A method and apparatus are disclosed for improving public key encryption and decryption schemes that employ a composite number formed from three or more distinct primes. The encryption or decryption tasks may be broken down into sub-tasks to obtain encrypted or decrypted sub-parts that are then combined using a form of the Chinese Remainder Theorem to obtain the encrypted or decrypted value. A parallel encryption/decryption architecture is disclosed to take advantage of the inventive method.

REEXAMINATION RESULTS

The questions raised in reexamination request No. 90/005,733, filed May 18, 2000 and reexamination request No. 90/005,776, filed on Jul. 28, 2000, have been considered and the results thereof are reflected in this reissue patent which constitutes the reexamination certificate required by 35 U.S.c. 307 as provided in 37 CFR 1.570(e).

Patent
   RE40530
Priority
Dec 09 1996
Filed
Oct 20 2000
Issued
Oct 07 2008
Expiry
Jan 16 2017
Assg.orig
Entity
Large
0
15
all paid
0. 13. In a communications system, including first and second communicating stations interconnected for communication therebetween,
the first communicating station having
encoding means for transforming a transmit message word signal m to a ciphertext word signal c where m corresponds to a number representative of a message and

0≦M≦n−1
where n is a composite number having at least 3 whole number factors greater than one, the factors being distinct prime numbers, and
where c corresponds to a number representative of an enciphered form of said message and corresponds to

C≡aeme+ae−1me−1+. . . +ao(mod n)
where e and ae, ae−1, . . . , ao are numbers; and
means for transmitting the ciphertext word signal c to the second communicating station.
0. 7. A method for establishing cryptographic communications comprising the step of:
encoding a digital message word signal m to a cipher text word signal c, where m corresponds to a number representative of a message and

0≦M≦n−1,
where n is a composite number having at least 3 whole number factors greater than one, the factors being distinct prime numbers, and
where c corresponds to a number representative of an encoded form of message word m,
wherein said encoding step comprises the step of:
transforming said message word signal m to said ciphertext word signal c whereby

C≡aeme+ae−1me−1+. . . +ao(mod n)
where e and ae, ae−1, . . . , ao are numbers.
0. 23. A method of communicating a message cryptographically processed with RSA public key signing, comprising the steps of:
selecting a public key portion e;
developing k distinct random prime numbers p1, p2, . . . pk, where k≧3, and checking that each of the k distinct random prime numbers minus 1, p11, p21, . . . pk1, is relatively prime to the public key portion e;
establishing a private key portion d of a relationship to the public key portion e of the form d≡e−1(mod((p11)·(p21) . . . (pk1))));
computing a composite number, n, as product of the k distinct random prime numbers;
encoding a plaintext message data m with the private key portion d to produce a signed message mS using a relationship of the form
 MS≡Md(mod n),
where 0≦M≦n−1;
receiving the signed message mS; and
deciphering the signed message to produce the plaintext message data m;
wherein p and q are a pair of prime numbers that product of which equals a composite number m, the k distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n;
wherein the encoding step is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and
wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the encoding step if the k distinct random prime numbers are used, relative to the number of computational cycles for performing an encoding step if the pair of prime numbers p and q is used instead.
0. 45. A system for communications of a message cryptographically processed with RSA public key encryption, comprising:
a bus; and
a cryptoplasm receiving from the system via the bus encoding and decoding requests, the cryptosystem including
a plurality of exponentiator elements configured to develop subtask values,
a memory, and
a processor configured for
receiving the encoding and decoding requests, each encoding request providing a plaintext message m to be encoded,
obtaining a public key that includes an exponent e and a modulus n, a representation of the modulus n existing in the memory in the form of its k distinct random prime number factors p1, p2, . . . pk, where k≧3,
constructing subtasks, one subtask for each of the k factors, to be executed by the exponentiator elements for producing respective ones of the subtask values c1, c2, . . . ck, and
forming a ciphertext message c from the subtask values c1, c2, . . . ck,
wherein the ciphertext message c is decipherable using a private key that includes the modulus n and an exponent d which is a function of e;
wherein p and q are a pair of prime numbers that product of which equals a modulus m, the k distinct random prime numbers each smaller than p and q, and the modulus m having the same number of digits as the modulus n; and
wherein for a given number of digits for modulus n and modulus m, it takes fewer computational cycles to form the ciphertext message c if the k distinct random prime numbers are used, relative to the number of computational cycles for forming a ciphertext message C′ if the pair of prime numbers p and q is used instead.
0. 47. A system for communications of a message cryptographically processed with RSA public key encryption, comprising:
a bus; and
a cryptosystem receiving from the system via the bus encoding and decoding requests, the cryptosystem including
a plurality of exponentiator elements configured to develop subtask values,
a memory, and
a processor configured for
receiving the encoding and decoding requests, each encoding/decoding request provided with a plaintext/ciphertext message m/c to be encoded/decoded and with or without a public/private key that includes an exponent e/d and a modulus n representation of which exists in the memory in the form of its k distinct random prime number p1, p2, . . . pk, where k≧3,
obtaining the public/private key from the memory if the encoding/decoding request is provided without the public/private key,
constructing subtasks to be executed by the exponentiator elements for producing respective ones of the subtask values m1, m2, . . . mk/c1, c2, . . . ck, and
forming the ciphertext/plaintext message c/m from the subtask values c1, c2, . . . ck/m1, m2, . . . mk;
wherein p and q are a pair of prime numbers that product of which equals a modulus m, the k distinct random prime numbers each smaller than p and q, and the modulus m having the same number of digits as the modulus n; and
wherein for a given number of digits for modulus n and modulus m, it takes fewer computational cycles to form the ciphertext/plaintext message c/m if the k distinct random prime numbers are used, relative to the number of computational cycles for forming a ciphertext/plaintext message C′/M′ if the pair of prime numbers p and q is used instead.
0. 51. A system for communications of a message cryptographically processed with RSA public key encryption, comprising:
means for selecting a public key portion e;
means for developing k distinct random prime number p1, p2, . . . pk, where k≧3, and for checking that each of the k distinct random prime numbers minus 1, p11, p21, . . . pk1, is relatively prime to the public key portion e;
means for establishing a private key portion of d by a relationship to the public key portion e in the form of d≡e−1(mod((p11)·(p21) . . . (pk1)));
means for computing a composite number, n, as a product of the k distinct random prime numbers;
means for receiving a ciphertext message data c; and
means for decoding the ciphertext message data c to a plaintext message data m using a relationship of the form

M≡Cd(mod n);
wherein p and q are a pair of prime numbers that product of which equals a composite number m, the k distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n;
wherein decoding said ciphertext message data c is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and
wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the decoding of said ciphertext message data c if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a decoding of said ciphertext message data c if the pair of prime numbers p and q is used instead.
0. 35. A cryptography method for local storage of data by a private key owner, comprising the steps of:
selecting a public key portion e;
developing k distinct random prime numbers, p1, p2, . . . pk, where k≧3, and checking that each of the k distinct random prime numbers minus 1, p11, p21, . . . , pk1, is relatively prime to the public key portion e;
establishing a private key portion d by a relationship to the public key portion e in the form of d≡e−1(mod((p11)·(p21) . . . (pk1)));
computing a composite number, n, as a product of the k distinct random prime numbers that are factors of n, where only the private key owner knows the factors of n; and
encoding plaintext data m to ciphertext data c for the local storage, using a relationship of the form

C≡Me(mod n),
wherein 0≦M≦n−1, whereby the ciphertext data c is decipherable only by the private key owner having available to it the factors of n;
wherein p and q are a pair of prime numbers that product of which equals a composite number m, the k distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n;
wherein the encoding step is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and
wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the encoding step if the k distinct random prime numbers are used, relative to the number of computational cycles for performing an encoding step if the pair of prime numbers p and q is used instead.
0. 31. A method for communicating a message cryptographically processed with RSA public key encryption, comprising the steps of:
receiving from a sender a cryptographically processed message, in the form of a number c, which is decipherable by the recipient based on a number n, an exponent d, and the number c; and
deciphering the cryptographically processed message,
wherein a number m represents a plaintext form of the message,
wherein the number c represents a cryptographically encoded form of the message and is a function of
the number m,
the number n that is a composite number equaling the product of at least three distinct random prime numbers, wherein 0≦M≦n−1, and
an exponent e that is a number relatively prime to a lowest common multiplier of the at least three distinct random prime numbers,
wherein the number n and exponent e are associated with the recipient to which the message is intended, and
wherein the exponent d is a function of the exponent e and the at least three distinct random prime numbers;
wherein p and q are a pair of prime numbers that product of which equals a composite number m, the at least three distinct random prime numbers each smaller than p and q, the composite number m having the same number of digits as the composite number n;
wherein deciphering the cryptographically processed message is divided into sub-steps, one sub-step for each of the at least three distinct random prime numbers; and
wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the deciphering if the at least three distinct random prime numbers are used, relative to the number of computational cycles for performing a deciphering if the pair of prime numbers p and q is used instead.
0. 53. A system for communications of a message cryptographically processed with RSA public key signing, comprising:
means for selecting a public key portion e;
means for developing k distinct random prime numbers p1, p2, . . . pk, where k≧3, and for checking that each of the k distinct random prime numbers minus 1, p11, p21, . . . pk1, is relatively prime to the public key portion e;
means for establishing a private key portion d by a relationship to the public key portion e of the form d≡e−1(mod((p11)·(p21) . . . (pk1)));
means for computing a composite number, n, as a product of the k distinct random prime numbers; and
means for encoding a plaintext message data m with the private key portion d to produce a signed message mS, using a relationship of the form

mS≡Md(mod n),
where 0≦M≦n−1, the signed message mS being decipherable using the public key portion e;
wherein p and q are a pair of prime numbers that product of which equals a composite number m, the k distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n;
wherein encoding said plaintext message data m is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and
wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the encoding of said plaintext message data m if the k distinct random prime numbers are used, relative to the number of computational cycles for performing an encoding of said plaintext message data m if the pair of prime numbers p and q is used instead.
0. 19. A method of communicating a message cryptographically processed with RSA public key encryption, comprising the steps of:
selecting a public key portion e;
developing k distinct random prime numbers p1, p2, . . . pk, where k≧3, and checking that each of the k distinct random prime numbers minus 1, p11, p21, . . . pk1, is relatively prime to the public key portion e;
establishing a private key portion d by a relationship to the public key portion e in the form of d≡e−1(mod((p11)·(p21) . . . (pk1)));
computing a composite number, n, as a product of the k distinct random prime numbers;
receiving a ciphertext message data c representing an encoded form of a plaintext message data m; and
decoding the received ciphertext message data c to the plaintext message data m using a relationship of the form

M≡Cd(mod n),
the decoding performed by a recipient owning the private key portion d and having access to the k distinct random prime numbers p1, p2, . . . pk;
wherein p and q are a pair of prime numbers that product of which equals a composite number m, the k distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n;
wherein the decoding step is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and
wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the decoding step if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a decoding step if the pair of prime numbers p and q is used instead.
0. 15. A method of communicating a message cryptographically processed with an RSA public key encryption, comprising the steps of:
selecting a public key portion e associated with a recipient intended for receiving the message;
developing k distinct random prime numbers, p1, p2, . . . pk, where k≧3, and checking that each of the k distinct random prime numbers minus 1, p11, p21, . . . , pk1, is relatively prime to the public key portion e;
computing a composite number, n, as a product of the k distinct random prime numbers;
receiving a ciphertext message formed by encoding a plaintext message data m to the ciphertext message data c using a relationship of the form

C≡Me(mod n)
where m represents the message, where 0≦M≦n−1, and where the sender knows n and the public key portion e but has no access to the k distinct random prime numbers, p1, p2, . . . pk; and
deciphering at the recipient the received ciphertext message data c to produce the message, the recipient having access to the k distinct random prime numbers, p1, p2, . . . pk;
wherein p and q are a pair of prime numbers that product of which equals a composite number m, the k distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n;
wherein the deciphering step is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and
wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the deciphering step if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a deciphering step if the pair of prime numbers p and q is used instead.
0. 27. A method for communicating a message cryptographically processed with RSA public key encryption, comprising the steps of:
sending to a recipient a cryptographically processed message formed by assigning a number m to represent the message in plaintext message form, and cryptographically transforming the assigned number m from the plaintext message form to a number c that represents the message in an encoded form, wherein the number c is a function of
the assigned number m,
a number n that is a composite number equaling the product of at least three distinct random prime numbers, wherein 0≦M≦n−1, and
an exponent e that is a number relatively prime to a lowest common multiplier of the at least three distinct random prime numbers,
wherein the number n and exponent e having been obtained by the sender are associated with the recipient to which the message is intended; and
receiving the cryptographically processed message which is decipherable by the recipient based on
the number n,
another exponent d, and
the number c,
wherein the exponent d is a function of the exponent e and the at least three distinct random prime numbers;
wherein p and q are a pair of prime numbers that product of which equals a composite number m, the at least three distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n;
wherein deciphering the cryptographically processed message is divided into sub-steps, one sub-step for each of the at least three distinct random prime numbers; and
wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the deciphering if the at least three distinct random prime numbers are used, relative to the number of computational cycles for performing a deciphering if the pair of prime numbers p and q is used instead.
1. A method for establishing cryptographic communications of a message cryptographically processed with RSA (Rivest, Shamir & Adleman) public key encryption, comprising the step steps of:
developing k distinct random prime numbers p1, p2, . . . , pk, wherein k is an integer greater than 2;
providing a number e relatively prime to (p11)·(p21)· . . . ·(pk1);
providing a composite number n equaling the product p1·p2· . . . ·pk;
receiving a ciphertext word signal c which is formed by encoding a plaintext message word signal m to a ciphertext word signal c, where m corresponds to a number representative of a the message and

0≦M≦n−1
n being a composite number formed from the product of p1·p2·. . . ·pk where k is an integer greater than 2, p1, p2, . . . pk are distinct prime numbers, and where c is a number representative of an encoded form of the plaintext message word signal m such that

C≡Me(mod n)
and where e is associated with an intended recipient of the ciphertext word signal c; and, wherein said encoding step comprises the step of:
transforming said message word signal m to said ciphertext word signal c whereby

C=Me(mod n)
 where e is a number relatively prime to (p1−1)·(p2−1).
deciphering the received ciphertext word signal c at the intended recipient having available to it the k distinct random prime number p1, p2, . . . pk;
wherein p and q are a pair of prime numbers that product of which equals a composite number m, the k distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n;
wherein the deciphering step is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and
wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the deciphering step if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a deciphering step if the pair of prime numbers p and q is used instead.
0. 44. A system for communications of a message cryptographically processed with RSA public key encryption, comprising:
a bus; and
a cryptosystem communicatively coupled to and receiving from the bus encoding and decoding requests, the cryptosystem being configured for
providing a public key portion e,
developing k distinct random prime numbers p1, p2, . . . , pk, where k≧3,
checking that each of the k distinct random prime numbers minus 1, p11, p21, . . . pk1, is relatively prime to the public key portion e,
computing a composite number, n, as a product of the k distinct random prime numbers,
establishing a private key portion d by a relationship to the public key portion e in the form of d≡e−1(mod((p11)·(p21) . . . (pk1))),
in response to an encoding request from the bus, encoding a plaintext form of a first message m to produce c, a ciphertext form of the first message, using a relationship of the form

C≡Me(mod n),
wherein 0≦M≦n−1, and
in response to a decoding request from the host system, decoding C′, a ciphertext form of a second message, to produce M′, a plaintext form of the second message, using a relationship of the form

M′≡C′d(mod n),
the first and second messages being distinct or one and the same;
wherein p and q are a pair of prime numbers that product of which equals a composite number m, the k distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n;
wherein decoding C′ is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and
wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the decoding of C′ if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a decoding of C′ if the pair of prime numbers p and q is used instead.
0. 37. A cryptographic communications system, comprising:
a plurality of stations;
a communications medium; and
a host system adapted to communicate with the plurality of stations via the communications medium sending and receiving messages cryptographically processed with an RSA public key encryption, the host system including at least one cryptosystem configured for
developing k distinct random prime numbers p1, p2, . . . , pk, where k≧3,
checking that each of the k distinct random prime numbers minus 1, p11, p21, . . . pk1, is relatively prime to a public key portion e that is associated with the host system,
computing a composite number, n, as a product of the k distinct random prime numbers,
establishing a private key portion d by a relationship of the public key portion e in the form of d≡e−1(mod((p11)·(p21) . . . (pk1))),
in response to an encoding request from the host system, encoding a plaintext message data m producing therefrom a ciphertext message data c to be communicated via the host system, the encoding using a relationship of the form

C≡Me(mod n),
where 0≦M≦n−1, and
in response to a decoding request from the host system, decoding a ciphertext message data C′ communicated via the host producing therefrom a plaintext message data M′ using a relationship of the form

M′≡C′d(mod n);
wherein p and q are a pair of prime numbers that product of which equals a composite number, the k distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n;
wherein decoding the ciphertext message data C′ is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and
wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the decoding of the ciphertext message data C′ if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a decoding of the ciphertext message data C′ if the pair of prime numbers p and q is used instead.
4. A cryptographic communications system for communications of a message cryptographically processed with an RSA public key encryption, comprising:
a communication medium channel for transmitting a ciphertext word signal c;
an encoding means coupled to said channel and adapted for transforming a transmit message word signal m to a the ciphertext word signal c using a composite number, n,
where n is a product of the form

n=p1·p2· . . . ·pk,
where k is an integer greater than 2, and p1, p2, . . . pk are distinct random prime numbers, and for transmitting c on said channel,
where the transmit message word signal m corresponds to a number representative of a the message and 0≦M≦n−1, where n is a composite number of the form

n=p1·p2·. . . ·pk
where k is an integer greater than 2 and p1, p2, . . . , pk are distinct prime numbers, and where the ciphertext word signal c corresponds to a number representative of an enciphered encoded form of said message and corresponds to through a relationship of the form

C≡Me(mod n), and
where e is a number relatively prime to lcm(p1−1, p2−1, . . . , pk−1); and
a decoding means coupled to said channel and adapted for receiving the ciphertext word signal c from said channel and, having available to it the k distinct random prime numbers p1, p2, . . . pk, for transforming the ciphertext word signal c to a receive message word signal M′ where M′ corresponds to a number representative of a deciphered decoded form of the ciphertext word signal c and corresponds to through a relationship of the form

M′≡Cd(mod n)
where d is selected from the group consisting of the a class of numbers equivalent to a multiplicative inverse of

e(mod(lcm((p1−1), (p2−1), . . . , (pk−1))));
wherein p and q are a pair of prime numbers that product of which equals a composite number m, the k distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n;
wherein transforming the ciphertext word signal c to a receive message word signal M′ is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and
wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the transforming of the ciphertext word signal c if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a transforming of the ciphertext word signal c if the pair of prime numbers p and q is used instead.
9. A communication system for transferring communications of message signals mi cryptographically processed with RSA public key signing, comprising:
j stations, terminals including first and second terminals, each of the j stations terminals being characterized by an encoding key Ei=(ei, ni) and decoding key Di=(di, ni), where i=1,2, . . . ,j, and wherein mi corresponds to a number representative of a message signal to be transmitted from the ith terminal, each of the j terminals being adapted to transmit a particular one of the message signals where an ith message signals mi is transmitted from an ith terminal and

0≦Mi≦ni−1,
ni is being a composite number of the form

ni=pii,1·pi,2·. . . pi,k ni=pi,1·pi,2·. . . ·pi,k
where
k is an integer greater than 2,
pi,1, pi,2, . . . , pi,k are distinct random prime numbers,
ei is relatively prime to lcm(pi,1−1,pi,2−1, . . . , pi,k−1), and
di is selected from the group consisting of the a class of numbers equivalent to a multiplicative inverse of

ei(mod(lcm((pi,1−1), (pi,2−1), . . . , (pi,k−1))));
a said first one of the j terminals terminal including
means for encoding a digital message word signal mA for transmission m1 to be transmitted from said first terminal (i=A 1) to a said second one of the j terminals terminal (i=B 2), and
said encoding means for transforming said digital message word signal mAS, mAS corresponding to a number representative of an encoded form of said message word signal mA, whereby: m1S using a relationship of the form

mAS≡MAdA(mod nA) m1S≡M1d1(mod n1); and
means for transmitting said signed message word signal m1S from said first terminal to said second terminal, wherein said second terminal includes
means for decoding said signed message word signal m1S to said digital message word signal m1;
wherein p and q are a pair of prime numbers that product of which equals a composite number m, the k distinct random prime number each smaller than p and q, and the composite number m having the same number of digits as the composite number n;
wherein encoding a digital message word signal m1 is divided into sub-steps, on sub-step for each of the k distinct random prime numbers; and
wherein for a give number of digits for composite numbers n and m, it takes fewer computational cycles to perform the encoding of the digital message word signal mi if the k distinct random prime numbers are used, relative to the number of computational cycles for performing an encoding of the digital message word signal m1 if the pair of prime numbers p and q is used instead.
3. A method for transferring a message signal mi in a communications of a message signal mi cryptographically processed with RSA public key encryption in a system having j terminals, wherein each terminal is being characterized by an encoding key Ei=(ei, ni) and a decoding key Di=(di, ni), where i=1, 2, . . . , j, and wherein the message signal mi corresponds to a number representative of a message-to-be-transmitted received from the ith terminal, the method comprising the steps of:
establishing ni where ni is a composite number of the form

ni=Pi,1·pi,2·, . . . , ·pi,k ni=pi,1·pi,2· . . . ·pi,k
where k is an integer greater than 2,
pi,1, pi,2, . . . , pi,k are distinct random prime numbers,
ei is relatively prime to lcm(pi,1−1, pi,2−1, pi,kd−1) lcm(pi,11, pi,21, . . . , pi,k1), and
di is selected from the group consisting of the a class of numbers equivalent to a multiplicative inverse of

ei(mod(lcm((pi,1−1), (pi,2−1), . . . , (pi,k−1)))), ;
comprising the steps of:
receiving by a recipient terminal (i=y) from a sender terminal (i=x, x≠y) a ciphertext signal cx formed by encoding a digital message word signal mA for transmission from a first terminal (i=A) to a second terminal (i=B), said encoding step including the sub-step of: mx, wherein the encoding includes
transforming said message word signal mA to one or more message block word signals mA mX, each block word signal mA mXcorresponding to a number representative of a portion of said message word signal mA mX in the range 0≦MA″≦nB−1 0≦MX″≦ny1, and
transforming each of said message block word signals mA mXto a ciphertext word signal cA, cA corresponding cX that corresponds to a number representative of an encoded form of said message block word signal mA″, mXwhereby :

cA≡MA″eB(mod nB.) cx≡Mx″ey(mod ny); and
deciphering the received ciphertext word signal cx at the recipient terminal having available to it the k distinct random prime numbers py,1, py,2, . . . , py,k for establishing its dy;
wherein p and q are a pair of prime numbers that product of which equals a composite number m, the k distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n;
wherein the deciphering step is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and
wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the deciphering step if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a deciphering step if the pair of prime numbers p and q is used instead.
11. A communication system for transferring a message signal mi cryptographically processed with RSA public key encryption, the communications system comprising:
j communication stations including first and second stations, each of the j communication stations being characterized by an encoding key Ei=(ei, ni) and a decoding key Di=(di, ni), where i=1, 2, . . . , j, and wherein mi corresponds to a number representative of a message signal to be transmitted from the ith terminal, each of the j communication stations being adapted to transmit a particular one of the message signals where an ith message signal mi is received from an ith communication station, and

0≦Mi≦ni1
ni is being a composite number of the form

ni=pi,1·pi,2·. . . ·pi,k
where
k is an integer greater than 2,
pi,1, pi,2, . . . , pi,k are distinct random prime numbers,
ei is relatively prime to lcm(pi,1−1,pi,2−1, . . . ,pi,k−1), and
di is selected from the group consisting of the a class of numbers equivalent to a multiplicative inverse of

ei(mod(lcm((pi,1−1), (pi,2−1), . . . , (pi,k−1)))),
a said first one of the j communication stations station including
means for encoding a digital message word signal mA for transmission m1 to be transmitted from said first one of the j communication stations station (l=A 1) to a said second one of the j communication stations station (l=B 2), means for transforming said digital message word signal mA m1 to one or more message block word signals mA m1, each block word signal mA m1 being a number representative of a portion of said digital message word signal mA m1 in the range 0≦MA≦nB−1, 0≦M1″≦n21, and
means for transforming each of said message block word signals mA m1to a ciphertext word signal cA, cA corresponding to a number representative of an encoded form of said message block word signal mA″, whereby: c1 using a relationship of the form

cA=MAEb(mod nB) c1≡M1e2(mod n2); and
means for transmitting said ciphertext signals c1 from said first station to said second station, wherein said second station includes
means for deciphering said ciphertext signals c1 using p2,1, p2,2, . . . p2,k to produce said digital message word signal m1;
wherein p and q are a pair of prime numbers that product of which equals a composite number m, the k distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n;
wherein deciphering said ciphertext signals c1 is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and
wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the deciphering of said ciphertext signals c1 if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a deciphering of said ciphertext signals c1 if the pair of prime numbers p and q is used instead.
5. A cryptographic communications system for communications of a message cryptographically processed with an RSA public key encryption, the system having a plurality of terminals coupled by a communications channel, including comprising:
a first terminal of the plurality of terminals characterized by an associated encoding key EA=(eA, nA) and a decoding key DA=(dA, nA), wherein nA is a composite number of the form

nA=pA,1·pA,2·. . . ·PA,k
where
k is an integer greater than 2,
pA,1, pA,2, . . . , pA,k are distinct random prime numbers,
eA is relatively prime to

lcm(pA,1−1, pA,2−1, . . . , pA,k−1), and
dA is selected from the group consisting of the a class of numbers equivalent to a multiplicative inverse of

eA(mod(lcm((pA,1−1), (pA,2−1), . . . , (pA,k−1)))), ; and
and including a second terminal, comprising: of the plurality of terminals having
blocking means for transforming a first message-to-be-transmitted , which is to be transmitted on said communications channel from said second terminal to said first terminal, into one or more transmit message word signals mB, where each mB corresponds to a number representative of said first message in the range

0≦MB≦nA−1, and
encoding means coupled to said channel and adapted for transforming each transmit message word signal mB to a ciphertext word signal cB that and for transmitting cB on said channel,
where cB corresponds to a number representative of an enciphered encoded form of said first message and corresponds to through a relationship of the form

cB=MBeA(mod nA) cB≡MBeA(mod nA),
wherein said first terminal comprises: having
decoding means coupled to said channel and adapted for receiving each of said ciphertext word signals cB from said channel and, having available to it the k distinct random prime numbers pA,1, pA,2, . . . , pA,k, for transforming each of said ciphertext word signals cB to a receive message word signal mB mB, and
means for transforming said receive message word signals M′ mBto said first message, where M′ is mB′ corresponds to a number representative of a deciphered decoded form of cB and corresponds to through a relationship of the form

mB′=CBdA(mod nA) mB′≡CBdA(mod nA);
wherein p and q are a pair of prime numbers that product of which equals a composite number m, the k distinct random prime numbers each smaller than p and q, and the composite number m having the same number of digits as the composite number n;
wherein transforming said receive message word signal mB′ to said first message is divided into sub-steps, one sub-step for each of the k distinct random prime numbers; and
wherein for a given number of digits for composite numbers n and m, it takes fewer computational cycles to perform the transforming of said receive message word signal mB′ if the k distinct random prime numbers are used, relative to the number of computational cycles for performing a transforming of said receive message word signal mB′ if the pair of prime numbers p and q is used instead.
2. The method according to claim 1, comprising the further step of: wherein the deciphering step includes
establishing a number, d, as a multiplicative inverse of e(mod(lcm((p11), (p21), . . . (pk1)))), and
decoding the ciphertext word signal c to the plaintext message word signal m, wherein said decoding step comprises the step of: transforming said ciphertext word signal c, whereby:

M=Cd(mod n) M≡Cd(mod n).
where d is a multiplicative inverse of e(mod(lcm((p1−1), (p2−1), . . . , (pk−1)))).
6. The system according to claim 5 wherein said second terminal is characterized by an associated encoding key EB=(eB, nB) and a decoding key DB=(DB, dB) DB=(dB, nB), where:
nB is a composite number of the form

nB=pB,1·pB,2·. . . ·pB,k,
where k is an integer greater than 2,
pB,1, pB,2, . . . , pB,k are distinct random prime numbers,
eB is relatively prime to

lcm(pB,1−1, pB,2−1, . . . , pB,k−1), and
dB is selected from the group consisting of the a class of numbers equivalent to a multiplicative inverse of

eB(mod(lcm((pB,1), (pB,2−1), . . . , (pB,k−1)))),
wherein said first terminal comprises: further having
blocking means for transforming a second message-to-be-transmitted , which is to be transmitted on said communications channel from said first terminal to said second terminal, to one or more transmit message word signals mA, where each mA corresponds to a number representative of said message in the range

0≦MAeB(mod nB), 0≦MA≦nB1, and
encoding means coupled to said channel and adapted for transforming each transmit message word signal mA to a ciphertext word signal cA and for transmitting cA on said channel, where cA corresponds to a number representative of an enciphered encoded form of said second message and corresponds to through a relationship of the form

cA=MAeB(mod nB) cA≡MAeB(mod nB); and
wherein said second terminal comprises; further having
decoding means coupled to said channel and adapted for receiving each of said ciphertext word signals cA from said channel and, having available to it the k distinct random prime numbers pB1, pB,2, . . . , pB,k, for transforming each of said ciphertext word signals to a receive message word signal mA′, and
means for transforming said receive message word signals mA mAto said second message, where M′ mAcorresponds to a number representative of a deciphered decoded form of and corresponds to cA through a relationship of the form

mA′≡CAdB(mod nB) mA′≡CAdB(mod nB).
0. 8. In the method according to claim 7 wherein said encoding step includes the step of transforming m to c by the performance of a first ordered succession of invertible operations on m, the further step of:
decoding c to m by the performance of a second ordered succession of invertible operations on c, where each of the invertible operations of said second succession is the inverse of a corresponding one of said first succession, and wherein the order of said operations in said second succession is reversed with respect to the order of corresponding operations in said first succession.
10. The system of claim 9, wherein the means for decoding signed message word signal m1S includes means for further comprising:
means for transmitting said signal message word signal mAS from said first terminal to said second terminal, and wherein said second terminal includes means for decoding said signed message word signal mAS to said message word signal mA, said second terminal including:
means for transforming said signed message word signal mAS m1S to said digital message word signal mA, whereby m1 using a relationship of the form

mA≡MASeA(mod nA) mi≡M1Se1 (mod n1).
12. The communications system of claim 11 further comprising:
means for transmitting said ciphertext word signals from said first terminal to said second terminal, and wherein said second terminal the deciphering means includes
means for decoding said cyphertext word signals c1 to said message block word signals MA m1″ using a relationship of the form, said second terminal including:
means for transforming each of said ciphertext word signals cA to one of said message block word signals mA″, whereby

mA″≡CADb(mod nB) m1″≡C1d2(mod n2), and
means for transforming said message block word signals mA m1to said message word signal mA m1.
0. 14. The method according to claim 9, wherein the signed message word signal m1S, formed from the digital message word signal m1 being cryptographically processed at the first terminal with multi-prime (k>2) RSA public key signing which is characterized by the composite number n being computed as the product of the k distinct random prime numbers p1, p2, . . . pk, is decipherable at the second terminal with two-prime RSA public key signing characterized by the composite number m being computed as the product of the pair of prime numbers p and q.
0. 16. The method according to claim 15, comprising the further step of:
establishing a private key portion d by a relationship to the public key portion e in the form of d≡e−1(mod((p11)·(p21)· . . . ·(pk1))),
wherein the deciphering step includes decoding the ciphertext message data c to the plaintext message data m using a relationship of the form M≡Cd(mod n).
0. 17. The method according to claim 15, wherein a message cryptographically processed by the sender with two-prime RSA public key encryption characterized by the composite number m being computed as the product of the pair of prime numbers p and q, is decipherable with multi-prime (k>2) RSA public key encryption characterized by the composite number n being computed as the product of the k distinct random prime numbers p1, p2, . . . pk.
0. 18. The method according to claim 15, wherein n and m include values that are more than 600 digits long.
0. 20. The method according to claim 19, wherein the ciphertext message data c is formed by encoding the plaintext message data m to the ciphertext message data c using a relationship of the form C≡Me (mod n), wherein 0≦M≦n−1 and wherein n and the public key portion e are accessible to the sender although it has no access to the k distinct random prime numbers p1, p2, . . . pk.
0. 21. The method according to claim 19, wherein a message cryptographically processed by the sender with two-prime RSA public key encryption characterized by the composite number m being computed as the product of the pair of prime numbers p and q, is decipherable by the decoding with multi-prime (k>2) RSA public key encryption characterized by the composite number n being computed as the product of the k distinct random prime numbers p1, p2, . . . pk.
0. 22. The method according to claim 19, wherein n and m include values that are more than 600 digits long.
0. 24. The method of claim 23, wherein the deciphering step includes:
decoding the signed message mS with the public key portion e to produce the plaintext message data m using a relationship of the form M≡MSe(mod n).
0. 25. The method according to claim 23, wherein the signed message mS formed from the plaintext message data m being cryptographically processed at the sender with multi-prime (k>2) RSA public key signing which is characterized by the composite number n being computed as the product of the k distinct random prime numbers p1, p2, . . . pk, is decipherable by the decoding at the recipient with two-prime RSA public key signing characterized by the composite number m being computed as the product of the pair of prime numbers p and q.
0. 26. The method according to claim 23, wherein n and m include values that are more than 600 digits long.
0. 28. The method according to claim 27,
wherein the cryptographically transforming step includes using a relationship of the form C≡Me (mod n),
wherein the exponent d is established based on the at least three distinct random prime numbers p1, p2, . . . pk, using a relationship of the form d≡e−1(mod((p11)·(p21) . . . (pk1))), and
wherein the cryptographically processed message is deciphered using a relationship of the form M≡Cd(mod n).
0. 29. The method according to claim 27, wherein a message cryptographically processed by the sender with two-prime RSA public key encryption characterized by the composite number m being computed as the product of the pair of prime numbers p and q, is decipherable at the recipient with multi-prime RSA public key encryption characterized by the composite number n being computed as the product of the at least three distinct random prime numbers.
0. 30. The method according to claim 27, wherein n and m include values that are more than 600 digits long.
0. 32. The method according to claim 31,
wherein the number c is formed using a relationship of the form C≡Me (mod n),
wherein the exponent d is established based on the at least three distinct random prime numbers p1, p2, . . . pk, using a relationship of the form d≡e−1((p11)·(p21) . . . (pk1))),
and wherein the number m is obtained using a relationship of the form M≡Cd(mod n).
0. 33. The method according to claim 31, wherein a message cryptographically processed by the sender with two-prime RSA public key encryption characterized by the composite number m being computed as the product of the pair of prime numbers p and q, is decipherable at the recipient with multi-prime RSA public key encryption characterized by the composite number n being computed as the product of the at least three distinct random prime numbers.
0. 34. The method according to claim 31, wherein n and m include values that are more than 600 digits long.
0. 36. The cryptography method in accordance with claim 35, further comprising the steps of:
decoding the ciphertext data c from the local storage to the plaintext data m using a relationship of the form M≡Cd (mod n).
0. 38. The system of claim 37, wherein the at least one cryptosystem includes a plurality of exponentiators configured to operate in parallel in developing respective subtask values corresponding to the message.
0. 39. The system of claim 37, wherein the at least one cryptosystem includes
a processor,
a data-address bus,
a memory coupled to the processor via the data-address bus,
a data encryption standard (DES) unit coupled to the memory and the processor via the data-address bus, and
a plurality of exponentiator elements coupled to the processor via the DES unit, the plurality of exponentiator elements being configured to operate in parallel in developing respective subtask values corresponding to the message.
0. 40. The system of claim 39, wherein the memory and each of the plurality of exponentiator elements has its own DES unit that cryptographically processes message data received/returned from/to the processor.
0. 41. The system of claim 39, wherein the memory is partitioned into address spaces addressable by the processor, including secure, insecure and exponentiator elements address spaces, and wherein the DES unit is configured to recognize the secure and exponentiator elements address spaces and to automatically encode message data therefrom before it is provided to the exponentiator elements, the DES unit being bypassed when the processor is accessing the insecure memory address spaces, the DES unit being further configured to decode encoded message data received from the memory before it is provided to the processor.
0. 42. The system of claim 39, wherein the at least one cryptosystem meets FIPS (Federal Information Processing Standard) 140-1 level 3.
0. 43. The system of claim 39, wherein the processor maintains in the memory the public key portion e and the composite number n with its factors p1, p2, . . . pk.
0. 46. The system of claim 45, wherein each one of the subtask values c1, c2, . . . ck is developed using a relationship of the form ci≡Miei (mod pi), where mi≡M(mod pi), and ei≡e(mod pi1), and where i=1, 2, . . . k.
0. 48. The system of claim 47 wherein when produced each one of the subtasks c1, c2, . . . ck is developed using a relationship of the form ci≡Miei (mod pi), where ci≡C(mod pi), and ei≡e(mod pi1), and where i=1, 2, . . . , k.
0. 49. The system of claim 47 wherein when produced each one of the subtasks m1, m2, . . . mk is developed using a relationship of the form mi≡Cidi (mod pi), where mi≡M(mod pi), and di=d(mod pi1), and where i=1, 2, . . . , k.
0. 50. The system of claim 49, wherein the private key exponent d relates to the public key exponent e via d≡e−1(mod((p11)·(p21) . . . (pk1))).
0. 52. The system according to claim 51, further comprising:
means for encoding the plaintext message data m to the ciphertext message data c, using a relationship of the form C≡Me (mod n), where 0≦M≦n−1.
0. 54. The system of claim 53 further comprising:
means for decoding the signed message mS with the public key portion e to produce the plaintext message data m using a relationship of the form M≡MSe(mod n).
0. 55. The system of claim 52, wherein the system can communicate the cryptographically processed message to another system that encodes/decodes data with RSA public key encryption using a modulus value equal to n independent of the k distinct prime numbers.
0. 56. The system of claim 54, wherein the system can communicate the cryptographically processed message to another system that encodes/decodes data with RSA public key signing using a modulus value equal to n independent of the k distinct prime numbers.

This application claims the benefit of U.S. Provisional Application No. 60/033,271 for PUBLIC KEY CRYTOGRAPHIC APPARATUS AND METHOD, filed Dec. 9, 1996, naming as inventors, Thomas
where p and q are different prime numbers, and e is a number relatively prime to (p−1) and (q−1); that is, e is relatively prime to (p−1) or (q−1) if e has no factors in common with either of them. Importantly, the sender has access to n and e, but not to p and q. The message M is a number representative of a message to be transmitted wherein
0≦M<n−1.   (2)
The sender enciphers M to create ciphertext C by computing the exponential

The recipient of the ciphertext C retrieves the message M using a (private) decoding key D, comprising a pair of positive integers d and n, employing the relation

As used in (4), above, d is a multiplicative inverse of
e(mod(lcm((p−1), (q−1))))   (5)
so that

where lcm((p−1), (q−1)) is the least common multiple of numbers p−1 and q−1. Most commercial implementations of RSA employ a different, although equivalent, relationship for obtaining d:

This alternate relationship simplifies computer processing.

Note: Mathematically (6) defines a set of numbers and (7) defines a subset of that set. For implementation, (7) or (6) usually is interpreted to mean d is the smallest positive element in the set.)

The net effect is that the plaintext message M is encoded knowing only the public key E (i.e., e and n). The resultant ciphertext C can only decoded using decoding key D. The composite number n, which is part of the public key E, is computationally difficult to factor into its components, prime numbers p and q, a knowledge of which is required to decrypt C.

From the time a security scheme, such as RSA, becomes publicly known and used, it is subjected to unrelenting attempts to break it. One defense is to increase the length (i.e., size) of both p and q. Not long ago it was commonly recommended that p and q should be large prime numbers 75 digits long (i.e., on the order of 1075). Today, it is not uncommon to find RSA schemes being proposed wherein the prime numbers p and q are on the order of 150 digits long. This makes the product of p and q a 300 digit number. (There are even a handful of schemes that employ prime numbers (p and q) that are larger, for example 300 digits long to form a 600 digit product.) Numbers of this size, however, tend to require enormous computer resources to perform the encryption and decryption operations. Consider that while computer instruction cycles are typically measured in nanoseconds (billionths of seconds), computer computations of RSA steps are typically measured in milliseconds (thousandths of seconds). Thus millions of computer cycles are required to compute individual RSA steps resulting in noticeable delays to users.

This problem is exacerbated if the volume of ciphertext messages requiring decryption is large—such as can be expected by commercial transactions employing a mass communication medium such as the Internet. A financial institution may maintain as Internet site that could conceivably receive thousands of enciphered messages every hour that must be decrypted, and perhaps even responded to. Using larger numbers to form the keys used for an RSA scheme can impose severe limitations and restraints upon the institution's ability to timely respond.

Many prior art techniques, while enabling the RSA scheme to utilize computers more efficiently, nonetheless have failed to keep pace with the increasing length of n, p, and q.

Accordingly, it is an object of this invention to provide a system and method for rapid encryption and decryption of data without compromising data security.

It is another object of this invention to provide a system and method that increases the computational speed of RSA encryption and decryption techniques.

It is still another object of this invention to provide a system and method for implementing an RSA scheme in which the

Alternatively, the exponentiator elements may be provided the ciphertext C, a decryption (private) key d and n to return M according to the relationship,

According to this (pi1)
d≡e−1mod(lcm((p11), (p21), . . . (pk1)))

The message data, M is encrypted to ciphertext C using the relationship of (3), above, i.e.,

To decrypt the ciphertext, C, the relationship of
where n and d are those values identified above.

The message data M can be reproduce from the signed message data Ms by decoding the signed data with the public key, using a relationship of the form
M≡Mse(mod n).

Using the present invention involving three primes to develop the product n, RSA encryption and decryption time can be substantially less than an RSA scheme using two primes by dividing the encryption or decryption task into sub-tasks, one sub-task for each distinct prime. (However, breaking the encryption or decryption into subtasks requires knowledge of the factors of n. This knowledge is not usually available to anyone except the owner of the key, so the encryption process can be accelerated only in special cases, such as encryption for local storage. A system encrypting data for another user performs the encryption process according to (3), independent of the number of factors of n. Decryption, on the other hand, is performed by the owner of a key, so the factors of n are generally known and can be used to accelerate the process.) For example, assume that three distinct primes, p1, p2, and p3, are used to develop the product n. Thus, decryption of the ciphertext, C, using the relationship

is used to develop the decryption sub-tasks:



where





The results of each sub-task, M1, M2, and M3 can be combined to produce the plaintext, M, by a number of techniques. However, it is found that they can most expeditiously be combined by a form of the Chinese Remainder Theorem (CRT) using, preferably, a recursive scheme. Generally, the plaintext M is obtained from the combination of the individual sub-tasks by the following relationship:

where

where k is the number of prime factors of n
can be broken down into the three sub-tasks,



where





In generalized form, the

where
w1=p2p3, w2=p1p3, and w3=p1p2.

Employing the multiple distinct prime number technique of the present invention in the RSA scheme can realize accelerated processing over that using only two primes for the same size n. The invention can be implemented on a single processor unit or even the architecture disclosed in the above-referenced U.S. Pat. No. 4,405,829. The capability of developing sub-tasks for each prime number is particularly adapted to employing a parallel architecture such as that illustrated in FIG. 1.

Turning to FIG. 1, there is illustrated a cryptosystem architecture apparatus capable of taking particular advantage of the present invention. The cryptosystem, designated with the reference numeral 10, is structured to form a part of a larger processing system (not shown) that would deliver to the cryptosystem 10 encryption and/or decryption requests, receiving in return the object of the request—an encrypted or decrypted value. The host would include a bus structure 12, such as a peripheral component interface (PCI) bus for communicating with the cryptosystem 10.

As FIG. 1 shows, The cryptoprocessor 10 includes a central processor unit (CPU) 14 that connects to the bus structure 12 by a bus interface 16. The CPU 14 comprises a processor element 20, a memory unit 22, and a data encryption standard (DES) unit 24 interconnected by a data/address bus 26. The DES unit 24, in turn, connects to an input/output (I/O) bus 30 (through appropriate driver/receiver circuits—not shown).

The I/O bus 30 communicatively connects the CPU to a number of exponentiator elements

Each block M would be separately encrypted/decrypted, using the public key/private key RSA scheme according to that described above.

Collins, Thomas, Sabin, Michael, Hopkins, Dale, Langford, Susan

Patent Priority Assignee Title
Patent Priority Assignee Title
4200770, Sep 06 1977 Stanford University Cryptographic apparatus and method
4218582, Oct 06 1977 The Board of Trustees of the Leland Stanford Junior University Public key cryptographic apparatus and method
4351982, Dec 15 1980 RACAL GUARDATA, INC RSA Public-key data encryption system having large random prime number generating microprocessor or the like
4405829, Dec 14 1977 Massachusetts Institute of Technology Cryptographic communications system and method
4424414, May 01 1978 Board of Trustees of the Leland Stanford Junior University Exponentiation cryptographic apparatus and method
4514592, Jul 27 1981 Nippon Telegraph & Telephone Corporation Cryptosystem
4995082, Feb 24 1989 PUBLIC KEY PARTNERS Method for identifying subscribers and for generating and verifying electronic signatures in a data exchange system
5046094, Feb 02 1989 Kabushiki Kaisha Toshiba Server-aided computation method and distributed information processing unit
5136647, Aug 02 1990 Telcordia Technologies, Inc Method for secure time-stamping of digital documents
5321752, Sep 05 1991 Canon Kabushiki Kaisha Method of and apparatus for encryption and decryption of communication data
5343527, Oct 27 1993 Lockheed Martin Corporation Hybrid encryption method and system for protecting reusable software components
5351298, Sep 30 1991 Cryptographic communication method and apparatus
5761310, Jul 26 1995 De La Rue Cartes et Systemes SAS Communication system for messages enciphered according to an RSA-type procedure
5835598, Apr 12 1995 Deutsche Telekom AG Public key method of encoding data
5974151, Nov 01 1996 Public key cryptographic system having differential security levels
/////
Executed onAssignorAssigneeConveyanceFrameReelDoc
Oct 20 2000Hewlett-Packard Development Company, L.P.(assignment on the face of the patent)
Oct 01 2002COMPAQ INFORMATION TECHNOLOGIES GROUP, L P HEWLETT-PACKARD DEVELOPMENT COMPANY, L P CHANGE OF NAME SEE DOCUMENT FOR DETAILS 0170360650 pdf
Oct 27 2015HEWLETT-PACKARD DEVELOPMENT COMPANY, L P Hewlett Packard Enterprise Development LPASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS 0370790001 pdf
Apr 05 2017Hewlett Packard Enterprise Development LPENTIT SOFTWARE LLCASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS 0427460130 pdf
May 28 2019ENTIT SOFTWARE LLCMICRO FOCUS LLCCHANGE OF NAME SEE DOCUMENT FOR DETAILS 0520100029 pdf
Date Maintenance Fee Events
Jun 08 2010M1553: Payment of Maintenance Fee, 12th Year, Large Entity.


Date Maintenance Schedule
Oct 07 20114 years fee payment window open
Apr 07 20126 months grace period start (w surcharge)
Oct 07 2012patent expiry (for year 4)
Oct 07 20142 years to revive unintentionally abandoned end. (for year 4)
Oct 07 20158 years fee payment window open
Apr 07 20166 months grace period start (w surcharge)
Oct 07 2016patent expiry (for year 8)
Oct 07 20182 years to revive unintentionally abandoned end. (for year 8)
Oct 07 201912 years fee payment window open
Apr 07 20206 months grace period start (w surcharge)
Oct 07 2020patent expiry (for year 12)
Oct 07 20222 years to revive unintentionally abandoned end. (for year 12)