Public Key Cryptography
Public key cryptography allows for two distinct keys, one for encryption and the other for decryption. Any piece of plaintext that is encrypted using the encryption key can only be decrypted if one has the decryption key. If properly designed, it is not possible to obtain one key from the other without solving a very hard mathematical problem. One can thus make the encryption key public, perhaps by posting it online, so that anyone can encrypt a message and send it to the intended user without fear of the message being readable by anyone who does not have the secret decryption key. The message will remain secure so long as the decryption key is kept secret. Diffie and Hellman introduced public key cryptography in 1976. The next significant step was taken in the late 1970s by Rivest, Shamir, and Adleman with their invention of the RSA cryptosystem (the acronym contains the first letter of each of the inventors' last names). The RSA cryptosystem implements public key cryptography with an algorithm known in the art (the implementation relies primarily on exponentiation modulo a large number). The security of the RSA cryptosystem is presumed to be based on the difficulty of factoring very large numbers of the form A×B, where A and B are large prime numbers. It has never been conclusively proven, but it is generally believed that the only way to obtain a well-selected RSA decryption key from the corresponding encryption key (or vice versa) is to factor the product of two large primes. This is a well-understood problem that is known to be very difficult. RSA keys are much larger than symmetric system keys, but not so much as to be unworkable. 3072-bit RSA keys are generally felt in the art to provide the same level of security as 128-bit keys in symmetric key systems (See, e.g., http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf). Another remarkable aspect of having two distinct keys is that the system can be used to generate secure digital signatures as well as providing secure communication.
Public key cryptography has a strong role to play in trusted communication. But one piece is still missing: we want to be sure that when we use a public key to send, e.g., our credit card information to e.g., an on-line seller, it really is that on-line seller that provided the key.
A solution to this problem that is known in the art takes the form of a public key certificate. A public key certificate binds a public key to an individual or corporate identity in much the same way that a passport binds information about an individual (name, date of birth, place of birth, etc.) to a passport photograph
Currently, E-commerce retailers go to a registration authority and present sufficient documentation to prove their corporate identities. Once their identities have been verified, an associated certification authority generates the public key and places it on the certificate, binding it to information about the entity associated with the key. The certification authority will digitally sign the certificate so that it can be verified by the certified entity's customers. The registration and certification authorities and other, related functionality is often found under the head of a single entity called the public key infrastructure (PKI). Several large companies, such as VeriSign, have emerged as dominant PKIs for Internet commerce. They establish trust through a variety of means, including their reliability, cash warrantees as high as $250,000 (see http://www.verisign.com/ssl/buy-ssl-certificates/index.html?tid=a_box), and the fact that their value as a corporation would vanish overnight if they abused the trust placed in them. Many web browsers are configured to automatically accept certificates from known PKIs, thus freeing the human user from having to worry about such things.
For example, suppose a buyer wishes to go to an on-line bookseller's website to buy several copies of a book. The buyer would first enter the bookseller's URL into the URL line at the top of his browser and make his way to the bookseller's home page. The buyer would then place copies of the book into a virtual shopping cart and proceed to checkout. It is at this point that the cryptographic action begins, unbeknownst to most users. The seller will send the buyer's browser a certificate containing a public encryption key. If the buyer wishes, he can actually view the certificate by clicking on the displayed lock icon that indicates secure browsing in some browsers. These certificates contain a lot of information, including the signing authority, the public encryption key, and the intended encryption algorithm. For this example, the certificate is signed by an authentication service, e.g., VeriSign, and calls for RSA encryption with a certain length key, say 2040 bits. Having verified the certificate, the buyer's browser will generate a 128 or 256-bit key for a symmetric key cryptosystem. This key will be encrypted using the RSA public encryption key provided on the certificate, and the resulting cryptogram will be sent to the online seller. The seller and buyer now share a secret symmetric key, and they can now converse securely. The success of e-commerce rests on the trust generated through the security of public key cryptography and trusted third parties, e.g., authentication services such as VeriSign.
Protecting Privacy in Information Networks
From its inception, landline telephony has been a surveillance technology. The prospects for surveillance increased with cellular telephony, as registration messages provide a constant stream of location information. More recently the impact of surveillance has become increasingly important as non-telephonic computational and video functionality have converged onto the cellular platform and as usage of wireless platforms and wireless networks has expanded.
There is a need in the art for a system for protecting privacy in information networks, such as cellular and wireless networks, that puts the user in charge of his or her personal information.
Citation or identification of any reference in Section 2, or in any other section of this application, shall not be considered an admission that such reference is available as prior art to the present invention.