Enhanced cryptographic system and method with key escrow feature
First Claim
1. A method for generating a verifiably trusted communication between a plurality of users comprising the steps of:
- generating a secure communication within an electronic hardware device of a first user, said secure communication including access information to permit access to the secure communication by an outside party;
signing the secure communication with a chip specific private signature key of a signing chip of the electronic hardware device of the first user, said chip specific private signature key having been embedded within a tamper-resistant memory associated with the signing chip of the first user prior to the electronic hardware device being provided to the first user;
appending a certificate to the secure communication, said certificate including a public signature key, corresponding to the private signature key of the signing chip of the first user, signed with a private signature key of a trusted authority; and
transmitting the secure communication to a second user.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a cryptographic system and method with a key escrow feature that uses a method for verifiably splitting users'"'"' private encryption keys into components and for sending those components to trusted agents chosen by the particular users, and provides a system that uses modern public key certificate management, enforced by a chip device that also self-certifies. In a preferred embodiment of this invention, the chip encrypts or decrypts only if certain conditions are met, namely, (1) if a valid "sender certificate" and a valid "recipient certificate" are input, where "valid" means that the particular user'"'"'s private decryption key is provably escrowed with a specified number of escrow agents and that the master escrow center is registered and certified by the chip manufacturer, and (2) if a valid Message Control Header is generated by the sender and validated by the recipient, thereby giving authorized investigators sufficient information with which to request and obtain the escrowed keys.
129 Citations
10 Claims
-
1. A method for generating a verifiably trusted communication between a plurality of users comprising the steps of:
-
generating a secure communication within an electronic hardware device of a first user, said secure communication including access information to permit access to the secure communication by an outside party; signing the secure communication with a chip specific private signature key of a signing chip of the electronic hardware device of the first user, said chip specific private signature key having been embedded within a tamper-resistant memory associated with the signing chip of the first user prior to the electronic hardware device being provided to the first user; appending a certificate to the secure communication, said certificate including a public signature key, corresponding to the private signature key of the signing chip of the first user, signed with a private signature key of a trusted authority; and transmitting the secure communication to a second user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification
-
- Resources
-
Current AssigneeCertco
-
Original AssigneeCertco
-
InventorsSudia, Frank Wells
-
Primary Examiner(s)Barron, Jr., Gilberto
-
Application NumberUS08/802,584Time in Patent Office685 DaysField of Search380/30, 380/23, 380/49US Class Current713/173CPC Class CodesG06F 7/725 over elliptic curvesG06Q 20/02 involving a neutral party, ...G06Q 20/3821 Electronic credentialsG06Q 20/3829 involving key managementH04L 9/0825 using asymmetric-key encryp...H04L 9/0844 with user authentication or...H04L 9/085 Secret sharing or secret sp...H04L 9/088 Usage controlling of secret...H04L 9/0894 Escrow, recovery or storing...H04L 9/3247 involving digital signaturesH04L 9/3263 involving certificates, e.g...
