Method for secure key distribution over a nonsecure communications network

US 6,111,956 A
Filed: 02/03/1998
Issued: 08/29/2000
Est. Priority Date: 10/23/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A method of secure key distribution on a nonsecure network, comprising the steps of:

securely transmitting a password generated by a Subscriber to a Provider over said network, said password not being known to said Provider prior to said transmission; and

using a method dependent upon said password to securely transfer a decryption key from said Provider to said Subscriber over said network, said password dependent method exploiting the similarities and differences between said password and said decryption key, said decryption key being usable by said Subscriber to securely decrypt subsequent messages encrypted by said Provider and transmitted over said network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In response to an inquiry by an unsophisticated Subscriber over a nonsecure network, a Provider returns a public key and retains the corresponding private key. The Subscriber encrypts a password using the public key, which is decrypted by the Provider. The password is then used to securely transfer to the Subscriber a key determined by the Provider, thereby enabling the Subscriber to decrypt messages encrypted by the Provider and transmitted over the nonsecure network. This password dependent secure transmission of a key to an unsophisticated Subscriber may be accomplished by several methods, including hashing, key lookup, Wizard protocol, and Warlock procedure. In each method the password is used by the Subscriber and the Provider in correlated operations ending in secure receipt by the Subscriber of a key determined by the Provider.

81 Citations

View as Search Results

20 Claims

1. A method of secure key distribution on a nonsecure network, comprising the steps of:
- securely transmitting a password generated by a Subscriber to a Provider over said network, said password not being known to said Provider prior to said transmission; and
  
  using a method dependent upon said password to securely transfer a decryption key from said Provider to said Subscriber over said network, said password dependent method exploiting the similarities and differences between said password and said decryption key, said decryption key being usable by said Subscriber to securely decrypt subsequent messages encrypted by said Provider and transmitted over said network.
- View Dependent Claims (2, 3, 4, 9, 11, 13, 15, 16, 17)
- - 2. The method of claim 1, wherein said secure transmission of a password comprises the steps of:
    - Provider generation of a public key and a corresponding private key in accordance with a public key encryption scheme;
      
      Provider transmission of said public key to said Subscriber over said network;
      
      Subscriber encryption of said password using said public key; and
      
      Provider decryption of said password using said private key.
  - 3. The method of claim 1, wherein said password dependent method comprises the steps of:
    - Provider parsing of said password in relation to said decryption key, said password and said decryption key having the same number of corresponding elements, determining for each of said elements whether the password element should be increased, should be decreased, or should remain the same in order to be equal to said corresponding decryption key element;
      
      Provider transmission of said parsing determination to said Subscriber over said network;
      
      Subscriber modification of said password using said parsing determination as a parameter;
      
      Subscriber secure transmission of said modified password to said Provider over said network;
      
      repetition of the foregoing steps until said parsing determination indicates that all password elements should remain the same in order to be equal to said corresponding decryption key elements.
  - 4. The method of claim 3, wherein each said corresponding element is an eight bit binary representation of an ASCII character and wherein the number of said repetitions necessary for said Subscriber to guess said decryption key is no more than eight, wherein said Subscriber modification of each said element to be increased or decreased, respectively, comprises the step of adding or subtracting, respectively, 2.sup.(n-j) to said eight bit binary representation where n=8 and j=the repetition number wherein the modification is made.
  - 9. The method of claim 1, wherein said password dependent method comprises the steps of:
    - Provider parsing of said password in relation to said decryption key, said password and said decryption key having the same number of corresponding elements, determining for each of said elements the amount which should be added or subtracted in order to make the password element equal to said corresponding decryption key element;
      
      Provider transmission of said parsing determination to said Subscriber over said network;
      
      Subscriber modification of said password using said parsing determination as a parameter;
      
      Subscriber secure transmission of said modified password to said Provider over said network.
  - 11. The method of claim 1, wherein said Subscriber does not possess sufficient computational facility to create a secure crypto-key.
  - 13. The method of claim 1, wherein said Subscriber does not possess a private key corresponding to a public key which could be made available to said Provider.
  - 15. The method of claim 2, wherein said password dependent method comprises the steps of:
    - Provider parsing of said password in relation to said decryption key, said password and said decryption key having the same number of corresponding elements, determining for each of said elements whether the password element should be increased, should be decreased, or should remain the same in order to be equal to said corresponding decryption key element;
      
      Provider transmission of said parsing determination to said Subscriber over said network;
      
      Subscriber modification of said password using said parsing determination as a parameter;
      
      Subscriber secure transmission of said modified password to said Provider over said network;
      
      repetition of the foregoing steps until said parsing determination indicates that all password elements should remain the same in order to be equal to said corresponding decryption key elements.
  - 16. The method of claim 15, wherein each said corresponding element is an eight bit binary representation of an ASCII character and wherein the number of said repetitions necessary for said Subscriber to guess said decryption key is no more than eight, wherein said Subscriber modification of each said element to be increased or decreased, respectively, comprises the step of adding or subtracting, respectively, ₂.sup.(n-j) to said eight bit binary representation where n=8 and j=the repetition number wherein the modification is made.
  - 17. The method of claim 2, wherein said password dependent method comprises the steps of:
    - Provider parsing of said password in relation to said decryption key, said password and said decryption key having the same number of corresponding elements, determining for each of said elements the amount which should be added or subtracted in order to make the password element equal to said corresponding decryption key element;
      
      Provider transmission of said parsing determination to said Subscriber over said network;
      
      Subscriber modification of said password using said parsing determination as a parameter;
      
      Subscriber secure transmission of said modified password to said Provider over said network.

5. An apparatus for secure key distribution on a nonsecure network, comprising:
- means for securely transmitting a password generated by a Subscriber to a Provider over said network, said password not being known to said Provider prior to said transmission; and
  
  password dependent means for securely transferring a decryption key from said Provider to said Subscriber over said network, said password dependent means exploiting the similarities and differences between the password and the decryption key, said decryption key being usable by said Subscriber to securely decrypt subsequent messages encrypted by said Provider and transmitted over said network.
- View Dependent Claims (6, 7, 8, 10, 12, 14, 18, 19, 20)
- - 6. The apparatus of claim 5, wherein said secure transmission means comprises:
    - means for Provider generation of a public key and a corresponding private key in accordance with a public key encryption scheme;
      
      means for Provider transmission of said public key to said Subscriber over said network;
      
      means for Subscriber encryption of said password using said public key; and
      
      means for Provider decryption of said password using said private key.
  - 7. The apparatus of claim 6, wherein said password dependent means comprises:
    - means for Provider parsing of said password in relation to said decryption key, said password and said decryption key having the same number of corresponding elements, determining for each of said elements whether the password element should be increased, should be decreased, or should remain the same in order to be equal to said corresponding decryption key element;
      
      means for Provider transmission of said parsing determination to said Subscriber over said network;
      
      means for Subscriber modification of said password using said parsing determination as a parameter;
      
      means for Subscriber secure transmission of said modified password to said Provider over said network; and
      
      means for repeating said Provider parsing means, said Provider transmission means, said Subscriber modification means and said Subscriber secure transmission means until said parsing determination indicates that all password elements should remain the same in order to be equal to said corresponding decryption key elements.
  - 8. The apparatus of claim 7, wherein each said corresponding element is an eight bit binary representation of an ASCII character and wherein the number of said repetitions necessary for said Subscriber to guess said decryption key is no more than eight, wherein said Subscriber modification of each said element to be increased or decreased, respectively, comprises the step of adding or subtracting, respectively, 2.sup.(n-j) to said eight bit binary representation where n=8 and j=the repetition number wherein the modification is made.
  - 10. The apparatus of claim 6, wherein said password dependent means comprises:
    - means for Provider parsing of said password in relation to said decryption key, said password and said decryption key having the same number of corresponding elements, determining for each of said elements the amount which should be added or subtracted in order to make the password element equal to said corresponding decryption key element;
      
      means for Provider transmission of said parsing determination to said Subscriber over said network;
      
      means for Subscriber modification of said password using said parsing determination as a parameter; and
      
      means for Subscriber secure transmission of said modified password to said Provider over said network.
  - 12. The apparatus of claim 5, wherein said Subscriber does not possess sufficient computational facility to create a secure crypto-key.
  - 14. The apparatus of claim 5, wherein said Subscriber does not possess a private key corresponding to a public key which could be made available to said Provider.
  - 18. The apparatus of claim 5, wherein said password dependent means comprises:
    - means for Provider parsing of said password in relation to said decryption key, said password and said decryption key having the same number of corresponding elements, determining for each of said elements whether the password element should be increased, should be decreased, or should remain the same in order to be equal to said corresponding decryption key element;
      
      means for Provider transmission of said parsing determination to said Subscriber over said network;
      
      means for Subscriber modification of said password using said parsing determination as a parameter;
      
      means for Subscriber secure transmission of said modified password to said Provider over said network; and
      
      means for repeating said Provider parsing means, said Provider transmission means, said Subscriber modification means and said Subscriber secure transmission means until said parsing determination indicates that all password elements should remain the same in order to be equal to said corresponding decryption key elements.
  - 19. The apparatus of claim 18, wherein each said corresponding element is an eight bit binary representation of an ASCII character and wherein the number of said repetitions necessary for said Subscriber to guess said decryption key is no more than eight, wherein said Subscriber modification of each said element to be increased or decreased, respectively, comprises the step of adding or subtracting, respectively, 2.sup.(n-j) to said eight bit binary representation where n=8 and j=the repetition number wherein the modification is made.
  - 20. The apparatus of claim 5, wherein said password dependent means comprises:
    - means for Provider parsing of said password in relation to said decryption key, said password and said decryption key having the same number of corresponding elements, determining for each of said elements the amount which should be added or subtracted in order to make the password element equal to said corresponding decryption key element;
      
      means for Provider transmission of said parsing determination to said Subscriber over said network;
      
      means for Subscriber modification of said password using said parsing determination as a parameter; and
      
      means for Subscriber secure transmission of said modified password to said Provider over said network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Signals Incorporated
Original Assignee
Signals Incorporated
Inventors
Field, Robert G., Layne, Michael W.
Primary Examiner(s)
Hayes, Gail O.
Assistant Examiner(s)
DI LORENZO, ANTHONY

Application Number

US09/017,891
Time in Patent Office

938 Days
Field of Search

380/48, 380/21, 380/49, 380/278, 380/283, 380/285
US Class Current

380/283
CPC Class Codes

H04L 9/0825 using asymmetric-key encryp...

H04L 9/3228 One-time or temporary data,...

Method for secure key distribution over a nonsecure communications network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

81 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method for secure key distribution over a nonsecure communications network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links