Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography
First Claim
1. A method for securing communications over a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion, said method for securing communications between at least a first and second of said plurality of users comprising the steps of:
- generating, for the first user, a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion;
encrypting said second temporary key portion with the first private key portion of a first user crypto-key associated with the first user to form a first encrypted message;
obtaining, for a third user, the second temporary key portion by applying the second private key portion of the first user crypto-key to the first encrypted message, thereby authenticating the first user to a third user;
further encrypting the first encrypted message with the second private key portion of the first user crypto-key to form a second encrypted message; and
obtaining, for the first user, the second temporary key portion by applying the public key portion of the first user crypto-key to decrypt the second encrypted message and thereby authenticating the third user to the first user.
3 Assignments
0 Petitions
Accused Products
Abstract
In a system, such as a system utilizing a Kerberos protocol, system users each have an associated asymmetric crypto-key. The security of communications over the system is enhanced by a first user generating a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion. The second temporary key portion is encrypted by the first user with the first private key portion of the first user crypto-key to form a first encrypted message. Another user, preferably an authentication server, applies the second private key portion and the public key portion of the first user crypto-key to the first encrypted message to decrypt the second temporary key portion and thereby authenticate the first user to the security server. The authentication server then encrypts the first encrypted message with the second private key portion of the first user crypto-key to form a second encrypted message. The first user next applies the public key portion of the first user crypto-key to decrypt the second encrypted message and obtain the second temporary key portion, thereby authenticating the security server to the first user.
608 Citations
37 Claims
-
1. A method for securing communications over a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion, said method for securing communications between at least a first and second of said plurality of users comprising the steps of:
-
generating, for the first user, a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion; encrypting said second temporary key portion with the first private key portion of a first user crypto-key associated with the first user to form a first encrypted message; obtaining, for a third user, the second temporary key portion by applying the second private key portion of the first user crypto-key to the first encrypted message, thereby authenticating the first user to a third user; further encrypting the first encrypted message with the second private key portion of the first user crypto-key to form a second encrypted message; and obtaining, for the first user, the second temporary key portion by applying the public key portion of the first user crypto-key to decrypt the second encrypted message and thereby authenticating the third user to the first user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for jointly signing communications over a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion, said method for a first and second of said plurality of users jointly signing communications comprising the steps of:
-
generating, for the first user, a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion; encrypting said second temporary key portion with the first private key portion of a first user crypto-key associated with the first user to form a first encrypted message; encrypting a hash message with the first private key portion of the first user crypto-key to form a second encrypted message, thereby placing a signature of the first user on the hash message; encrypting said second encrypted message with said first temporary key portion to form a third encrypted message; obtaining, for the second user, the second temporary key portion by applying the second private key portion of the first user crypto-key to the first encrypted message, thereby authenticating the first user to the second user; obtaining, for the second user, the second encrypted message by applying said second temporary key portion to the third encrypted message; encrypting said second encrypted message with the second private key portion of the first user crypto-key to form a fourth encrypted message, thereby placing a signature of the second user on the hash message; and obtaining the hash message by applying the public key portion of the first user crypto-key to the fourth encrypted message, thereby verifying the joint signatures of the first and second users on the hash message. - View Dependent Claims (16, 17, 18)
-
-
19. A secure communications system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion, said system comprising:
-
a database having each said second private key portion stored therein; a first processor connected to a communications network for (i) generating a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion, (ii) encrypting said second temporary key portion with the first private key portion of a first user crypto-key associated with a first user to form a first encrypted message, and (iii) transmitting said first encrypted message over the communications network; and a second processor connected to the database and to the communications network for (i) retrieving the second private key portion of the first user crypto-key from the database (ii) obtaining the second temporary key portion by applying the second private key portion of the first user crypto-key to the first encrypted message, thereby authenticating the first user, (iii) encrypting the first encrypted message with the second private key portion of the first user crypto-key to form a second encrypted message, and (iv) transmitting the second encrypted message over the communications network; wherein the first processor obtains the second temporary key portion by applying the public key portion of the first user crypto-key to decrypt the second encrypted message and thereby authenticates a second user. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A method for authenticating users of a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a third party, said method for authenticating users comprising the steps of:
-
a first user encrypting a first message with the first private key portion of a first user crypto-key associated with the first user to form a first encrypted message; the third party obtaining the first message by applying the second private key portion of the first user crypto-key to the first encrypted message, thereby authenticating the first user to the third party; the third party encrypting the first encrypted message with the second private key portion of the first user crypto-key to form a second encrypted message; and the first user, obtaining the first message by applying the public key portion of the first user crypto-key to decrypt the second encrypted message and thereby authenticating the third party to the first user. - View Dependent Claims (25)
-
-
26. A method for authenticating users of a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a third party, said method for authenticating users comprising the steps of:
-
a first user encrypting a first message with the first private key portion of a first user crypto-key associated with the first user to form a first encrypted message; the third party encrypting the first encrypted message with the second private key portion of the first user crypto-key to form a second encrypted message; and a second user obtaining the first message by applying the public key portion of the first user crypto-key to decrypt the second encrypted message and thereby authenticating the first user to the second user. - View Dependent Claims (27, 28)
-
-
29. A method for authenticating users of a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a third party, said method for authenticating users comprising the steps of:
-
the third party encrypting a first message with the second private key portion of a first user crypto-key associated with the first user to form a first encrypted message; a first user encrypting the first encrypted message with the first private key portion of the first user crypto-key to form a second encrypted message; a second user, obtaining the first message by applying the public key portion of the first user crypto-key to decrypt the second encrypted message and thereby authenticating the first user to the second user. - View Dependent Claims (30, 31)
-
-
32. A method for securing communications over a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a third party, said method for securing communications between at least a first and second of said plurality of users comprising the steps of:
-
generating a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion; the first user encrypting said second temporary key portion with the first private key portion of a first user crypto-key associated with the first user to form a first encrypted message; the third party encrypting the first encrypted message with the second private key portion of the first user crypto-key to form a second encrypted message; the second user obtaining said second temporary key portion by applying the public key portion of the first user crypto-key; and encrypting a communication between the first user and the second user with one of either said first temporary key portion or said second temporary key portion and decrypting said encrypted communication with the other of either said first temporary key portion or said second temporary key portion. - View Dependent Claims (33)
-
-
34. A method for securing communications over a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a third party, said method for securing communications between at least a first and second of said plurality of users comprising the steps of:
-
generating a temporary asymmetric crypto-key having a first temporary key portion and an associated second temporary key portion; the third party encrypting a symmetric session crypto-key with the second private key portion of a first user crypto-key associated with a first user to form a first encrypted message; the third party encrypting the symmetric session crypto-key with the second temporary key portion to form a second encrypted message, obtaining, for a second user, the symmetric session crypto-key by applying the first temporary key portion to decrypt the second encrypted message; encrypting the first encrypted message with the first temporary key portion to form a third encrypted message; obtaining, for the first user, the symmetric session crypto-key by applying the second temporary key portion and the first private key portion of the first user crypto-key to decrypt the third encrypted message; and encrypting a communication between the first user and the second user with said symmetric session crypto-key. - View Dependent Claims (35)
-
-
36. A method for securing communications over a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a third party, said method for securing communications between at least a first and second of said plurality of users comprising the steps of:
-
generating a temporary asymmetric crypto-key having a first temporary key portion and, an associated second temporary key portion; the third party encrypting a first symmetric session key with the second private key portion of a first user crypto-key associated with a first user to form a first encrypted message; the third party encrypting the first symmetric session key with a second symmetric session key to form a second encrypted message; obtaining, for a second user, the first symmetric session key by applying the second symmetric session key to the second encrypted message; the second user encrypting the first encrypted message with the first temporary key portion to form a third encrypted message;
obtaining, for the first user, the second symmetric session crypro-key by applying the second temporary key portion and the first private key portion of the first user crypto-key to the third encrypted message; andencrypting a communication between the first user and the second user with said second symmetric session crypto-key. - View Dependent Claims (37)
-
Specification