Multiple level public key hierarchy for performance and high security

US 7,929,701 B1
Filed: 01/28/2000
Issued: 04/19/2011
Est. Priority Date: 01/29/1999
Status: Expired due to Fees

First Claim

Patent Images

1. An asymmetric cryptographic processing system using a multiple key hierarchy, the asymmetric cryptographic processing system comprising:

a digital processing device;

a first key for performing asymmetric operations at a first rate in the digital processing device, wherein each operation requires a first cryptographic processing time; and

a second key for performing an asymmetric cryptographic processing operation in the digital processing device to update the first key, wherein the second key is used in cryptographic processing operations for the first key at a second rate that is less often than the first rate and that requires a second cryptographic processing time greater than the first cryptographic processing time.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Multiple public/private key pairs of varying levels of security are used to provide a high level of security while still allowing fast processing of encrypted information. The lower-security level includes keys that are small in length, that are changed relatively often, and that require less or fewer resources to implement their functions. When it is required to change key pairs of low security, a key pair at a higher security level (i.e., longer length keys) than the lower-security level keys is used to transfer the new lower-security public keys to devices using those keys. The higher-security keys can, in turn, be changed at a frequency lower than the lower-security keys. The higher-security keys require a higher level of resources to perform their coding operations. This approach of using keys of escalating levels of security to replace lower-security keys, where the higher-security keys require more resources, are more secure, and are replaced less often than the lower-security keys, can be followed as many times as is desired to create a hierarchy of public key uses with the result that the lower-security operations can be performed quickly while the overall system security is high.

51 Citations

View as Search Results

17 Claims

1. An asymmetric cryptographic processing system using a multiple key hierarchy, the asymmetric cryptographic processing system comprising:
- a digital processing device;
  
  a first key for performing asymmetric operations at a first rate in the digital processing device, wherein each operation requires a first cryptographic processing time; and
  
  a second key for performing an asymmetric cryptographic processing operation in the digital processing device to update the first key, wherein the second key is used in cryptographic processing operations for the first key at a second rate that is less often than the first rate and that requires a second cryptographic processing time greater than the first cryptographic processing time.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The asymmetric cryptographic processing system of claim 1, wherein the system is used to cryptographically process and transfer digital voice data in a network.
  - 3. The asymmetric cryptographic processing system of claim 1, wherein the system is used to cryptographically process and transfer digital audio data in a network.
  - 4. The asymmetric cryptographic processing system of claim 1, wherein the system is used to cryptographically process and transfer digital video data in a network.
  - 5. The asymmetric cryptographic processing system of claim 1, wherein the system is used to cryptographically process and transfer digital data in a network.
  - 6. The asymmetric cryptographic processing system of claim 1, wherein the second key is hard coded into the system at the time of manufacturing the system.
  - 7. The asymmetric cryptographic processing system of claim 6, wherein a plurality of digital cryptographic processing systems are coupled by a telecommunications system, wherein the second key is distributed to two or more of the asymmetric cryptographic processing systems via the telecommunications system.

8. A method for providing secure data transactions in a telecommunications system, wherein digital processing device receives information from the telecommunications system, wherein the digital processing device uses a first asymmetrical cryptographically processed key to perform an asymmetric cryptographic processing operation to decode the information, wherein the cryptographic processing operation is at a first level of complexity requiring a first amount of resources by the processing device, wherein the cryptographic processing operation is performed at a first rate of cryptographic processing operations per unit time, the method comprising:
- transferring a second asymmetrical cryptographically processed key to the digital processing device, wherein the second asymmetrical cryptographically processed key is used in an asymmetric cryptographic processing operation at a second level of complexity requiring a second amount of resources by the processing device that is higher than the first amount of resources;
  
  updating the first asymmetrical cryptographically processed key from time-to-time, wherein the updating of the first asymmetrical cryptographically processed key occurs at a second rate of cryptographic processing operations per unit time that is less than the first rate of cryptographic processing operations per unit time, wherein the updating includes the following substeps;
  
  encoding a substitute first asymmetrical cryptographically processed key with a second key, so that the resulting cryptographically processed substitute first asymmetrical cryptographically processed key is decodable by the second asymmetrical cryptographically processed key; and
  
  transferring the substitute first asymmetrical cryptographically processed key to the digital processing device so that the substitute first asymmetrical cryptographically processed key is used in subsequent cryptographic processing operations by the digital processing device.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, further comprising:
    - transferring a third asymmetrical cryptographically processed key to the digital processing device, wherein the third asymmetrical cryptographically processed key is used in an asymmetric cryptographic processing operation at a third level of complexity requiring a third amount of resources by the processing device that is higher than the second amount of resources;
      
      updating the second asymmetrical cryptographically processed key from time-to-time, wherein the updating of the second asymmetrical cryptographically processed key occurs at a third rate of cryptographic processing operations per unit time that is less than the second rate of cryptographic processing operations per unit time, wherein the updating includes the following substeps;
      
      encoding a substitute second asymmetrical cryptographically processed key with a third asymmetrical cryptographically processed key, so that the resulting cryptographically processed substitute second asymmetrical cryptographically processed key is capable of being cryptographically processed by the third asymmetrical cryptographically processed key; and
      
      transferring the substitute second asymmetrical cryptographically processed key to the digital processing device so that the substitute second asymmetrical cryptographically processed key is used in subsequent cryptographic processing operations by the digital processing device.
  - 10. The method of claim 8, wherein the resources include processing time.
  - 11. The method of claim 8, wherein the resources include transistor density on an integrated circuit.
  - 12. The method of claim 8, wherein the resources include memory capacity.
  - 13. The method of claim 8, wherein the resources include data bandwidth.

14. A method of updating a cryptographic key used for decrypting distributed data, the method comprising:
- in a digital processing device;
  
  generating a first key for decrypting the distributed data at a first rate, the first key of a first length, wherein each decrypting operation requires a first cryptographic processing time;
  
  encrypting the first key with a second key, the second key of a second length, wherein the second length is longer than the first length, further wherein the first key encryption processing operations is at a second rate that is less often than the first rate and that requires a second cryptographic processing time greater than the first cryptographic processing time; and
  
  distributing the encrypted first key, wherein the distributed first key updates the cryptographic key, andwherein the cryptographic key, first key, and second key encrypt and decrypt data using a similar class of algorithm to encrypt and decrypt data.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, further comprising distributing data encrypted with the first key.
  - 16. The method of claim 15, further comprising:
    - generating a third key to replace the first key, the third key of a third length, wherein the third length is shorter than the second length;
      
      encrypting the third key with the second key; and
      
      distributing the encrypted third key.
  - 17. The method of claim 16, further comprising distributing data encrypted with the third key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Sprunk, Eric J., Moroney, Paul
Primary Examiner(s)
Hoffman; Brandon S

Application Number

US10/049,812
Time in Patent Office

4,099 Days
Field of Search

None
US Class Current

380/277
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/606   by securing the transmissio...

G06F 2207/7219   Countermeasures against sid...

G06F 2211/008   Public Key, Asymmetric Key,...

G06F 2221/2129   Authenticate client device ...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0435   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/30   for supporting lawful inter...

H04L 65/1043   Gateway controllers, e.g. m...

H04L 65/1101   Session protocols

H04L 9/3263   involving certificates, e.g...

Y02E 50/10   Biofuels, e.g. bio-diesel

Multiple level public key hierarchy for performance and high security

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Multiple level public key hierarchy for performance and high security

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links