Method for safe communications
First Claim
1. A method for safe distribution of encryption keys, to make possible to establish a secure link between parties which are at separate locations and which parties had no previous secure communications therebetween, wherein a first user desiring to establish a secure communication session with a second user performs steps comprising:
- (A) generating an encryption key pair, comprising a secret private key and a known public key;
(B) storing the private key in digital storage means at the first user'"'"'s facility, to be used for received messages decryption;
(C) sending a digital message to a key distribution center, the message including identification data for the first user and the public encryption key;
(D) receiving a digital certificate from the center and storing it in the digital memory, wherein the certificate includes the identification data, the public key and time-related information indicating the date of preparation of the certificate, all encrypted with the secret private key of the center;
(E) using the certificate for establishing a secure link with the second user, by sending the certificate to the second user it is desired to establish secure communications therewith;
(F) occasionally and anonymously interrogating the center for the certificate pertaining to the first user, to ensure the information in the center was not tampered with; and
wherein the second user, addressed by the first user desiring to establish a secure communication session performs steps comprising;
(A'"'"') receiving a message from the first user, the message including a certificate with information pertaining to the first user and including identification data for the first user, the public key for the first user and information indicating the date of preparation of the certificate, all encrypted with the secret private key of the center;
(B'"'"') decrypting the message using the public, known key of the center, to reveal the identification, the public key and the date for the first user;
(C'"'"') making a decision of either to trust the certificate or to verify it, where in the former case go to step (K'"'"') below and in the latter case go to step (D'"'"') below;
(D'"'"') inquiring the key distribution center about the first user, receiving the answer from the center including the correct up-to-date certificate pertaining to the first user;
(E'"'"') decrypting the answer using the public, known key of the center;
(F'"'"') if the key and user identification in the answer are identical to those in the certificate decrypted in step (B'"'"') above, then verification is positive, go to step (G'"'"') below, else end;
(G'"'"') generating an encryption key pair, comprising a secret private key and a known public key;
(H'"'"') storing the private key in digital storage means at the second user'"'"'s facility, to be used for the decryption of received messages;
(I'"'"') sending a digital message to a key distribution center, the message including identification data for the second user and the public encryption key;
(J'"'"') receiving a digital certificate from the center and storing it in the digital memory, wherein the certificate includes the identification data, the public key and time-related information indicating the date of preparation of the certificate, all encrypted with the secret private key of the center; and
(K'"'"') acknowledge to the first user the reception of a valid certificate, to indicate that the second user is ready to accept an encrypted message from the first user.
5 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a method for safe distribution of encryption keys including a known public and secret private keys in establishing a secure link between computer users resided at separate location whom have no previous secure communications. The secure communication link occasionally and anonymously interrogates the key distribution center for the certificate pertaining to the computer users in ensuring the validity and integrity of the information stored in the center which is not tampered by any unauthorized persons. The interactively interrogating of the key distribution center is conducted via a trusted and verified certificate decision making process which encompasses the acknowledging to user who receives a valid certificate, accepting an encrypted message, key distributed center'"'"'s answer to the correct up-to-date certificate, decrypting the key distributed answer via the public key, and matching the answer'"'"'s identification. As the result of the muli-steps process exchanged among users via key distributed center and other secure devices, the secure link can be established between the computer users in allowing data to be transferred from one computer location to another computer location in providing a very high reliability and confidentiality of users'"'"' data connectivity.
-
Citations
7 Claims
-
1. A method for safe distribution of encryption keys, to make possible to establish a secure link between parties which are at separate locations and which parties had no previous secure communications therebetween, wherein a first user desiring to establish a secure communication session with a second user performs steps comprising:
-
(A) generating an encryption key pair, comprising a secret private key and a known public key; (B) storing the private key in digital storage means at the first user'"'"'s facility, to be used for received messages decryption; (C) sending a digital message to a key distribution center, the message including identification data for the first user and the public encryption key; (D) receiving a digital certificate from the center and storing it in the digital memory, wherein the certificate includes the identification data, the public key and time-related information indicating the date of preparation of the certificate, all encrypted with the secret private key of the center; (E) using the certificate for establishing a secure link with the second user, by sending the certificate to the second user it is desired to establish secure communications therewith; (F) occasionally and anonymously interrogating the center for the certificate pertaining to the first user, to ensure the information in the center was not tampered with; and
wherein the second user, addressed by the first user desiring to establish a secure communication session performs steps comprising;(A'"'"') receiving a message from the first user, the message including a certificate with information pertaining to the first user and including identification data for the first user, the public key for the first user and information indicating the date of preparation of the certificate, all encrypted with the secret private key of the center; (B'"'"') decrypting the message using the public, known key of the center, to reveal the identification, the public key and the date for the first user; (C'"'"') making a decision of either to trust the certificate or to verify it, where in the former case go to step (K'"'"') below and in the latter case go to step (D'"'"') below; (D'"'"') inquiring the key distribution center about the first user, receiving the answer from the center including the correct up-to-date certificate pertaining to the first user; (E'"'"') decrypting the answer using the public, known key of the center; (F'"'"') if the key and user identification in the answer are identical to those in the certificate decrypted in step (B'"'"') above, then verification is positive, go to step (G'"'"') below, else end; (G'"'"') generating an encryption key pair, comprising a secret private key and a known public key; (H'"'"') storing the private key in digital storage means at the second user'"'"'s facility, to be used for the decryption of received messages; (I'"'"') sending a digital message to a key distribution center, the message including identification data for the second user and the public encryption key; (J'"'"') receiving a digital certificate from the center and storing it in the digital memory, wherein the certificate includes the identification data, the public key and time-related information indicating the date of preparation of the certificate, all encrypted with the secret private key of the center; and (K'"'"') acknowledge to the first user the reception of a valid certificate, to indicate that the second user is ready to accept an encrypted message from the first user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification