EP1676396A1 - Method for cryptographically processing a message, method for generatiing a cryptographically processed message, method for performing a cryptographic operation on a message, computer system, client computer, server computer and computer program elements - Google Patents

Method for cryptographically processing a message, method for generatiing a cryptographically processed message, method for performing a cryptographic operation on a message, computer system, client computer, server computer and computer program elements

Info

Publication number
EP1676396A1
EP1676396A1 EP04775641A EP04775641A EP1676396A1 EP 1676396 A1 EP1676396 A1 EP 1676396A1 EP 04775641 A EP04775641 A EP 04775641A EP 04775641 A EP04775641 A EP 04775641A EP 1676396 A1 EP1676396 A1 EP 1676396A1
Authority
EP
European Patent Office
Prior art keywords
message
cryptographic key
computer
partial
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP04775641A
Other languages
German (de)
French (fr)
Other versions
EP1676396A4 (en
Inventor
Lakshminarayanan Anatharaman
Feng Bao
Huijie Robert Deng
Tieyan Li
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agency for Science Technology and Research Singapore
Original Assignee
Agency for Science Technology and Research Singapore
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agency for Science Technology and Research Singapore filed Critical Agency for Science Technology and Research Singapore
Publication of EP1676396A1 publication Critical patent/EP1676396A1/en
Publication of EP1676396A4 publication Critical patent/EP1676396A4/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Definitions

  • Method for cryptographically processing a message Method for generating a cryptographically processed message, method for performing a cryptographic operation on a message, computer system, client computer, server computer and computer program elements
  • the invention relates to a method for cryptographically processing a message, a method for generating a cryptographically processed message, a method for performing a cryptographic operation on a message, a computer system, a client computer, a server computer and computer program elements.
  • Some of the data transferred using a computer network or stored in a computer network is often secret, e.g. it should not be read or changed by people who are not privileged to do so.
  • information (or data) security solutions and network security solutions i.e. methods for guaranteeing security of computer networks, for example for preventing that non-authorized people access the computer network and/or the data transferred in the computer network, are of major importance.
  • Products for the prevention of attacks at the boundary between two computer networks for example firewalls
  • Products for the detection of an attack after the attack has happened for example intrusion, detection systems
  • Firewalls are designed to protect computer systems in a computer network from hackers who attack from outside the computer network, but not from malicious insiders, i.e., from people who access the computer network from the inside, e.g. by a computer system which is part of the computer network. Firewalls concentrate security at one port, aggravating the single point of failure phenomenon. Intrusion detection systems can only detect an attack after the damage has been done.hackers normally work faster to come out with new attack methodologies to avoid being detected.
  • Application server computers which make use of public key cryptographic (PKC) systems for securing data transfers are playing an increasingly important role in the Internet, for example in electronic commerce.
  • PLC public key cryptographic
  • Such application server computers are for example web server computers that serve Internet client computers, like a web server computer hosting the web site of a bank and transferring the state of an account of a user to an- Internet client computer used by that user.
  • SSL Secure sockets layer
  • An application server computer used by an enterprise such as a web server computer which hosts a web page of the enterprise, has typically to be placed outside the firewall of the enterprise's computer network, i.e., in a publicly accessible computer network separated from the enterprise's computer network by the firewall, such that web client computers are able to access the web server computer.
  • the web server computer is not protected by the firewall. This makes the web server computer vulnerable to attacks. If the web server computer carries a private key which is used for secure data transfer by an underlying PKC, the web server computer becomes a vulnerable point of failure.
  • An object of the invention is to prevent the security problems which arise when a private key is stored on a computer which is vulnerable to attacks.
  • the object is achieved by a method for cryptographically processing a message, a method for generating a cryptographically processed message, a method for performing a cryptographic operation on a message, a computer system, a client computer, a server computer and computer program elements with the features according to the independent claims.
  • a method for cryptographically processing a message wherein a first partial cryptographic key and a second partial cryptographic key, which correspond to a decomposition of a private cryptographic key, are used; the message is processed using the first partial cryptographic key resulting in a first partially processed message; the message is processed using the second partial cryptographic key resulting in a second partially processed message; and the first partially processed message and the second partially processed message are combined resulting in a cryptographically processed message.
  • a method for generating a cryptographically processed message a method for performing a cryptographic operation on a message, a computer system, a client computer, a server computer and computer program elements according to the method for cryptographically processing a message described above are provided.
  • a method for protecting a private key e.g. a RSA key
  • Partial operations corresponding to the multiple key parts are performed separately and the results are later combined.
  • the partial operations are carried out on separate computers and in particular, that on each computer only a key part - not the complete private key - has to be stored.
  • the private cryptographic key is at least decomposed into two partial cryptographic keys .
  • the private cryptographic key can be decomposed into a multiplicity of partial cryptographic keys which are stored on different key server computers. Accordingly, each of the multiplicity of key server computers can perform a partial operation using the partial cryptographic key stored in the key server computer and send the result to some server computer which combines the results.
  • the key parts are stored in an application server computer and in one or more key server computers .
  • the key server computers each carry out a partial private key cryptographic operation, e.g. compute a partial signature or a partial decryption, and send the results to the application server computer which assembles the results to form the result of the complete private key cryptographic operation, e.g. the complete signature or decryption.
  • the application server computer computes a partial signature or a partial decryption itself and combines it with the results from the key server computers .
  • the procedure is for example controlled by an administrator managing the key parts on different key server computers and application server computers and who creates key-pairs (consisting each of a private key and a public key) and managing them during their entire lifetime .
  • an efficient mechanism for refreshing the key parts and a mechanism for splitting a RSA private exponent, such that efficient computation is achieved is used. These two mechanisms can also be controlled by an administrator .
  • load balancing techniques can be used such that the cryptographical operations can be distributed to the key server computers .
  • a private key of an application server computer has to be duplicated on all load balancing server computers or all the load balancing server computers share a common private key.
  • a 'load balancing server computer is in this case a computer performing cryptographic operations for the application server computer based on the private key, i.e., "helping" the application server computer at performing cryptographic operations.
  • helping the application server computer at performing cryptographic operations.
  • a private key is split in a first and a second part and the first part is stored in a publicly accessible application server computer and the second part is stored in a key server computer. If an attacker succeeds in getting the first part, he still needs to compromise the key server computer to obtain the second part. Since the first part and the second part are preferably regularly refreshed, it will be difficult for the attacker to obtain both parts unless the application server computer and the key server computer are compromised at around the same time.
  • e-immunity is built into a computer system so that the computer system is tolerant to intrusions and attacks- it can maintain the overall system security even when individual components are repeatedly broken into and controlled by an attacker.
  • processing of the message using the first partial cryptographic key is carried out by a first computer and the processing of the message using the second partial cryptographic key is carried out by a second computer.
  • the first and the second computer are coupled via a computer network.
  • the first computer is located in a publicly accessible computer network and the second computer is located in a secure computer network coupled to the publicly accessible computer network.
  • the method further comprises the step of transmitting the message from the first computer to the second computer.
  • first partial cryptographic key and the second partial cryptographic key correspond to a decomposition of the private cryptographic key into a plurality of partial cryptographic keys .
  • the plurality of partial cryptographic keys give, when summed, the private cryptographic key.
  • the cryptographical processing of the message is the signing of the message or the decrypting of a message. It is preferred that the message is processed according to a public key cryptographic algorithm.
  • a public cryptographic key for decrypting a message there exists a public cryptographic key for decrypting a message and a private cryptographic key for decrypting (signing) a message.
  • a pair consisting of a private cryptographic key and a public cryptographic key are generated.
  • the private cryptographic key and the public cryptographic key are for example large integers (e.g. with more than 100 binary digits) .
  • the message is encrypted using the public cryptographic key and is then sent to a receiver.
  • the receiver can decrypt the message using the private key. Since the message can only be decrypted using the private key and the private key is kept secret by the receiver, the message can not be decrypted by some unauthorized person.
  • the public key cryptographic algorithm is the RSA algorithm.
  • the invention can also be applied to other cryptographic methods than RSA, for example to other assymetric cryptographic methods, key generating algorithms or other signing methods.
  • f (x+y) f (x) f (y) were x and y are cryptographic key parts.
  • cryptographic methods which are based on the discrete logarithm satisfy this prerequisite. It is further preferred that at selected times and after or before the message is processed, a refreshed decomposition is determined.
  • the refreshed decomposition is determined by decomposing the first partial cryptographic key and the second partial cryptographic key and combining these decompositions to form a decomposition of the private cryptographic key.
  • Figure 1 shows a computer system according to an embodiment of the invention.
  • Figure 2 shows a flow diagram according to an embodiment of the invention.
  • Figure 3 shows a private key, a first private key part and a second private key part according to an embodiment of the invention.
  • Figure 4 shows a flow diagram according to an embodiment of the invention.
  • Fig.l shows a computer system 100 according to an embodiment of the invention.
  • the computer system 100 comprises an application server computer 101, which resides in a DMZ 102.
  • the DMZ 102 (demilitarised zone) is a subnetwork that is located between a secure subnet 103 and a public network 104 which is publicly accessible.
  • the secure subnet 103 is e.g. a corporate private LAN (local area network), the public network 104 is e.g. the Internet.
  • the public network 104 is e.g. the Internet.
  • a client computer 105 resides in the public network 104 which is coupled to the application server computer 101.
  • Some web application runs on the application server computer 101 and the application server computer 101 serves the client computer 105 according to the web application.
  • the application server computer 101 hosts the web side of the enterprise which owns the secure subnet 103.
  • the secure subnet 103 comprises a first key server computer 107 and a second key server computer 108 and an administrator 109, i.e., a computer system used by an administrator of the secure subnet 103.
  • the secure subnet 103 is protected at the boundary to the DMZ 102 by a firewall computer 106.
  • the application server computer 101 is responsible for the processing of secure operations, e.g. .SSL (secure socket layer) authentication of the client computer 105, decryption of encrypted data sent from the client computer 105 to the application server computer 101 and signing messages sent by the application server computer 101 to the client computer 105.
  • secure operations e.g. .SSL (secure socket layer) authentication of the client computer 105
  • decryption of encrypted data sent from the client computer 105 to the application server computer 101 e.g.SSL (secure socket layer) authentication of the client computer 105
  • signing messages sent by the application server computer 101 to the client computer 105 e.g. .SSL (secure socket layer)
  • Fig.2 shows a flow diagram 200 according to an embodiment of the invention.
  • N modulus, product of two large prime numbers p and q, i.e.
  • C is computed according to
  • the message M has the form of an integer, which is smaller than N.
  • Large messages are broken up into smaller messages, such that the smaller messages can each be expressed as integers smaller than N.
  • D is computed from M by some hashing algorithm.
  • D can be generated using MD2, MD4, MD5, the SHA- 0 (Secure Hash Algorithm) or the SHA-1.
  • the administrator 109 determines a public key (e, N) and a corresponding private key (d, N) for use with the RSA algorithm.
  • the administrator can generate the key-pair.
  • the key-pair might already exist and the administrator just splits the already existing key. This should also be reflected in Fig.2.
  • the public key can be made known to users in the public network 104 by a certificate, which is digitally signed by a corresponding certificate authority.
  • the administrator 109 creates the public key and the private key using standard key generation techniques.
  • d__ r d2, d 3 , ..., d]_ (1 integer) are the parts of d, which is in the following referred to as the private key (although, to be exact, the private key is made up of d and N) .
  • Each share can be stored on a different key server computer 107, 108 (accordingly, the secure subnet 103 can comprise a multiplicity of key server computers) .
  • the secure subnet 103 can comprise a multiplicity of key server computers.
  • d is split into two parts according to some decomposition, i.e., ( 8 )
  • di j _ and d 2 i are selected random integers.
  • d u is then assigned to the application server computer, i.e., is stored on the application server computer and d 2 ⁇ is stored on the key server computer 107, 108.
  • d j _ (which corresponds to a decomposition which is assigned the number i) is stored on the i th key server computer, i.e., one of the key server computers 107, 108 which is assigned the number i.
  • d 2 i is stored on the first key server computer 107.
  • step 203 a cipher text has to be decrypted or a message digest has to be signed.
  • a cipher text is decrypted according to this embodiment.
  • the cipher text which is denoted by C, is generated from a message M by using the public key generated in step 201.
  • the cipher text C is e.g. sent to the application server computer 101 by the client computer 105.
  • the client computer 105 used the public key generated in step 201 to encrypt a message to create the cipher text C.
  • C is assumed to be an integer generated according to equation (4).
  • the application server computer 101 in step 204 first computes
  • the application server computer 101 passes C to the first key server computer 107, which is assumed as mentioned above to hold the share d 2 j_ of the private key.
  • step 205 the first key server computer 107 computes
  • step 206 the cipher text C is decrypted and the message M is reconstructed.
  • the application server computer 101 might calculate its partial decryption according to equation (11) at the same time as the first key server computer 107. It can pass the cipher text to the first key server computer 107 and while the first key server computer 107 is computing its partial decryption according to equation (12) , the application server 101 creates its partial decryption at the same time.
  • the message digest D is e.g. generated by the application server computer 101 from the message M, which has to be sent from the application server computer 101 to the client computer 105, by using a hash function.
  • step 207 the application server computer 101 calculates a partial signature according to
  • the application server computer 101 sends D to the first key server computer 107.
  • the first key server computer 107 computes
  • the application server 101 might calculate its partial signature according to equation (14) at the same time as the first key server computer 107. It can pass D to the the first key server computer 107 and while the first key server computer 107 is computing its partial signature according to equation (15) , the application server 101 creates its partial decryption at the same time.
  • the application server computer 101 computes in step 209 the signature according to
  • the application server computer 101 does not perform the security functions all by itself, but cooperates with the key server computers 107, 108, in this example with the first key server computer 107, for performing security operations, such as decryption or signing.
  • the key server computers 107, 108 are located inside the secure subnet 103 and are well protected -by the firewall computer 106. As mentioned, the private, key shares are stored by the key server computers 107, 108 to assist any secure function of the application server computer 101 (in this example the private key share d 2i is stored by the first key server computer 107) .
  • the administrator 109 is responsible for the generation of private keys and public keys, maintaining the secure configuration and monitoring the status. In case of any discrepancies, the administrator 109 can react accordingly.
  • the application server computer 101 is cooperating with the key server computers 107, 108 via secure channels, i.e., all data transferred from the application server computer 101 to the key server computers 107,108 according to the process described above with reference to fig.2 is transferred via secure channels. Since the private key d is split into two parts dn and d 2i , the application server computer 101 has to interact with the first key server computer 107, i.e. with the one of key server computer 107, 108, which holds the part of the private key not stored in the application server computer 101.
  • the application server computer 101 performs part of the security functions using its private key part and one of the key server computers 107, 108 performs another part of the security functions using its private key part.
  • the application server computer 101 combines, as described in steps 206 and 209, the two partial results together.
  • the private key parts d ⁇ and d ⁇ 1 are never combined to create the complete private key d.
  • Fig.3 shows a private key 301, denoted by d, a first private key part 302, denoted by d]_, and a second private key part 303, denoted by d 2 , according to an embodiment of the invention.
  • the application server computer 101 has to compute X dl mod N, where X is C or D.
  • the application server computer 101 does this by computing
  • a number i is chosen. Then, the lower i bits of the second private key part 303 are set to zero. The higher
  • the administrator 109 can store the private key 301 in some secure location, e.g. offline, or can delete the private key 301, since it is easy to construct the private key 301 from the first private key part 302 and second private key part 303.
  • the decomposition of the private key d into two parts is changed at some times, referred to as refresh periods.
  • Fig.4 shows a flow diagram 400 according to an embodiment of the invention.
  • the processing steps of the flow diagram 400 are carried out by an application server computer 401, e.g. the application server computer 101, and a key server computer 402, e.g. one of the key server computers 107, 108.
  • an application server computer 401 e.g. the application server computer 101
  • a key server computer 402 e.g. one of the key server computers 107, 108.
  • the application server computer 401 and the key server computer 402 communicate via fire wall 403.
  • a first private key ' share 403, denoted by ⁇ __ be stored on the application server computer 401 and a second private key share 404, denoted by d 2 , be stored on the key server computer 402.
  • the first private key share 403 and the second private key share 404 form a private key denoted by d, which is used for decryption and signing purposes as described above.
  • all d ] _j_ are stored on the application server computer 101, and the respective second private key share d 2 _ is stored on the i th key server computer.
  • the application server computer 101 can now depending on the work load of the key server computers 107, 108, distribute the partial decryption or signature operations to different key server computers 107, 108. According to the key server computer 107, 108, the application server computer 101 distributes the partial operation to, the application server computer 101 has to use the corresponding private key share, i.e.
  • the application server computer 101 has to use d]__ for the partial operation performed by the application server computer 101, if a partial operation is distributed to the i th key server computer. As described above with reference to Fig.2, the application server computer 101 combines the results of the partial operations .

Abstract

A method for cryptographically processing a message is disclosed, wherein a first partial cryptographic key and a second partial cryptographic key, which correspond to a decomposition of a private cryptographic key, are used, the message is processed using the first partial cryptographic key resulting in a first partially processed message, the message is processed using the second partial cryptographic key resulting in a second partially processed message and the first partially processed message and the second partially processed message are combined resulting in a cryptographically processed message.

Description

Description
Method for cryptographically processing a message, method for generating a cryptographically processed message, method for performing a cryptographic operation on a message, computer system, client computer, server computer and computer program elements
The invention relates to a method for cryptographically processing a message, a method for generating a cryptographically processed message, a method for performing a cryptographic operation on a message, a computer system, a client computer, a server computer and computer program elements.
The number of people using computer networks for data transfers, particularly the Internet, has significantly increased in the last years.
Some of the data transferred using a computer network or stored in a computer network is often secret, e.g. it should not be read or changed by people who are not privileged to do so.
Therefore, information (or data) security solutions and network security solutions, i.e. methods for guaranteeing security of computer networks, for example for preventing that non-authorized people access the computer network and/or the data transferred in the computer network, are of major importance.
Existing information security solutions and network security solutions are barely keeping pace with the sophistication of attack methodologies. Most of the network security products on the market fall into two categories :
- Products for the prevention of attacks at the boundary between two computer networks (for example firewalls) Products for the detection of an attack after the attack has happened (for example intrusion, detection systems) .
Firewalls are designed to protect computer systems in a computer network from hackers who attack from outside the computer network, but not from malicious insiders, i.e., from people who access the computer network from the inside, e.g. by a computer system which is part of the computer network. Firewalls concentrate security at one port, aggravating the single point of failure phenomenon. Intrusion detection systems can only detect an attack after the damage has been done. Hackers normally work faster to come out with new attack methodologies to avoid being detected.
Application server computers which make use of public key cryptographic (PKC) systems for securing data transfers are playing an increasingly important role in the Internet, for example in electronic commerce. Such application server computers are for example web server computers that serve Internet client computers, like a web server computer hosting the web site of a bank and transferring the state of an account of a user to an- Internet client computer used by that user.
Most of the web server computers use the SSL (Secure sockets layer) protocol to protect the communications with the client computers, i.e., to guarantee secure data transfers. The SSL protocol employs PKC and is the de- facto security protocol for web security. Security of PKC based application server computers depends on the secrecy of the private key of the PKC. If the private key is compromised, the entire system is compromised and the consequence is that the transfer of data which is encrypted based on the private key and its corresponding public key is no longer secure.
An application server computer used by an enterprise, such as a web server computer which hosts a web page of the enterprise, has typically to be placed outside the firewall of the enterprise's computer network, i.e., in a publicly accessible computer network separated from the enterprise's computer network by the firewall, such that web client computers are able to access the web server computer.
In particular, the web server computer is not protected by the firewall. This makes the web server computer vulnerable to attacks. If the web server computer carries a private key which is used for secure data transfer by an underlying PKC, the web server computer becomes a vulnerable point of failure.
In [1] , the RSA algorithm, which is the most popular PKC algorithm, is described.
An object of the invention is to prevent the security problems which arise when a private key is stored on a computer which is vulnerable to attacks. The object is achieved by a method for cryptographically processing a message, a method for generating a cryptographically processed message, a method for performing a cryptographic operation on a message, a computer system, a client computer, a server computer and computer program elements with the features according to the independent claims.
A method for cryptographically processing a message is provided, wherein a first partial cryptographic key and a second partial cryptographic key, which correspond to a decomposition of a private cryptographic key, are used; the message is processed using the first partial cryptographic key resulting in a first partially processed message; the message is processed using the second partial cryptographic key resulting in a second partially processed message; and the first partially processed message and the second partially processed message are combined resulting in a cryptographically processed message.
Further, a method for generating a cryptographically processed message, a method for performing a cryptographic operation on a message, a computer system, a client computer, a server computer and computer program elements according to the method for cryptographically processing a message described above are provided.
Illustratively, a method for protecting a private key (e.g. a RSA key) by splitting the private key into multiple key parts is provided. Partial operations corresponding to the multiple key parts are performed separately and the results are later combined. Thus, it is possible that the partial operations are carried out on separate computers and in particular, that on each computer only a key part - not the complete private key - has to be stored.
The private cryptographic key is at least decomposed into two partial cryptographic keys . To achieve even more security, however, the private cryptographic key can be decomposed into a multiplicity of partial cryptographic keys which are stored on different key server computers. Accordingly, each of the multiplicity of key server computers can perform a partial operation using the partial cryptographic key stored in the key server computer and send the result to some server computer which combines the results.
For example, the key parts are stored in an application server computer and in one or more key server computers . In one embodiment, the key server computers each carry out a partial private key cryptographic operation, e.g. compute a partial signature or a partial decryption, and send the results to the application server computer which assembles the results to form the result of the complete private key cryptographic operation, e.g. the complete signature or decryption. Alternatively, the application server computer computes a partial signature or a partial decryption itself and combines it with the results from the key server computers .
The procedure is for example controlled by an administrator managing the key parts on different key server computers and application server computers and who creates key-pairs (consisting each of a private key and a public key) and managing them during their entire lifetime .
In one embodiment, an efficient mechanism for refreshing the key parts and a mechanism for splitting a RSA private exponent, such that efficient computation is achieved, is used. These two mechanisms can also be controlled by an administrator .
Further, load balancing techniques can be used such that the cryptographical operations can be distributed to the key server computers .
In existing prior art, a private key of an application server computer has to be duplicated on all load balancing server computers or all the load balancing server computers share a common private key. (A 'load balancing server computer is in this case a computer performing cryptographic operations for the application server computer based on the private key, i.e., "helping" the application server computer at performing cryptographic operations.) However, this makes the private key more vulnerable to attacks since each of the load balancing server computers might be subject to an attack. The method according to the invention provides much better security and scalability at the same time.
By splitting the private key in different ways and sharing the private key parts with different key server computers, the security of the system is not compromised if some of the key server computers fail or are successfully attacked. For example, a private key is split in a first and a second part and the first part is stored in a publicly accessible application server computer and the second part is stored in a key server computer. If an attacker succeeds in getting the first part, he still needs to compromise the key server computer to obtain the second part. Since the first part and the second part are preferably regularly refreshed, it will be difficult for the attacker to obtain both parts unless the application server computer and the key server computer are compromised at around the same time.
Illustratively, instead of just preventing or simply detecting attacks, according to the invention, e-immunity is built into a computer system so that the computer system is tolerant to intrusions and attacks- it can maintain the overall system security even when individual components are repeatedly broken into and controlled by an attacker.
Preferred embodiments of the invention are given by the dependent claims. The embodiments which are described in the context of the method for cryptographically processing a message are analogously valid for the method for generating a cryptographically processed message, the method for performing a cryptographic operation on a message, the computer system, the client computer, the server computer and the computer program elements.
It is preferred that the processing of the message using the first partial cryptographic key is carried out by a first computer and the processing of the message using the second partial cryptographic key is carried out by a second computer.
Preferably, the first and the second computer are coupled via a computer network.
For example, the first computer is located in a publicly accessible computer network and the second computer is located in a secure computer network coupled to the publicly accessible computer network.
It is further preferred that the method further comprises the step of transmitting the message from the first computer to the second computer.
It is further preferred that the first partial cryptographic key and the second partial cryptographic key correspond to a decomposition of the private cryptographic key into a plurality of partial cryptographic keys .
Preferably, the plurality of partial cryptographic keys give, when summed, the private cryptographic key.
In other words, this .means that the private cryptographic key is decomposed into a sum of partial cryptographic keys . . ..
It is further preferred that the cryptographical processing of the message is the signing of the message or the decrypting of a message. It is preferred that the message is processed according to a public key cryptographic algorithm.
In a public key cryptographic algorithm, there exists a public cryptographic key for decrypting a message and a private cryptographic key for decrypting (signing) a message. Typically, before a secret message is sent, a pair consisting of a private cryptographic key and a public cryptographic key are generated. The private cryptographic key and the public cryptographic key are for example large integers (e.g. with more than 100 binary digits) . The message is encrypted using the public cryptographic key and is then sent to a receiver. The receiver can decrypt the message using the private key. Since the message can only be decrypted using the private key and the private key is kept secret by the receiver, the message can not be decrypted by some unauthorized person.
Preferably, the public key cryptographic algorithm is the RSA algorithm.
The invention can also be applied to other cryptographic methods than RSA, for example to other assymetric cryptographic methods, key generating algorithms or other signing methods. In general, the invention can be used with every algorithm were the result (for example the decrypted or signed message) is given by some function f which fulfils f (x+y) =f (x) f (y) were x and y are cryptographic key parts. For example, cryptographic methods which are based on the discrete logarithm satisfy this prerequisite. It is further preferred that at selected times and after or before the message is processed, a refreshed decomposition is determined.
Preferably, the refreshed decomposition is determined by decomposing the first partial cryptographic key and the second partial cryptographic key and combining these decompositions to form a decomposition of the private cryptographic key.
Illustrative embodiments of the invention are explained below with reference to the drawings, wherein:
Figure 1 shows a computer system according to an embodiment of the invention.
Figure 2 shows a flow diagram according to an embodiment of the invention.
Figure 3. shows a private key, a first private key part and a second private key part according to an embodiment of the invention.
Figure 4 shows a flow diagram according to an embodiment of the invention.
Fig.l shows a computer system 100 according to an embodiment of the invention.
The computer system 100 comprises an application server computer 101, which resides in a DMZ 102. The DMZ 102 (demilitarised zone) is a subnetwork that is located between a secure subnet 103 and a public network 104 which is publicly accessible.
The secure subnet 103 is e.g. a corporate private LAN (local area network), the public network 104 is e.g. the Internet.
A client computer 105 resides in the public network 104 which is coupled to the application server computer 101.
Some web application runs on the application server computer 101 and the application server computer 101 serves the client computer 105 according to the web application. For example, the application server computer 101 hosts the web side of the enterprise which owns the secure subnet 103.
The secure subnet 103 comprises a first key server computer 107 and a second key server computer 108 and an administrator 109, i.e., a computer system used by an administrator of the secure subnet 103.
The secure subnet 103 is protected at the boundary to the DMZ 102 by a firewall computer 106.
The application server computer 101 is responsible for the processing of secure operations, e.g. .SSL (secure socket layer) authentication of the client computer 105, decryption of encrypted data sent from the client computer 105 to the application server computer 101 and signing messages sent by the application server computer 101 to the client computer 105. In the following, the process of a secure communication between the application server computer 101 and the client computer 105, in particular the process of decrypting a message sent to the application server computer and encrypted by the client computer 105 and the process of signing a message sent from the application server computer 101 to the client computer 105 according to an embodiment of the invention is explained.
Fig.2 shows a flow diagram 200 according to an embodiment of the invention.
In the embodiment of the invention now described with reference to fig.l and fig.2, the RSA algorithm, for example described in [1] , is used. The following denotations are used:
N: modulus, product of two large prime numbers p and q, i.e.
N = p * q (1)
e: Public exponent d: Secret exponent, which satisfies ed = 1 mod Φ(N) . . . (2)
where
Φ(N) = (p-1) (q-1) (3) M: Message (to be encrypted)
C: Cipher text
D: Cryptographic digest of message M
To encrypt a message M, i.e. to form a cipher text C according to the message M, C is computed according to
C=Me mod N (4)
Thereby, it is assumed that the message M has the form of an integer, which is smaller than N. Large messages are broken up into smaller messages, such that the smaller messages can each be expressed as integers smaller than N.
To decrypt the cipher text C, i.e. to reconstruct the message M from the cipher text C, one calculates
M=Cd mod N (5)
To sign a message M, one calculates
Dd mod N (6)
D is computed from M by some hashing algorithm. For example, D can be generated using MD2, MD4, MD5, the SHA- 0 (Secure Hash Algorithm) or the SHA-1. In step 201, the administrator 109 determines a public key (e, N) and a corresponding private key (d, N) for use with the RSA algorithm.
The administrator can generate the key-pair. Alternatively, the key-pair might already exist and the administrator just splits the already existing key. This should also be reflected in Fig.2.
The public key can be made known to users in the public network 104 by a certificate, which is digitally signed by a corresponding certificate authority. The administrator 109 creates the public key and the private key using standard key generation techniques.
In step 202 the number d is split into a number of shares according to d = di + < 2 + d3 + ... +dι (7)
Wherein d__r d2, d3, ..., d]_ (1 integer) are the parts of d, which is in the following referred to as the private key (although, to be exact, the private key is made up of d and N) .
Each share can be stored on a different key server computer 107, 108 (accordingly, the secure subnet 103 can comprise a multiplicity of key server computers) . In .this embodiment, it is assumed that d is split into two parts according to some decomposition, i.e., ( 8 )
or (according to another decomposition) d = d12 + d22 (9)
Generally, this is written as (10)
in which dij_ and d2i are selected random integers. du is then assigned to the application server computer, i.e., is stored on the application server computer and d2^ is stored on the key server computer 107, 108. Preferably, d j_ (which corresponds to a decomposition which is assigned the number i) is stored on the ith key server computer, i.e., one of the key server computers 107, 108 which is assigned the number i. In this embodiment, it is assumed that d2i is stored on the first key server computer 107.
It is assumed that in step 203 a cipher text has to be decrypted or a message digest has to be signed. First, it is explained how a. cipher text is decrypted according to this embodiment. ,
The cipher text, which is denoted by C, is generated from a message M by using the public key generated in step 201. The cipher text C is e.g. sent to the application server computer 101 by the client computer 105. For example, the client computer 105 used the public key generated in step 201 to encrypt a message to create the cipher text C.
According to the message M, C is assumed to be an integer generated according to equation (4).
To decrypt the cipher text C, the application server computer 101 in step 204 first computes
Cdli mod N (11)
Then, the application server computer 101 passes C to the first key server computer 107, which is assumed as mentioned above to hold the share d2j_ of the private key.
In step 205, the first key server computer 107 computes
Cd2i mod N (12)
and sends the result to the application server computer 101. Using the results of the calculations according to formulas (11) and (12) the application server computer 101 computes
Cdli * Cd2i mod N = c( li+d2i) mod N = Cd mod N = M (13)
in step 206. Thus, the cipher text C is decrypted and the message M is reconstructed.
The application server computer 101 might calculate its partial decryption according to equation (11) at the same time as the first key server computer 107. It can pass the cipher text to the first key server computer 107 and while the first key server computer 107 is computing its partial decryption according to equation (12) , the application server 101 creates its partial decryption at the same time.
Now, the process for signing a message digest D is explained.
The message digest D is e.g. generated by the application server computer 101 from the message M, which has to be sent from the application server computer 101 to the client computer 105, by using a hash function.
In step 207 the application server computer 101 calculates a partial signature according to
Ddli mod N (14)
Then, the application server computer 101 sends D to the first key server computer 107. In step 208, the first key server computer 107 computes
D 2i mod N (15) and sends the result to the application server computer 101.
As above, the application server 101 might calculate its partial signature according to equation (14) at the same time as the first key server computer 107. It can pass D to the the first key server computer 107 and while the first key server computer 107 is computing its partial signature according to equation (15) , the application server 101 creates its partial decryption at the same time.
Analogously to formula (13) the application server computer 101 computes in step 209 the signature according to
Ddli * Dd2i mod N = θ(dli+d2i) mod N = Dd mod N (16)
So, the application server computer 101 does not perform the security functions all by itself, but cooperates with the key server computers 107, 108, in this example with the first key server computer 107, for performing security operations, such as decryption or signing.
The key server computers 107, 108 are located inside the secure subnet 103 and are well protected -by the firewall computer 106. As mentioned, the private, key shares are stored by the key server computers 107, 108 to assist any secure function of the application server computer 101 (in this example the private key share d2i is stored by the first key server computer 107) . The administrator 109 is responsible for the generation of private keys and public keys, maintaining the secure configuration and monitoring the status. In case of any discrepancies, the administrator 109 can react accordingly.
The application server computer 101 is cooperating with the key server computers 107, 108 via secure channels, i.e., all data transferred from the application server computer 101 to the key server computers 107,108 according to the process described above with reference to fig.2 is transferred via secure channels. Since the private key d is split into two parts dn and d2i, the application server computer 101 has to interact with the first key server computer 107, i.e. with the one of key server computer 107, 108, which holds the part of the private key not stored in the application server computer 101.
Illustratively, the application server computer 101 performs part of the security functions using its private key part and one of the key server computers 107, 108 performs another part of the security functions using its private key part. The application server computer 101 combines, as described in steps 206 and 209, the two partial results together. According to this embodiment, the private key parts d^ and d^1 are never combined to create the complete private key d.
Monitoring the current operation status, the administrator 109 is aware of the whole system security. In the following, the process for splitting a private key d according to an embodiment of the invention is explained.
Fig.3 shows a private key 301, denoted by d, a first private key part 302, denoted by d]_, and a second private key part 303, denoted by d2, according to an embodiment of the invention.
Let |Φ(N)| denote the number of bits in Φ(N). Since e is chosen a small number (e.g. 3) and because of equation (2) , the number of bits in a binary representation of d is close to I Φ (N) | . |Φ(N) I is the upper bound of the number of bits in a binary representation of d.
As shown above, in a description operation or signing operation, the application server computer 101 has to compute Xdl mod N, where X is C or D. The application server computer 101 does this by computing
XJ mod N, (for j = 0, 1, 2, ..., |Φ(N)|). (17)
Analogously, the first key server computer 107 has to compute Xd2 mod N. It is not efficient, if the first key •server computer 107 -also performs—- all computations according to equation (17) . Therefore, the following procedure for calculating a first private key part 302 and a second private key part 303 of the private key 301 such that d = d]_ + d2 ( 18 )
is preferred. First a number i is chosen. Then, the lower i bits of the second private key part 303 are set to zero. The higher |Φ(N)|-i bits of the second private key part 303 are randomly assigned.
The first private key part 302 is now calculated according to d]_ = d - d2. (19)
Since at least i digits of the second private key part 303, i.e., of d , are zero, much computation time on computing X can be saved, since the computations according to equation (17) have only 'to be performed for at most |Φ(N)|-i values of j. The computation load of the first key server computer 107 can thus be reduced significantly.
After splitting the private key 301, the administrator 109 can store the private key 301 in some secure location, e.g. offline, or can delete the private key 301, since it is easy to construct the private key 301 from the first private key part 302 and second private key part 303.
For ensuring security, according to one embodiment of the invention, the decomposition of the private key d into two parts is changed at some times, referred to as refresh periods.
So, if a hacker succeeds in attacking the application server computer 101 and knows the part of the private key d stored in the application server computer 101, the security of the system is only compromised, if the hacker also succeeds to get the other part of the private key until the next refresh period.
A process for calculating a new composition of a private key is now explained with reference to Fig.4.
Fig.4 shows a flow diagram 400 according to an embodiment of the invention.
The processing steps of the flow diagram 400 are carried out by an application server computer 401, e.g. the application server computer 101, and a key server computer 402, e.g. one of the key server computers 107, 108. As above, the application server computer 401 and the key server computer 402 communicate via fire wall 403.
Let at the beginning of a refresh period a first private key ' share 403, denoted by ά__ , be stored on the application server computer 401 and a second private key share 404, denoted by d2, be stored on the key server computer 402. According to equation (18), the first private key share 403 and the second private key share 404 form a private key denoted by d, which is used for decryption and signing purposes as described above. In step 405 the application server computer 401 computes a decomposition of the first private key share 403 according to l = ll + 12- (20)
Analogously, the key server computer 402 computes in step 406 a decomposition of the second private key share 404 according to 2 = 21 + d22- (21)
In step 407, the application server computer 401 sends d]_]_ to the key server computer 402, which forms a refreshed private key share 408, denoted by d2 ' , according to d2' = d2ι + dxl. (22)
Analogously, in step 409, the key server computer 402 sends d 2 to the application server computer 401, which forms a refreshed first private key share 410, denoted by d__ ' , according to dl' = d12 + d22 (23)
As mentioned above, there exist of plurality of decompositions of a private key d according to equation (10) for a plurality of different i. Preferably, all d]_j_ are stored on the application server computer 101, and the respective second private key share d2_ is stored on the ith key server computer. The application server computer 101 can now depending on the work load of the key server computers 107, 108, distribute the partial decryption or signature operations to different key server computers 107, 108. According to the key server computer 107, 108, the application server computer 101 distributes the partial operation to, the application server computer 101 has to use the corresponding private key share, i.e. the application server computer 101 has to use d]__ for the partial operation performed by the application server computer 101, if a partial operation is distributed to the ith key server computer. As described above with reference to Fig.2, the application server computer 101 combines the results of the partial operations .
As earlier indicated, in Fig.2, it is not always necessary for the administrator to generate the keys. The principal aim of the administrator is to split the keys and manage the split keys. Key generation can be done by the administrator but not necessary.
In this document, the following publication is cited:
[1] R. L. Rivest, A. Shamir, and L. M. Adle an, "A method for obtaining digital signatures and public key cryptosystems", Communications of the ACM, Vol. 21, No., 2, Feb. 1978, pp. 120-126

Claims

Claims
1. Method for cryptographically processing a message, wherein - a first partial cryptographic key and a second partial cryptographic key, which correspond to a decomposition of a private cryptographic key, are used;
- the message is processed using the first partial cryptographic key resulting in a first partially processed message;
- the message is processed using the second partial cryptographic key resulting in a second partially processed message;
- the first partially processed message and the second partially processed message are combined resulting in a cryptographically processed message.
2. The method according to claim 1, wherein the processing of the message using the first partial- cryptographic key is carried out by a first computer and the processing of the message using the second partial cryptographic key is carried out by a second computer.
3. The method according to claim 2, wherein the first and the second computer are coupled via a computer network.
4. The method according to claim 2 or claim 3, wherein the method further comprises the step of transmitting the message from the first computer to the second computer.
5. The method according to any of the claims 1 to 4, wherein the first partial cryptographic key and the second partial cryptographic key correspond to a decomposition of the private cryptographic key into a plurality of partial cryptographic keys.
6. The method according to claim 5, wherein the plurality of partial cryptographic keys give, when summed, the private cryptographic key.
7. The method according to any of the claims 1 to 6, wherein the cryptographical processing of the message is the signing of the message or the decrypting of a message.
8. The method according to any of the claims 1 to 7, wherein the message is processed according to a public key cryptographic algorithm.
9. The method according to claim 8, wherein the public key cryptographic algorithm is the RSA. algorithm.
10. The method according to any one of the claims 1 to 9 wherein further at selected times and after or before the message is processed, a refreshed decomposition is determined.
11. The method according to claim 10, wherein the refreshed decomposition is determined by decomposing the first partial cryptographic key and the second partial cryptographic key and combining these decompositions to form a decomposition of the private cryptographic key.-
12. Computer system comprising
- a first processing unit which is adapted to process a message using a first partial cryptographic key, which corresponds to a decomposition of a private cryptographic key, resulting in a first partially processed message;
- a second processing unit which is adapted to process a message using a second partial cryptographic key, which corresponds to the decomposition of the private cryptographic key, resulting in a second partially processed message;
- a combining unit which is adapted to combine the first partially processed message and the second partially processed message resulting in a cryptographically processed message.
13. Method for generating a cryptographically processed message wherein
- a message is processed using a first partial cryptographic key, which corresponds to a decomposition of a private cryptographic key, resulting in, a first partially processed message;
- the message is transmitted to a client computer;
- a second partially processed message is received which is the message processed using a second partial cryptographic key which corresponds to the decomposition of the private cryptographic key;
- the first partially processed message and the second partially processed message are combined to a cryptographically processed message.
14. Server computer comprising - a processing unit which is adapted to process a' message using a first partial cryptographic key, which corresponds to a decomposition of a private cryptographic key, resulting in a first partially processed message; - a transmitting unit which is adapted to send the message to a client computer;
- a receiving unit which is adapted to receive a second partially processed message which is the message processed using a second partial cryptographic key which corresponds to the decomposition of the private cryptographic key;
- a combining unit which is adapted to combine the first partially processed message and the second partially processed message to a cryptographically processed message.
15. Method for performing a cryptographic operation on a message, wherein
- a message is received;
- the message is processed using a partial cryptographic key which corresponds. to a decomposition of a private cryptographic key resulting in a partially processed message;
- the partially processed message is transmitted to a server computer.
16. Client computer comprising
- a receiving unit which is adapted to receive a message;
- a processing unit which is adapted to process the message using a partial cryptographic key which corresponds to a decomposition of a private cryptographic key resulting in a partially processed message;
- a transmitting unit which is adapted to transmit the partially processed message to a server computer.
17. Computer program element which, when executed by a computer, makes the computer perform the following steps - processing a message using a first partial cryptographic key which corresponds to a decomposition of a private cryptographic key, resulting in a first partially processed message;
- processing the message using the second partial cryptographic key which corresponds to the decomposition of the private cryptographic key resulting in a second partially processed message;
- combining the first partially processed message and the second partially processed message resulting in a cryptographically processed message.
18. Computer program element which, when executed by a computer, makes the computer perform the following steps
- processing a message using a first partial cryptographic key which corresponds to a decomposition of a private cryptographic key resulting in a first partially processed message;
- transmitting the message to a client computer;
- receiving a second partially processed message which is the message processed using a second partial cryptographic key which corresponds to the decomposition of the private cryptographic key;
- combining the first partially processed message and the second partially processed message to a cryptographically processed message.
19. Computer program element which, when executed by a computer, makes the computer perform the following, steps
- receiving a message;
- processing the message using a partial- cryptographic key which corresponds to a decomposition of a private cryptographic key resulting in a partially processed message;
- transmitting the partially processed message to a server computer.
EP04775641A 2003-10-03 2004-10-01 Method for cryptographically processing a message, method for generatiing a cryptographically processed message, method for performing a cryptographic operation on a message, computer system, client computer, server computer and computer program elements Withdrawn EP1676396A4 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US50872003P 2003-10-03 2003-10-03
PCT/SG2004/000320 WO2005034423A1 (en) 2003-10-03 2004-10-01 Method for cryptographically processing a message, method for generatiing a cryptographically processed message, method for performing a cryptographic operation on a message, computer system, client computer, server computer and computer program elements

Publications (2)

Publication Number Publication Date
EP1676396A1 true EP1676396A1 (en) 2006-07-05
EP1676396A4 EP1676396A4 (en) 2010-03-10

Family

ID=34421780

Family Applications (1)

Application Number Title Priority Date Filing Date
EP04775641A Withdrawn EP1676396A4 (en) 2003-10-03 2004-10-01 Method for cryptographically processing a message, method for generatiing a cryptographically processed message, method for performing a cryptographic operation on a message, computer system, client computer, server computer and computer program elements

Country Status (2)

Country Link
EP (1) EP1676396A4 (en)
WO (1) WO2005034423A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7986780B2 (en) * 2006-07-06 2011-07-26 Sap Ag Privacy-preserving substring creation
US7995750B2 (en) 2006-07-06 2011-08-09 Sap Ag Privacy-preserving concatenation of strings
US9448976B2 (en) 2008-05-20 2016-09-20 Adobe Systems Incorporated Package file presentation including reference content
US8818959B2 (en) 2008-12-02 2014-08-26 Adobe Systems Incorporated Virtual embedding of files in documents
ITTV20110019A1 (en) * 2011-02-08 2012-08-09 Ct Vue S P A COMPUTERIZED SYSTEM FOR THE MANAGEMENT OF SENSITIVE DATA GENERATED BY A MEDICAL DEVICE AND RELATIVE METHOD

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0723348A2 (en) * 1995-01-23 1996-07-24 International Business Machines Corporation Method and system for a public key cryptosystem having proactive, robust, and recoverable distributed threshold secret sharing
WO1998049804A1 (en) * 1997-04-28 1998-11-05 Certco Llc Optimal-resilience, proactive, public-key cryptographic system and method
WO1999005818A1 (en) * 1997-07-28 1999-02-04 The Director Government Communications Headquarters Split-key cryptographic system and method
US5991414A (en) * 1997-09-12 1999-11-23 International Business Machines Corporation Method and apparatus for the secure distributed storage and retrieval of information

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5905799A (en) * 1994-07-20 1999-05-18 Bell Atlantic Network Services, Inc. Programmed computer for identity verification, forming joint signatures and session key agreement in an RSA public cryptosystem
WO2000049768A1 (en) * 1999-02-17 2000-08-24 Thomas Mittelholzer Method for signature splitting to protect private keys
US6970562B2 (en) * 2000-12-19 2005-11-29 Tricipher, Inc. System and method for crypto-key generation and use in cryptosystem

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0723348A2 (en) * 1995-01-23 1996-07-24 International Business Machines Corporation Method and system for a public key cryptosystem having proactive, robust, and recoverable distributed threshold secret sharing
WO1998049804A1 (en) * 1997-04-28 1998-11-05 Certco Llc Optimal-resilience, proactive, public-key cryptographic system and method
WO1999005818A1 (en) * 1997-07-28 1999-02-04 The Director Government Communications Headquarters Split-key cryptographic system and method
US5991414A (en) * 1997-09-12 1999-11-23 International Business Machines Corporation Method and apparatus for the secure distributed storage and retrieval of information

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
LIDONG ZHOU ET AL: "COCA: a secure distributed online certification authority" FOUNDATIONS OF INTRUSION TOLERANT SYSTEMS, 2003 [ORGANICALLY ASSURED A ND SURVIVABLE INFORMATION SYSTEMS] 2003, PISCATAWAY, NJ, USA,IEEE, 1 January 2003 (2003-01-01), pages 152-191, XP010681820 ISBN: 978-0-7695-2057-5 *
RABIN T: "A SIMPLIFIED APPROACH TO THRESHOLD AND PROACTIVE RSA" ADVANCES IN CRYPTOLOGY. CRYPTO '98. 18TH ANNUAL INTERNATIONAL CRYPTOLOGY CONFERENCE. SANTA BARBARA, AUG. 23 - 27, 1998. PROCEEDINGS; [LECTURE NOTES IN COMPUTER SCIENCE ; VOL. 1462], BERLIN : SPRINGER, DE, 23 August 1998 (1998-08-23), pages 89-104, XP000792171 ISBN: 978-3-540-64892-5 *
See also references of WO2005034423A1 *

Also Published As

Publication number Publication date
EP1676396A4 (en) 2010-03-10
WO2005034423A1 (en) 2005-04-14

Similar Documents

Publication Publication Date Title
US5313521A (en) Key distribution protocol for file transfer in the local area network
EP0535863B1 (en) A cryptographic protocol for secure communications
KR100769482B1 (en) Systems, methods and software for remote password authentication using multiple servers
KR0151217B1 (en) Fair cryptosystems and the method of use
US8688998B2 (en) Resilent cryptographic scheme
WO2002051062A1 (en) A system and method for crypto-key generation and use in cryptosystem
WO2013080204A1 (en) Methods and devices for securing keys for a non-secured, distributed environment with applications to virtualization and cloud-computing security and management
Bellovin et al. An attack on the interlock protocol when used for authentication
Hoover et al. Software smart cards via cryptographic camouflage
CN112737764B (en) Lightweight multi-user multi-data all-homomorphic data encryption packaging method
US20060285683A1 (en) Method for cryptographically processing a message, method for generating a cryptographically processed message, method for performing a cryptographic operation on a message, computer system, client computer, server computer and computer program elements
Lehto et al. CryptoVault-A Secure Hardware Wallet for Decentralized Key Management
Yeboah-Ofori et al. Applied cryptography in network systems security for cyberattack prevention
EP1676396A1 (en) Method for cryptographically processing a message, method for generatiing a cryptographically processed message, method for performing a cryptographic operation on a message, computer system, client computer, server computer and computer program elements
US20170018207A1 (en) Symmetric encryption device and method used
Yang et al. Security enhancement for protecting password transmission
Basu et al. Secured hierarchical secret sharing using ECC based signcryption
Nithya et al. An Analysis on Cryptographic Algorithms for Handling Network Security Threats
Zhang et al. Cryptanalysis of Lee–Hwang–Li's key authentication scheme
Yoon et al. An efficient password authentication schemes without using the server public key for grid computing
Jaglan Proposing Efficient Approach to Improve Integrity Checking in Cloud Data Security.
Tan et al. A new secure network upgrade system
Yerlikaya et al. Designing a communication system for secure access to network devices
Pagadala et al. Enhancing the Security and Reliability of the Data over Computer Networks using RSA cryptosystem
Vaidya et al. Anti-phishing structure based on visual cryptography and RSA algorithm

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20060503

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
A4 Supplementary search report drawn up and despatched

Effective date: 20100208

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20070106

R18D Application deemed to be withdrawn (corrected)

Effective date: 20100508