Key Replacement by Transparent Transmission
Original Publication Date: 2001-Jun-16
Included in the Prior Art Database: 2003-Jun-20
Encrypted communication between 2 parties across an open network (the Internet for example) commonly involves the use of asymmetric (public) key cryptography. In this type of configuration an entity (A) will hold a private (decryption) key and any one (B for example) wishing to securely communicate with A will need to obtain a copy of the matching public (encryption) key. The encryption key will be used to encrypt messages for transmission to A, messages which can only be decrypted by an entity holding a copy of the decryption key. Hacker H wishing to read the encrypted messages needs to obtain a copy of the decryption key, they will most likely have a copy of the encryption key. A number of strategies can be used to crack a secure communication link but most involve having access to or choosing example messages to be encrypted and being able to encrypt the message. A brute force approach to identifying a decryption key is often considered computationally infeasible (takes too long), with existing hardware and strategies but new hardware and approaches appear nearly every day. Another effective approach to obtaining a decryption key is to use bribery or blackmail to get a human operator to disclose the key. The brute force approach can be addressed by using longer encryption keys, but this does not address bribery and may have a minimal benefit to other attack strategies. An alternative is to regularly change the encryption key, the disadvantage to this is the cost in administration of making sure that everyone has a copy of the new key(s). Secondly the hacker H will then know that a new key is in use. This disclosure discusses an automated and transparent way of changing the encryption key used by 2 entities without a third party knowing which key is in use. As the process is automatic, human operators have minimal access to the keys which in turn reduces the likelihood of the key being obtained by bribery or blackmail.