The present invention relates in general to a cryptographic communication security device and process utilized for the transmission of data for example, between a host computer and either another computer or an associated data input terminal or device. In particular, the present invention relates to such a method and device which employs asymmetric session keys.
With the increasing use of communications between remote terminals and centralized host computers or between hosts over insecure communication lines, the need for computer data security has become acute. Cryptography has been utilized as an effective data security measure on an increasing scale to solve this problem. Thus, cryptography has been utilized, as an example, to frustrate attempts to divert cash, checks, negotiable instruments and other sensitive data being transmitted between a terminal and a host along insecure communications links. In U.S. Pat. Nos. 4,238,853 and 4,227,253--Ehrsam et al, two-tiered cryptographic communications security devices and procedures are employed in a single domain and multiple domain networks. A two-tiered cryptographic communications security device or procedure is one which employs two distinct categories of cipher keys, namely an operational or data encrypting key, sometimes referred to as a session key, and a key encrypting key, sometimes referred to as a master key.
In the device and process disclosed in U.S. Pat. No. 4,238,853 by Ehrsam et al, master keys known to both terminal and host are utilized to encrypt an operational or session key. The session key, encrypted under a master key, is then transmitted from terminal to host or from host to terminal for use in encrypting data during a particular transmission session. Thus, a session key is a time variant key which is dynamically generated for each communication session and which is used to protect communicated data. Thus, in the system disclosed by Ehrsam et al, the same session key is utilized for encrypting data during a given communication session regardless of whether data is passing from terminal to host or from host to terminal during a given communication session.
One difficulty, however, encountered with the Ehrsam et al device and process is that since the session key utilized to encrypt data passing between terminal and host, is the same session key which is utilized to transmit data from host to terminal during a given communications session, a breach of security as to the session key is fatal. Thus, the Ehrsam et al system is based upon the assumption that it will take an unauthorized party an impractically long time to ascertain a given session key during a particular communication session. While this assumption may be largely correct, there are instances when difficulties may arise.
For example, where a long series of data is transmitted from a terminal to a host representing, just as an example, check balances for deposit, it might be possible for an unauthorized party to break the session key utilized in transmitting that data given a sufficient period of time. Knowing that session key, the unauthorized party might then direct an unauthentic confirmation signal from the host to the terminal and thus divert the transmitted check balances to an improper bank account. Thus, even though the duration of an authentic confirmation signal directed from the host to the terminal might be too short to permit derivation of the session key during its transmission, because the session key utilized for the transmission of data from the terminal to the host is the same session key, security may be breached.
It would be desirable to further increase the likelihood that a given session key could not be derived by unauthorized parties. The present invention meets this objective in a manner which will be further described below.