The problem of secure encryption of information is of particular concern due to the large amount of sensitive content that is transferred between users. It is critical that such content remain private and beyond the reach of third parties who are not authorized to view such information. Several prior art examples are directed at split-key algorithms for the purpose of secure transfers of content.
US Patent Application No. 2008/0077755 discloses a programmable electronic device that stores a number of cipher-text software modules. The invention utilizes split-keys which, when combined in a predetermined fashion with a token of a user installed on the device, generates the appropriate cipher-key that permits successful decryption of the associated cipher-text software module. One split-key may be created for each cipher-text software module in a one-to-one correspondence. This patent discloses the use of bitwise exclusive-or or bitwise exclusive-nor functions to combine the split-key with the token. A problem this method encounters is that partial knowledge of the split-key and the token may yield partial knowledge of the cipher-key. As a result the security offered by this invention is limited.
US Patent Application No. 2003/0147536 discloses a secure electronic messaging system that permits communication between registered users with the assistance of a key server. The invention involves a database that contains stored information regarding registered users including preferred public encryption keys, key usage information and decryption key information. A digital signature may be included with a string of random bits when a message is sent. The key server confirms that the message was sent by the sender through the recognition of the digital signature. The patent discloses that the protocol requires the encrypted form of the key, not the key itself, to be split into two parts, and that this may be achieved by a method of splitting that is the exclusive-or function.
U.S. Pat. No. 7,114,078 discloses a method and apparatus for storing a user name and password for respective network addresses or universal resource locators (URLs). Such information is encrypted and access to the memory card storage location is controlled. When the card is attached to an electronic device, the password may be utilized to initiate an unlock request. If the request is validated the user name and password associated with a particular URL may be transmitted to the browser on the electronic device requesting the information. The patent discloses binding a URL to a user name and password. Keys in this method are stored in their entirety and are never split.
U.S. Pat. No. 7,152,693 discloses an encryption engine operable to encrypt passwords associated with a plurality of data servers which may be accessed in response to a client request. A key-based encryption algorithm may be applied and ciphertext corresponding to each password may be stored in a passwords storage means. A decryption engine may apply a key-based decryption algorithm corresponding to the key-based encryption algorithm to decrypt the ciphertext. The patent discloses that passwords are encrypted only for storage purposes. When a retrieval request is submitted, the password is decrypted and transmitted in unencrypted form. The keys are stored in their entirety and are never split.
U.S. Pat. No. 6,668,323 discloses a data processing system-based password protection system that applies a user selected password to protect a resource. The password and an encryption key unique to the resource and at least partially derived from the resource may be stored in a data processing system. To access the resource a user must enter a password that matches the stored access password. A forgotten password may be recovered from the encrypted password and the unique information. The method disclosed in this patent creates a password from two sources: the unique information and a master password. The invention does not involve a step whereby a key is split into two or more parts.
U.S. Pat. No. 1,310,719 discloses a method whereby signals may be enciphered. In accordance with a rule represented the characters are represented by a number of periods of different current values thereby altering the normal code impulses of a character to be transmitted. In this invention, the cipher may be changed for each letter transmitted. This invention discloses the use of an exclusive-or function and its generalization as an encryption method. It makes no use of split keys.
U.S. Pat. No. 7,386,720 discloses techniques for user authentication based upon an asymmetric key pair including a public key and a split private key. The techniques of this invention facilitate authentication of a user to a networked device. The public key is known to at least a merchant user and is stored on a merchant server in association with a user ID. The private key is made up of at least two factors, including a user's password and a non-exportable key stored on a user's device or another private key stored elsewhere. This invention imposes certain limitations, such as a limitation on a user's ability to perform the protocol on different devices. The key is split using public-key methods and therefore its security is based on computational security rather than information-theoretic security. Furthermore, the requirement that the public key be known to each merchant server obligates the merchant server to collaborate with the user in the protocol, and requires key management.
PassPack is a company which offers password encryption and retrieval products. The product uses a passphrase to encrypt a password encryption key. The method applied does not involve splitting of the encryption key itself. Instead, individual passwords are encrypted by exclusive-or-ing the encrypted AES value of a random string. A problem encountered by this method is that should an intruder learn the passphrase the security of the system is lost.
The OpenID consortium is formulating protocols and standards for an ID management tool which operate using certificates and public keys. A disadvantage of the system of OpenID is that it is bulky and must involve collaboration with other websites.