Method to establish and enforce a network cryptographic security policy in a public key cryptosystem

Patent 5164988 Issued on November 17, 1992. Estimated Expiration Date:

October 31, 2011. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.

Abstract Claims Description Full Text

Patent References

Cryptographic apparatus and method
Patent #: 4200770
Issued on: 04/29/1980
Inventor: Hellman , et al.

Public key cryptographic apparatus and method
Patent #: 4218582
Issued on: 08/19/1980
Inventor: Hellman , et al.

High security system for electronic signature verification
Patent #: 4326098
Issued on: 04/20/1982
Inventor: Bouricius , et al.

Method and apparatus incorporating a one-way sequence for transaction and identity verification
Patent #: 4393269
Issued on: 07/12/1983
Inventor: Konheim , et al.

Cryptographic communications system and method
Patent #: 4405829
Issued on: 09/20/1983
Inventor: Rivest , et al.

Controlled use of cryptographic keys via generating station established control values
Patent #: 4850017
Issued on: 07/18/1989
Inventor: Matyas, Jr. , et al.

Reliable document authentication system
Patent #: 4853961
Issued on: 08/01/1989
Inventor: Pastor

Electronic transaction system
Patent #: 4885777
Issued on: 12/05/1989
Inventor: Takaragi, et al.

System for conveying information for the reliable authentification of a plurality of documents
Patent #: 4893338
Issued on: 01/09/1990
Inventor: Pastor

Data authentication using modification detection codes based on a public one way encryption function
Patent #: 4908861
Issued on: 03/13/1990
Inventor: Brachtl, et al.

More ...

Inventors

Application

No. 786227 filed on 10/31/1991

US Classes:

713/156, By certificate380/30, Public key380/279Key distribution center

Examiners

Primary: Tarcza, Thomas H.
Assistant: Cain, David

Attorney, Agent or Firm

Hoel; John E.

International Class

H04K 001/00

Abstract

Device A in a public key cryptographic network will be constrained to continue to faithfully practice a security policy dictated by a network certification center, long after device A's public key PUMa has been certified. If device A alters its operations from the limits encoded in its configuration vector, for example by loading a new configuration vector, device A will be denied participation in the network. To accomplish this enforcement of the network security policy dictated by the certification center, it is necessary for the certification center to verify at the time device A requests certification of its public key PUMa, that device A is configured with the currently authorized configuration vector. Device A is required to transmit to the certification center a copy of device A's current configuration vector, in an audit record. the certification center then compares device A's copy of the configuration vector with the authorized configuration vector for device A stored at the certification center. If the comparison is satisfactory, then the certification center will issue the requested certificate and will produce a digital signiture dSigPRC on a representation of device A's public key PUMa, using the certification center's private certification key PRC. Thereafter, if device A attempts to change its configuration vector, device A's privacy key PRMa corresponding to the certified public key PUMa, will automatically become unavailable for use in communicating in the network.

Other References

R. W. Jones, "Some techniques for Handling Encipherment Keys," ICL Technical Journal, Nov. 1982, pp. 175-188
D. W. Davies & W. L. Price, "Security for Computer Networks," John Wiley & Sons, NY, 1984, Sec. 6.5, Key Management with Tagged Keys, pp. 168-172
W. Diffie, et al., "Privacy and Authentication: An Introduction to Cryptography," Proc. of IEEE, vol. 67, No. 3, Mar. 1979; pp. 397-42