Computer system for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem
First Claim
1. An article of manufacture for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, comprising:
- computer readable storage medium; and
computer programming stored on said storage medium;
wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to;
generate a private crypto-key using a private exponent and a modulus N which is a product of a plurality of numbers within a set of large prime numbers, the modulus N having a bit length;
divide the generated private crypto-key into a private user key portion having a first bit length and a central authority key portion having a second bit length, wherein the first bit length is smaller than said second bit length and is no larger than fifteen percent of the bit length of the modulus N but no less than 56 bits;
direct the private user key portion to only a single user of the cryptosystem; and
direct the central authority key portion to only a central storage device.
3 Assignments
0 Petitions
Accused Products
Abstract
An article of manufacture for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, includes computer readable storage medium having computer programming stored thereon. The stored computer programming is configured to be readable from the computer readable storage medium by a computer and thereby cause the computer to operate so as to generate a private crypto-key using a private exponent and a modulus N, which is the product of a plurality of numbers within a set of large prime numbers. The generated private crypto-key is divided into a private user key portion having a first bit length and a central authority key portion having a second bit length. The first bit length is smaller than the second bit length, and is no larger than fifteen percent of the bit length of the modulus N but no less than 56 bits. The private user key portion is directed only to a single user of the cryptosystem and the central authority'"'"'s portion is directed to a central storage device.
200 Citations
22 Claims
-
1. An article of manufacture for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, comprising:
-
computer readable storage medium; and computer programming stored on said storage medium; wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to; generate a private crypto-key using a private exponent and a modulus N which is a product of a plurality of numbers within a set of large prime numbers, the modulus N having a bit length; divide the generated private crypto-key into a private user key portion having a first bit length and a central authority key portion having a second bit length, wherein the first bit length is smaller than said second bit length and is no larger than fifteen percent of the bit length of the modulus N but no less than 56 bits; direct the private user key portion to only a single user of the cryptosystem; and direct the central authority key portion to only a central storage device. - View Dependent Claims (2, 3, 4)
-
-
5. An article of manufacture for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, said private crypto-key being divided between a central authority key portion maintained by a central authority and a private user key portion assigned to the user, comprising:
-
computer readable storage medium; and computer programming stored on said storage medium; wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to; generate a symmetric session crypto-key; retrieve from storage the central authority key portion associated with a first user and the central authority key portion associated with a second user from storage; generate a first user session key by encrypting the generated symmetric session crypto-key with a combination of the public crypto-key and the retrieved central authority key portion associated with the first user; generate a second user session key by encrypting the generated symmetric session key with a combination of the public crypto-key and the central authority key portion associated with the second user; direct issuance of the first user session key to the first user; and direct issuance of the second user session key to the second user; wherein the symmetric session crypto-key is obtainable by applying the private user key portion associated with the first user to the first user session key and by applying the private user key portion associated with the second user to the second user session key so that a common session crypto-key is available to the first user and the second user to encrypt and decrypt communications between said users. - View Dependent Claims (6)
-
-
7. An article of manufacture for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, said private crypto-key being divided between a central authority key portion maintained by a central authority and a private user key portion assigned to the user, comprising:
-
computer readable storage medium; and computer programming stored on said storage medium; wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to; decrypt an encrypted first message by applying thereto the central authority key portion associated with a first user and the central authority key portion associated with a second user; generate a second message; encrypt the second message with a combination of the central authority key portion and the public crypto-key associated with the first user and the central authority key portion and the public crypto-key associated with the second user; and direct issuance of the encrypted second message to at least one of the first and the second users; wherein, the second message is obtainable by applying thereto the private user key portion associated with the first user and the private user key portion associated with the second user. - View Dependent Claims (8, 9)
-
-
10. An article of manufacture for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, said private crypto-key being divided between a central authority key portion maintained by a central authority and a private user key portion assigned to the user, comprising:
-
computer readable storage medium; and computer programming stored on said storage medium; wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to; encrypt a request for a symmetric session crypto-key by applying the private user key portion associated with a user to the request; direct the encrypted request to the central authority; decrypt a symmetric session crypto-key encrypted with a combination of the central authority key portion and the public crypto-key associated with the user by applying thereto the private user key portion associated with the user to obtain the symmetric session crypto-key; and apply the symmetric session crypto-key to encrypt and decrypt communications between the user and at least one other user. - View Dependent Claims (11)
-
-
12. A programmed computer for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, comprising:
-
a processor configured to generate a private crypto-key using a private exponent and a modulus N which is a product of a plurality of numbers within a set of large prime numbers, to divide the generated private crypto-key into a private user key portion having a first bit length and a central authority key portion having a second bit length, and to direct the private user key portion to only a single user of the cryptosystem; and a storage device configured to store the central authority key portion; wherein, the modulus N has a bit length, and the first bit length is smaller than said second bit length and is no larger than fifteen percent of the bit length of the modulus N but no less than 56 bits. - View Dependent Claims (13, 14, 15)
-
-
16. A programmed computer for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, said private crypto-key being divided between a central authority key portion maintained by a central authority and a private user key portion assigned to the user, comprising:
-
a storage device configured to store the central authority key portion associated with a first user and the central authority key portion associated with a second user; a processor configured to generate a symmetric session crypto-key, to retrieve the central authority key portion associated with the first user and the central authority key portion associated with the second user from the storage device, to generate a first user session key by encrypting the generated symmetric session crypto-key with a combination of the public crypto-key and the retrieved central authority key portion associated with the first user, to generate a second user session key by encrypting the generated symmetric session key with a combination of the public crypto-key and the retrieved central authority key portion associated with the second user, to direct the first user session key to the first user, and to direct the second user session key to the second user; wherein the symmetric session crypto-key is obtainable by applying the private user key portion associated with the first user to the first user session key and by applying the private user key portion associated with the second user to the second user session key so that a common session crypto-key is available to the first and the second users to encrypt and decrypt communications between said users. - View Dependent Claims (17)
-
-
18. A programmed computer for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, said private crypto-key being divided between a central authority key portion maintained by a central authority and a private user key portion assigned to the user, comprising:
-
a storage device configured to store the central authority key portion associated with a first user and the central authority key portion associated with a second user; and a processor configured to retrieve from said storage device the central authority key portion associated with the first user and the central authority key portion associated with the second user, to decrypt a first message encrypted with a combination of the private user key portion of the first user and the private user key portion of the second user by applying thereto the retrieved central authority key portion associated with the first user and the retrieved central authority key portion associated with the second user, to generate a second message, to encrypt the second message with a combination of the public crypto-key and the retrieved central authority key portion associated with the first user and the public crypto-key and the retrieved central authority key portion associated with the second user, and to direct the encrypted second message to at least one of the first and the second users; wherein, the second message is obtainable by applying thereto the private user key portion associated with the first user and the private user key portion associated with the second user. - View Dependent Claims (19, 20)
-
-
21. A programmed computer for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, said private crypto-key being divided between a central authority key portion maintained by a central authority and a private user key portion assigned to the user, comprising:
-
a processor configured to encrypt a request for a symmetric session crypto-key by applying a combination of the public crypto-key and the central authority key portion associated with a user to the request, to direct the encrypted request to the central authority, to decrypt a symmetric session crypto-key encrypted with the combination of the public crypto-key and the central authority key portion associated with the user by applying thereto the private user key portion associated with the user to obtain the symmetric session crypto-key, and to apply the symmetric session crypto-key to encrypt and decrypt communications between the user and at least one other user; and a storage device configured to store the symmetric session crypto-key. - View Dependent Claims (22)
-
Specification