This invention relates to safe public communication systems, and more particularly to such systems which include means for secure distribution of the encryption key and the communication parameters.
Heretofore, various devices and methods were devised for secure voice and/or data communication for public use, using analog or digital encryption means. Common to the various encryption methods is the use of an encryption key, which provides a higher level of protection together with flexibility and standardization. Public key encryption, by using separate encryption and decryption keys, offers better protection for encrypted messages. A public key cryptographic system and method was disclosed in Merkle-Hellman U.S. Pat. No. 4,218,582; the RSA (Rivest- Shamir- Adleman) encryption system and method was disclosed in U.S. Pat. No. 4,405,829.
With the proliferation of encryption machines in commerce and for private use, a situation arises wherein a user desires to establish a secure communication link with another user having an encryption machine. The user poses a problem: How to exchange the encryption keys in a secure way, to establish the secure link. If the key is compromised, then the whole communication is compromised, and the encryption is useless. This is a vicious circle, since a secure link is required to transmit the key to begin with; but, since the other party doesn't have yet the key, the secure link can't be used to transmit the key itself.
Furthermore, data communication systems face the dangers of eavesdropping and impersonation, with the associated risks of the key being intercepted or a false key being transmitted by an impersonator. Accordingly, means are required for secure key distribution, this being an essential requirement for the widespread use of encryption machines, that is for establishing a secure link between parties which had no previous secure communications therebetween.
The security of the encryption process depends on the security of the encryption key, which depends on the security of the key distribution means; therefore, special means are required to provide a higher level of protection for the key distribution means itself.
A directory of public keys could be used, but a fixed list cannot cope with the fast changing situation in this area, with new users joining continuously, users changing address and users changing keys for better protection.
Various attempts at solving the key dissemination problem were devised, for example PGP maintains a public server containing a list of public keys. PGP server accepts and maintains a file with a collection of identification packages (KeyID). Each identification package includes the name and details of a key holder, together with his/her public key, which are signed (authenticated) by a third party which encrypts the package with his/her private key.
Another party desiring to communicate with such a key holder searches for an identification package signed by someone known/ accepted by them, thus "ensuring" that is the true key, which truly belongs to the person as claimed; the third party is "known/accepted" in the sense that the caller believes that its encryption key pair are as claimed and are not compromised. Since any single third party may be unknown to the other party, said key holder submits a plurality of identification packages to the PGP server, each signed by a different third party; another party looking for a reliable encryption key has to desiring to communicate with search all the packages belonging to that key holder, until he finds one signed by a third party known to him.
Thus, the PGP server maintains a file with a collection of identification packages for a multitude of users, and with a plurality of packages for each user. Thus it may be difficult to keep this vast quantity of information to disseminate it to users.
Another key dissemination method is employed by VeriSign, which distributes digital "certificates" valid for a long time period, for example 5 years. A certificate includes the name and additional information for a user, together with the public key for that user and the expiry date of the certificate, all encrypted with the private key of the issuing authority. Another certificate is issued to that first issuing authority by a higher second authority, and so on. This is a hierarchical authorization structure, with a user bringing signatures from persons/entities at several levels, until a level high enough is reached which is also part of the hierarchy of the calling party.
A great effort is put into ensuring the identity of a user before issuing a certificate, and in keeping the certificates; however, a certificate once issued may be compromised during its long lifetime, in which case it is difficult to replace. The center has no control over the use of an issued certificate while the certificate is still valid, during the long period as set at issue time; only the "black list" at the center may give a warning to that effect, but that can only prevent communications. A reliable key has yet to be exchanged between the parties, which is difficult in this case.
RSA Data Security Inc. offers another system including a center which issues certificates, that is digital documents containing the name and details for a user, together with his/her public key and an expiration date, all encrypted with the private key of the center. The expiration date is a weak link for this system since, as the key approaches its expiry date, the chance of its being compromised increases, and more verification requests will be placed with the center.
If a key is compromised, it is practically impossible to remove it from the server; PGP and RSA only keep a second list (the black list) of disabled or canceled keys, but this is a cumbersome and inefficient method.
If the private key of the RSA or other similar centers is compromised, this results in a "catastrophe", since anyone can impersonate other users.
Another user of public key encryption is the PC Fax program package offered by Microsoft for the transmission of FAX messages. The FAX may be encrypted using a password or a digital key. Again, they face the same problem of reliable key dissemination. Microsoft advises to exchange diskettes containing the key, clearly a difficult to use method. A public key can be exchanged by communication means, and again there is the problem of identifying the other party- how one is to know that the answering party is truly the person it claims to be. Caller identification is a problem encountered in various situations in the modern period of widespread use of global communications and information exchange.