In the field of electronic messaging, digital certificates, document authentication and document transfer, security is of the utmost importance. As electronic commerce and online communications continue to increase at a staggering pace, the need for secured communication is critical. One such method of providing this security is through the use of a public key infrastructure. Secure communications through the use of public and private keys facilitates encrypted electronic messaging, document signature, signature verification, message authentication and other such secured transactions. Companies are forecasting that 20% of their resources will be directed to providing online content by the year 2003. As such, unauthorized access to computer information is a top concern. Providing for secured controlled access in an efficient and automated manner is a problem to which significant attention need be directed. The use of public and private key pairs is instrumental in providing this security since it applies to encrypted e-mail, signature verification, document authentication and message authentication. Traditional electronic encryption seeks to provide for public and private keys but relies upon centralized or private networks for creating, maintaining and managing key pairs. These systems typically make use of the Lightweight Directory Access Protocol (LDAP) for the use of managing pubic keys and, as a result, have not been widely adopted. The reliance upon centralized databases and LDAP requires traditional encryption systems to be organized in geographical, political or other organizational boundaries without regard to transmission efficiencies or load balancing across a distributed network. Such systems are limited in their reliance on a centralized database which degrades performance exponentially with the number of user and keys. Additionally, such systems are not optimized for physical network architecture, bandwidth, return traffic, or other such physical characteristics of communications. These systems also require heavy investments in time and expense based upon the significant amount of management and maintenance. According to cyberatlas, an Internet statistics source, 135.7 million Internet users reside in the United States, 375 million users are worldwide, and collectively 1 billion hours are spent online per week. Obviously, a centralized public key database simply cannot accommodate this fantastic volume.
Therefore, there is a tremendous need for an easily managed, automated, high performance public key infrastructure (PKI) that is widely available, distributable, and scalable allowing the system to maintain a superior level of responsiveness regardless of the number of users or load on the system.
In understanding this invention, the following terms are helpful in this art.
Public Key—one key of a key pair that is used to encrypt a message or document and mathematically linked to a private key.
Private Key—one key of a key pair that is used to decrypt a message or document encrypted with a public key and mathematically linked to the public key.
Public Key Infrastructure (PKI)—a system for providing public and private key pairs as well as, publishing public keys.
Hash value—the results of a mathematical manipulation of information producing a unique digital fingerprint of a larger document.
Spoofing—deceiving a server that communication from another source is authorized when, in fact, it is not—a form of computer hacking.
Validation—the process of determining whether a public key is still valid.
Authentication—the process of using a public key to determine that a message was actually sent from the named sender.
Public Key publication—the process of making public keys available to applications to be used for encryption.
Transmission Control Protocol (TCP)—a protocol for getting data from one network device to another. Typically, retransmission strategies are employed to ensure data will not be lost.
In using public key encryption, the sender of a message must have the certified and validated public key of a recipient prior to encrypting a message to be sent to the recipient. Therefore, the sender must have a process or method of learning the recipient's public keys. Also, a recipient wishing to authenticate a message must have access to the sender's public key. Additionally, an entity wishing to view messages encrypted with its public key, must have published its public key and maintain the associated private key used in decryption. However, in the best case of traditional PKI systems, a centralized storage of public keys is used and in some of the worst cases, the recipient must have individually transmitted the public key to all the senders from which the recipient wishes to receive encrypted mail.
Accordingly, it is a benefit of this invention to provide for a distributed database of keys for decentralizing key lookup, improving lookup performance and increasing fault tolerance through distributed key storage.
It is also a benefit of this invention to assist in providing an automated messaging encryption system for encrypting and decrypting messages and documents without significant maintenance or user interactivity.