Enhanced cryptographic system and method with key escrow feature
First Claim
1. A method for generating verifiably trusted, stream-oriented communications among a plurality of users, comprising the steps of:
- escrowing at a trusted escrow center an asymmetric cryptographic key associated with each of a plurality of users;
verifying each of the keys at the escrow center;
certifying each of the keys upon verification; and
generating an encrypted stream-oriented communication from an initiating user to a receiving user using said initiating user'"'"'s cryptographic key, said communication comprising (a) an initial packet having access information to allow an outside party to decrypt the stream, and (b) a stream of subsequent packets, each subsequent packet containing information identifying the subsequent packet as associated with the stream, and wherein at least one of said subsequent packets does not include said access information.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a cryptographic system and method with a key escrow feature that uses a method for verifiably splitting users'"'"' private encryption keys into components and for sending those components to trusted agents chosen by the particular users, and provides a system that uses modern public key certificate management, enforced by a chip device that also self-certifies. In a preferred embodiment of this invention, the chip encrypts or decrypts only if certain conditions are met, namely, (1) if a valid "sender certificate" and a valid "recipient certificate" are input, where "valid" means that the particular user'"'"'s private decryption key is provably escrowed with a specified number of escrow agents and that the master escrow center is registered and certified by the chip manufacturer, and (2) if a valid Message Control Header is generated by the sender and validated by the recipient, thereby giving authorized investigators sufficient information with which to request and obtain the escrowed keys. A preferred embodiment provides for encryption of stream-oriented data.
154 Citations
20 Claims
-
1. A method for generating verifiably trusted, stream-oriented communications among a plurality of users, comprising the steps of:
-
escrowing at a trusted escrow center an asymmetric cryptographic key associated with each of a plurality of users; verifying each of the keys at the escrow center; certifying each of the keys upon verification; and generating an encrypted stream-oriented communication from an initiating user to a receiving user using said initiating user'"'"'s cryptographic key, said communication comprising (a) an initial packet having access information to allow an outside party to decrypt the stream, and (b) a stream of subsequent packets, each subsequent packet containing information identifying the subsequent packet as associated with the stream, and wherein at least one of said subsequent packets does not include said access information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for generating verifiably trusted, stream-oriented communications among a plurality of users, comprising the steps of:
-
escrowing at a trusted escrow center an asymmetric cryptographic key associated with each of a plurality of users; verifying each of the keys at the escrow center; certifying each of the keys upon verification; and receiving, at a receiving user, a first encrypted stream-oriented communication from an initiating user, said communication having been encrypted using said initiating user'"'"'s cryptographic key, said first communication comprising (a) an initial packet having access information to allow an outside party to decrypt the stream, and (b) a stream of subsequent packets, each subsequent packet containing information identifying the subsequent packet as associated with the stream, and wherein at least one subsequent packet of the first stream does not include said access information. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification