Internationally regulated system for one to one cryptographic communications with national sovereignty without key escrow

US 5,664,017 A
Filed: 05/08/1995
Issued: 09/02/1997
Est. Priority Date: 04/13/1995
Status: Expired due to Term

First Claim

Patent Images

1. A method for controlling an encryption system, the method comprising:

providing at least one agency public key to at least one decrypting agency entity respectively and to each of a first plurality of subscriber entities and to each of a second plurality of regulator entities and providing at least one corresponding agency private key to said at least one decrypting agency entity respectively;

providing an ID, a public key and a corresponding private key for each of the first plurality of subscriber entities and each of the second plurality of regulator entities;

for each subscriber entity and for each regulator entity, employing at least one agency public key to encrypt the entity'"'"'s private key; and

for each individual subscriber entity and for each individual regulator entity, generating a certificate attesting, for all other entities, to the individual entity'"'"'s status, ID, public key and encrypted private key.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encryption method and apparatus for generating an encrypted message which is controllably decryptable, comprising providing at least one agency public key to at least one decrypting agency entity respectively and to each of a first plurality of subscriber entities and to each of a second plurality of regulator entities, providing an ID, a public key and a private key for each of the first plurality of subscribers and each of the second plurality of regulators, for each subscriber entity and for each regulator entity, employing at least one agency public key to encrypt the entity'"'"'s private key and for each individual subscriber entity and for each individual regulator entity, generating a certificate attesting, for all other entities, to the individual entity'"'"'s status, ID, public key and encrypted private key.

97 Citations

View as Search Results

20 Claims

1. A method for controlling an encryption system, the method comprising:
- providing at least one agency public key to at least one decrypting agency entity respectively and to each of a first plurality of subscriber entities and to each of a second plurality of regulator entities and providing at least one corresponding agency private key to said at least one decrypting agency entity respectively;
  
  providing an ID, a public key and a corresponding private key for each of the first plurality of subscriber entities and each of the second plurality of regulator entities;
  
  for each subscriber entity and for each regulator entity, employing at least one agency public key to encrypt the entity'"'"'s private key; and
  
  for each individual subscriber entity and for each individual regulator entity, generating a certificate attesting, for all other entities, to the individual entity'"'"'s status, ID, public key and encrypted private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method according to claim 1 wherein said at least one decrypting agency comprises a plurality of decrypting agencies.
  - 3. A method according to claim 1 wherein each subscriber and each regulator generates his own private and public keys.
  - 4. A method according to claim 1 and also comprising:
    - transmitting a second subscriber entity'"'"'s certificate to a first subscriber entity; and
      
      generating a first random string at a first subscriber entity, signing the random string using the first subscriber entity'"'"'s private key and encrypting the random string using the second subscriber entity'"'"'s public key and transmitting to the second subscriber entity the first subscriber entity'"'"'s certificate and the encrypted and signed random number.
  - 5. A method according to claim 4 and also comprising:
    - generating a second random string at the second subscriber entity and combining the second random string and the encrypted and signed first random string;
      
      encrypting the combined strings using the first subscriber entity'"'"'s public key and transmitting the encrypted combined strings to the first subscriber entity;
      
      at the first subscriber entity, encrypting the encrypted combined strings using the second subscriber entity'"'"'s public key, thereby to generate double-encrypted combined strings, and transmitting the double-encrypted combined strings to the second subscriber entity; and
      
      decrypting the encrypted combined strings and transferring messages encrypted using the combined strings.
  - 6. A method according to claim 5 wherein combining comprises concatenating.
  - 7. A method according to claim 5 wherein combining comprises XORing.
  - 8. A method according to claim 1 and wherein employing comprises employing the at least one agency public key without the agency'"'"'s knowledge or implicit agreement.

9. An encrypted transmission system comprising:
- an agency having a private key and a corresponding public key;
  
  a multiplicity of subscriber modules each having private key, wherein each two subscriber modules from among said multiplicity of subscriber modules includes first and second subscriber modules characterized in that said first subscriber module conveys to said second subscriber module only encrypted communications which include private keys of said first and second subscriber modules encrypted with the agency'"'"'s public key.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. A system according to claim 9 wherein said agency does not keep the private keys of said multiplicity of subscriber modules in escrow.
  - 11. A system according to claim 9 wherein each of said multiplicity of subscriber modules includes a secured electronic device.
  - 12. A system according to claim 11 wherein said secured electronic device comprises a monolithic secured electronic device.
  - 13. A system according to claim 9 wherein said agency comprises first and second agency entities each of which have a private key and a corresponding public key and wherein said first subscriber module conveys to said second subscriber module only communications which include private keys of said first and second subscriber modules double encrypted with public keys of the first and second agency entities.
  - 14. A system according to claim 9 wherein said agency receives a petition to recover data from an individual subscriber module and, responsive to the petition, to apply the agency'"'"'s private key to a communication generated by the individual subscriber module, thereby to derive the individual subscriber module'"'"'s private key.
  - 15. A system according to claim 14 and also comprising at least one archive storing a record of said petition.
  - 16. A system according to claim 15 wherein said at least one archive comprises at least two archives.
  - 17. A system according to claim 15 wherein removal of any record from said at least one archive is detectable.
  - 18. A system according to claim 9 wherein each said subscriber module comprises at least one integrated circuit.

19. An encrypted transmission method comprising:
- providing an agency with a private key and a corresponding public key;
  
  providing a multiplicity of subscriber modules each having a private key; and
  
  for each first and second subscriber modules from among said multiplicity of subscriber modules, conveying from said first subscriber module to said second subscriber module only encrypted communications which include private keys of said first and second subscriber modules encrypted with the agency'"'"'s public key.

20. Apparatus for controlling an encryption system including a first plurality of subscriber entities each having an ID, a public key and a private key, the apparatus comprising:
- a second plurality of regulator entities each having an ID, a public key and a private key; and
  
  at least one decrypting agency entity having at least one agency public key respectively which is provided to each of the first plurality of subscriber entities and to each of the second plurality of regulator entities,wherein each subscriber entity and each regulator entity includes a private key encrypter employing at least one agency public key to encrypt the entity'"'"'s private key; and
  
  wherein said apparatus also comprises a certificate generator which, for each individual subscriber entity and for each individual regulator entity, generates a certificate attesting, for all other entities, to the individual entity'"'"'s status, ID, public key and encrypted private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk IL Ltd. (Western Digital Corporation)
Original Assignee
Fortress U & T Limited
Inventors
Gressel, Carmi David, Dror, Itai
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/437,223
Time in Patent Office

848 Days
Field of Search

380/21, 380/30, 380/46, 380/49, 380/50, 380/23, 380/25
US Class Current

380/30
CPC Class Codes

H04L 9/0833 involving conference or gro...

H04L 9/088 Usage controlling of secret...

Internationally regulated system for one to one cryptographic communications with national sovereignty without key escrow

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Internationally regulated system for one to one cryptographic communications with national sovereignty without key escrow

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links