×

Method for safe communications

  • US 5,864,667 A
  • Filed: 08/22/1997
  • Issued: 01/26/1999
  • Est. Priority Date: 04/05/1995
  • Status: Expired due to Term
First Claim
Patent Images

1. A method for safe distribution of encryption keys, to make possible to establish a secure link between parties which are at separate locations and which parties had no previous secure communications therebetween, wherein a first user desiring to establish a secure communication session with a second user performs steps comprising:

  • (A) generating an encryption key pair, comprising a secret private key and a known public key;

    (B) storing the private key in digital storage means at the first user'"'"'s facility, to be used for received messages decryption;

    (C) sending a digital message to a key distribution center, the message including identification data for the first user and the public encryption key;

    (D) receiving a digital certificate from the center and storing it in the digital memory, wherein the certificate includes the identification data, the public key and time-related information indicating the date of preparation of the certificate, all encrypted with the secret private key of the center;

    (E) using the certificate for establishing a secure link with the second user, by sending the certificate to the second user it is desired to establish secure communications therewith;

    (F) occasionally and anonymously interrogating the center for the certificate pertaining to the first user, to ensure the information in the center was not tampered with; and

    wherein the second user, addressed by the first user desiring to establish a secure communication session performs steps comprising;

    (A'"'"') receiving a message from the first user, the message including a certificate with information pertaining to the first user and including identification data for the first user, the public key for the first user and information indicating the date of preparation of the certificate, all encrypted with the secret private key of the center;

    (B'"'"') decrypting the message using the public, known key of the center, to reveal the identification, the public key and the date for the first user;

    (C'"'"') making a decision of either to trust the certificate or to verify it, where in the former case go to step (K'"'"') below and in the latter case go to step (D'"'"') below;

    (D'"'"') inquiring the key distribution center about the first user, receiving the answer from the center including the correct up-to-date certificate pertaining to the first user;

    (E'"'"') decrypting the answer using the public, known key of the center;

    (F'"'"') if the key and user identification in the answer are identical to those in the certificate decrypted in step (B'"'"') above, then verification is positive, go to step (G'"'"') below, else end;

    (G'"'"') generating an encryption key pair, comprising a secret private key and a known public key;

    (H'"'"') storing the private key in digital storage means at the second user'"'"'s facility, to be used for the decryption of received messages;

    (I'"'"') sending a digital message to a key distribution center, the message including identification data for the second user and the public encryption key;

    (J'"'"') receiving a digital certificate from the center and storing it in the digital memory, wherein the certificate includes the identification data, the public key and time-related information indicating the date of preparation of the certificate, all encrypted with the secret private key of the center; and

    (K'"'"') acknowledge to the first user the reception of a valid certificate, to indicate that the second user is ready to accept an encrypted message from the first user.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×