Increasing advances in computer technology (e.g., microprocessor speed, memory capacity, data transfer bandwidth, software functionality, and the like) have generally contributed to increased computer application in various industries. Ever more powerful server systems, which are often configured as an array of servers, are often provided to service requests originating from external sources such as the World Wide Web, for example. As local Intranet systems have become more sophisticated thereby requiring servicing of larger network loads and related applications, internal system demands have grown accordingly as well, hence resulting in new challenges.
For example, the growing use of digital devices in household appliances is causing an increasingly common problem of secure communications therebetween. Typically, users desire to cryptographically introduce their personal devices together. Such can include: securely connecting a Bluetooth headset to an associated cell phone so that nearby Bluetooth headsets cannot illegally obtain the use of such phone; securely connecting a new wireless laptop to an existing home wireless router while preventing next door neighbors from obtaining free access; and connecting a media center extender to a central media center PC, while avoiding data streaming into a neighbor's house. Likewise, content providers can require stringent installation conditions, so that premium content becomes available only to those customers that have paid for legal access.
In general, such appliances are being employed within insecure environments where access to their communication channel is possible. Also, in many associated protocols, the security gained by using passwords or other information known to a participant (e.g., “what you know” authentication factors) is often compromised; because people who employ such features often choose factors that are cryptographically weak, which can be guessed or discovered after a reasonable number of attempts. For example, people often choose passwords that are valid words in their language, are names or birthdates of a close relative, are addresses, and the like.
In addition, current encryption methods for communicating information between parties require that the communicating parties be able to recognize each other aside from the encrypted message. In other words, the communicating parties need to be able to verify that they are truly communicating with whom they think they are communicating. Often, current systems rely on Certification Authorities (CA's) to verify the identity of each party and to transfer secret keys to encode communications. Use of third parties to verify identities, however, presents a “man-in-the-middle” problem, whereby the man in the middle has access to secret information in the clear.
Moreover, systems are typically designed as a general-purpose system in which the personal identification number (PIN) that is to be protected is given no more consideration than any other message. In such systems, secret keys must typically be initialized for all devices that participate in a communication. Procedures for initializing and distributing the keys are part of a key management system, which is also responsible for physically securing the keys.
In these systems, the initialization procedure can be burdensome as it is a highly secretive process, and in general relies on a master key at the top of a hierarchy. Such a procedure can require a special, secure environment and entrusted officers to perform the procedure. Typically, these requirements can present logistical problems, because the initialization must be done on every peripheral that handles the PIN. Accordingly, the PIN is not protected in home banking, as it is in automated teller machines (ATMs), for example. Nor is such protection extended to other services provided by peripherals that are not readily accessible.
Even with all precautions, such a system cannot typically ensure adequate secrecy and security. Between an input device, for example, where a customer enters a PIN and the bank system where the PIN is verified, a number of intermediate systems are involved. By necessity, the involvement of these intermediate systems results in the sharing of the secret keys on the borders of each of these systems' control or jurisdiction. In sharing the secret keys and responsibilities, these intermediate systems present a security problem, because the PIN is decrypted with one key and encrypted again with another and appears in the clear.
Moreover such systems are expensive and yet inadequate in both logistics and security. Attempts to simplify the logistics of the key initialization procedure by using public key cryptography address one problem, namely, the initialization of system keys and introduces another problem of the same nature, namely, the initialization of public keys. These problems can persist as long as the system is a general purpose one in which the PIN is not given special consideration and the prior knowledge of the communicating parties is ignored, for example.