Method of authentication and storage of private keys in a public key cryptography system (PKCS)

US 6,370,250 B1
Filed: 10/29/1998
Issued: 04/09/2002
Est. Priority Date: 10/29/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method of authentication and storage of private keys within a public key cryptography system, comprising:

securing a private key in a manner allowing the private key to be extracted from a secured private key utilizing a password;

storing the secured private key in the key storage system in a manner accessible to the client system;

responsive to receiving a message encrypted with a public key corresponding to the private key, the client system retrieving the secured private key from the key storage system via transmission over a communication medium;

the client system extracting the private key from the secured private key utilizing the password; and

verifying the extracted private key by the client system performing the steps of;

retrieving the public key from key storage;

encrypting a well-known message with the public key;

decrypting the well-known message utilizing the extracted private key; and

comparing the decrypted well-known message to the well-known message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Private keys for a public key cryptography system are protected within private key storage and communication by the requirement of a password to extract the private key based on a password during decryption. Upon receipt of a message encrypted with the public key, both the public key and the protected private key are retrieved from key storage. Interception of this transaction is useless since the protected private key alone cannot be utilized to decrypt the received message. A user is authenticated by extracting a potential private key from the protected private key utilizing a hashed password value, encrypting a well-known message with the public key, decrypting the encrypted well-known message utilizing the potential private key, and comparing the original and decrypted well-known messages. If they match, the extracted private key is employed to decrypt the received message. Signature values based on the password and/or private key may be employed to change the password or add new public key/private key pairs to the key storage.

79 Citations

View as Search Results

23 Claims

1. A method of authentication and storage of private keys within a public key cryptography system, comprising:
- securing a private key in a manner allowing the private key to be extracted from a secured private key utilizing a password;
  
  storing the secured private key in the key storage system in a manner accessible to the client system;
  
  responsive to receiving a message encrypted with a public key corresponding to the private key, the client system retrieving the secured private key from the key storage system via transmission over a communication medium;
  
  the client system extracting the private key from the secured private key utilizing the password; and
  
  verifying the extracted private key by the client system performing the steps of;
  
  retrieving the public key from key storage;
  
  encrypting a well-known message with the public key;
  
  decrypting the well-known message utilizing the extracted private key; and
  
  comparing the decrypted well-known message to the well-known message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the step of securing a private key in a manner allowing the private key to be extracted from a secured private key utilizing a password further comprises:
3. The method of claim 1, wherein the step of storing the secured private key in key storage accessible to a user further comprises:
- transmitting the secured private key over the communication medium to the key storage system.
4. The method of claim 1, wherein the step of extracting the private key from the secured private key utilizing the password further comprises:
- prompting the user for entry of the password;
  
  responsive to entry of the password, computing a hashed value of the password utilizing a one-way hash function; and
  
  exclusive-ORing the hashed password value with the secured private key to extract the private key.
5. The method of claim 4, further comprising:
- decrypting the message utilizing the extracted private key.
6. The method of claim 1, further comprising:
- prompting a user for entry of a current password and a new password;
  
  responsive to entry of the current and new passwords, computing a hashed value of the current password and a hashed value of the new password utilizing a one-way hash function;
  
  retrieving a secured private key from a key storage system via a communication media, wherein the secured private key can be accessed from the key storage system or communication media by an unauthorized user;
  
  extracting a private key from the secured private key utilizing the hashed current password value;
  
  securing the private key utilizing the hashed new password value;
  
  encrypting the secured private key secured with the hashed new password value utilizing the private key; and
  
  transmitting the encrypted, secured private key to the key storage.
7. The method of claim 6, wherein the step of extracting a private key from the secured private key utilizing the hashed current password value further comprises:
- exclusive-ORing the secured private key with the hashed current password value.
8. The method of claim 6, wherein the step of securing the private key utilizing the hashed new password value further comprises:
- exclusive-ORing the private key with the hashed new password value.
9. The method of claim 6, wherein the step of transmitting the encrypted, secured private key to the key storage further comprises:
- transmitting the secured private key secured with the hashed new password value together with the encrypted, secured private key to the key storage.
10. The method of claim 9, further comprising:
- verifying the secured private key secured with the hashed new password value and the encrypted, secured private key by;
  
  decrypting the encrypted, secured private key utilizing an associated public key; and
  
  comparing the decrypted, secured private key to the secured private key secured with the hashed new password value.

11. A system for authentication and storage of private keys in a public key cryptography system, comprising:
- means for securing a private key in a manner allowing the private key to be extracted from a secured private key utilizing a password;
  
  storage means for storing the secured private key in the key storage system in a manner accessible to the client system;
  
  means within the client system responsive to receiving a message encrypted with a public key corresponding to the private key, for retrieving the secured private key from the key storage system via transmission over the communication medium; and
  
  means within the client system for extracting the private key from the secured private key utilizing the password; and
  
  means within the client for verifying the extracted private key by;
  
  retrieving the public key from key storage;
  
  encrypting a well-known message with the public key;
  
  decrypting the well-known message utilizing the extracted private key; and
  
  comparing the decrypted well-known message to the well-known message.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The system of claim 11, wherein the means for securing a private key in a manner allowing the private key to be extracted from a secured private key utilizing a password further comprises:
13. The system of claim 11, wherein the storage means further comprises:
- means for transmitting the secured private key to key storage.
14. The system of claim 11, wherein the means for extracting the private key from the secured private key utilizing the password further comprises:
- means for prompting the user for entry of the password;
  
  means, responsive to entry of the password, for computing a hashed value of the password utilizing a one-way hash function; and
  
  means for exclusive-ORing the hashed password value with the secured private key to extract the private key.
15. The system of claim 14, further comprising:
- means for decrypting the message utilizing the extracted private key.
16. The system of claim 15, further comprising:
- means for verifying the extracted private key by;
  
  retrieving the public key from key storage;
  
  encrypting a well-known message with the public key;
  
  decrypting the well-known message utilizing the extract private key; and
  
  comparing the decrypted well-known message to the well-known message.
17. The system of claim 15, further comprising:
- means for prompting a user for entry of a current password and a new password;
  
  means, responsive to entry of the current and new passwords, for computing a hashed value of the current password and a hashed value of the new password utilizing a one-way hash function;
  
  means for retrieving a secured private key from a key storage system via a communication media, wherein the secured private key can be accessed from the key storage system or communication media by an unauthorized user;
  
  means for extracting a private key from the secured private key utilizing the hashed current password value;
  
  means for securing the private key utilizing the hashed new password value;
  
  means for encrypting the secured private key secured with the hashed new password value utilizing the private key; and
  
  means for transmitting the encrypted, secured private key to the key storage.
18. The system of claim 17, wherein the means for extracting a private key from the secured private key utilizing the hashed current password value further comprises:
- means for exclusive-ORing the secured private key with the hashed current password value.
19. The system of claim 17, wherein the means for securing the private key utilizing the hashed new password value further comprises:
- means for exclusive-ORing the private key with the hashed new password value.
20. The system of claim 17, wherein the means for transmitting the encrypted, secured private key to the key storage further comprises:
- means for transmitting the secured private key secured with the hashed new password value together with the encrypted, secured private key to the key storage.
21. The system of claim 20, further comprising:
- means for verifying the secured private key secured with the hashed new password value and the encrypted, secured private key by;
  
  decrypting the encrypted, secured private key utilizing an associated public key; and
  
  comparing the decrypted, secured private key to the secured private key secured with the hashed new password value.

22. A computer program product within a computer usable medium of instructions, comprising:
- instructions for securing a private key in a manner allowing the private key to be extracted from a secured private key utilizing a password;
  
  instructions for storing the secured private key in the key storage system in a manner accessible to the client system;
  
  instructions within the client system responsive to receiving a message encrypted with a public key corresponding to the private key, for retrieving the secured private key from the key storage system via transmission over the communication medium; and
  
  instructions within the client system for extracting the private key from the secured private key utilizing the password; and
  
  instructions within the client for verifying the extracted private key by;
  
  retrieving the public key from key storage;
  
  encrypting a well-known message with the public key;
  
  decrypting the well-known message utilizing the extracted private key; and
  
  comparing the decrypted well-known message to the well-known message.
- View Dependent Claims (23)
- - 23. A computer program product according to claim 22, further comprising:

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Stein, Kyle P.
Primary Examiner(s)
Chung, Phung M.
Assistant Examiner(s)
KABAKOFF, STEPHEN ERIC

Application Number

US09/182,302
Time in Patent Office

1,258 Days
Field of Search

380/281, 380/282, 380/284, 380/286, 380/277, 713/165, 713/194, 713/171
US Class Current

380/281
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

Method of authentication and storage of private keys in a public key cryptography system (PKCS)

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

79 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method of authentication and storage of private keys in a public key cryptography system (PKCS)

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links