The present invention relates to cryptographic methods and, more particularly, to a method and system of using secure and non-secure processors to perform cryptographic calculations while maintaining the security of private data.
The Internet has evolved from a network used primarily for the exchange of information into a communications medium used for business and commercial transactions. This evolution of the Internet into a communication medium for business and commercial transactions has lead to the need to make communications over public networks secure. Encryption technology is now commonly used to maintain secure communications over insecure networks, such as the Internet. In addition, the growth of e-commerce has lead to a need for new authentication methods for remote log-in and document verification.
Public key encryption technology provides both security and authentication capability. In public key cryptosystems, each user holds a matched pair of keys, including a private key and a public key. The private key and public key form a unique, matched pair. Documents or communications encrypted with a private key can only be decrypted with the matched public key and vice versa. The public key may be publicly disclosed and can be used by anyone to encrypt communications intended for the owner of the public key. The private key is maintained secret. Thus, a communication encrypted with the public key can only be decrypted by the owner of the matching private key.
Public key encryption methods can also be used to create digital signatures for electronic documents and communications. This digital signature may be used to verify documents. A person may sign an electronic document or communication by encrypting the document or communication with his or her private key. A signed document can then be verified or authenticated by decrypting the signed document with the matching public key. If the document or communication decrypts successfully using the matched public key, only the owner of the private key could have sent the message.
To ensure the integrity of commercial transactions and to prevent fraud, it is necessary for users to keep their private keys secret. Anyone who has access to the private key of a user can masquerade as that user with complete anonymity. Thus, widespread use of digital signatures for electronic commerce and other applications will require technology for secure storage of private keys.
It is known to store private keys in tamper-proof hardware devices, such as a removable smart card. The user""s private key and public key certificate are written into the memory of the smart card. To use the smart card, the user inserts the smart card into a card reader connected to a host device and then enters an ID/password to activate the smart card. If the correct ID/password is entered, the on-card processor releases the private key for use by the host device. If an incorrect ID/password is entered on a predetermined number of consecutive attempts, the smart card locks up permanently. Some intelligent smart cards (often called cryptocards) can perform cryptographic operations so that the private key does not need to be output from its tamper-proof environment. The bytes to be processed are input to the smart card by the host device and processed by the smart card. Only the result is output from the smart card to the host device.
The present invention is directed to a method and system of using secure and non-secure devices for performing cryptographic calculations, such as encryption and decryption of messages, without disclosing secret information. At least a portion of secret information is maintained within the secure device. The secret information is not discoverable by any practical means from the disclosed portion of the secret information.
One embodiment includes a method and system for performing calculations on a bitstring using a secret cipher key. The cipher key is divided into two partial values, referred to herein as the modified cipher key and the indicator. The modified cipher key is then output to an external processor. The modified cipher key may be generated by randomly changing selected bits of the cipher key. An indicator corresponding to the modified cipher key is also generated and includes a plurality of indicator bits. The indicator is a bitstring that, when added to the modified cipher key, produces the original cipher key. A first product is computed by the insecure processor and is a function of the bitstring and the modified cipher key. A second product is computed within the secure processor and is a function of the bitstring and the indicator. A final product is computed within the secure processor by combining the first product and the second product.
A second embodiment of the present invention divides the cipher key into three partial values, referred to herein as the short part, modified long part, and indicator. The insecure processor computes a first product which is combined with a second product computed by the secure processor. The first product is a function of a third product computed by the secure processor and a fourth product. The secure processor initially computes the third product and outputs the result to the insecure processor. The third product is a function of the bitstring and short part of the cipher key. The fourth product is a function of the bitstring and modified long part of the cipher key. The insecure processor multiplies the third product by a fourth product to obtain the first product. The first product is input to the secure processor which computes a second product and combines the second product with the first product to obtain the final product. The second product is a function of the bitstring and indicator.