Key replacement in a public key cryptosystem

US 5,761,306 A
Filed: 02/22/1996
Issued: 06/02/1998
Est. Priority Date: 02/22/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method of secure public key replacement in a public key cryptography system, wherein secure messages are transmitted from a first node to a second node over a network presumed to be insecure, the method comprising the steps of:

generating, at the first node, an active key pair comprising an active private key and an active public key, wherein the active key pair is used to secure messages between the first and second nodes according to a public key scheme;

generating, at the first node, a replacement key pair comprising a replacement private key and a replacement public key;

generating at the first node, a mask of the replacement public key;

sending the active public key and the mask of the replacement public key from the first node to the second node over a secure channel;

when the active key pair is to be retired, performing the steps of;

generating, at the first node, the next replacement key pair comprising the next replacement private key and the next replacement public key;

generating, at the first node, the mask of the next replacement public key;

sending a key replacement message including the replacement public key from the first node to the second node over the network; and

verifying, at the second node, the replacement public key; and

thereafter using the replacement key pair as the active key pair, for use in securing messages between the first and second nodes, and thereafter using the next replacement key pair in place of the replacement key pair, which is stored for use in a subsequent key pair retiring step.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Improved key management is provided by a public key replacement apparatus and method for operating over insecure networks. An active public key and the mask of a replacement public key are provided by a key server to nodes where the active key is used to encrypt and verify messages. To replace the active public key with the replacement public key, a key replacement message is sent to the node. The key replacement message contains the replacement public key and contains the mask of the next replacement key. The mask of the replacement public key may be generated by hashing or encrypting. The key replacement message is signed by the active public key and the replacement public key. Nodes are implemented by a computer, a smart card, a stored data card in combination with a publicly accessible node machine, or other apparatus for sending and/or receiving messages. In a particular application, a financial transaction network, nodes are consumer nodes, merchant nodes, or both, and transactions are securely sent over a possible insecure network.

446 Citations

20 Claims

1. A method of secure public key replacement in a public key cryptography system, wherein secure messages are transmitted from a first node to a second node over a network presumed to be insecure, the method comprising the steps of:
- generating, at the first node, an active key pair comprising an active private key and an active public key, wherein the active key pair is used to secure messages between the first and second nodes according to a public key scheme;
  
  generating, at the first node, a replacement key pair comprising a replacement private key and a replacement public key;
  
  generating at the first node, a mask of the replacement public key;
  
  sending the active public key and the mask of the replacement public key from the first node to the second node over a secure channel;
  
  when the active key pair is to be retired, performing the steps of;
  
  generating, at the first node, the next replacement key pair comprising the next replacement private key and the next replacement public key;
  
  generating, at the first node, the mask of the next replacement public key;
  
  sending a key replacement message including the replacement public key from the first node to the second node over the network; and
  
  verifying, at the second node, the replacement public key; and
  
  thereafter using the replacement key pair as the active key pair, for use in securing messages between the first and second nodes, and thereafter using the next replacement key pair in place of the replacement key pair, which is stored for use in a subsequent key pair retiring step.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the process of retiring the active key pair further comprises the steps of:
    - sending, from the first node to the second node, the mask of the next replacement public key; and
      
      sending, from the first node to the second node, digital signatures for providing to the second node that the active private key and the replacement private key were known to the initiator of the process for retiring the active key pair.
  - 3. The method of claim 1, further comprising the step of sending a message from the first node to the second node, wherein the message is digitally signed using either the active private key or the replacement private key or both.
  - 4. The method of claim 1, further comprising the step of sending a message from the second node to the first node, wherein the message is encrypted using either the active public key or the replacement public key or both.
  - 5. The method of claim 1, wherein replacement of the mask of the replacement public key with the mask of the next replacement public key is performed at the second node and is performed synchronously with the replacement of the active private key with the replacement private key and the replacement of the replacement private key with the next replacement private key at the first node.
  - 6. The method of claim 1, wherein the first node is a key server node and the second node is one of a plurality of user nodes.
  - 7. The method of claim 1, wherein the first node is one of a plurality of user nodes and the second node is a key server node.
  - 8. The method of claim 1, wherein the network connects a plurality of nodes to each other, the plurality of nodes comprising a plurality of key server nodes and a plurality of user nodes.
  - 9. The method of claim 1, further comprising the step of repeating the step of retiring a key pair.
  - 10. The method of claim 1 wherein said step of generating the mask of the replacement public key is accomplished by generating a hash of the replacement public key.
  - 11. The method of claim 10 wherein said step of generating a hash of the replacement public key is accomplished by using MD5 hashing algorithm.
  - 12. The method of claim 10 wherein said step of generating a hash of the replacement public key is accomplished by using SHA 1 hashing algorithm.
  - 13. The method of claim 1 wherein said step of generating the mask of the replacement public key is accomplished by encrypting the replacement public key.

14. A method of secure public key replacement in a public key cryptography system, wherein a first node stores an active private key and a second node stores an active public key and a replacement public key, the active public key and the active private key being an active key pair used for public key cryptography and the replacement public key and the replacement private key being a replacement key pair, and wherein the replacement public key is stored as an encrypted replacement public key at the second node, the method comprising the steps of:
- generating, at the first node, a next replacement key pair comprising a next replacement private key and a next replacement public key;
  
  generating, at the first node, a mask of the next replacement public key;
  
  sending the replacement public key from the first node to the second node;
  
  verifying, at the second node, the encrypted replacement public key; and
  
  thereafter using the replacement key pair as the active key pair, for use in securing messages between the first and second nodes, and thereafter using the next replacement key pair in place of the replacement key pair, which is stored for use in the subsequent key pair retiring step.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14, wherein the step of sending the replacement public key from the first node to the second node is performed over a network presumed to be secure.
  - 16. The method of claim 14 wherein the step of generating a mask of the replacement public key is accomplished by generating a hash of the replacement public key.
  - 17. The method of claim 16 wherein said hash is generated using the MD5 hashing algorithm.
  - 18. The method of claim 16 wherein said hash is generated using the SHA 1 algorithm.
  - 19. The method of claim 14 wherein the step of generating the mask of the replacement public key is accomplished by encrypting the replacement public key.

20. A method of secure public key replacement in a public key cryptography system, wherein secure messages are transmitted from a first node to a second node over a network presumed to be insecure, the method comprising the steps of:
- generating, at the first node, an active key pair comprising an active private key and an active public key, wherein the active key pair is used to secure messages between the first and second nodes according to a public key scheme;
  
  generating, at the first node, a replacement key pair comprising a replacement private key and a replacement public key;
  
  sending the active public key and the replacement public key from the first node to the second node over a secure channel;
  
  when the active key pair is to be retired, performing the steps of;
  
  generating, at the first node, a next replacement key pair comprising a next replacement private key and a next replacement public key; and
  
  sending the next replacement public key from the first node to the second node over the network; and
  
  thereafter using the replacement key pair as the active key pair, for use in securing messages between the first and second nodes, and thereafter using the next replacement key pair in place of the replacement key pair, which is stored for use in a subsequent key pair retiring step.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Lewis, Tony
Primary Examiner(s)
Tarcza, Thomas H.
Assistant Examiner(s)
Laufer, Pinchus M.

Application Number

US08/605,427
Time in Patent Office

831 Days
Field of Search

380/21, 380/30, 380/48, 380/49, 380/23, 380/24, 380/25
US Class Current

380/282
CPC Class Codes

G06Q 20/3829   involving key management

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0891   Revocation or update of sec...

Key replacement in a public key cryptosystem

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

446 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Key replacement in a public key cryptosystem

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

446 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others