System and method of hiding cryptographic private keys
First Claim
1. A computer implemented method of hiding a private key comprising the steps of:
- generating a private and public key pair at a single server;
splitting said private key into a first part and a second part;
providing to a single client;
said public key;
said first part of said private key; and
a program configured to decrypt messages;
using said public key and a modulus to encrypt a message into a cipher;
obfuscating said second part of said private key; and
providing said cipher and said obfuscated second part of said private key to said client; and
deciphering said cipher at the client using said first part of said private key and said obfuscated second part of said private key.
3 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to a system and method of hiding cryptographic private keys. While public/private key encryption systems are considered to be secure, the private keys ultimately must be stored in some location—in fact, in some digital commerce systems the private key is sent to the end user as part of an executable file such as an audio player and audio file. Thus, attackers can obtain access to the private key. The broad concept of the invention is to split the private key up into parts which are obfuscated, but still kept in a form that allows the encrypted data to be decrypted. One technique for obfuscating the private key uses modulo arithmetic.
57 Citations
51 Claims
-
1. A computer implemented method of hiding a private key comprising the steps of:
-
generating a private and public key pair at a single server; splitting said private key into a first part and a second part; providing to a single client; said public key; said first part of said private key; and a program configured to decrypt messages; using said public key and a modulus to encrypt a message into a cipher; obfuscating said second part of said private key; and providing said cipher and said obfuscated second part of said private key to said client; and deciphering said cipher at the client using said first part of said private key and said obfuscated second part of said private key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer implemented method that transforms a software application from a first form to a more secure form allowing the blind use of private cryptographic keys wherein said first form includes a single private key, said method comprising the steps of:
-
splitting said private key up into parts; and obfuscating at least one of said parts of said private key; producing said more secure form in which said private key is restructured so that it can be used without being revealed to an observer; said step of splitting comprises the step of;
partitioning said private key by exploiting mathematical properties of said private key;said private key is restructured by obfuscating the parts into which it is partitioned, within a public application. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
-
50. A system for secure communication comprising:
-
a first computer; a second computer; a communication network for interconnecting said first computer with said second computer; said first computer configured to; generate a private and public key pair; split said private key into a first part and a second part; encrypt a message using said public key; transmit to said second computer; said public key; said first part of said private key; and a program configured to decrypt messages; obfuscate said second part of said private key; and transmit said encrypted message and said obfuscated second part of said private key to said second computer; whereby said second computer can decipher said encrypted message using said first part of said private key and said obfuscated second part of said private key.
-
-
51. A computer readable storage memory storing software code that when executed by a processor transforms a software application from a first form to a more secure form by hiding a private key, said code when executed causes the processor to perform the steps of:
-
generating a private and public key pair at a single server; splitting said private key into a first part and a second part; providing to a single client; said public key; said first part of said private key; and a program configured to decrypt messages; using said public key and a modulus to encrypt a message into a cipher; obfuscating said second part of said private key; and providing said cipher and said obfuscated second part of said private key to said client; and deciphering said cipher at the client using said first part of said private key and said obfuscated second part of said private key.
-
Specification