Method of authentication and storage of private keys in a public key cryptography system (PKCS)
First Claim
1. A method of authentication and storage of private keys within a public key cryptography system, comprising:
- securing a private key in a manner allowing the private key to be extracted from a secured private key utilizing a password;
storing the secured private key in the key storage system in a manner accessible to the client system;
responsive to receiving a message encrypted with a public key corresponding to the private key, the client system retrieving the secured private key from the key storage system via transmission over a communication medium;
the client system extracting the private key from the secured private key utilizing the password; and
verifying the extracted private key by the client system performing the steps of;
retrieving the public key from key storage;
encrypting a well-known message with the public key;
decrypting the well-known message utilizing the extracted private key; and
comparing the decrypted well-known message to the well-known message.
1 Assignment
0 Petitions
Accused Products
Abstract
Private keys for a public key cryptography system are protected within private key storage and communication by the requirement of a password to extract the private key based on a password during decryption. Upon receipt of a message encrypted with the public key, both the public key and the protected private key are retrieved from key storage. Interception of this transaction is useless since the protected private key alone cannot be utilized to decrypt the received message. A user is authenticated by extracting a potential private key from the protected private key utilizing a hashed password value, encrypting a well-known message with the public key, decrypting the encrypted well-known message utilizing the potential private key, and comparing the original and decrypted well-known messages. If they match, the extracted private key is employed to decrypt the received message. Signature values based on the password and/or private key may be employed to change the password or add new public key/private key pairs to the key storage.
79 Citations
23 Claims
-
1. A method of authentication and storage of private keys within a public key cryptography system, comprising:
-
securing a private key in a manner allowing the private key to be extracted from a secured private key utilizing a password;
storing the secured private key in the key storage system in a manner accessible to the client system;
responsive to receiving a message encrypted with a public key corresponding to the private key, the client system retrieving the secured private key from the key storage system via transmission over a communication medium;
the client system extracting the private key from the secured private key utilizing the password; and
verifying the extracted private key by the client system performing the steps of;
retrieving the public key from key storage;
encrypting a well-known message with the public key;
decrypting the well-known message utilizing the extracted private key; and
comparing the decrypted well-known message to the well-known message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
prompting the user for entry of the password;
responsive to entry of the password, computing a hashed value of the password; and
exclusive-ORing the hashed password value with the private key to generate the secured private key.
-
-
3. The method of claim 1, wherein the step of storing the secured private key in key storage accessible to a user further comprises:
transmitting the secured private key over the communication medium to the key storage system.
-
4. The method of claim 1, wherein the step of extracting the private key from the secured private key utilizing the password further comprises:
-
prompting the user for entry of the password;
responsive to entry of the password, computing a hashed value of the password utilizing a one-way hash function; and
exclusive-ORing the hashed password value with the secured private key to extract the private key.
-
-
5. The method of claim 4, further comprising:
decrypting the message utilizing the extracted private key.
-
6. The method of claim 1, further comprising:
-
prompting a user for entry of a current password and a new password;
responsive to entry of the current and new passwords, computing a hashed value of the current password and a hashed value of the new password utilizing a one-way hash function;
retrieving a secured private key from a key storage system via a communication media, wherein the secured private key can be accessed from the key storage system or communication media by an unauthorized user;
extracting a private key from the secured private key utilizing the hashed current password value;
securing the private key utilizing the hashed new password value;
encrypting the secured private key secured with the hashed new password value utilizing the private key; and
transmitting the encrypted, secured private key to the key storage.
-
-
7. The method of claim 6, wherein the step of extracting a private key from the secured private key utilizing the hashed current password value further comprises:
exclusive-ORing the secured private key with the hashed current password value.
-
8. The method of claim 6, wherein the step of securing the private key utilizing the hashed new password value further comprises:
exclusive-ORing the private key with the hashed new password value.
-
9. The method of claim 6, wherein the step of transmitting the encrypted, secured private key to the key storage further comprises:
transmitting the secured private key secured with the hashed new password value together with the encrypted, secured private key to the key storage.
-
10. The method of claim 9, further comprising:
-
verifying the secured private key secured with the hashed new password value and the encrypted, secured private key by;
decrypting the encrypted, secured private key utilizing an associated public key; and
comparing the decrypted, secured private key to the secured private key secured with the hashed new password value.
-
-
11. A system for authentication and storage of private keys in a public key cryptography system, comprising:
-
means for securing a private key in a manner allowing the private key to be extracted from a secured private key utilizing a password;
storage means for storing the secured private key in the key storage system in a manner accessible to the client system;
means within the client system responsive to receiving a message encrypted with a public key corresponding to the private key, for retrieving the secured private key from the key storage system via transmission over the communication medium; and
means within the client system for extracting the private key from the secured private key utilizing the password; and
means within the client for verifying the extracted private key by;
retrieving the public key from key storage;
encrypting a well-known message with the public key;
decrypting the well-known message utilizing the extracted private key; and
comparing the decrypted well-known message to the well-known message. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
means for prompting the user for entry of the password;
means, responsive to entry of the password, for computing a hashed value of the password; and
means for exclusive-ORing the hashed password value with the private key to generate the secured private key.
-
-
13. The system of claim 11, wherein the storage means further comprises:
means for transmitting the secured private key to key storage.
-
14. The system of claim 11, wherein the means for extracting the private key from the secured private key utilizing the password further comprises:
-
means for prompting the user for entry of the password;
means, responsive to entry of the password, for computing a hashed value of the password utilizing a one-way hash function; and
means for exclusive-ORing the hashed password value with the secured private key to extract the private key.
-
-
15. The system of claim 14, further comprising:
means for decrypting the message utilizing the extracted private key.
-
16. The system of claim 15, further comprising:
-
means for verifying the extracted private key by;
retrieving the public key from key storage;
encrypting a well-known message with the public key;
decrypting the well-known message utilizing the extract private key; and
comparing the decrypted well-known message to the well-known message.
-
-
17. The system of claim 15, further comprising:
-
means for prompting a user for entry of a current password and a new password;
means, responsive to entry of the current and new passwords, for computing a hashed value of the current password and a hashed value of the new password utilizing a one-way hash function;
means for retrieving a secured private key from a key storage system via a communication media, wherein the secured private key can be accessed from the key storage system or communication media by an unauthorized user;
means for extracting a private key from the secured private key utilizing the hashed current password value;
means for securing the private key utilizing the hashed new password value;
means for encrypting the secured private key secured with the hashed new password value utilizing the private key; and
means for transmitting the encrypted, secured private key to the key storage.
-
-
18. The system of claim 17, wherein the means for extracting a private key from the secured private key utilizing the hashed current password value further comprises:
means for exclusive-ORing the secured private key with the hashed current password value.
-
19. The system of claim 17, wherein the means for securing the private key utilizing the hashed new password value further comprises:
means for exclusive-ORing the private key with the hashed new password value.
-
20. The system of claim 17, wherein the means for transmitting the encrypted, secured private key to the key storage further comprises:
means for transmitting the secured private key secured with the hashed new password value together with the encrypted, secured private key to the key storage.
-
21. The system of claim 20, further comprising:
-
means for verifying the secured private key secured with the hashed new password value and the encrypted, secured private key by;
decrypting the encrypted, secured private key utilizing an associated public key; and
comparing the decrypted, secured private key to the secured private key secured with the hashed new password value.
-
-
22. A computer program product within a computer usable medium of instructions, comprising:
-
instructions for securing a private key in a manner allowing the private key to be extracted from a secured private key utilizing a password;
instructions for storing the secured private key in the key storage system in a manner accessible to the client system;
instructions within the client system responsive to receiving a message encrypted with a public key corresponding to the private key, for retrieving the secured private key from the key storage system via transmission over the communication medium; and
instructions within the client system for extracting the private key from the secured private key utilizing the password; and
instructions within the client for verifying the extracted private key by;
retrieving the public key from key storage;
encrypting a well-known message with the public key;
decrypting the well-known message utilizing the extracted private key; and
comparing the decrypted well-known message to the well-known message. - View Dependent Claims (23)
instructions for prompting a user for entry of a current password and a new password;
instructions, responsive to entry of the current and new passwords, for computing a hashed value of the current password and a hashed value of the new password utilizing a one-way hash function;
instructions for retrieving a secured private key from a key storage system via a communication media, wherein the secured private key can be accessed from the key storage system or communication media by an unauthorized user;
instructions for extracting a private key from the secured private key utilizing the hashed current password value;
instructions for securing the private key utilizing the hashed new password value;
instructions for encrypting the secured private key secured with the hashed new password value utilizing the private key; and
instructions for transmitting the encrypted, secured private key to the key storage.
-
Specification