Enhanced cryptographic system and method with key escrow feature

US 5,850,451 A
Filed: 02/19/1997
Issued: 12/15/1998
Est. Priority Date: 01/13/1994
Status: Expired due to Term

First Claim

Patent Images

1. A method for generating verifiably trusted, stream-oriented communications among a plurality of users, comprising the steps of:

escrowing at a trusted escrow center an asymmetric cryptographic key associated with each of a plurality of users;

verifying each of the keys at the escrow center;

certifying each of the keys upon verification; and

generating an encrypted stream-oriented communication from an initiating user to a receiving user using said initiating user'"'"'s cryptographic key, said communication comprising (a) an initial packet having access information to allow an outside party to decrypt the stream, and (b) a stream of subsequent packets, each subsequent packet containing information identifying the subsequent packet as associated with the stream, and wherein at least one of said subsequent packets does not include said access information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a cryptographic system and method with a key escrow feature that uses a method for verifiably splitting users'"'"' private encryption keys into components and for sending those components to trusted agents chosen by the particular users, and provides a system that uses modern public key certificate management, enforced by a chip device that also self-certifies. In a preferred embodiment of this invention, the chip encrypts or decrypts only if certain conditions are met, namely, (1) if a valid "sender certificate" and a valid "recipient certificate" are input, where "valid" means that the particular user'"'"'s private decryption key is provably escrowed with a specified number of escrow agents and that the master escrow center is registered and certified by the chip manufacturer, and (2) if a valid Message Control Header is generated by the sender and validated by the recipient, thereby giving authorized investigators sufficient information with which to request and obtain the escrowed keys. A preferred embodiment provides for encryption of stream-oriented data.

154 Citations

20 Claims

1. A method for generating verifiably trusted, stream-oriented communications among a plurality of users, comprising the steps of:
- escrowing at a trusted escrow center an asymmetric cryptographic key associated with each of a plurality of users;
  
  verifying each of the keys at the escrow center;
  
  certifying each of the keys upon verification; and
  
  generating an encrypted stream-oriented communication from an initiating user to a receiving user using said initiating user'"'"'s cryptographic key, said communication comprising (a) an initial packet having access information to allow an outside party to decrypt the stream, and (b) a stream of subsequent packets, each subsequent packet containing information identifying the subsequent packet as associated with the stream, and wherein at least one of said subsequent packets does not include said access information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein the communication further comprises a terminal packet having information indicating an end of the communication.
  - 3. The method of claim 1 wherein each subsequent packet further includes unique information indicating a position of the packet within the sequence.
  - 4. The method of claim 1 wherein each subsequent packet further includes timestamp information.
  - 5. The method of claim 1, wherein the access information includes a hash of the initial packet.
  - 6. The method of claim 5, wherein said hash of said initial packet is signed with the initiating user'"'"'s cryptographic key.
  - 7. The method of claim 4, wherein said access information further includes message identifying information.
  - 8. The method of claim 7, wherein at least one of the subsequent packets includes the message identifying information.
  - 9. The method of claim 8, wherein said information identifying the subsequent packet as associated with the stream is a packet sequence number.
  - 10. The method of claim 1, further comprising the steps of:
    - receiving, at the initiating user, information relating to a quality of a channel carrying the stream-oriented communication; and
      
      selectively including message identifying information in subsequent packets at a rate determined by the quality of the channel.
  - 11. The method of claim 1, wherein packets include information associating them with the initiating user.

12. A method for generating verifiably trusted, stream-oriented communications among a plurality of users, comprising the steps of:
- escrowing at a trusted escrow center an asymmetric cryptographic key associated with each of a plurality of users;
  
  verifying each of the keys at the escrow center;
  
  certifying each of the keys upon verification; and
  
  receiving, at a receiving user, a first encrypted stream-oriented communication from an initiating user, said communication having been encrypted using said initiating user'"'"'s cryptographic key, said first communication comprising (a) an initial packet having access information to allow an outside party to decrypt the stream, and (b) a stream of subsequent packets, each subsequent packet containing information identifying the subsequent packet as associated with the stream, and wherein at least one subsequent packet of the first stream does not include said access information.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12 further comprising the steps of:
    - generating a second encrypted stream-oriented communication from the receiving user to an initiating user using a cryptographic key of the receiving user, said second communication comprising (a) an initial packet having access information to allow an outside party to decrypt the second encrypted stream, and (b) a stream of subsequent packets, each subsequent packet containing information identifying the subsequent packet as associated with the second encrypted stream.
  - 14. The method of claim 13, wherein the access information of the second encrypted stream includes a hash of the initial packet of the second encrypted stream signed with the receiving user'"'"'s cryptographic key.
  - 15. The method of claim 14, wherein the access information of the second encrypted stream includes message identifying information received from the initiating user.
  - 16. The method of claim 15, wherein at least one of the subsequent packets of the second encrypted stream includes message identifying information.
  - 17. The method of claim 16, wherein the information identifying a subsequent packet of the second encrypted stream as associated with the second encrypted stream is a packet sequence number.
  - 18. The method of claim 17, wherein packets of the second encrypted stream include information associating them with the initiating user.
  - 19. The method of claim 13, further comprising the steps of:
    - receiving, at the receiving user, information relating to a quality of a channel carrying the stream-oriented communication; and
      
      selectively including message identifying information in subsequent packets at a rate determined by the quality of the channel.
  - 20. The method of claim 19, wherein the information relating to a quality of the channel is continuously received and the rate at which identifying information is selectively included in subsequent packets is dynamically adjusted based upon the received information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Certco
Original Assignee
Certco
Inventors
Sudia, Frank Wells
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/803,024
Time in Patent Office

664 Days
Field of Search

380/30, 380/48, 380/42, 380/49
US Class Current

380/286
CPC Class Codes

G06F 7/725   over elliptic curves

G06Q 20/02   involving a neutral party, ...

G06Q 20/3821   Electronic credentials

G06Q 20/3829   involving key management

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0844   with user authentication or...

H04L 9/085   Secret sharing or secret sp...

H04L 9/088   Usage controlling of secret...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Enhanced cryptographic system and method with key escrow feature

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

154 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Enhanced cryptographic system and method with key escrow feature

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

154 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links