Time delayed key escrow

US 5,768,388 A
Filed: 03/21/1996
Issued: 06/16/1998
Est. Priority Date: 03/01/1996
Status: Expired due to Fees

First Claim

Patent Images

1. A method of providing different levels of computational difficulty for recovering an encrypted communication, so that a first entity experiences less computational difficulty than other entities, the method comprising the steps of:

encrypting the communication so that an entity in possession of a secret key can recover the encrypted communication without computational difficulty;

providing the first entity with first information about the secret key, the first information comprising weakly-encrypted information about the secret key;

the weakly encrypted information being enough information that the encrypted communications can be recovered with a predetermined level of computational difficulty less than that for the other entities.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods for designing encryption algorithms with different levels of security for different parties: "easier" (but requiring some work nonetheless) to break for some parties (e.g., the government) than for other parties (the adversaries at large). This is achieved by a new form of key escrow in which the government gets some information related to the secret keys of individuals but not the secret keys themselves. The information given to the government enables it to decrypt with a predetermined level of computational difficulty less than that for adversaries at large. The new key escrow methods are verifiable. Verification information can be provided to the government so that it can verify that the information escrowed is sufficient to enable it to decrypt with the predetermined level of computational difficulty. The fact that the government must perform some computation to break the encryption schemes of individual users provides a serious deterrent against massive wiretapping.

Citations

14 Claims

1. A method of providing different levels of computational difficulty for recovering an encrypted communication, so that a first entity experiences less computational difficulty than other entities, the method comprising the steps of:
- encrypting the communication so that an entity in possession of a secret key can recover the encrypted communication without computational difficulty;
  
  providing the first entity with first information about the secret key, the first information comprising weakly-encrypted information about the secret key;
  
  the weakly encrypted information being enough information that the encrypted communications can be recovered with a predetermined level of computational difficulty less than that for the other entities.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the weakly encrypted information is divided into a plurality of portions separately escrowed with different representatives of the first entity.
  - 3. The method of claim 2 wherein the first entity is the government and the trustees are obligated under certain conditions to disclose the escrowed portions to the government, whereby the government can monitor the encrypted communications.
  - 4. The method of claim 2 wherein the first entity must gain possession of a predetermined minimum number of the escrowed portions before the undisclosed portion of the secret key can be recovered within the predetermined level of computational difficulty.
  - 5. The method of claim 1 wherein substantially the entire secret key is weakly encrypted to form the weakly encrypted information.
  - 6. The method of claim 5 wherein the weakly encrypted information is divided into a plurality of portions separately escrowed with different trustees.
  - 7. The method of claim 1 wherein the computational difficulty incurred in recovering the encrypted communication results from the need to decrypt the weakly encrypted information about the secret key.
  - 8. The method of claim 1 wherein the encryption is private key encryption.
  - 9. The method of claim 1 wherein the encryption is public key encryption.

10. A method of providing different levels of computational difficulty for recovering a public-key encrypted communication, so that a first entity experiences less computational difficulty than other entities, the method comprising the steps of:
- encrypting the communication using a public key for which there exists a secret key, so that with possession of the secret key the encrypted communication can be recovered without computational difficulty;
  
  providing the first entity with first information about the secret key;
  
  the first information being less than a full description of the secret key but enough information that the encrypted communication can be recovered with a predetermined level of computational difficulty less than that for the other entities;
  
  wherein the first information comprises weakly encrypted information about the secret key.

11. A method of providing different levels of computational difficulty for recovering an encrypted communication, so that a first entity experiences less computational difficulty than other entities, the method comprising the steps of:
- encrypting the communication so that an entity in possession of a secret key can recover the encrypted communication without computational difficulty;
  
  providing the first entity with first information about the secret key;
  
  the first information being less than a full description of the secret key but enough information that the encrypted communication can be recovered with a predetermined level of computational difficulty less than that for the other entities;
  
  providing the first entity with verification information with which the first entity can verify that the first information provided is sufficient for recovery to be achieved within the predetermined level of computational difficulty;
  
  wherein the first information comprises weakly encrypted information about the secret key.

12. A method of providing different levels of computational difficulty for recovering an encrypted communication, so that a first entity experiences less computational difficulty than other entities, the method comprising the steps of:
- encrypting the communication so that an entity in possession of a secret key can recover the encrypted communication without computational difficulty;
  
  providing the first entity with first information about the secret key;
  
  the first information being less than a full description of the secret key but enough information that the encrypted communication can be recovered with a predetermined level of computational difficulty less than that for the other entitles;
  
  providing the first entity with verification information with which the first entity can verify that the first information provided is sufficient for recovery to be achieved within the predetermined level of computational difficulty;
  
  wherein the first information provided to the first entity comprises information about a disclosed portion of the secret key, wherein there remains an undisclosed portion of the secret key, and wherein the verification information is used to verify the size of the undisclosed portion and that the disclosed portion is a part of the secret key.
- View Dependent Claims (13)
- - 13. The method of claim 12 wherein the secret key may be changed subsequent to escrowing of the disclosed portion, so that the undisclosed portion is increased in size without any change to the disclosed portion, thereby avoiding a new escrowing of the disclosed portion or a new verification.

14. A method of providing different levels of computational difficulty for recovering a public-key encrypted communication, so that a first entity experiences less computational difficulty than other entities, the method comprising the steps of:
- encrypting the communication using a public key for which there exists a secret key, so that with possession of the secret key the encrypted communication can be recovered without computational difficulty;
  
  providing the first entity with first information about the secret key;
  
  the first information being less than a full description of the secret key but enough information that the encrypted communication can be recovered with a predetermined level of computational difficulty less than that for the other entities;
  
  wherein the first information provided to the first entity comprises information about a disclosed portion of the secret key, and wherein there remains an undisclosed portion of the secret key;
  
  wherein the disclosed portion comprises some of the bits of the secret key, the verification information is used to verify that the number of undisclosed bits is small enough to permit recovery to be within the predetermined level of computational difficulty, and that the disclosed bits are part of the secret key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mihir Bellare, Shafi Goldwasser
Original Assignee
Mihir Bellare, Shafi Goldwasser
Inventors
Bellare, Mihir, Goldwasser, Shafi
Primary Examiner(s)
Buczinski, Stephen C.

Application Number

US08/622,040
Time in Patent Office

817 Days
Field of Search

380/23, 380/25, 380/30
US Class Current

380/30
CPC Class Codes

H04L 9/085 Secret sharing or secret sp...

H04L 9/0894 Escrow, recovery or storing...

Time delayed key escrow

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Time delayed key escrow

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links