×

System and method for key escrow encryption

  • US 5,557,346 A
  • Filed: 08/11/1994
  • Issued: 09/17/1996
  • Est. Priority Date: 08/11/1994
  • Status: Expired due to Term
First Claim
Patent Images

1. A method for key escrow cryptography for use in a system comprising a sender and a receiver, in which only public escrow keys are stored in said sender and said receiver, a session key being available to said sender and said receiver, comprising the steps of:

  • (1) encrypting in said sender a message using said session key to form an encrypted message;

    (2) generating in said sender a verification string by combining an unique program identifier, a public portion of a program unique key, and a signature representing said unique program identifier and the public portion of said program unique key signed by a private portion of a key escrow programming facility key, and encrypting in said sender said verification string using said session key to generate an encrypted verification string;

    (3) encrypting in said sender said session key using the public portion of said program unique key to generate a first encrypted session key;

    (4) generating in said sender a first law enforcement access field by encrypting a combination of said first encrypted session key and said unique program identifier with a copy of a public portion of a family key stored in said sender;

    (5) transmitting said encrypted message, said encrypted verification string, and said first law enforcement access field from said sender to said receiver, said receiver having stored therein a public portion of said key escrow programming facility key and the public portion of said program unique key;

    (6) decrypting in said receiver said encrypted verification string using said session key to recover said verification string, and extracting in said receiver unique program identifier, the public portion of said program unique key, and said signature from said verification string;

    (7) verifying in said receiver that said signature corresponds to said extracted unique program identifier and the public portion of said program unique key;

    (8) if said signature is verified to correspond to said extracted unique program identifier and the public portion of said program unique key, then encrypting in said receiver said session key using said extracted public portion of said program unique key to generate a second encrypted session key;

    (9) generating in said receiver a second law enforcement access field by encrypting a combination of said second encrypted session key and said extracted unique program identifier with a copy of the public portion of said family key stored in said receiver;

    (10) comparing in said receiver said first law enforcement access field to said second law enforcement access field; and

    (11) if said first law enforcement access field is equal to said second law enforcement access field, then decrypting in said receiver said encrypted message using said session key.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×