1. Field of the Invention
The present invention relates generally to public key cryptographic systems, and more specifically, to the management of private keys in a public key cryptographic system.
2. Description of Related Art
The increasing accessibility of public networks, such as the Internet, allow a wide variety of data to be quickly and cost effectively accessed from virtually anywhere. The Internet, for example, allows users to access databases such as web page servers from any computer connected to the Internet.
One disadvantage with using a public network or an insecure private network to access information is the possibility that sensitive or private information may be accessed, modified, or intercepted by an unauthorized party. These problems can be overcome, however, by using public key cryptographic systems. An authorized person can digitally sign messages to verify their source and information can be encrypted before it is transmitted over the insecure network. The receiver of the signed message will be assured that the message originated from the authorized person. The encrypted information, even if unlawfully intercepted, is not intelligible. In this manner, an insecure network may act functionally like a private and secure network.
Public key cryptographic systems provide digital signatures and encryption. The basic components of a public key cryptographic system include a cryptographic algorithm and two numerical codes called keys, one of which is referred to as the public key and the other the private key. For digital signatures, the private key (or private signature key) is used to sign messages and the public key (or public verification key) is used to verify that the message was signed by the private key. For encryption, information encrypted with the public key (or public encryption key) can only be decrypted with the private key (or private decryption key). For example, if a first user encrypts a message with the public key, only the holder of the private key can recover the original message. Even the first user, absent the private key, cannot decrypt the message.
Parties wishing to securely communicate with one another over an insecure network using a public key cryptographic system begin by exchanging their public keys or by receiving digital certificates that associate a public key with an individual party. It is common practice to use a different private/public key pair for encryption than for digital signatures. Information that is to be transmitted to the other party is first signed using the sending parties private signature key and then encrypted using the other parties public encryption key.
For a public key cryptographic system to be secure, the communicating parties must keep their respective private keys secure. This can be problematic if the party wishes to engage in secure communications using public key cryptography from multiple computers. For example, consider the situation in which patient records stored at a central database are distributed to authorized doctors over an insecure network. If the doctor wishes to access patient records from a number of different computer terminals (e.g., from a terminal at each of a plurality of clinics she regularly visits), the doctor""s private key must somehow be accessible by each of the computer terminals.
One way to provide the doctor""s private key at each of the computer terminals is to simply store a copy of the private key at each terminal. Copying the private key to each terminal, however, may be inconvenient. Additionally, storing copies of the doctor""s private key at multiple terminals, even if the private key is itself encrypted using a symmetric key encryption algorithm (i.e., an encryption algorithm in which the encryption/decryption is performed based on a single key or password), undesirably increases the exposure of the private key .
One possible solution to the problem introduced by needing access to a private key at multiple computer terminals is to store the private key at a remote database, and send an encrypted version of the private key in response to the login name sent by the user. The private key, which was encrypted using a symmetric encryption algorithm using the user""s password as the key, is then decrypted at the terminal. This solution, however, as with storing a copy of the private key locally at each terminal, undesirably exposes the encrypted version of the private key. In particular, anyone with the user""s login name can request the encrypted version of the key from the remote database. The encrypted version of the private key, once received by an illicit party, may then be vulnerable to a brute force attack, particularly if the user does not use a strong password.
Accordingly, there is a need in the art to more effectively distribute private keys in an insecure network.