Key management system for mixed-trust environments

US 5,850,443 A
Filed: 08/15/1996
Issued: 12/15/1998
Est. Priority Date: 08/15/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method of managing cryptographic keys between first and second parties in communication environments of different degrees of trust comprising the steps of:

the first partyencrypting a cryptographic key by using a low trust encryption public key of the first party having a first key length, to generate a first party encrypted cryptographic key,encrypting the cryptographic key using a higher trust encryption public key of the second party having a second key length longer than the first key length to generate a second party encrypted cryptographic key, andconcatenating the first party and second party encrypted cryptographic keys, andthe second party, upon reception of the concatenated data,decrypting the second party encrypted cryptographic key to recover the cryptographic key.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention allows for transporting, in different degrees of security strength, a symmetric key encrypted using an asymmetric encryption technique, and along with this transporting ciphertext derived from plaintext encrypted under this symmetric key. The encryptor encrypts the plaintext using a symmetric whose strength is commensurate with the trust level of the environment in which the encryptor is located. The encryptor encrypts this symmetric key for one or more intended recipients using an asymmetric technique commensurate with a high-trust environment. In the case of the encryptor residing in the low-trust environment, the encryptor additionally encrypts this symmetric key using an asymmetric encryption public key of the originator itself (or alternatively, that of a third party). Decryption equipment in all environments uses the decryption process corresponding to an algorithm identifier included by the originator. In all cases, the asymmetric encryption/decryption process used for each specific recipient is of a strength commensurate with the trust level of that recipient'"'"'s own environment.

Citations

21 Claims

1. A method of managing cryptographic keys between first and second parties in communication environments of different degrees of trust comprising the steps of:
- the first partyencrypting a cryptographic key by using a low trust encryption public key of the first party having a first key length, to generate a first party encrypted cryptographic key,encrypting the cryptographic key using a higher trust encryption public key of the second party having a second key length longer than the first key length to generate a second party encrypted cryptographic key, andconcatenating the first party and second party encrypted cryptographic keys, andthe second party, upon reception of the concatenated data,decrypting the second party encrypted cryptographic key to recover the cryptographic key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein the cryptographic key is an encryption key, and comprising further steps of:
    - the first partyencrypting plaintext into ciphertext using the cryptographic key,concatenating the ciphertext to the first party and second party encrypted cryptographic keys,the second partydecrypting the ciphertext into the plaintext using the thus recovered cryptographic key.
  - 3. The method according to claim 2 wherein the cryptographic key is a symmetric encryption key and the first and second parties use a symmetric encryption process for encrypting the plaintext or decrypting the ciphertext.
  - 4. The method according to claim 3 wherein the symmetric encryption process is a block cipher from the group of DES, CAST and RC2.
  - 5. The method according to claim 1 wherein the first and second parties use distinct asymmetric encryption processes to generate the first party and second party encrypted cryptographic keys.
  - 6. The method according to claim 5 wherein the asymmetric encryption processes are any of RSA encryption and ElGamal encryption.
  - 7. The method according to claim 1 wherein there are three or more parties in communication environments of different degrees of trust comprising steps of:
    - for the third, and other remaining parties separately encrypting the cryptographic key using an encryption public key of each of these parties to generate a second party, third party and additional encrypted cryptographic keys, andconcatenating the first, second, and additional encrypted cryptographic keys,the second and subsequent parties each, upon reception of the concatenated data,decrypting the corresponding encrypted cryptographic key to recover the cryptographic key.

8. A method of managing cryptographic keys between first and second parties in communication environments of different degrees of trust comprising the steps of:
- the first partyselecting a cryptographic key,creating a data field consisting in part of the cryptographic key, encrypted under a low trust encryption public key of the first party having a first key length,combining, using a reversible function, the cryptographic key with additional data derived in part or in whole from the data field to generate a levelled key,encrypting the levelled key using a high trust encryption public key of the second party having a second key length longer than the first key length to generate a second party encrypted levelled key,concatenating the data field, and second party encrypted levelled key,the second party, upon reception of the concatenated data,decrypting the second party encrypted levelled key to recover the levelled key, andrecovering the cryptographic key using the received data field and the recovered levelled key.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 9. The method according to claim 8, wherein the cryptographic key is an encryption key, and comprising further steps of:
    - the first partyencrypting a plaintext into a ciphertext using the cryptographic key, concatenating the ciphertext to the data field and the second party encrypted levelled key,the second party, upon reception of the concatenated data, decrypting the ciphertext into the plaintext using the thus recovered cryptographic key.
  - 10. The method according to claim 9 wherein the cryptographic key is a symmetric encryption key and the first and second parties use a symmetric encryption process for encrypting the plaintext or decrypting the ciphertext.
  - 11. The method according to claim 10 wherein the symmetric encryption process is a block cipher from the group of DES, CAST and RC2.
  - 12. The method according to claim 8 wherein the first party uses distinct asymmetric encryption processes to generate the second party encrypted levelled key and the second party uses an asymmetric decryption process to decrypt the second party encrytped levelled key.
  - 13. The method according to claim 12 wherein the asymmetric encryption processes are any of RSA encryption, and ElGamal encryption.
  - 14. The method according to claim 8 wherein the step of combining using a reversible process to generate a levelled key comprises further steps of:
    - encrypting the cryptographic key using the low trust encryption public key of the first party having the first key length,concatenating the resulting data to said low trust encryption public key itself,hashing a resulting data string using a cryptographic hash function, resulting in a hash value,combining a subset of the hash value, using an exclusive-OR operation, with said cryptographic key, to generate the levelled key.
  - 15. The method according to claim 14 where the hash function used is from the group of SHA-1 and MD5, hash functions.
  - 16. The method according to claim 8 wherein there are three or more parties in communication environments of different degrees of trust, comprising steps of:
    - for third, and other remaining parties separately encrypting the levelled key using an encryption public key of each of these parties to generate a third party and additional encrypted levelled keys, andconcatenating the second party, third party, and additional encrypted levelled keys,the second and subsequent parities each, upon reception of the concatenated data,decrypting the corresponding encrypted levelled key, and recovering the corresponding cryptographic key using the decrypted levelled key.
  - 17. The method according to claim 8 wherein the data field consists of a low trust encryption public key of the first party having a key length shorter than a key length of a high trust encryption public key, concatenated to the encrypted value of the cryptographic key under the low trust encryption public key.
  - 18. The method according to claim 8 comprising further steps of the first partyencrypting the levelled key by using a high trust encryption public key of the first party having a key length larger than the low trust encryption public key to generate a first party encrypted levelled key, and inserting the first party encrypted levelled key into the concatenated data.

19. An apparatus for complementary cryptographic operations, in different degrees of security strength comprising:
- first encryption means for encrypting a cryptographic key by using a low trust encryption public key of the first party having a first key length, to generate a first party encrypted cryptographic key,second encryption means for encrypting the cryptographic key using a higher trust encryption public key of the second party having a second key length longer than the first key length to generate a second party encrypted cryptographic key, andmeans, responsive to the first and second encryption means, for concatenating the first party and second party encrypted cryptographic keys, andmeans, responsive to the concatenated data, for decrypting the second party encrypted cryptographic key to recover the cryptographic key.

20. A method of managing cryptographic keys between first and second parties in communication environments of different degrees of trust comprising the steps of:
- the first partyselecting a cryptographic key,creating a data field consisting in part of the cryptographic key, encrypted under a low trust encryption public key of the first party having a first key length,combining, using a reversible function, the cryptographic key with additional data derived in part or in whole from the data field to generate a levelled key,encrypting the levelled key using a high trust encryption public key of the second party having a second key length longer than the first key length to generate a second party encrypted levelled key,concatenating the data field, and second party encrypted levelled key,the second party, upon reception of the concatenated data,decrypting the second party encrypted levelled key to recover the levelled key, andrecovering the cryptographic key using the received data field and the recovered levelled key.

21. An apparatus for complementary cryptographic operations in different degrees of security strength comprising:
- first encryption means for encrypting a cryptographic key by using a low trust encryption public key of the first party having a first key length, to generate a first party encrypted cryptographic key,second encryption means for encrypting the cryptographic key using a higher trust encryption public key of the second party having a second key length longer than the first key length to generate a second party encrypted cryptographic key, andmeans, responsive to the first and second encryption means, for concatenating the first party and second party encrypted cryptographic keys, andmeans, responsive to the concatenated data, for decrypting the second party encrypted cryptographic key to recover the cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Incorporated (Entrust Corp.)
Original Assignee
Entrust Technologies Limited
Inventors
Van Oorschot, Paul C., Wiener, Michael James
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/698,074
Time in Patent Office

852 Days
Field of Search

380/9, 380/21, 380/30, 380/44, 380/45, 380/46, 380/47, 380/49, 380/50, 380/20
US Class Current

380/285
CPC Class Codes

H04L 9/0625   with splitting of the data ...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/088   Usage controlling of secret...

H04L 9/302   involving the integer facto...

Key management system for mixed-trust environments

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Key management system for mixed-trust environments

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links