Computer system for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem

US 5,838,792 A
Filed: 08/08/1996
Issued: 11/17/1998
Est. Priority Date: 07/18/1994
Status: Expired due to Term

First Claim

Patent Images

1. An article of manufacture for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, comprising:

computer readable storage medium; and

computer programming stored on said storage medium;

wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to;

generate a private crypto-key using a private exponent and a modulus N which is a product of a plurality of numbers within a set of large prime numbers, the modulus N having a bit length;

divide the generated private crypto-key into a private user key portion having a first bit length and a central authority key portion having a second bit length, wherein the first bit length is smaller than said second bit length and is no larger than fifteen percent of the bit length of the modulus N but no less than 56 bits;

direct the private user key portion to only a single user of the cryptosystem; and

direct the central authority key portion to only a central storage device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An article of manufacture for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, includes computer readable storage medium having computer programming stored thereon. The stored computer programming is configured to be readable from the computer readable storage medium by a computer and thereby cause the computer to operate so as to generate a private crypto-key using a private exponent and a modulus N, which is the product of a plurality of numbers within a set of large prime numbers. The generated private crypto-key is divided into a private user key portion having a first bit length and a central authority key portion having a second bit length. The first bit length is smaller than the second bit length, and is no larger than fifteen percent of the bit length of the modulus N but no less than 56 bits. The private user key portion is directed only to a single user of the cryptosystem and the central authority'"'"'s portion is directed to a central storage device.

200 Citations

22 Claims

1. An article of manufacture for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, comprising:
- computer readable storage medium; and
  
  computer programming stored on said storage medium;
  
  wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to;
  
  generate a private crypto-key using a private exponent and a modulus N which is a product of a plurality of numbers within a set of large prime numbers, the modulus N having a bit length;
  
  divide the generated private crypto-key into a private user key portion having a first bit length and a central authority key portion having a second bit length, wherein the first bit length is smaller than said second bit length and is no larger than fifteen percent of the bit length of the modulus N but no less than 56 bits;
  
  direct the private user key portion to only a single user of the cryptosystem; and
  
  direct the central authority key portion to only a central storage device.
- View Dependent Claims (2, 3, 4)
- - 2. An article of manufacture according to claim 1 wherein the stored computer programming is configured to be readable from said computer readable storage medium by the computer to thereby cause said computer to operate so as to divide the generated private crypto-key into a private user key portion having a first bit length between 56 and 72 bits.
  - 3. An article of manufacture according to claim 1 wherein the stored computer programming is configured to be readable from said computer readable storage medium by the computer to thereby cause said computer to operate so as to:
    - generate a public crypto-key using a public exponent and the modulus N; and
      
      direct the public crypto-key to the control storage device.
  - 4. An article of manufacture according to claim 1, wherein the stored computer programming is configured to be readable from said computer readable storage medium by the computer to thereby cause said computer to operate so as to:
    - generate a symmetric session crypto-key;
      
      generate a user session key by encrypting the generated symmetric session crypto-key with a combination of the public crypto-key and the central authority key portion; and
      
      direct the user session key to the user;
      
      wherein the symmetric session key is obtainable by applying the private user key portion to the user session key such that the symmetric session key is available to encrypt and decrypt messages from and to the user.

5. An article of manufacture for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, said private crypto-key being divided between a central authority key portion maintained by a central authority and a private user key portion assigned to the user, comprising:
- computer readable storage medium; and
  
  computer programming stored on said storage medium;
  
  wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to;
  
  generate a symmetric session crypto-key;
  
  retrieve from storage the central authority key portion associated with a first user and the central authority key portion associated with a second user from storage;
  
  generate a first user session key by encrypting the generated symmetric session crypto-key with a combination of the public crypto-key and the retrieved central authority key portion associated with the first user;
  
  generate a second user session key by encrypting the generated symmetric session key with a combination of the public crypto-key and the central authority key portion associated with the second user;
  
  direct issuance of the first user session key to the first user; and
  
  direct issuance of the second user session key to the second user;
  
  wherein the symmetric session crypto-key is obtainable by applying the private user key portion associated with the first user to the first user session key and by applying the private user key portion associated with the second user to the second user session key so that a common session crypto-key is available to the first user and the second user to encrypt and decrypt communications between said users.
- View Dependent Claims (6)
- - 6. An article of manufacture according to claim 5, wherein the stored computer programming is configured to be readable from said computer readable storage medium by the computer to thereby cause said computer to operate so as to:
    - retrieve from storage the public crypto-key associated with the first user and the public crypto-key associated with the second user;
      
      generate the first user session key by encrypting the generated symmetric session crypto-key with a combination of the retrieved public crypto-key and the central authority key portion associated with the first user; and
      
      generate the second user session key by encrypting the generated symmetric session key with a combination of the public crypto-key and the central authority key portion associated with the second user.

7. An article of manufacture for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, said private crypto-key being divided between a central authority key portion maintained by a central authority and a private user key portion assigned to the user, comprising:
- computer readable storage medium; and
  
  computer programming stored on said storage medium;
  
  wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to;
  
  decrypt an encrypted first message by applying thereto the central authority key portion associated with a first user and the central authority key portion associated with a second user;
  
  generate a second message;
  
  encrypt the second message with a combination of the central authority key portion and the public crypto-key associated with the first user and the central authority key portion and the public crypto-key associated with the second user; and
  
  direct issuance of the encrypted second message to at least one of the first and the second users;
  
  wherein, the second message is obtainable by applying thereto the private user key portion associated with the first user and the private user key portion associated with the second user.
- View Dependent Claims (8, 9)
- - 8. An article of manufacture according to claim 7, wherein the stored computer programming is configured to be readable from said computer readable storage medium by the computer to thereby cause said computer to operate so as to generate the second message so as to include a common session encryption key directed to other users.
  - 9. An article of manufacture according to claim 7, wherein the stored computer programming is configured to be readable from said computer readable storage medium by the computer to thereby cause said computer to operate so as to:
    - decrypt the encrypted first message by applying the public crypto-key associated with the first user and the public crypto-key associated with the second user thereto; and
      
      encrypt the second message with the public crypto-key associated with the first user and the public crypto-key associated with the second user.

10. An article of manufacture for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, said private crypto-key being divided between a central authority key portion maintained by a central authority and a private user key portion assigned to the user, comprising:
- computer readable storage medium; and
  
  computer programming stored on said storage medium;
  
  wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to;
  
  encrypt a request for a symmetric session crypto-key by applying the private user key portion associated with a user to the request;
  
  direct the encrypted request to the central authority;
  
  decrypt a symmetric session crypto-key encrypted with a combination of the central authority key portion and the public crypto-key associated with the user by applying thereto the private user key portion associated with the user to obtain the symmetric session crypto-key; and
  
  apply the symmetric session crypto-key to encrypt and decrypt communications between the user and at least one other user.
- View Dependent Claims (11)
- - 11. An article of manufacture according to claim 10, wherein the stored computer programming is configured to be readable from said computer readable storage medium by the computer to thereby cause said computer to operate so as to:
    - generate a hash message by applying a hash function to a message to be communicated to the at least one other user;
      
      encrypt the hash message with the symmetric session crypto-key; and
      
      direct the encrypted hash message to the at least one other user;
      
      wherein the hash message is obtainable by the at least one other user by applying the symmetric session crypto-key to the encrypted hash message.

12. A programmed computer for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, comprising:
- a processor configured to generate a private crypto-key using a private exponent and a modulus N which is a product of a plurality of numbers within a set of large prime numbers, to divide the generated private crypto-key into a private user key portion having a first bit length and a central authority key portion having a second bit length, and to direct the private user key portion to only a single user of the cryptosystem; and
  
  a storage device configured to store the central authority key portion;
  
  wherein, the modulus N has a bit length, and the first bit length is smaller than said second bit length and is no larger than fifteen percent of the bit length of the modulus N but no less than 56 bits.
- View Dependent Claims (13, 14, 15)
- - 13. A programmed computer according to claim 12, wherein said processor is adapted to divide the generated private crypto-key into a private user key portion having a first bit length between 56 and 72 bits.
  - 14. A programmed computer according to claim 12, wherein:
    - said processor is further configured to generate a public crypto-key using a public exponent and the modulus N; and
      
      said storage device is further configured to store the public crypto-key.
  - 15. A programmed computer according to claim 12, wherein:
    - the processor is further configured to generate a symmetric session crypto-key, to generate a user session key by encrypting the generated symmetric session crypto-key with a combination of the public crypto-key and the central authority key portion associated with the user, and direct issuance of the user session key to the user; and
      
      the storage device is further configured to store the symmetric session crypto-key;
      
      wherein the symmetric session crypto-key is obtainable by applying the private user key portion associated with the user to the user session key such that the symmetric session key is available to encrypt and decrypt messages from and to the user.

16. A programmed computer for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, said private crypto-key being divided between a central authority key portion maintained by a central authority and a private user key portion assigned to the user, comprising:
- a storage device configured to store the central authority key portion associated with a first user and the central authority key portion associated with a second user;
  
  a processor configured to generate a symmetric session crypto-key, to retrieve the central authority key portion associated with the first user and the central authority key portion associated with the second user from the storage device, to generate a first user session key by encrypting the generated symmetric session crypto-key with a combination of the public crypto-key and the retrieved central authority key portion associated with the first user, to generate a second user session key by encrypting the generated symmetric session key with a combination of the public crypto-key and the retrieved central authority key portion associated with the second user, to direct the first user session key to the first user, and to direct the second user session key to the second user;
  
  wherein the symmetric session crypto-key is obtainable by applying the private user key portion associated with the first user to the first user session key and by applying the private user key portion associated with the second user to the second user session key so that a common session crypto-key is available to the first and the second users to encrypt and decrypt communications between said users.
- View Dependent Claims (17)
- - 17. A programmed computer according to claim 16, wherein:
    - the storage device is further configured to store the public encryption key associated with the first user and the public encryption key associated with the second user; and
      
      the processor is further configured to retrieve the public encryption key associated with the first user and the public encryption key associated with the second user from the storage device, to generate the first user session key by encrypting the generated symmetric session crypto-key with a combination of the central authority key portion and the retrieved public encryption key associated with the first user, and to generate the second user session key by encrypting the generated symmetric session key with a combination of the central authority key portion and the public encryption key associated with the second user.

18. A programmed computer for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, said private crypto-key being divided between a central authority key portion maintained by a central authority and a private user key portion assigned to the user, comprising:
- a storage device configured to store the central authority key portion associated with a first user and the central authority key portion associated with a second user; and
  
  a processor configured to retrieve from said storage device the central authority key portion associated with the first user and the central authority key portion associated with the second user, to decrypt a first message encrypted with a combination of the private user key portion of the first user and the private user key portion of the second user by applying thereto the retrieved central authority key portion associated with the first user and the retrieved central authority key portion associated with the second user, to generate a second message, to encrypt the second message with a combination of the public crypto-key and the retrieved central authority key portion associated with the first user and the public crypto-key and the retrieved central authority key portion associated with the second user, and to direct the encrypted second message to at least one of the first and the second users;
  
  wherein, the second message is obtainable by applying thereto the private user key portion associated with the first user and the private user key portion associated with the second user.
- View Dependent Claims (19, 20)
- - 19. A programmed computer according to claim 18, wherein the second message is a common session encryption key used to secure communications between other users.
  - 20. A programmed computer according to claim 18, wherein:
    - the storage device is further configured to store the public crypto-key portion associated with the first user and the public crypto-key portion associated with the second user; and
      
      the processor is further configured to decrypt the first message by applying the public crypto-key associated with the first user and the public crypto-key associated with the second user thereto, and to encrypt the second message with the public crypto-key associated with the first user and the public crypto-key associated with the second user.

21. A programmed computer for effecting secure communications during a communications session between users in a secured communication cryptosystem in which users are each associated with a public crypto-key and a private crypto-key, said private crypto-key being divided between a central authority key portion maintained by a central authority and a private user key portion assigned to the user, comprising:
- a processor configured to encrypt a request for a symmetric session crypto-key by applying a combination of the public crypto-key and the central authority key portion associated with a user to the request, to direct the encrypted request to the central authority, to decrypt a symmetric session crypto-key encrypted with the combination of the public crypto-key and the central authority key portion associated with the user by applying thereto the private user key portion associated with the user to obtain the symmetric session crypto-key, and to apply the symmetric session crypto-key to encrypt and decrypt communications between the user and at least one other user; and
  
  a storage device configured to store the symmetric session crypto-key.
- View Dependent Claims (22)
- - 22. A programmed computer according to claim 21, wherein:
    - the processor is further configured to generate a hash message by applying a hash function to a message to be communicated to the at least one other user, to encrypt the hash message with the symmetric session crypto-key, and to direct the encrypted hash message to the at least one other user; and
      
      the hash message is obtainable by the at least one other user by applying the symmetric session crypto-key to the encrypted hash message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Bell Atlantic Network Services, Inc. (Verizon Communications Inc.)
Inventors
Ganesan, Ravi
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/694,373
Time in Patent Office

831 Days
Field of Search

380/30, 380/21
US Class Current

380/282
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/083   involving central third par...

H04L 9/0894   Escrow, recovery or storing...

Computer system for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

200 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Computer system for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

200 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links