Guaranteed partial key-escrow

US 5,666,414 A
Filed: 03/21/1996
Issued: 09/09/1997
Est. Priority Date: 03/21/1996
Status: Expired due to Fees

First Claim

Patent Images

1. A method for escrowing secret decryption keys useful in decrypting ciphertexts, comprising the steps of:

providing a set of trustees a guarantee that a secret decryption key is the composition of a first subkey and a second subkey; and

providing each trustee of the set pieces of information enabling each trustee to verify that the piece of information includes a share of the first subkey.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A given decryption key is decomposed into at least two parts, for example, a first subkey and a second subkey. The first subkey may be verifiably secret-shared among a set of one or more trustees, whereas the trustees preferably receive no information at all about the second subkey. Reconstruction of the first subkey by the trustees does not yield a decryption key useful by itself in decrypting ciphertexts. The trustees, however, also receive a guarantee that once they reveal their shares to a given entity, the entity has the capability of determining the second subkey. Generally, the generation of the second subkey will be carried out by the entity using a brute force technique, although the calculation may be performed by still another party (or even the trustees themselves in cooperation with the entity). Once the second subkey is determined, the guarantee ensures that combination of the first and second subkeys yields a given decryption key that may then be used to decrypt ciphertexts.

Citations

23 Claims

1. A method for escrowing secret decryption keys useful in decrypting ciphertexts, comprising the steps of:
- providing a set of trustees a guarantee that a secret decryption key is the composition of a first subkey and a second subkey; and
  
  providing each trustee of the set pieces of information enabling each trustee to verify that the piece of information includes a share of the first subkey.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the second subkey is substantially easier to compute than the first subkey.
  - 3. The method as described in claim 1 further including the step of:
    - having at least some trustees reveal their shares of the first subkey to a given entity upon a predetermined request.
  - 4. The method as described in claim 3 wherein the given entity is a law enforcement agency.
  - 5. The method as described in claim 4 wherein in the predetermined request is a Court wiretapping order.
  - 6. The method as described in claim 5 wherein the given entity determines the second subkey and uses the first and second subkeys to reconstruct the secret decryption key to thereby decrypt ciphertexts decryptable by the secret decryption key.
  - 7. The method as described in claim 3 wherein the given entity is a private organization.
  - 8. The method as described in claim 1 wherein the shares of at least a first subset of the set of trustees are sufficient to reconstruct the first subkey while the shares of at least a second subset of the set of trustees are insufficient to reconstruct the first subkey.
  - 9. The method as described in claim 1 wherein secure hardware guarantees that the combination of the first and second subkeys is a given secret decryption key.

10. A method for escrowing secret decryption keys useful in decrypting ciphertexts, wherein a given secret decryption key is guaranteed to be a combination of a first and second subkey, comprising the steps of:
- having each of a set of trustees hold guaranteed shares of a first subkey of a given secret decryption key; and
  
  upon a predetermined request, having the trustees reveal their shares to a predetermined entity so as to enable the reconstruction of the first subkey.
- View Dependent Claims (11, 12)
- - 11. The method as described in claim 10 further including the steps of:
    - determining the second subkey; and
      
      using the first and second subkeys to reconstruct the given secret decryption key to thereby enable the decryption of ciphertexts decryptable by the given secret decryption key.
  - 12. The method of claim 11 wherein the second subkey is substantially easier to compute than the first subkey.

13. A method for escrowing secret keys, comprising the steps of:
- having a secret key be the composition of a first subkey and a second subkey;
  
  providing a trustee a piece of data that is guaranteed to be the first subkey of a secret key.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13 wherein the second subkey is substantially easier to compute than the first subkey.
  - 15. The method as described in claim 13 further including the step of:
    - having the trustee reveal the piece of data to a given entity upon a predetermined request.
  - 16. The method as described in claim 15 wherein the given entity is a law enforcement agency.
  - 17. The method as described in claim 15 wherein the predetermined request is a Court wiretapping order.
  - 18. The method as described in claim 17 wherein the given entity determines the second subkey and uses the first and second subkeys to reconstruct the secret key.
  - 19. The method as described in claim 15 wherein the given entity is a private organization.
  - 20. The method as described in claim 13 wherein secure hardware guarantees that the combination of the first and second subkeys is a given secret key.

21. A method for escrowing secret keys, wherein a given secret key is guaranteed to be a combination of a first and second subkey, comprising the steps of:
- having a trustee hold a piece of data guaranteed to be a first subkey of the given secret key; and
  
  upon a predetermined request, having the trustee reveal the piece of data to enable reconstruction of the given secret key.
- View Dependent Claims (22, 23)
- - 22. The method as described in claim 21 further including the steps of:
    - determining the second subkey; and
      
      using the first and second subkeys to reconstruct the given decryption key.
  - 23. The method of claim 22 wherein the second subkey is substantially easier to compute than the first subkey.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Silvio Micali
Original Assignee
Silvio Micali
Inventors
Micali, Silvio
Primary Examiner(s)
Buczinski, Stephen C.

Application Number

US08/620,080
Time in Patent Office

537 Days
Field of Search

380/21, 380/30, 380/45
US Class Current

380/286
CPC Class Codes

H04L 9/0894 Escrow, recovery or storing...

Guaranteed partial key-escrow

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Guaranteed partial key-escrow

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links