Enhanced cryptographic system and method with key escrow feature
First Claim
1. A method for secure communication in a system having at least one communicating party and a message key that is recoverable by one not a party to the communication, the method comprising steps of:
- providing each user with a computer hardware device;
registering hardware devices with a center in accordance with control information determined by a device owner distinct from a device user;
certifying hardware devices, each certification generating a certificate associating a center, a user, and a hardware device;
initiating a secure communication from an initiating user to a recipient using a message key in a manner that permits the owner to access the communication.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a cryptographic system and method with a key escrow feature that uses a method for verifiably splitting users'"'"' private encryption keys into components and for sending those components to trusted agents chosen by the particular users, and provides a system that uses modern public key certificate management, enforced by a chip device that also self-certifies. The methods for key escrow and receiving an escrow certificate are also applied herein to a more generalized case of registering a trusted device with a trusted third party and receiving authorization from that party enabling the device to communicate with other trusted devices.
-
Citations
12 Claims
-
1. A method for secure communication in a system having at least one communicating party and a message key that is recoverable by one not a party to the communication, the method comprising steps of:
-
providing each user with a computer hardware device; registering hardware devices with a center in accordance with control information determined by a device owner distinct from a device user; certifying hardware devices, each certification generating a certificate associating a center, a user, and a hardware device; initiating a secure communication from an initiating user to a recipient using a message key in a manner that permits the owner to access the communication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for encrypted communication in a system having communicating parties and a message key that is recoverable by one not a party to the communication the method comprising steps of:
-
providing each user with a computer hardware device having at least one device-associated key; registering hardware devices with at least a selected one of a plurality of centers; certifying the hardware devices, said certification generating a certificate for a device; initiating a secure communication from an initiating user to a recipient using a message key, said communication containing an access portion encrypted by a key of the center to recover the message key, wherein the communication step includes steps of; encrypting access information using a key of a first center; and encrypting access information using a key of a second center.
-
Specification
-
- Resources
-
Current AssigneeCertco
-
Original AssigneeCertco
-
InventorsSudia, Frank Wells
-
Primary Examiner(s)Barron, Jr., Gilberto
-
Application NumberUS08/802,818Time in Patent Office727 DaysField of Search380/23, 380/25, 380/30, 380/49US Class Current713/175CPC Class CodesG06F 7/725 over elliptic curvesG06Q 20/02 involving a neutral party, ...G06Q 20/3821 Electronic credentialsG06Q 20/3829 involving key managementH04L 9/0825 using asymmetric-key encryp...H04L 9/0844 with user authentication or...H04L 9/085 Secret sharing or secret sp...H04L 9/088 Usage controlling of secret...H04L 9/0894 Escrow, recovery or storing...H04L 9/3247 involving digital signaturesH04L 9/3263 involving certificates, e.g...
