Key management system for mixed-trust environments
First Claim
1. A method of managing cryptographic keys between first and second parties in communication environments of different degrees of trust comprising the steps of:
- the first partyencrypting a cryptographic key by using a low trust encryption public key of the first party having a first key length, to generate a first party encrypted cryptographic key,encrypting the cryptographic key using a higher trust encryption public key of the second party having a second key length longer than the first key length to generate a second party encrypted cryptographic key, andconcatenating the first party and second party encrypted cryptographic keys, andthe second party, upon reception of the concatenated data,decrypting the second party encrypted cryptographic key to recover the cryptographic key.
8 Assignments
0 Petitions
Accused Products
Abstract
The invention allows for transporting, in different degrees of security strength, a symmetric key encrypted using an asymmetric encryption technique, and along with this transporting ciphertext derived from plaintext encrypted under this symmetric key. The encryptor encrypts the plaintext using a symmetric whose strength is commensurate with the trust level of the environment in which the encryptor is located. The encryptor encrypts this symmetric key for one or more intended recipients using an asymmetric technique commensurate with a high-trust environment. In the case of the encryptor residing in the low-trust environment, the encryptor additionally encrypts this symmetric key using an asymmetric encryption public key of the originator itself (or alternatively, that of a third party). Decryption equipment in all environments uses the decryption process corresponding to an algorithm identifier included by the originator. In all cases, the asymmetric encryption/decryption process used for each specific recipient is of a strength commensurate with the trust level of that recipient'"'"'s own environment.
-
Citations
21 Claims
-
1. A method of managing cryptographic keys between first and second parties in communication environments of different degrees of trust comprising the steps of:
-
the first party encrypting a cryptographic key by using a low trust encryption public key of the first party having a first key length, to generate a first party encrypted cryptographic key, encrypting the cryptographic key using a higher trust encryption public key of the second party having a second key length longer than the first key length to generate a second party encrypted cryptographic key, and concatenating the first party and second party encrypted cryptographic keys, and the second party, upon reception of the concatenated data, decrypting the second party encrypted cryptographic key to recover the cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of managing cryptographic keys between first and second parties in communication environments of different degrees of trust comprising the steps of:
-
the first party selecting a cryptographic key, creating a data field consisting in part of the cryptographic key, encrypted under a low trust encryption public key of the first party having a first key length, combining, using a reversible function, the cryptographic key with additional data derived in part or in whole from the data field to generate a levelled key, encrypting the levelled key using a high trust encryption public key of the second party having a second key length longer than the first key length to generate a second party encrypted levelled key, concatenating the data field, and second party encrypted levelled key, the second party, upon reception of the concatenated data, decrypting the second party encrypted levelled key to recover the levelled key, and recovering the cryptographic key using the received data field and the recovered levelled key. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus for complementary cryptographic operations, in different degrees of security strength comprising:
-
first encryption means for encrypting a cryptographic key by using a low trust encryption public key of the first party having a first key length, to generate a first party encrypted cryptographic key, second encryption means for encrypting the cryptographic key using a higher trust encryption public key of the second party having a second key length longer than the first key length to generate a second party encrypted cryptographic key, and means, responsive to the first and second encryption means, for concatenating the first party and second party encrypted cryptographic keys, and means, responsive to the concatenated data, for decrypting the second party encrypted cryptographic key to recover the cryptographic key.
-
-
20. A method of managing cryptographic keys between first and second parties in communication environments of different degrees of trust comprising the steps of:
-
the first party selecting a cryptographic key, creating a data field consisting in part of the cryptographic key, encrypted under a low trust encryption public key of the first party having a first key length, combining, using a reversible function, the cryptographic key with additional data derived in part or in whole from the data field to generate a levelled key, encrypting the levelled key using a high trust encryption public key of the second party having a second key length longer than the first key length to generate a second party encrypted levelled key, concatenating the data field, and second party encrypted levelled key, the second party, upon reception of the concatenated data, decrypting the second party encrypted levelled key to recover the levelled key, and recovering the cryptographic key using the received data field and the recovered levelled key.
-
-
21. An apparatus for complementary cryptographic operations in different degrees of security strength comprising:
-
first encryption means for encrypting a cryptographic key by using a low trust encryption public key of the first party having a first key length, to generate a first party encrypted cryptographic key, second encryption means for encrypting the cryptographic key using a higher trust encryption public key of the second party having a second key length longer than the first key length to generate a second party encrypted cryptographic key, and means, responsive to the first and second encryption means, for concatenating the first party and second party encrypted cryptographic keys, and means, responsive to the concatenated data, for decrypting the second party encrypted cryptographic key to recover the cryptographic key.
-
Specification