There are many applications, including electronic mail systems, bank systems and data processing systems, where the transferred information must pass over communications channels directly from a sender to an intended receiver without intermediate parties being able to interpret the transferred message. Authentication of the source of a message must often be ensured along with the verification and security of the message content.
In general, cryptographic systems are adapted to transfer a message between remote locations. Such systems include at least one encoding device at a first location and at least one decoding device at a second location, with the encoding and decoding devices all being coupled to a communication channel. For digital systems, the message can be defined to be a digital message, m, that is, a sequence of symbols from some alphabet. In practice, the alphabet is often chosen to be the binary alphabet consisting of the symbols 0 and 1.
Each encoding device is an apparatus which accepts two inputs: a message-to-be-encoded, m, and an encoding key or operator, E. Each encoding device transforms the message m in accordance with the encryption operator to produce an encoded version C of the message (which is denoted as the ciphertext) where c=E(m). The encoding key and the ciphertext can also be digital sequences.
Each decoding device is an apparatus which accepts two inputs: a ciphertext-to-be-decoded, c, and a decoding key or operator, D. Each decoding device transforms the ciphertext in accordance with the decryption operator to produce a decoded version m′ of the ciphertext where m′=D(c), or m′=D(E(m)). Like the encoding key, the decoding key and decoded message m′ are also typically digital sequences. The encoding and decoding keys are selected so that m′=m for all messages m.
Public-key encryption is an important aspect of securing communications across computer networks A well-known method of public-key encryption is RSA public-key encryption, disclosed by U.S. Pat. No. 4,405,829 to Rivest et al., herein incorporated by reference. The RSA cryptosystem, named after its inventors R. Rivest, A. Shamir, and L. Adleman, may be used to provide both secrecy and digital signatures and its security is based on the intractability of the integer factorization problem. In an RSA public-key cryptosystem, each user (e.g., user A) places in a public file an enciphering operator, or key, EA (see FIG. 1). User A keeps secret the details of the corresponding deciphering key DA which satisfies the equation m=cd (mod n) for any message m. In order for the public key system to be practical, both EA and DA must be efficiently computable. Furthermore, user A must not compromise DA when revealing EA. That is, it should not be computationally feasible for an eavesdropper to find an efficient way of computing DA, given only a specification of the enciphering key EA. In a public key system, a judicious selection of keys ensures that only user A is able to compute DA efficiently.
Whenever another user (e.g., user B) wishes to send a message m to A, user B looks up EA in the public file and then sends the enciphered message EA(m) to user A. User A deciphers the message by computing DA(EA(m))=m. Since DA is not derivable from EA in a practical way, only user A can decipher the message EA(m) sent to him. If user A wants to send a response to user B, user A enciphers the message using user B's encryption key operator EB, also available in the public file. Therefore no transactions between users A and B, such as exchange of secret keys, are required to initiate private communication. The only “setup” required is that each user who wishes to receive private communication must place his enciphering key operator E in the public file.
Additional methods have been used to increase protection of authentication communications. For instance, US Patent application 2005/0022020 (Fremberg) discloses using a hash algorithm (such as, for example, Secure Hash Algorithm 1 (SHA-1), which takes a message string of any length as input and produces a fixed length string as output) and further combining into an authentication request prior to computing the hash value at least an N-byte “nonce value” (random data only generated once by a random generator, used once, and then discarded), client and server IP addresses, and a client password. The Fremberg application discloses an embodiment in which a salt value is concatenated to the password before it is hashed.
In cryptography, a “salt” or “salt key” consists of random bits used as one of the inputs to a key derivation function. The other input is usually a password or passphrase. The output of the key derivation function is often stored as the encrypted version of the password. It can also be used as a key for use in a cipher or other cryptographic algorithm. A “salt” value is typically used in a hash function. The salt value may or may not be protected as a secret. In either case, the additional salt data makes it more difficult to conduct a dictionary attack using pre-encryption of dictionary entries, as each bit of salt used doubles the amount of storage and computation required. In some protocols, salt is transmitted in the clear with the encrypted data, sometimes along with the number of iterations used in generating the key. Cryptographic protocols that use salt include Secure Socket Layer (SSL) and Ciphersaber. Early Unix systems used a 12-bit salt, but modern implementations use more. Salt is very closely related to the concept of “nonce,” or a number used only once per new user session for encryption and/or key-derivation functions
[see Wikipedia: “Salt (cryptography)”; Jan. 20, 2006; http://en.wikipedia.org/w/index.php?title=Salt_%28cryptography%29&diff=10104303&oldid=9 507354].
Alternative secure-communications methods exist. Many companies and financial institutions desiring a secure web-based transaction currently use a server configured for Secure Socket Layer (SSL) communications. This SSL server approach is an industry standard, and a trusted method of securing data sent across the network. However, there are downsides to this approach such as:                Slower performance for each request due to the additional overhead of encrypting the entire transmission stream.        Additional hardware requirements to support the extra load on the server        More experienced system administration personnel to maintain the server        The potential additional costs to purchase an application container that supports SSL        The need to purchase and renew SSL certificates for each serverThere are also other hardware components that attempt to reduce this cost and performance, that introduce an additional hardware layer into the network infrastructure to perform the SSL encoding. These hardware devices also suffer from their own negatives such as:        More experienced system administration personnel to maintain the devices        Some applications do not work with these devices in the network pathway        Additional software modifications may be needed for each application to support these devices in the network pathway        
Existing software solutions for some of the above challenges have been developed in JavaScript for the browser, however, none of these solutions has utilized the RSA public-key approach. They all have used some form of home-grown and easily deciphered algorithm. Also, the nature of the HTTP protocol and HTML applications requires the code to encrypt also be sent to the client. This results in the equivalent of sending the keys to unlock the code to everyone listening (e.g., potential “middlemen” attackers). There have been various attempts to further obfuscate the code to prevent this, but anyone with minimal skills can convert this to readable text in seconds.
Therefore, there exist a need for improved methods to secure communications and information transfer over client-server computer networks. Particularly, there is need for alternative approaches to solve the above challenges and problems without the need for more experienced administrator skills, staying independent of a hardware solution, and not introducing any measurable performance impact on the server.
Accordingly, it is an object of this invention to provide a system and method for implementing a private communications system. It is another object to provide a system and method for establishing a private communications system for transmission of signed messages. It is still another object to provide a system and method for implementing a public key cryptographic communications system. It is a further object to provide a system and method for encoding and decoding digital data.