public key and the mask of the replacement public key from the first node to the second node over a secure channel;
when the active key pair is to be retired, performing the steps of;
generating, at the first node, the next replacement key pair comprising the next replacement private key and the next replacement public key;
generating, at the first node, the mask of the next replacement public key;
sending a key replacement message including the replacement public key from the first node to the second node over the network; and
verifying, at the second node, the replacement public key; and
thereafter using the replacement key pair as the active key pair, for use in securing messages between the first and second nodes, and thereafter using the next replacement key pair in place of the replacement key pair, which is stored for use in a subsequent key pair retiring step.
2 Assignments
0 Petitions
Accused Products
Abstract
Improved key management is provided by a public key replacement apparatus and method for operating over insecure networks. An active public key and the mask of a replacement public key are provided by a key server to nodes where the active key is used to encrypt and verify messages. To replace the active public key with the replacement public key, a key replacement message is sent to the node. The key replacement message contains the replacement public key and contains the mask of the next replacement key. The mask of the replacement public key may be generated by hashing or encrypting. The key replacement message is signed by the active public key and the replacement public key. Nodes are implemented by a computer, a smart card, a stored data card in combination with a publicly accessible node machine, or other apparatus for sending and/or receiving messages. In a particular application, a financial transaction network, nodes are consumer nodes, merchant nodes, or both, and transactions are securely sent over a possible insecure network.
446 Citations
20 Claims
-
1. A method of secure public key replacement in a public key cryptography system, wherein secure messages are transmitted from a first node to a second node over a network presumed to be insecure, the method comprising the steps of:
-
generating, at the first node, an active key pair comprising an active private key and an active public key, wherein the active key pair is used to secure messages between the first and second nodes according to a public key scheme; generating, at the first node, a replacement key pair comprising a replacement private key and a replacement public key; generating at the first node, a mask of the replacement public key; sending the active public key and the mask of the replacement public key from the first node to the second node over a secure channel; when the active key pair is to be retired, performing the steps of; generating, at the first node, the next replacement key pair comprising the next replacement private key and the next replacement public key; generating, at the first node, the mask of the next replacement public key; sending a key replacement message including the replacement public key from the first node to the second node over the network; and verifying, at the second node, the replacement public key; and thereafter using the replacement key pair as the active key pair, for use in securing messages between the first and second nodes, and thereafter using the next replacement key pair in place of the replacement key pair, which is stored for use in a subsequent key pair retiring step. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of secure public key replacement in a public key cryptography system, wherein a first node stores an active private key and a second node stores an active public key and a replacement public key, the active public key and the active private key being an active key pair used for public key cryptography and the replacement public key and the replacement private key being a replacement key pair, and wherein the replacement public key is stored as an encrypted replacement public key at the second node, the method comprising the steps of:
-
generating, at the first node, a next replacement key pair comprising a next replacement private key and a next replacement public key; generating, at the first node, a mask of the next replacement public key; sending the replacement public key from the first node to the second node; verifying, at the second node, the encrypted replacement public key; and thereafter using the replacement key pair as the active key pair, for use in securing messages between the first and second nodes, and thereafter using the next replacement key pair in place of the replacement key pair, which is stored for use in the subsequent key pair retiring step. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A method of secure public key replacement in a public key cryptography system, wherein secure messages are transmitted from a first node to a second node over a network presumed to be insecure, the method comprising the steps of:
-
generating, at the first node, an active key pair comprising an active private key and an active public key, wherein the active key pair is used to secure messages between the first and second nodes according to a public key scheme; generating, at the first node, a replacement key pair comprising a replacement private key and a replacement public key; sending the active public key and the replacement public key from the first node to the second node over a secure channel; when the active key pair is to be retired, performing the steps of; generating, at the first node, a next replacement key pair comprising a next replacement private key and a next replacement public key; and sending the next replacement public key from the first node to the second node over the network; and thereafter using the replacement key pair as the active key pair, for use in securing messages between the first and second nodes, and thereafter using the next replacement key pair in place of the replacement key pair, which is stored for use in a subsequent key pair retiring step.
-
Specification