System and method for key escrow encryption

US 5,557,346 A
Filed: 08/11/1994
Issued: 09/17/1996
Est. Priority Date: 08/11/1994
Status: Expired due to Term

First Claim

Patent Images

1. A method for key escrow cryptography for use in a system comprising a sender and a receiver, in which only public escrow keys are stored in said sender and said receiver, a session key being available to said sender and said receiver, comprising the steps of:

(1) encrypting in said sender a message using said session key to form an encrypted message;

(2) generating in said sender a verification string by combining an unique program identifier, a public portion of a program unique key, and a signature representing said unique program identifier and the public portion of said program unique key signed by a private portion of a key escrow programming facility key, and encrypting in said sender said verification string using said session key to generate an encrypted verification string;

(3) encrypting in said sender said session key using the public portion of said program unique key to generate a first encrypted session key;

(4) generating in said sender a first law enforcement access field by encrypting a combination of said first encrypted session key and said unique program identifier with a copy of a public portion of a family key stored in said sender;

(5) transmitting said encrypted message, said encrypted verification string, and said first law enforcement access field from said sender to said receiver, said receiver having stored therein a public portion of said key escrow programming facility key and the public portion of said program unique key;

(6) decrypting in said receiver said encrypted verification string using said session key to recover said verification string, and extracting in said receiver unique program identifier, the public portion of said program unique key, and said signature from said verification string;

(7) verifying in said receiver that said signature corresponds to said extracted unique program identifier and the public portion of said program unique key;

(8) if said signature is verified to correspond to said extracted unique program identifier and the public portion of said program unique key, then encrypting in said receiver said session key using said extracted public portion of said program unique key to generate a second encrypted session key;

(9) generating in said receiver a second law enforcement access field by encrypting a combination of said second encrypted session key and said extracted unique program identifier with a copy of the public portion of said family key stored in said receiver;

(10) comparing in said receiver said first law enforcement access field to said second law enforcement access field; and

(11) if said first law enforcement access field is equal to said second law enforcement access field, then decrypting in said receiver said encrypted message using said session key.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for key escrow cryptography for use in a system comprising a sender and a receiver. Only public escrow keys are stored in the sender and the receiver. The sender encrypts a message using a secret session key (KS), and generates a leaf verification string (LVS) by combining an unique program identifier (UIP), a public portion of a program unique key (KUpub), and a signature. The sender encrypts the KS using the KUpub to generate a first encrypted session key (EKS), and generates a first law enforcement access field (LEAF) by encrypting a combination of the first EKS and the UIP with a copy of a public portion of a family key (KFpub) stored in the sender. The encrypted message, the LVS, and the first LEAF are transmitted from the sender to the receiver. The receiver stores therein a public portion of the KEPF key (KEPFpub). The receiver extracts the UIP, KUpub, and the signature from the LVS, and then encrypts the KS using the extracted KUpub to generate a second encrypted session key (EKS). The receiver generates a second LEAF by encrypting a combination of the second EKS and the extracted UIP with a copy of the KFpub stored in the receiver. The receiver then compares the first LEAF to the second LEAF. If the first LEAF is equal to the second LEAF, then the receiver decrypts the encrypted message using the KS.

Citations

45 Claims

1. A method for key escrow cryptography for use in a system comprising a sender and a receiver, in which only public escrow keys are stored in said sender and said receiver, a session key being available to said sender and said receiver, comprising the steps of:
- (1) encrypting in said sender a message using said session key to form an encrypted message;
  
  (2) generating in said sender a verification string by combining an unique program identifier, a public portion of a program unique key, and a signature representing said unique program identifier and the public portion of said program unique key signed by a private portion of a key escrow programming facility key, and encrypting in said sender said verification string using said session key to generate an encrypted verification string;
  
  (3) encrypting in said sender said session key using the public portion of said program unique key to generate a first encrypted session key;
  
  (4) generating in said sender a first law enforcement access field by encrypting a combination of said first encrypted session key and said unique program identifier with a copy of a public portion of a family key stored in said sender;
  
  (5) transmitting said encrypted message, said encrypted verification string, and said first law enforcement access field from said sender to said receiver, said receiver having stored therein a public portion of said key escrow programming facility key and the public portion of said program unique key;
  
  (6) decrypting in said receiver said encrypted verification string using said session key to recover said verification string, and extracting in said receiver unique program identifier, the public portion of said program unique key, and said signature from said verification string;
  
  (7) verifying in said receiver that said signature corresponds to said extracted unique program identifier and the public portion of said program unique key;
  
  (8) if said signature is verified to correspond to said extracted unique program identifier and the public portion of said program unique key, then encrypting in said receiver said session key using said extracted public portion of said program unique key to generate a second encrypted session key;
  
  (9) generating in said receiver a second law enforcement access field by encrypting a combination of said second encrypted session key and said extracted unique program identifier with a copy of the public portion of said family key stored in said receiver;
  
  (10) comparing in said receiver said first law enforcement access field to said second law enforcement access field; and
  
  (11) if said first law enforcement access field is equal to said second law enforcement access field, then decrypting in said receiver said encrypted message using said session key.

2. A method for key escrow cryptography for use in a system comprising a sender and a receiver, in which only public keys are stored in said sender and said receiver, a session key being available to said sender and said receiver, comprising the steps of:
- (1) encrypting in said sender a message using said session key to form an encrypted message;
  
  (2) encrypting in said sender said session key using a public portion of a first key to generate an encrypted session key;
  
  (3) generating in said sender a first law enforcement access field by encrypting said encrypted session key with a public portion of a second key;
  
  (4) transmitting said encrypted message and said first law enforcement access field from said sender to said receiver;
  
  (5) constructing, in said receiver, a second law enforcement access field using said session key and public information available to said receiver;
  
  (6) comparing in said receiver said first law enforcement access field to said second law enforcement access field, wherein if said first law enforcement access field is equal to said second law enforcement access field, said first law enforcement access field is authentic; and
  
  (7) if said first law enforcement access field is authentic, then decrypting in said receiver said encrypted message using said session key.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9)
- - 3. The method of claim 2, further comprising the following steps which are performed before step (5):
    - generating in said sender a verification string by combining said public portion of said first key with a signature representing said public portion of said first key signed by a private portion of a third key; and
      
      transmitting said verification string from said sender to said receiver.
  - 4. The method of claim 3, wherein said step (5) comprises the steps of:
    - (a) extracting said public portion of said first key and said signature from said verification string;
      
      (b) encrypting said session key using said extracted public portion of said first key to generate a second encrypted session key; and
      
      (c) generating a second law enforcement access field by encrypting said second encrypted session key with a copy of said public portion of said second key.
  - 5. The method of claim 4, further comprising the following steps which are performed before step (5b):
    - verifying said signature using said extracted public portion of said first key and a copy of a public portion of said third key; and
      
      if said signature is not verified, then determining that said first law enforcement access field is not authentic.
  - 6. The method of claim 2, further comprising the following steps which are performed before step (5):
    - generating in said sender a verification string by combining said public portion of said first key with a signature representing said public portion of said first key signed by a private portion of a third key;
      
      encrypting in said sender said verification string using said session key to generate an encrypted verification string; and
      
      transmitting said encrypted verification string from said sender to said receiver.
  - 7. The method of claim 6, wherein step (5) comprises the steps of:
    - (a) decrypting said encrypted verification string using said session key to recover said verification string;
      
      (b) extracting said public portion of said first key and said signature from said verification string;
      
      (c) encrypting said session key using said extracted public portion of said first key to generate a second encrypted session key; and
      
      (d) generating a second law enforcement access field by encrypting said second encrypted session key with a copy of said public portion of said second key.
  - 8. The method of claim 7, further comprising the following steps which are performed before step (5c):
    - verifying said signature using said extracted public portion of said first key and a copy of a public portion of said third key; and
      
      if said signature is not verified, then determining that said first law enforcement access field is not authentic.
  - 9. The method of claim 2, wherein said system also includes a protected environment in which one or more components of a private portion of said first key are held in escrow, the method further comprising the steps of:
    - combining said components to form said private portion of said first key;
      
      decrypting said encrypted session key using said private portion of said first key to obtain said session key; and
      
      decrypting said encrypted message using said session key to obtain said message.

10. A method for key escrow cryptography, comprising the steps of:
- (1) encrypting in a sender a message using a session key to form an encrypted message;
  
  (2) splitting in said sender said session key to form a first session key part and a second session key part;
  
  (3) generating in said sender a law enforcement access field by concatenating at least a first encrypted session key, obtained by encrypting said first session key part with a public portion of a key associated with a first escrow agent, with a second encrypted session key, obtained by encrypting said second session key part with a public portion of a key associated with a second escrow agent;
  
  (4) generating in said sender an encrypted verification string by encrypting a verification string that includes a concatenation of at least said first session key part and said second session key part with said session key;
  
  (5) transmitting said encrypted message, said law enforcement access field, and said encrypted verification string from said sender to a receiver;
  
  (6) decrypting in said receiver said encrypted verification string using said session key to recover said verification string, and extracting at least said first session key part and said second session key part from said verification string;
  
  (7) generating a second law enforcement access field by concatenating at least a first trial encrypted session key, obtained by encrypting said extracted first session key part with a copy of said public portion of said key associated with said first escrow agent, with a second trial encrypted session key, obtained by encrypting said extracted second session key part with a copy of said public portion of said key associated with said second escrow agent;
  
  (8) comparing said first law enforcement access field with said second law enforcement access field, wherein if said first law enforcement access field is equal to said second law enforcement access field, said first law enforcement access field is authentic; and
  
  (9) if said first law enforcement access field is authentic, then decrypting in said receiver said encrypted message using said session key.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10, further comprising the following steps which are performed by said receiver before step (9):
    - combining at least said extracted first session key part with said extracted second session key part to form a trial session key;
      
      comparing said session key with said trial session key; and
      
      if said session key is not equal to said trial session key, then determining that said first law enforcement access field is not authentic.
  - 12. The method of claim 10 in which a private portion of said key associated with said first escrow agent is maintained by said first escrow agent, and a private portion of said key associated with said second escrow agent is maintained by said second escrow agent, the method further comprising the steps of:
    - extracting in a protected environment entity at least said first encrypted session key and said second encrypted session key from said law enforcement access field;
      
      decrypting in said first escrow agent said first encrypted session key using said private portion of said key associated with said first escrow agent to obtain said first session key part;
      
      decrypting in said second escrow agent said second encrypted session key using said private portion of said key associated with said second escrow agent to obtain said second session key part;
      
      combining in said protected environment entity at least said first session key part and said second session key part to obtain said session key; and
      
      decrypting said encrypted message using said session key.

13. A cryptographic communications method, comprising the steps of:
- (1) receiving, by a receiver, a first access field from a sender, wherein said first access field includes an encryption of at least a part of a first encryption key using a public portion of a second encryption key;
  
  (2) constructing, by said receiver, a second access field using at least said part of said first encryption key and said public portion of said second encryption key;
  
  (3) comparing, by said receiver, said first access field to said second access field, wherein if said first access field is equal to said second access field, said first access field is authentic; and
  
  (4) decrypting, by said receiver, an encrypted message using said first encryption key if said first access field is authentic.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 14. The method of claim 13, wherein said step (1) comprises the step of receiving a first access field from said sender, wherein said first access field includes an encryption of at least a part of said first encryption key using the public portion of said second encryption key, wherein said first encryption key includes a plurality of parts.
  - 15. The method of claim 14, wherein said step (1) comprises the step of receiving a first access field from said sender, wherein said first access field includes an encryption of at least a part of said first encryption key using the public portion of said second encryption key, wherein said first encryption key includes two parts.
  - 16. The method of claim 15, wherein said step (1) comprises the step of receiving a first access field from said sender, wherein said first access field includes an encryption of a first part of said two parts of said first encryption key using the public portion of said second encryption key, wherein said first part is an exclusive-OR of a second part of said two parts and said first encryption key.
  - 17. The method of claim 15, wherein said step (1) comprises the step of receiving a first access field from said sender, wherein said first access field further includes an encryption of a second part of said two parts of said first encryption key using a public portion of a third encryption key.
  - 18. The method of claim 13, further comprising the following step which is performed by said receiver before step (2):
    - receiving a verification string, said verification string including information that enables said receiver to construct said second access field that is to be compared to said first access field.
  - 19. The method of claim 14, further comprising the following step which is performed by said receiver before step (2):
    - receiving a verification string, said verification string including information that enables said receiver to construct said second access field that is to be compared to said first access field.
  - 20. The method of claim 19, wherein said step of receiving said verification string comprises the step of receiving a verification string that includes at least one of said plurality of parts of said first encryption key, wherein upon receipt of said verification string, said receiver is able to identify each of said plurality of parts of said first encryption key.
  - 21. The method of claim 20, further comprising the steps of:
    - (a) extracting in said receiver said at least one of said plurality of parts of said first encryption key from said verification string;
      
      (b) identifying each of said plurality of parts based upon said at least one of said plurality of parts;
      
      (c) combining said plurality of parts into a trial encryption key;
      
      (d) comparing said trial encryption key with said first encryption key; and
      
      (e) if said trial encryption key is not equal to said first encryption key, then determining that said first access field is not authentic.
  - 22. The method of claim 21, wherein said step (c) comprises the step of combining two parts of said first encryption key.
  - 23. The method of claim 22, wherein said step (c) comprises the step of exclusive-ORing two parts of said first encryption key.
  - 24. The method of claim 13, further comprising the following step which is performed by said receiver before step (2):
    - receiving an encrypted verification string, said encrypted verification string produced by encrypting a verification string using said first encryption key, said verification string including information that enables said receiver upon decryption to construct said second access field that is to be compared to said first access field.
  - 25. The method of claim 14, further comprising the following step which is performed by said receiver before step (2):
    - receiving an encrypted verification string, said encrypted verification string produced by encrypting a verification string using said first encryption key, said verification string including information that enables said receiver upon decryption to construct said second access field that is to be compared to said first access field.
  - 26. The method of claim 25, wherein said step of receiving said encrypted verification string comprises the step of receiving an encrypted verification string, said encrypted verification string produced by encrypting a verification string using said first encryption key, said verification string including at least one of said plurality of parts of said first encryption key, wherein upon decryption of said encrypted verification string at said receiver, said receiver is able to identify each of said plurality of parts of said first encryption key.
  - 27. The method of claim 26, further comprising the steps of:
    - (a) decrypting in said receiver said encrypted verification string using said first encryption key;
      
      (b) extracting in said receiver said at least one of said plurality of parts of said first encryption key from said decrypted verification string;
      
      (c) identifying each of said plurality of parts based upon said at least one of said plurality of parts;
      
      (d) combining said plurality of parts into a trial encryption key;
      
      (e) comparing said trial encryption key with said first encryption key; and
      
      (f) if said trial encryption key is not equal to said first encryption key, then determining that said first access field is not authentic.
  - 28. The method of claim 27, wherein said step (d) comprises the step of combining two parts of said first encryption key.
  - 29. The method of claim 28, wherein said step (d) comprises the step of exclusive-ORing two parts of said first encryption key.
  - 30. The method of claim 13, further comprising the step of:
    - extracting by a third party from said first access field at least said part of said first encryption key using a private portion of said second encryption key.
  - 31. The method of claim 30, wherein said step of extracting comprises the step of extracting by said third party from said first access field at least said part of said first encryption key using a private portion of said second encryption key, wherein said first encryption key comprises a plurality of parts.
  - 32. The method of claim 31, wherein said step of extracting comprises the step of extracting by said third party from said first access field a first part of said first encryption key using a private portion of said second encryption key, wherein said first encryption key comprises two parts.
  - 33. The method of claim 32, wherein said step of extracting comprises the step of extracting by said third party from said first access field said first part of said first encryption key using a private portion of said second encryption key, wherein said first part is an exclusive-OR of a second part of said two parts and said first encryption key.
  - 34. The method of claim 32, further comprising the step of:
    - extracting by a fourth party from said first access field a second part of said first encryption key using a private portion of a third encryption key, wherein said second part of said first encryption key is encrypted in said first access field using a public portion of said third encryption key.
  - 35. The method of claim 13, wherein said step (2) comprises the step of encrypting at least a part of said first encryption key using said public portion of said second encryption key, wherein said first encryption key includes a plurality of parts.
  - 36. The method of claim 35, wherein said step (2) comprises the step of encrypting a first part of said first encryption key using said public portion of said second encryption key, wherein said first encryption key includes two parts.
  - 37. The method of claim 36, wherein said step (2) comprises the step of encrypting said first part of said first encryption key using said public portion of said second encryption key, wherein said first part is an exclusive-OR of a second part and said first encryption key.
  - 38. The method of claim 36, wherein said step (2) further comprises the step of encrypting a second part of said first encryption key using said public portion of a third encryption key.
  - 39. The method of claim 13, further comprising the step of receiving said encrypted message from said sender.

40. A computer program product, comprising:
- a computer usable medium having computer readable program code means embodied in said medium for implementing a cryptographic communications method, said computer readable program code means comprising;
  
  computer readable program code means for causing a computer to effect a reception of a first access field from a sender, wherein said first access field includes an encryption of at least a part of a first encryption key using a public portion of a second encryption key;
  
  computer readable program code means for causing a computer to effect a construction of a second access field using at least said part of said first encryption key and said public portion of said second encryption key;
  
  computer readable program code means for causing a computer to effect a comparison said first access field to said second access field, wherein if said first access field is equal to said second access field, said first access field is authentic; and
  
  computer readable program code means for causing a computer to effect a decryption an encrypted message using said first encryption key if said first access field is authentic.

41. A cryptographic communications method, comprising the steps of:
- (1) encrypting, by a sender, a message with a first encryption key;
  
  (2) generating, by said sender, a first access field, wherein said first access field includes an encryption of at least a part of said first encryption key using a public portion of a second encryption key; and
  
  (3) transmitting, by said sender, said encrypted message and said first access field to a receiver, wherein said receiver constructs a second access field using at least said part of said first encryption key and said public portion of said second encryption key, compares said first access field to said second access field, wherein if said first access field is equal to said second access field, said first access field is authentic, and decrypts said encrypted message using said first encryption key if said first access field is authentic.
- View Dependent Claims (42, 43, 44)
- - 42. The method of claim 41, wherein said step (2) comprises the step of generating a first access field, wherein said first access field includes an encryption of at least said part of said first encryption key in said sender using the public portion of said second encryption key, wherein said first encryption key includes a plurality of parts.
  - 43. The method of claim 42, wherein said step (2) comprises the step of generating a first access field, wherein said first access field includes an encryption of a first part of said first encryption key in said sender using the public portion of said second encryption key, wherein said first encryption key includes two parts.
  - 44. The method of claim 42, wherein said step (2) comprises the step of generating a first access field, wherein said first access field includes an encryption of said first part of said two parts of said first encryption key in said sender using the public portion of said second encryption key, wherein said first part is an exclusive-OR of a second part of said two parts and said first encryption key.

45. A computer program product, comprising:
- a computer usable medium having computer readable program code means embodied in said medium for implementing a cryptographic communications method, said computer readable program code means comprising;
  
  computer readable program code means for causing a computer to effect an encryption of a message with a first encryption key;
  
  computer readable program code means for causing a computer to effect a generation of a first access field, wherein said first access field includes an encryption of at least a part of said first encryption key using a public portion of a second encryption key; and
  
  computer readable program code means for causing a computer to effect a transmission of said encrypted message and said first access field to a receiver, wherein said receiver constructs a second access field using at least said part of said first encryption key and said public portion of said second encryption key, compares said first access field to said second access field, wherein if said first access field is equal to said second access field, said first access field is authentic, and decrypts said encrypted message using said first encryption key if said first access field is authentic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, Inc. (McAfee, LLC)
Original Assignee
Trusted Information Systems, Inc. (McAfee, LLC)
Inventors
Ellison, Carl M., Walker, Stephen T., Lipner, Steven B., Balenson, David M.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/289,602
Time in Patent Office

768 Days
Field of Search

380/21, 380/30
US Class Current

380/286
CPC Class Codes

H04L 9/0894 Escrow, recovery or storing...

System and method for key escrow encryption

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for key escrow encryption

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links