The present invention relates generally to methods and systems for performing secure electronic messaging, and more particularly to a method and system for performing secure electronic messaging between two public entities for any 81 or less character alphabet, to include any character that can be represented and transmitted electronically as unique and individual; e.g. the 26 English alphabet characters, foreign representations of those 26 characters, numbers, special characters such as "&" or "{", representations of a message space (" "), etc. where in total, there are 81 or less unique entries in the alphabet used to create a message content.
The present invention is based on, and extends, the above mentioned patent application for performing secure electronic monetary transactions. This extension allows for performing secure electronic messaging using a private numeric encryption key system identical to that of the monetary system. The mathematics and processes of the messaging system use the fundamental capability of the monetary system, but in distinct and separate manners maintaining the absolute security of the key for both sets of information.
Existing secure messaging systems include private and public key encryption systems. These types of systems rely on creating sufficiently large codewords such that the time required to break the code by simply trying all possibilities ("brute force" decryption) is extremely large.
Securing a message transfer between two public entities can be done in a variety of ways. But no matter the manner chosen, the goal is to positively transfer the message contents through the public sector without the contents being discovered and used or read by anyone other than the intended recipient. This need for positive and secure messaging increases significantly along with the value of the information being passed. Various systems have been developed through the years to perform messaging and the public record is well documented with both success and failure. The major component of almost every system developed is an encryption key that is used to translate information from source text to cipher text and back to source text.
A message content key is just like a physical one--it is used to unlock or, in this case, secure data. All modem secure systems use keys of one type or another. The only difference between a message key and a physical one is that besides losing it or having it stolen, it can also be derived ("broken") or discovered. The major weakness with public transfer of information is key discovery. Not the physical issues with loss or theft, which are faults that cannot be removed from any key-based system but deriving and using a key without authorization.
The current electronic age has ushered in a dramatic increase in the need for secure messaging, and new methodologies have been developed to attempt to meet the demand. The main new capability that has been unveiled is to use systems based on a concept called Public Key Encryption (PKE). These systems were developed to solve the supposed faults of the private key methods used in the past. A private key system is one in which only those who intend to share information will all posses the same key. The private key systems supposedly have a major fault: the secure distribution of the private key to the intended recipients and only to those recipients.
PKE introduced a concept in which there are dual keys--one public and one private. The public key is freely distributed to anyone who wishes to transfer information to the entity holding the single private key. This dual key approach therefore solves the fault by not having to distribute a private key. The entire basis for PKE methods are the mathematically large disparity between decrypting the public key created cipher text with the PKE private key, which is very rapid and simple to do (polynomial time computation), and working through the possibilities without the key, which theoretically takes a very long time (factoring, requiring exponential time computation). The systems are theoretically secure because the combination of the public key and the source information generate this theoretically long time to factor the possibilities without the PKE private key. The reason this is theoretical is that it is possible to develop a unique set of mathematical equations or even a single algorithm for either mimicking or rapidly factoring an integer in polynomial time, although no solution has been published to date. Alternatively, faster computers are always shortening the problem. Proposals have even been made to develop "quantum computers" that would perform these computations in a fraction of the expected time. Consequently, the controversial issue with these methods is that if the math were to be developed, or the shortcut found, then the security of these PKE systems completely and instantly evaporates.
The fundamental problem with these PKE systems is that they have been introduced as saviors of the faults of a private key system; and while supposedly solving this problem, they have introduced uncertainty into the core issue with all encryption systems: unauthorized discovery of the key--now matter how sophisticated the mathematics.
In relation to securing language-based message contents, the PKE systems have several major flaws:
1. The mathematics of the systems can be broken instantly by the theoretical development of algorithms for factoring large relatively prime numbers, which PKE is based on; e.g., message decryption is not solely dependent on "brute force" attempts of every possible key combination; PA0 2. The derivation of a single message key reveals the private key for all messages sent using the corresponding public key, e.g., once the key is discovered, and the discovery kept secret, all messages being sent with a key set can be broken and read; PA0 3. The PKE systems do not account for the single most important factor in secure messaging--authentication, of both the message's sender and the content condition (touched/untouched); e.g., the major benefit of using PKE is to not have any concern for the public distribution of the keys. Yet because the system cannot in and of itself perform any authentication (all send using the same public key), secure messaging using these systems then requires the additional use of another external system to perform the authentication which completely negates the use of PKE for secure messaging.
The present invention is therefore directed to the problem of developing a system for performing secure messaging that does not rely on complicated mathematics that can negate key attempts, separates key discovery from message discovery making even key attempts valueless, provides content and sender authentication, and uses a completely open architecture.