+

WO1999009700A1 - Systeme et procede de transfert fiable de cles - Google Patents

Systeme et procede de transfert fiable de cles Download PDF

Info

Publication number
WO1999009700A1
WO1999009700A1 PCT/IL1998/000381 IL9800381W WO9909700A1 WO 1999009700 A1 WO1999009700 A1 WO 1999009700A1 IL 9800381 W IL9800381 W IL 9800381W WO 9909700 A1 WO9909700 A1 WO 9909700A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
center
users
keys
new
Prior art date
Application number
PCT/IL1998/000381
Other languages
English (en)
Inventor
Mordhai Barkan
Original Assignee
Mordhai Barkan
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mordhai Barkan filed Critical Mordhai Barkan
Priority to EP98937753A priority Critical patent/EP0992139A1/fr
Priority to AU86449/98A priority patent/AU8644998A/en
Priority to CA002306505A priority patent/CA2306505C/fr
Publication of WO1999009700A1 publication Critical patent/WO1999009700A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Definitions

  • the invention concerns systems for reliable transfer of the encryption key and, in particular, to such systems which include means for recovery in case the private key of the center is compromised.
  • Secure communications involve the use of encryption, usually with a pair of public/private key.
  • private key and “secret key” are used interchangeably, and are assumed to have the same meaning.
  • Another field involving secu'e communications is between a center and users, for example between a software manufacturer and its customers.
  • the manufacturer may access the customers to send an update to a software package sold to that user, or a fix for a bug.
  • a malicious impostor may use the system to disseminate viruses, for example.
  • the authentication of the manufacturer and the reliability of the link may be based on a public/private key system .
  • the private key of the center was compromised, then it must be changed. This is required to achieve secure communications with users. It may be advantageous to change the center's private key on a regular basis, for example each year. This makes it more difficult to break that key and, in case the key is compromised, to limit the damage done.
  • An impostor may issue false certificates or otherwise act in ways detrimental to the center and/or the users.
  • the center cannot assert both that its key is compromised (therefore the center cannot be trusted anymore) and at the same time ask users to accept its new key, (thus asking users to trust the center, despite its compromised key) .
  • a method for encryption key dissemination to achieve a secure link between users at separate locations was disclosed in another application by the present inventor.
  • the method is based on certificates issued by encryption key dissemination centers, with the centers being organized in a hierarchical, tree-like structure. Whereas the method supports encryption key dissemination between users who use the same hierarchical structure or tree, the method cannot be used between two users who each uses a different tree.
  • each group having its distinct hierarchy for certificate issuing centers, it may be desirable to have the capability to combine two tree structures into one, that is to allow the users of two separate trees to exchange certificates with each other. This would require a drastic change in the keys of the centers, which is difficult to implement.
  • the object is basically accomplished by providing means, located in the center and in the users' facilities, for secure dissemination of a new center's public key.
  • a first private key is stored in the center, with its corresponding public keys being stored in the center and also disseminated to all users.
  • the second and third private keys may be stored in a secure location related to the center, with their corresponding public keys being stored in the center and also with the users. Otherwise, all the keys may be stored in the center.
  • the object is basically achieved with a method using a plurality of encryption key pairs.
  • a first public/private key pair is used for daily activities, that is for communication between users and the center, and between users and themselves.
  • a second and a third key pairs are used to allow a secure replacement of any of the keys of the center. It is also possible to use these keys in lieu of the first key for data encryption.
  • a further object of the invention is to allow for effective and secure dissemination of a new center's key.
  • the object is achieved with a method for the dissemination of a new center's key, wherein the center issues "certificates” or “announcements” disclosing the new public key, and uses the second and third private keys to attest as to the authenticity of these "certificates” or “announcements” .
  • Each user employs a majority check, that is a verification that the new key announcement is correctly attested by two known keys (the second and third key). Where there is a doubt regarding which key was changed, a majority check can clearly indicate that. For a majority check, a minimum of three key pairs should be used. If more than three key pairs are used, their number should be preferably odd.
  • the announcement includes a declaration of each of the three keys, each backed by the other keys, that is a total of 6 announcements. This comprises the first stags of new key dissemination, including communications between the center and certain users. Another object of the invenvion is to reduce the workload on the center which is required to send a message to each and every user in the system.
  • the object is achieved using a two-stage method, wherein during a first stage the center sends messages to part of the users, and a second stage wherein the message is communicated between users.
  • this second stage which includes communications between users and themselves, as each user with an updated certificate communicates with an user still holding the old certificate, the information relating to the new key of the center is transferred from the first user to the latter.
  • the method for a new key dissemination includes the three key pairs and adequate procedures in the center and at users' facilities, to enable automatic dissemination of me new key, supporting both the first and second stage of new a key.
  • a secure, fast, efficient and easy dissemination of a new key is accomplished. User's intervention is not required.
  • the abovementioned system and method accomplish the secure dissemination of a new key for center, ano thus achieve the recovery from the situation where the center's private key was compromised.
  • a method for encryption key dissemination is based on certificates issued by encryption key dissemination centers, with the centers being organized in a hierarchical, tree-like structure.
  • a multiple-key method is disclosed that allows two separate trees to be combined into one structure to achieve overall certificate compatibility among users pertaining to the two separate trees.
  • Fig. 1 details the structure of a system including means for secure dissemination of new key.
  • Fig. 2 illustrates the structure of an user certificate with new key announcement attached thereto.
  • Fig. 3 details the possible types of transactions between users, during the new key dissemination stage.
  • Fig. 1 details the structure of a system including means for secure dissemination of new key. including a center 2, the backup facility 3, and a plurality of users 4.
  • the system and method in the present invention use as a component therein a public key encryption method as known in the art.
  • the public key method is based on an encryption key oair including a public key and a corresponding private (secret) key. Messages encrypted with the known public key can be decrypted with the secret key.
  • the user X may be a user in the system or the key distribution center 2.
  • Center 2 normally uses a k y pair comprising a secret key 22 and a corresponding public key 2 1 . All the users in the system know the center's public key 21 and can send encrypted messages to center 2, with the messages being encrypted with public key 21 . Only center 2 can decrypt these messages, however, since only center 2 holds the secret key 22 corresponding to public key 21 .
  • center 2 can senci to users messages encrypted with the secret key 22. This serves as a center's signature or authentication of the message, since any user can decrypt the message with the center's public key 21 , however any user is aware that only center 2 could encrypt the message with their private key 22 so that it can be decrypted with key 21 .
  • more than three keys may be used, in which case an odd number of keys should be used to allow a clear majority decision.
  • the following disclosure refers to a three key pair system, it is understood that the method and system in the present disclosure can be adapted for a larger number 0 f key pairs, without departing from the scope and spirit of the present invention.
  • the actual number of key pairs used may be decided by each organization, according to the desired level of safety/security, that is the number of keys it is expected may be simultaneously compromised. For example, if it is estimated that just a single Key will be compromised, then three key pairs are enough. The other two keys are used in a majority vote to indicate a change in that key. If it is estimated that two keys may be compromised simultaneously, then a system with five key pairs should be used, so that the uncompromised three keys still will achieve a majority vote to allow the update of the two keys to be updated.
  • An advantage of the anove method is its flexibility, which allows to achieve any desired level of security.
  • Link 53 may be fixed or temporary, only to be established when necessary. For example, a telephone or wireless link is established when it is required to read a key from backup facility 3.
  • a storage means for the keys may be manually brought to the center 2, for example a diskette or a CD-ROM.
  • the backup facility 3 is optional. In another embodiment of the invention, all the keys are stored in center 2, using appropriate means to protect the private keys 22, 24 and 26.
  • Such protection means may include, for example, a storage means for the keys like a diskette or a CD-ROM. These storage means may be kept in a safe at center 2, to be safe and available when needed.
  • the novel system and method assumes that, although one private key may be compromised, the other private keys are secure and can be used for center recovery, as detailed below.
  • the center link 52 between center 2 and users 4, is used to issue certificates to users, as well as for the direct dissemination of a new key from center 2.
  • the users link 54 between users and themselves, is used for encrypted communications as well as for the exchange of certificates between users 4.
  • the abovementioned links 52, 53, 54 may include digital communication links as known in the art, including but not limited to telephone lines, the Internet, local area nets, wireless links or a combination thereof.
  • All the keys used in the system may be stored at a backup facility 3: the first public key 21 , first secret key 22, second public key 23 and third public key 25 are identical to the corresponding keys at center 2.
  • the second secret key 24 and the third secret key 26 are used for the dissemination of a new key, when a new key pair is generated at center 2. It is also possible to use second and third private keys 24, 26 to sign or encrypt messages or certificate, as decided by the system operator. The keys may be used interchangeably, if it was decided to do so.
  • the keys stored at each user's facility 4 include:
  • a second public key 23 and third public key 25, are used for receiving a new key from center 2.
  • each of the keys 21 , 23 or 25 at the user's facility can be updated according to the present invention, based on the other two keys.
  • the user receives an announcement regarding a change in one of the keys 21 , 23, 25 , signed by the other two keys. This is a solid base to accept the new key announcement and update the storage accordingly.
  • Other embodiments include a different number of key pairs, preferably an odd number.
  • An odd number is useful to reach a correct decision when more than one key is compromised or changed, or some of the data becomes corrupted.
  • the decision threshold is INT((N-1)/2).
  • Center 2 further includes means 291 (Key Pair Setting Means KPSM) for setting up a new key pair a 1 : the center 2.
  • Means 29 may include means for generating a new key pair, or means for receiving a new key pair from another location, using secure communication means. In any case, the new key pair thus set up will comprise a new private key and a new public key for the center 2.
  • Center 2 includes means 292 for preparing an announcement of a new public key for center 2, the Announcement Preparation Means (APM).
  • the announcement includes one or more copies of a message disclosing the new public key.
  • the number of copies of the message equals the number of additional key pairs for reliable key dissemination, and each copy of the message is encrypted or signed with the private key of one or more of the additional key pairs.
  • center 2 includes communication means 293 (CM) for transferring the announcements to users 4 in the system.
  • the announcement may include the new public key together with additional optional information as detailed in the present disclosure.
  • KPSM Key Pair Setting Means 291
  • center 2 creates a new key pair for the key to be changed. For example, if the first key is to be changed, then the new key pair would include a new public key PK1 ' and a new private (secret) key SK1 ' . Otherwise, a key pair may be independently generated and sent to the center;
  • the new key pair (PK1 ' SK1 ') is optionally stored at the backup facility 3;
  • the Announcement Preparation Means (APM) 292 at center 2 is activated to prepare an announcement or message announcing that the first public key was changed, and the new value for the first public key PK1 '.
  • the message includes an indication as to which key pair was changed, and the new valurj of the public key for that key pair;
  • each secure message is prepared by a procedure of encryption or a digital signature of said message with one of the secret keys SK2, SK3 pertaining to said key pairs in the center.
  • a secure message is prepared, where the message prepared in step (C) is encrypted with each of the secret keys SK2, SK3, to create two versions of the message.
  • the message may be left unchanged, and made secure with digital signatures which are prepared and added to the message.
  • Each signature includes a hash of the message, encrypted with one of the private keys;
  • the second and third key pairs are used to allow a secure replacement of the first key pair at the center. Accordingly, any two keys can be used to perform a change in the third key.
  • the center 2 issues "announcements” disclosing the new public key, and uses the private keys to attest as to the authenticity of these "announcements” .
  • Each user 4 employs a majority check, that is a verification that the new key announcement is correctly attested by two of the known keys of center 2.
  • the three key system and method allow to securely transfer the information regarding an encryption key change to users 4.
  • a multiple key change method allows to securely transfer the information regarding an encryption key change to users 4.
  • the present invention is not limited to the change of just one key pair at a time; several key pairs may be changed simultaneously
  • the method may be used when all the keys are believed secure, and there are other reasons to perform that key update.
  • the method comprises the following steps
  • KPSM Key Pair Setting Means 291 at center 2 is activated to set up a plurality of new key pairs
  • center 2 creates new key pairs for the keys to be chanped
  • three key pairs are generated in a three key system to simultaneously replace all the keys there
  • the Announcement Preparation Means (APM) 292 at center 2 is activated to prepare an announceme it or message announcing that the public keys were changed, and the new value for the public keys PK1 ' , PK2 etc.
  • the message includes an indication as to which key pairs were changed, and the new value of the public keys for each key pair
  • a message may include a list of all the public keys after the changes performed.
  • step (C) a plurality of secure messages are prepared from the message prepared in step (C) , where;n each secure message is prepared by a procedure of encryption or a digital signature of said message with one of the secret keys SK1 , SK2, SK3 etc. pertaining to said key pairs in the center.
  • An encryption with the old secret keys is performed, that is using the keys as used before step (A) above, the keys known to users in the system.
  • step (D) the message is not encrypted, but signed with the private keys of center 2.
  • a digital signature includes the computation of a hash, or a group of bytes from the message. That hash is then encrypted with the private key as desired, and attached to the message. Thus, anyone can read the message, and can later, if necessary, verify its reliability by computing hash and comparing with the signature, after the signature is decrypted using the public key.
  • the message prepared in step (D) in Method 1 includes:
  • items 4, 5 and 6 may include each the items (1 +2+3) above, encrypted with the appropri ⁇ te private key.
  • the above message forms a certificate indicating the updated public keys of center 2, to be disseminated to users.
  • a user upon receiving the above certificate, decrypts with each of the known public keys of center 2, to verify the signatures for the message.
  • Each message or hash that compares OK is tagged as such. If the number of signatures that are OK exceeds a threshold (2 out of 3, for example), then the message in the DCtificate is accepted by the user as valid, and the keys therein are used to indicate the updated keys for center 2.
  • the three key system and method can be used to reliably notify the users in the system that the center encryption key was changed, so that a certificate update may be necessary.
  • Such a notification may be impossible to send in prior art systems, where the compromise of the center's key is considered a complete disaster. After such a disaster the center cannot be trusted anymore, so its notices may not be accepted by users. Moreover, in existing systems the center should contact each and every user to try to notify them, a very difficult task in a worldwide network with millions of users.
  • the present invention provides secure means for communicating between a key distribution center and users in the system, even when a center's key becomes compromised.
  • These secure communication means may be advantageously used to disseminate a new key to users and to allow the update of user's certificates.
  • step (D) there are created six messages, which include statements regarding all the public keys of center 2, each endorsed with the private keys of the other pairs.
  • the messages in the announcement are (for a three key embodiment):
  • Message #1 includes information identifying the center 2, with the public key #1 , all encrypted with the secret key #2.
  • Message #2 includes information identifying the center 2, with the public key #1 , all encrypted with the secret key #3.
  • the same method is applied on a circularly cyclic order, to the other keys.
  • An announcement from center 2 may include either information on the key which was changed, or a declaration as to the valid keys at the center at present. In the former case, the users change the key accordingly. In the latter case, the users compare the key values at center with the keys at the user facility, and update what is necessary.
  • the messages may include a signature with the corresponding keys, in lieu of the encryption, as follows:
  • Message #1 includes the Center identification and the public key #1 without encryption, and also a digital signature comprising a hash of the above message, with the hash being encrypted with the private key #2.
  • message #2 includes the Center identification and the public key #1 without encryption, and also a digital signature comprising a hash of the above message, with the hash being encrypted with the private key #3.
  • the public key #1 is attested to with the other two keys at the center.
  • the Messages #3 to #6 are used to attest for the public keys #2 and #3, each with the remaining two keys.
  • only two announcements are included, with signatures using each of the unchanged keys:
  • Message #1 Center ID, Pu1 , Sk2 (Hash ( Center ID, Pu1 )), Sk3 (Hash ( Center ID, Pu1))
  • signatures allows a faster, more efficient of the message at the user's facility.
  • the keys information is evaluated, to check whether a key was changed. If not, there is no need for further processing. If the announcement indicates that a key was changed, then the signature is processed (decrypted) to ensure the announcement is legitimate.
  • each announcement of a key change may include the issue date or a serial number.
  • Each user when receiving more than one announcement of a key change from center, will arrange these announcements in their order of issuance and will perfoirn the key change in the required order.
  • the above method allows to securely convey information regarding a new key to users, however a large effort on the part of center 2 is required, since center 2 has to contact all the users of that system.
  • a typical system may include millions of users, widely dispersed, possibly on a worldwide scale. Thus, direct key transfer from center 2 to each and every user 4 may be difficult.
  • Fig. 2 illustrates a new, two-stage method, wherein a new type of user certificate is used.
  • the certificate or announcement 7 includes three copies of a message regarding the key which was changed, each message being signed or encrypted with one of the private keys of the center:
  • a certificate in another embodiment, includes statements regarding each of the public keys at the center 2, where for each key the statement is signed with the private key of the other pairs. For three key pairs, there would be 6 copies of the message, as detailed above.
  • the certificate may be distributed as a routine, all the time, or following a key change at the center.
  • the center 2 issues certificates 6 with new key announcement 7 attached thereto.
  • Center 2 issues the above announcements regarding the new key pair to only part of the users 4, preferably a small part of all the users' population.
  • the above is the first stage of a new key dissemination method.
  • the second stage involves direct communications between users 4, wherein the new center key is transferred between users and themselves. Since the number of direct transactions between users is so much larger than the number of transactions with the center, the second stage will accomplish the bulk of the new key dissemination workload, without requiring center's intervention. Thus, there is no danger that the center may collapse or be overworked during the new key distribution.
  • A. Prepare message includ i ng: the new public key J, an indication that a key was changed and as to which of the N key pairs was changed (that is, key J) and optional additional information;
  • B. compose the announcement, to include N copies of the message in step (A) above, wherein N is the number of key pairs, each copy including the above message, encrypted with one of the private key of the N key pairs.
  • the contents of the message is interpreted and acted on, that is the recipient accepts a new tentative value for the new public key J;
  • recipient now tries again to decrypt copy J of the announcement (the copy which did not decrypt because the old key J was used) , this time using the new tentative public key J as received;
  • the method allows for periodical change of all keys, for example on a rotary basis. This preserves the security of the system, since a small effort at prevention may greatly increase the difficulty of breaking the key of the center.
  • any numbers of keys can be used, preferably an odd number. Then any of the keys can be changed anytime at center's discretion, using an announcement signed by the other keys.
  • the announcement includes several copies of the key change message, each signed (encrypted with the private key) of one of the other key pairs. A user/recipient will decrypt these messages, and will compare them . If N out of M messages tally up (are identical) with M the total messages and N a predefined threshold, for example M/2, then the request for key change will be hone red, otherwise the request will be rejected.
  • the abovedetailed methods enable automatic dissemination of the new key, supporting boih the first and second stage of new a key.
  • a secure, fast, efficient and easy dissemination of a new key is accomplished. User's intervention is not required.
  • the novel methods in the present invention can be used to perform a recovery from a situation where the center's private key was compromised.
  • the above system and method allow the center's key to be changed anytime there is doubt regarding the security of the key, or as a routine precautionary method, at predefined time intervals or as decided.
  • a flexible and pov/erful private key protection scheme is implemented using the system and method in the present disclosure.
  • a method for encryption key dissemination is based on certificates issued by encryption key dissemination centers, with the centers being organized in a hierarchical, tree-like structure.
  • a multiple-key method is disclosed that allows two separate trees to be combined into one structure to achieve overall certificate compatibility among users pertaining to the two separate trees.
  • the center of a first tree is updated to be compatible with the center of a second tree.
  • the method comprises the following steps:
  • Both certificate issuing hierarchies or trees have a multiple-key structure as detailed above For example, each key issuing center has three key pairs. The users in each tree know the public keys for all the key pairs there.
  • the keys in the highest level center of the first tree are changed, to the values of the corresponding keys in the center of the second tree.
  • the first public key PKA1 is changed to the value of the first key PKB1 in the other tree
  • the second public key PKA2 is changed to the value of PKB2
  • PKA3 is changed to PKB3.
  • the change may be implemented as detailed above, in the method for simultaneous change of several keys.
  • the highest level center in the first tree issues certificates to the centers one level lower in the hierarchy, including the information relating to the new keys.
  • the above method may be advantageously used when two firms or networks unite and there is a need to achieve compatibility and interoperability among all the users of the two original firms or networks.
  • the two highest level centers in the two trees are replaced with a third center which is to replace the two centers in the united tree.
  • the new center is issued several new key pairs, which are to be used throughout the new united tree.
  • the centers in the next level are issued certificates indicating the new public keys of the new center. The result is that the new center effectively replaces the two existing centers, and the common center unites the two trees into one combined structure.
  • Fig. 3 details the possible types of transactions between users, during the second stage of the new key dissemination process.
  • the diffusion of the new key informatiori among users is mainly random, as users contact each other for their own purposes to perform desired transactions therebetween, without a prior knowledge of the most up-to-date information regarding the keys at center 2.
  • Part of the initial transaction between users is an exchange of certificates from center 2, that is certificates including key update information as prepared in Step (D) of Method 1 above.
  • the exchange between users results in a transfer of the information regarding the new key for center 2, as detailed below.
  • Each user may be initiated, that is having the new key of the center, cr uninitiated, that is having the old key.
  • the following corresponding method details an example of handling the initiation stage of the communication session to allow dissemination of the new center's key.
  • the users perform a communication session, without being aware that the key may be compromised and is in the stage of being replaced. End of method.
  • Respondent reads the announcement attached to certificate from caller, decrypts the first part of the message therein using PK2, and also decrypts the second part of the message using PK3. If the messages are identical, then new key PK1 ' is accepted as true, and the records at respondent are updated accordingly. Continue (jump to) either step (D) or (E) below, since there are two possible continuations of the method;
  • This step may be used if caller and respondent consider this not a high security session.
  • the certificate may not be updated because the key was changed.
  • Respondent connects center, using new public key PK1 ' , and asks for new certificate, encrypted with new private key SK1 ' .
  • Center sends the certificate, together with announcement attached;
  • Respondent connects the previous caller, can identify itself with new certificate and perform secure session, Type 4 as detailed below.
  • Respondent cannot decrypt the certificate with the new center's key PK1 ' .
  • Respondent recognizes the certificate uses the old key, and notifies the caller accordingly.
  • Respondent sends its new certificate, with the announcement regarding the new center's key.
  • Caller reads the announcement attached to certificate from respondent, decrypts the first part of the message therein using PK2, and also decrypts the second part of the message using PK3.
  • step (D) or (E) below since there are two possible continuations of the method: D. Caller continues present transaction using new key for center. It decrypts certificate from respondent, answers, establishes link. END.
  • This step may be used if caller and respondent consider this not a high security session, or:
  • Respondent decrypts the certificate with the new center's key PK1 ' . Respondent recognizes and accepts the certificate thus presented;
  • Respondent sends its own new certificate, to establish their identity. Thus respondent identifies itself in return, and a secure link is established. No key update is necessary at either party; both have the new key, which was acquired independently by each party;
  • each announcement relates to one public key, signed or encrypted with the private of the second key.
  • Three keys allow the user to decide which statement to believe, based on a majority vote method - if two announcements present the same key, then they are true.
  • Other embodiments may include a larger number of key pairs, that is 4, 5 or more. Preferably an odd number of key pairs should be used, so that a majority vote will always render a definite value.
  • Any key at center may be cnanged as often as desired.
  • An announcement is sent to user, where two keys attest for the correctness of the third.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Input From Keyboards Or The Like (AREA)

Abstract

Un système de transfert fiable de la clé du centre à des utilisateurs comprend: (A) un système de transfert sécurisé de clés de cryptage entre des tiers (2, 4, 4, 4) se trouvant en des endroits séparés; (B) un dispositif dans le centre destiné à protéger les transactions à l'aide d'un procédé (21) de cryptage à clé publique; (C) un dispositif de dissémination fiable de clés, comprenant une ou plusieurs paires de clés supplémentaires au niveau du centre (23, 25); (D) un dispositif destiné à générer ou à recevoir une nouvelle paire (291) de clés; (E) un dispositif destiné à préparer des annonces concernant une nouvelle clé publique pour une des paires (292) de clés. Un procédé de transfert fiable de la clé du centre à des utilisateurs comprend les étapes: (A) le centre créé une nouvelle paire (291) de clés; (B) un message est préparé au niveau du centre (292); (C) une pluralité de messages sécurisés sont préparés à partir du message préparé à l'étape (B); (D) les messages sécurisés sont collectés dans une annonce, laquelle est transmise aux utilisateurs.
PCT/IL1998/000381 1997-08-14 1998-08-13 Systeme et procede de transfert fiable de cles WO1999009700A1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP98937753A EP0992139A1 (fr) 1997-08-14 1998-08-13 Systeme et procede de transfert fiable de cles
AU86449/98A AU8644998A (en) 1997-08-14 1998-08-13 System and method for reliable key transfer
CA002306505A CA2306505C (fr) 1997-08-14 1998-08-13 Systeme et procede de transfert fiable de cles

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IL12155197A IL121551A (en) 1997-08-14 1997-08-14 System and method for reliable key transfer
IL121551 1997-08-14

Publications (1)

Publication Number Publication Date
WO1999009700A1 true WO1999009700A1 (fr) 1999-02-25

Family

ID=11070507

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL1998/000381 WO1999009700A1 (fr) 1997-08-14 1998-08-13 Systeme et procede de transfert fiable de cles

Country Status (5)

Country Link
EP (1) EP0992139A1 (fr)
AU (1) AU8644998A (fr)
CA (1) CA2306505C (fr)
IL (1) IL121551A (fr)
WO (1) WO1999009700A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2387301A (en) * 2002-04-02 2003-10-08 Clive Neil Galley Public key cryptosystem
EP1236303A4 (fr) * 1999-01-29 2005-07-20 Gen Instrument Corp Arborescence de cles publiques a niveaux multiples pour rendement et niveau de securite eleves
CN100403673C (zh) * 2002-12-26 2008-07-16 成都卫士通信息产业股份有限公司 基于保密通信的无缝换钥技术

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5081677A (en) * 1990-08-31 1992-01-14 International Business Machines Corp. Crypotographic key version control facility
US5404403A (en) * 1990-09-17 1995-04-04 Motorola, Inc. Key management in encryption systems
US5680458A (en) * 1995-11-14 1997-10-21 Microsoft Corporation Root key compromise recovery
US5761306A (en) * 1996-02-22 1998-06-02 Visa International Service Association Key replacement in a public key cryptosystem

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5081677A (en) * 1990-08-31 1992-01-14 International Business Machines Corp. Crypotographic key version control facility
US5404403A (en) * 1990-09-17 1995-04-04 Motorola, Inc. Key management in encryption systems
US5680458A (en) * 1995-11-14 1997-10-21 Microsoft Corporation Root key compromise recovery
US5761306A (en) * 1996-02-22 1998-06-02 Visa International Service Association Key replacement in a public key cryptosystem

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1236303A4 (fr) * 1999-01-29 2005-07-20 Gen Instrument Corp Arborescence de cles publiques a niveaux multiples pour rendement et niveau de securite eleves
US7929701B1 (en) 1999-01-29 2011-04-19 General Instrument Corporation Multiple level public key hierarchy for performance and high security
GB2387301A (en) * 2002-04-02 2003-10-08 Clive Neil Galley Public key cryptosystem
GB2387301B (en) * 2002-04-02 2005-02-09 Clive Neil Galley Private-key cryptosystem and other applications
CN100403673C (zh) * 2002-12-26 2008-07-16 成都卫士通信息产业股份有限公司 基于保密通信的无缝换钥技术

Also Published As

Publication number Publication date
CA2306505C (fr) 2007-01-30
CA2306505A1 (fr) 1999-02-25
AU8644998A (en) 1999-03-08
EP0992139A1 (fr) 2000-04-12
IL121551A (en) 2003-04-10
IL121551A0 (en) 1998-08-16

Similar Documents

Publication Publication Date Title
CN107171794B (zh) 一种基于区块链和智能合约的电子文书签署方法
US6516413B1 (en) Apparatus and method for user authentication
US9411976B2 (en) Communication system and method
EP0484603B1 (fr) Non-répudiation dans des réseaux d'ordinateur
JP4083218B2 (ja) マルチステップディジタル署名方法およびそのシステム
EP1161715B1 (fr) Communications entre les modules d'une plate-forme informatique
Fumy et al. Principles of key management
DeMillo et al. Protocols for data security
US6339824B1 (en) Method and apparatus for providing public key security control for a cryptographic processor
US7127067B1 (en) Secure patch system
US20100058054A1 (en) Mssan
JP2005128592A (ja) 分散識別情報記録装置、分散識別情報記憶チップ、分散識別情報読取装置及び分散識別情報記録・読取システム
WO1998047259A2 (fr) Procede et systeme de cryptage pour fichiers
AU2001244426B2 (en) Automatic identity protection system with remote third party monitoring
CN104079573A (zh) 用于安全保护云中的数据的系统和方法
JP2005522775A (ja) 情報保存システム
CN101170407A (zh) 一种安全地生成密钥对和传送公钥或证书申请文件的方法
CN110581839B (zh) 内容保护方法及装置
CN117353893B (zh) 一种基于区块链技术的网络信息安全验证方法与系统
CN103152178A (zh) 云计算验证方法和系统
WO2002021283A1 (fr) Systeme et procede d'emission et de stockage de donnees sensibles
EP1473868B1 (fr) Procédé et dispositif de transfert sécurisé de données entre des participants
Wang et al. Information privacy protection based on verifiable (t, n)-Threshold multi-secret sharing scheme
CN112202773A (zh) 一种基于互联网的计算机网络信息安全监控与防护系统
US10402573B1 (en) Breach resistant data storage system and method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 1998937753

Country of ref document: EP

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP

Ref document number: 1999512980

Format of ref document f/p: F

WWP Wipo information: published in national office

Ref document number: 1998937753

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2306505

Country of ref document: CA

Ref country code: CA

Ref document number: 2306505

Kind code of ref document: A

Format of ref document f/p: F

NENP Non-entry into the national phase

Ref country code: CA

WWW Wipo information: withdrawn in national office

Ref document number: 1998937753

Country of ref document: EP

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载