1. Field of the Invention
The present invention relates to a system of identification and authorization systems. In particular, the present invention relates to a system for digital communications over and insecure network that will securely identify and authorize two parties to communicate. The communications may or may not be encrypted or otherwise obfuscated.
2. Description of the Known Art
Tokens, secrets, and encryption techniques have been used throughout recorded history to identify two parties in communications. Proving that one party is who they claim to be is often accomplished by exchange secret information that one the parties involved in the communications will know. Other methods of providing proper identification includes having an identification token or other device. Various method have been used throughout time, but they all revolve around knowing either secret knowledge or possession of something.
In the digital age, encryption techniques are used to determine the identity of the parties attempting to communicate. With techniques involving encryption, the party knows that they are communicating with the appropriate individual based on knowledge of a secret key. This key is used to encrypt all or a portion of the communication between two parties. If one party uses the wrong key, the information sent to the other party will appear to by gibberish. In this manner you since you have knowledge of some secret, the implication is that communication must be with you as only you could know the secret.
U.S. Pat. No. 4,200,770 to Hellman describes a major advance in digital cryptographic systems to determine identity. Messages are sent using a key that can only encrypt messages and a different key is used to decrypt the message. This alleviates the need to share a common key thereby enhancing security by allowing a further restriction of secret keying material distribution.
U.S. Pat. No. 6,370,250 to Stein describes a further enhancement to digital cryptographic systems in that public key and private key systems are combined to make it significantly more difficult to effectively eavesdrop to determine a secret key.
However in today's threat environment, there are programs, viruses, and techniques where an attacker may be able to directly or indirectly determine what your secret key value is. Once they are able to determine your secret key value, they can be identified by a digitally based system as you and determined to be authentic. This attack is further aided by the fact that digital material can easily be copied in a manner that is indistinguishable with the original material.
The Achilles heal in all of the digital systems deployed today is that they require a secret value or values to be kept a secret for a cryptographic system to be effective. Thus we need an improved system that does not need or rely on long term secret keys to operate effectively and which can detect attacks where the keying is duplicated.