System and method for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem

US 5,557,678 A
Filed: 07/18/1994
Issued: 09/17/1996
Est. Priority Date: 07/18/1994
Status: Expired due to Term

First Claim

Patent Images

1. In a secured communication encryption system in which users are each associated with a public encryption key and a private encryption key, said private encryption key being divided between a central authority key portion maintained by a central authority and a private user key portion assigned to the user, a method for effecting secure communications during a communications session between users comprising the steps of:

generating a first user session encryption key by encrypting a session key with a combination of the public encryption key and the central authority key portion associated with a first user;

generating a second user session encryption key by encrypting a session key with a combination of the public encryption key and the central authority key portion associated with a second user;

decrypting said first user session encryption key by applying thereto the private user key portion of said first user to obtain a common session encryption key available to said first user;

decrypting said second user session encryption key by applying thereto the private user key portion of said second user to obtain said common session encryption key available to said second user; and

using said common session encryption key for encrypting and decrypting a first message exchanged during the session.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A encryption method and system using split key public encryption. A first and second user private encryption key and a corresponding first and second user public encryption key are generated. The first and second user private encryption keys are divided into a first and second private user key portion and a corresponding first and second central authority key portion. The first and second private user key portions are respectively disclosed to the first and second users. The central authority key portions and the user public encryption keys are maintained by a central authority (CA). The first user request a communications session with the second user through the CA. After receiving the request, the CA encrypts a session encryption key with (i) the central authority key portion and user public encryption key associated with a first user to form a first encrypted session key and (ii) the central authority key portion and user public encryption key associated with the second user to form a second encrypted session key. The first encrypted session key is provided to the first user and the second encrypted session key is provided to the second user. The first user applies the first user'"'"'s private user key portion to decrypt the first encrypted session key and the second user applies the second user'"'"'s private user key portion to decrypt the second encrypted session key. The first user and the second user apply the decrypted common session key to encrypt and decrypt messages exchanged during a communications session. The method and system also provide for authorized wiretapping, video and data distribution and private enhanced messaging (PEM).

286 Citations

25 Claims

1. In a secured communication encryption system in which users are each associated with a public encryption key and a private encryption key, said private encryption key being divided between a central authority key portion maintained by a central authority and a private user key portion assigned to the user, a method for effecting secure communications during a communications session between users comprising the steps of:
- generating a first user session encryption key by encrypting a session key with a combination of the public encryption key and the central authority key portion associated with a first user;
  
  generating a second user session encryption key by encrypting a session key with a combination of the public encryption key and the central authority key portion associated with a second user;
  
  decrypting said first user session encryption key by applying thereto the private user key portion of said first user to obtain a common session encryption key available to said first user;
  
  decrypting said second user session encryption key by applying thereto the private user key portion of said second user to obtain said common session encryption key available to said second user; and
  
  using said common session encryption key for encrypting and decrypting a first message exchanged during the session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method according to claim 1, wherein each said key portion has a bit length and the bit length of the private user key portion is smaller than the bit length of the associated central authority key portion.
  - 3. A method according to claim 2, wherein the bit length of each said private user key portion is between 56 and 72 bits.
  - 4. A method according to claim 2, wherein (i) each said private encryption key is comprised of a private exponent and a modulus N which is a product of a plurality of numbers within a set of large prime numbers, (ii) each said public encryption key is comprised of a public exponent and the modulus N and (iii) the modulus N has a bit length and the bit length of each said private user key portion is no larger than fifteen percent of the bit length of the modulus N but no less than 56 bits.
  - 5. A method according to claim 1, wherein said first message exchanged during said communications session is a video signal.
  - 6. A method according to claim 1, wherein said first message exchanged during said communications session has a hash function applied thereto.
  - 7. A method according to claim 1, further comprising the steps of:
    - generating a second message encrypted with a combination of the private user key portion of a third user and the private user key portion of a fourth user;
      
      decrypting the second message by applying thereto a combination of the public encryption key and the central authority key portion associated with said third user and the public encryption key and the central authority key portion associated with said fourth user;
      
      generating a third message encrypted with a combination of the public encryption key and the central authority key portion associated with said third user and the public encryption key and the central authority key portion associated with said fourth user; and
      
      decrypting said third message by applying thereto the private user key portion of said third user and the private user key portion of said fourth user to obtain said third message available to said third user;
  - 8. A method according to claim 7, wherein said third message is the common session encryption key.
  - 9. A method according to claim 8, further comprising the steps of:
    - generating a fourth message encrypted with a combination of the public encryption key and the central authority key portion associated with a fifth user;
      
      decrypting said fourth message by applying thereto the private user key portion of said fifth user;
      
      intercepting said first message in response to said fourth message; and
      
      decrypting said intercepted first message by applying thereto the common session encryption key available to said third user.
  - 10. A method according to claim 1, further comprising the steps of:
    - generating a hash message formed by applying a hash function to the first message and encrypted with a combination of the private user key portion of the first user and the central authority key portion associated with the first user; and
      
      decrypting said hash message by applying thereto the public encryption key associated with the first user to obtain a decrypted hashed common message.
  - 11. A method according to claim 1, wherein the first message is a message encryption key and further comprising the steps of:
    - generating a second message encrypted with the message encryption key; and
      
      decrypting said second message by applying thereto said message encryption key.
  - 12. A method according to claim 11, wherein said second message is a compressed video signal.

13. A secured communication encryption system in which users are each associated with a public encryption key and a private encryption key, said private encryption key being divided between a central authority key portion maintained by a central authority and a private user key portion assigned to the user, comprising:
- means for storing said central authority key portions and said public encryption keys;
  
  means for generating a first user session encryption key by encrypting a session key with a combination of the public encryption key and the central authority key portion associated with said first user;
  
  means for generating a second user session encryption key by encrypting the session key with a combination of the public encryption key and the central authority key portion associated with said second user;
  
  means for decrypting said first session encryption key by applying thereto the private user key portion of said first user to obtain a common session encryption key available to said first user;
  
  means for decrypting said second session encryption key by applying thereto the private user key portion of said second user to obtain said common session encryption key available to said second user; and
  
  means for using said common session encryption key for encrypting and decrypting a first message exchange during a session between the first and second users.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 14. A system according to claim 13, wherein each said key portion has a bit length and the bit length of each private user key portion is smaller than the bit length of the associated central authority key portion.
  - 15. A system according to claim 14, wherein the bit length of each said private user key portion is between 56 and 72 bits.
  - 16. A system according to claim 14, wherein (i) each said private encryption key is comprised of a private exponent and modulus N which is a product of a plurality of numbers within a set of large prime numbers, (ii) each said public encryption key is comprised of a public exponent and the modulus N and (iii) the modulus N has a bit length and the bit length of each said private user key portion is no larger than fifteen percent of the bit length of the modulus N but not less than 56 bits.
  - 17. A system according to claim 13, wherein said means for storing said central authority key portions and said public encryption keys is a server within said system.
  - 18. A system according to claim 13, wherein said first message is a video signal.
  - 19. A system according to claim 13, further comprising:
    - means for generating a second message encrypted with said private user key portion of said third user and said private user key portion of said fourth user;
      
      means for decrypting said second message by applying thereto a combination of said central authority key portion and said public encryption key associated with said third user and said central authority key portion and said public encryption key associated with said fourth user;
      
      means for generating a third message encrypted with a combination of said central authority key portion and public encryption key associated with said third user and said central authority key portion and public encryption key associated with said fourth user; and
      
      means for decrypting said third message by applying thereto said private user key portion of said third user and said private user key portion of said fourth user to obtain the third message available to said third user.
  - 20. A system according to claim 19, wherein said third message is the common session encryption key.
  - 21. A system according to claim 20, further comprising:
    - switching means for establishing a communications session between users of the system;
      
      means for generating a fourth message encrypted with a combination of said central authority key portion and said public encryption key associated with said switching means;
      
      means for decrypting said fourth message by applying thereto said private user key portion of said switching means;
      
      means for reconfiguring said switching means so as to divert said first message to the third user in response to said fourth message; and
      
      means for decrypting said diverted first message by applying thereto the common session encryption key available to said third user.
  - 22. A system according to claim 13, further comprising:
    - means for generating a hash message formed by applying a hash function to said first message and encrypted with said private user key portion of said first user and said central authority key portion associated with said first user; and
      
      means for decrypting the hash message by applying thereto the public encryption key associated with said first user.
  - 23. A system according to claim 13, wherein the first message is a message encryption key and further comprising:
    - means for generating a second message encrypted with the message encryption key to form an encrypted second message;
      
      means for storing said encrypted second message; and
      
      means for decrypting said encrypted second message by applying thereto said message encryption key.
  - 24. A system according to claim 23, wherein said second message is a compressed video signal.
  - 25. A system according to claim 23, wherein said second message has a hash function applied to it.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Bell Atlantic Network Services, Inc. (Verizon Communications Inc.)
Inventors
Ganesan, Ravi
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/277,376
Time in Patent Office

792 Days
Field of Search

380/21, 380/30
US Class Current

380/282
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/083   involving central third par...

System and method for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

286 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

286 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links