Enhanced cryptographic system and method with key escrow feature
First Claim
1. A method for generating a verifiably trusted communication between a plurality of users comprising the steps of:
- generating a secure communication within an electronic hardware device of a first user, said secure communication including access information to permit access to the secure communication by an outside party;
signing the secure communication with a chip specific private signature key of a signing chip of the electronic hardware device of the first user, said chip specific private signature key having been embedded within a tamper-resistant memory associated with the signing chip of the first user prior to the electronic hardware device being provided to the first user;
appending a certificate to the secure communication, said certificate including a public signature key, corresponding to the private signature key of the signing chip of the first user, signed with a private signature key of a trusted authority; and
transmitting the secure communication to a second user.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a cryptographic system and method with a key escrow feature that uses a method for verifiably splitting users'"'"' private encryption keys into components and for sending those components to trusted agents chosen by the particular users, and provides a system that uses modern public key certificate management, enforced by a chip device that also self-certifies. In a preferred embodiment of this invention, the chip encrypts or decrypts only if certain conditions are met, namely, (1) if a valid "sender certificate" and a valid "recipient certificate" are input, where "valid" means that the particular user'"'"'s private decryption key is provably escrowed with a specified number of escrow agents and that the master escrow center is registered and certified by the chip manufacturer, and (2) if a valid Message Control Header is generated by the sender and validated by the recipient, thereby giving authorized investigators sufficient information with which to request and obtain the escrowed keys.
129 Citations
10 Claims
-
1. A method for generating a verifiably trusted communication between a plurality of users comprising the steps of:
-
generating a secure communication within an electronic hardware device of a first user, said secure communication including access information to permit access to the secure communication by an outside party; signing the secure communication with a chip specific private signature key of a signing chip of the electronic hardware device of the first user, said chip specific private signature key having been embedded within a tamper-resistant memory associated with the signing chip of the first user prior to the electronic hardware device being provided to the first user; appending a certificate to the secure communication, said certificate including a public signature key, corresponding to the private signature key of the signing chip of the first user, signed with a private signature key of a trusted authority; and transmitting the secure communication to a second user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification