Security systems for use in communicating between a user and a network computer on an insecure network are well known. Such systems are particularly useful in protecting transactions involving transfers of money or credit card numbers from unlawful interception. One of the goals of security systems is to achieve a simple, practical and easy to manage system which avoids cumbersome bureaucratic centralization. Unfortunately, the overhead created by security systems tends to be relatively large compared to the transaction. Moreover, regardless of the configuration of a network, a security system should be seamless; that is, the system should be of general applicability within a network and between networks. The security of information being communicated over a computer network is required also to provide authenticity of the identity of sender and receiver, to protect the integrity of financial transactions and to protect critical information such as credit card information from possible illegal acquisition and use. The use of a credit card on the Internet, for example, would be inherently dangerous if hackers could easily intercept the credit card number and then use this number without the permission of the owner. Consequently, people transmitting sensitive information on computer networks use encryption and decryption techniques to hide important data.
In the simplest form of a prior art security system, a clear text message is encrypted and transmitted. At the receiving end, the encrypted message is then decrypted to obtain the clear message. In order for the receiver to decrypt the message, the receiver must know the encryption technique used to encrypt the message. This involves knowing how the message was encrypted and the key used for encryption.
The industry has developed a data encryption standard known as "DES". The DES method is in the public domain but the KEY used by a sender for encryption must be a secret that is securely conveyed only to the party receiving the message in order to allow that party to decrypt the message.
One problem in prior art security systems based on DES is how to transmit and synchronize the encryption key. The encryption key must also be handled in a secure manner. When the problem is to communicate among hundreds or thousands of people, the management of keys and their security can become difficult and frequently not practical. Key management involves the selection, distribution and maintenance of the encryption keys and their security.
Encryption algorithms vary from weak to strong. If the encryption algorithm is weak, then a third party who knows the output and the input to the system may be able to determine the key by inspection. For more robust algorithms, an exhaustive trial and error approach involving a large computer or a number of computers is a general approach to determine a key. With the DES system, 64 bits including 8 check digits are used in the key so there are 2.sup.56 possible combinations of bits to yield an encryption key. To increase the number of possible combinations, the DES system is increasing the length of the key to 128 bits to create 2.sup.112 possible combinations. In the DES system, the DES key will both encrypt and decrypt the message.
With such long keys, trial and error attacks do not represent a threat. However, there is another less sophisticated, but serious, threat. This is the risk of discovery of keys by accidental or other means, particularly for static keys or for infrequently changed keys. So, regardless of algorithm strength or key length, the "key lifetime" becomes an important factor; the shorter the lifetime, the higher the security. A static key represents the highest risk case. A security system, therefore, must be a dynamic, key changing system. The key management problems attendant with frequent key changes are difficult. However, they must be addressed and resolved on a system-wide basis.
One security system for key management is the public key system ("PKS"). The public key system is able to send a key in a secure way. Only the intended receiver can decode the received encrypted key. Each participant is issued a key called the private key. Only the issuer and the participant know the private key which is very long, maybe 200 bytes. For every private key there is a corresponding public key which is published in a public book with the I.D. of the participant. If, for example, party "A" wants to establish a communication session with party "B" to be encrypted with a "session key", "A" must communicate the session key to "B" in a secure way. The public key system can do that as follows:
1. "A" encrypts the session key with party "A's" private key.
2. After encryption with the private key of party "A", party "A" re-encrypts with the public key of the receiver, party "B", obtained from the public book.
3. When party "B" receives the encrypted session key, party "B" decrypts the message twice; first with the private key of party "B", and second with party "A's" public key. The session key now is in clear text.
The public key technique is usually not used for securing communications, but is used primarily for the secure transmission of "working keys" between users. It is the working key that is used to secure the communication between the two users, using such encryption methods as DES or others.
The public key technique has a number of weaknesses. A custodian of the keys is responsible for issuing, maintaining, and changing the keys, and is responsible also for maintaining the integrity of the public key book which contains user I.D.'s and public keys. The system is only as good as the integrity and efficiency of a centralized custodian service. It can become bureaucratic, difficult to mange and control, and costly. Moreover, it addresses only the key transmission security issue. It does not address key lifetime issues or issues of security of transmitted working keys. These issues must be collectively addressed and resolved in a unified solution. Several methods have been devised for changing keys in private systems. Others were devised for key synchronization by providing users with pre-determined sequential keys or by using timing mechanisms. The management of all such systems is not practical, particularly for larger systems.
The working key, which is sent using private and -public keys, is ideally changed frequently. But the tendency is to send the working key once and then use it for a long time. This leads to the possibility of the working key being discovered by others.