1. Field of the Invention
This invention relates to the field of symmetric key cryptographic systems.
2. Background Art
Information can be transmitted between, for example, computing devices that is considered to be sensitive information. That is, information that either the sender or the receiver wishes to be readable, and/or verifiable as unchanged, by the receiver only. One type of sensitive information is financial information such as a bank account balance, an account's personal identification number (PIN), or medical records. It would be beneficial to be able to send sensitive information to the receiver in such a way that it cannot be read by anyone other than the receiver and/or that the receiver can be assured it has not been altered in transit.
One technique that is used to safeguard information such that it is readable only by the receiver is referred to as encryption. The information is scrambled, or encrypted, by the sender. When the scrambled information is received by the receiver, it is unscrambled, or decrypted.
Information is typically encrypted or decrypted using keys. To encrypt the information, an encryption key is applied to the information to scramble it such that its content is no longer apparent to a reader. A decryption key is applied to the encrypted information to unscramble it. A key can be a random number, for example.
A system that can be used to encrypt or decrypt information is referred to as a cryptographic system. Before it is scrambled, or encrypted, information such as a payment transaction is referred to as "plaintext". A cryptographic system converts the "plaintext" message into an encrypted format, known as "ciphertext." The encryption is accomplished by manipulating or transforming the message using a "cipher key" or keys. The receiver "decrypts" the message, that is, converts it from ciphertext to plaintext, by reversing the manipulation or transformation process using the cipher key or keys. Such an encrypted transmission is secure, if only the sender and receiver have knowledge of the cipher key.
A cryptographic system uses an encryption/decryption scheme that transforms plaintext into ciphertext using a key. Such a scheme applies the key to the information to transform the information. One example of an encryption/decryption scheme is the Data Encryption Algorithm (DEA) defined in ANSI X3.92 and also referred to as the Data Encryption Standard (DES).
A detailed explanation of the DEA is provided in Applied Cryptography: Protocols, Algorithms, and Source Code in C, Schneier, B., John Wiley & Sons, Inc. (1996) and is incorporated herein by reference.
If a cipher key is made public, the information that is encrypted using the cipher key becomes unsecure. That is, anyone who has knowledge of the cipher key can use it to decrypt information encrypted using the cipher key. It is therefore important to develop a technique for managing a cipher key in a cryptographic system so that it is protected from unauthorized access.
U.S. Pat. No. 5,175,416, issued to Mansvelt et al. on Dec. 29, 1992 is an example of symmetric key management system. That is, a system in which the same key is used by both the sender and receiver. Mansvelt et al. describes an authentication mechanism in a funds transfer system that involves a payer card and a payee card. The payer card generates a message and encrypts the message using the common encryption key. The encrypted message is transmitted to the payee card. The payee card decrypts the message using the common encryption key.
Thus, both the payer and the payee have knowledge of the common encryption key. This is disadvantageous because it increases the potential for a breach in security. The more cards in circulation that contain the common encryption key, the greater the access is to the common encryption key. A single card can be used by one wishing to compromise the system to determine the encryption key that is used throughout the system. Once the key is determined, it can then be used throughout with any card (e.g., either a payer or a payee card) to modify a past transaction or to effect a new transaction. The improperly obtained key can be used to effect both previous and future card transactions.