Method and system for hierarchical key access and recovery

US 5,917,911 A
Filed: 01/23/1997
Issued: 06/29/1999
Est. Priority Date: 01/23/1997
Status: Expired due to Fees

First Claim

Patent Images

1. In a hierarchical key management system comprising a plurality of key arbitration centers (KAC) arranged in a hierarchy, a method for providing access to an encryption key of a user comprising the steps of:

receiving a signed message at a first KAC, said signed message comprising a message portion and an organization signature, said message portion identifying said user and an organization requesting said encryption key, said organization signature being said message portion digitally signed by said organization;

verifying said organization signature by said first KAC;

adding a first KAC ID to said message portion when said organization signature is valid;

after the adding step, signing by said first KAC, said message portion and said organization signature to generate a first KAC signature;

sending said first KAC signature, said organization signature and said message portion to a second KAC, said second KAC being at a next lower level in said hierarchy;

verifying, by said second KAC, said first KAC signature and said organization signature; and

said second KAC requesting said encryption key from a key management center (KMC) to receive said encryption key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A key management system includes a hierarchy (10) of independent key arbitration centers (KAC) for providing access to a user'"'"'s session keys through key management centers (KMC). When a court order is issued for a user'"'"'s session keys, a message requesting the keys is transferred down through hierarchy until a terminal KAC (16,36) is reached. Each KAC in the hierarchy adds its ID and signs (116) the message, verifying prior signatures (114). The user'"'"'s ID is encrypted with the terminal KAC'"'"'s public key. The terminal KAC engages in a blind key access procedure (129) with the KMC (18,38) to receive the user'"'"'s session key. The key is provided encrypted with the requesting party'"'"'s or agency'"'"'s public key. Accordingly, privacy is assured because only the KMC and the requesting agency have access to the actual key value, and only the terminal KAC and requesting agency have access to the user'"'"'s ID. No other KACs in the hierarchy have access to the user ID or key value, and the KMC does not know which user'"'"'s key has been provided.

91 Citations

View as Search Results

21 Claims

1. In a hierarchical key management system comprising a plurality of key arbitration centers (KAC) arranged in a hierarchy, a method for providing access to an encryption key of a user comprising the steps of:
- receiving a signed message at a first KAC, said signed message comprising a message portion and an organization signature, said message portion identifying said user and an organization requesting said encryption key, said organization signature being said message portion digitally signed by said organization;
  
  verifying said organization signature by said first KAC;
  
  adding a first KAC ID to said message portion when said organization signature is valid;
  
  after the adding step, signing by said first KAC, said message portion and said organization signature to generate a first KAC signature;
  
  sending said first KAC signature, said organization signature and said message portion to a second KAC, said second KAC being at a next lower level in said hierarchy;
  
  verifying, by said second KAC, said first KAC signature and said organization signature; and
  
  said second KAC requesting said encryption key from a key management center (KMC) to receive said encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method as claimed in claim 1 wherein the requesting step includes the step of said second KAC engaging in a blind key access protocol with said KMC to receive said encryption key, and wherein the receiving step, the message portion is digitally signed with a private key of said organization, and wherein the receiving step includes the step of receiving as part of said message portion, a user identifier (UID) encrypted with a public key of said second KAC, said second KAC being a terminal KAC for said user, andwherein said message portion also includes a destination ID identifying said second KAC as said terminal KAC.
  - 3. A method as claimed in claim 2 wherein said signed message includes a request for said encryption key, and wherein said receiving step includes the step of receiving said message portion, said message portion including a validity period for said request, said method further comprising the step of said terminal KAC checking that said request is valid based on said validity period, said second KAC performing said engaging step during said validity period, andwherein the engaging step includes the steps of:
    - receiving a session key associated with said user from said KMC;
      
      and receiving a validity time associated with said session key,and wherein the method further comprises the step of said second KAC, upon expiration of the validity time of the session key, requesting subsequent session keys for said user from said KMC during said validity period of said request,said second KAC routing said subsequent session keys to said organization.
  - 4. A method as claimed in claim 3 further comprising the steps of:
    - encrypting said subsequent session keys with a public key of said organization; and
      
      sending a signed message to said first KAC, said signed message including said encrypted subsequent session keys, said signed message being signed with a private key of said second KAC.
  - 5. A method as claimed in claim 3 further comprising the steps of:
    - determining by said KMC when said validity period for said request has expired; and
      
      said KMC issuing new session keys in response to the determining step.
  - 6. A method as claimed in claim 3 further comprising the step of said second KAC, prior to the engaging step, verifying that said first KAC is authorized to communicate with said second KAC, the verifying by said second KAC step including the step of determining that said first KAC is at a next higher level in said hierarchy.
  - 7. A method as claimed in claim 6 said request includes a court order and wherein the receiving a signed message step, said organization is a court that has issued said court order to a government agency to obtain said encryption key, and wherein said message includes information identifying said court and an authority for said court order.
  - 8. A method as claimed in claim 7 further comprising the step of identifying said terminal KAC based on said destination ID.
  - 9. A method as claimed in claim 8 wherein the adding step further comprising the steps of:
    - said first KAC adding a time-stamp to said message portion; and
      
      said second KAC performing the engaging step only within a predetermined period of time of said time-stamp.
  - 10. A method as claimed in claim 9 wherein the receiving a signed message step, said UID corresponds with a device.
  - 11. A method as claimed in claim 9 wherein the receiving a signed message step, said UID corresponds with an individual.

12. In a hierarchy of key arbitration centers (KACs), a method for providing session keys of a user comprising the steps of:
- higher level KACs of said hierarchy routing a request for said session keys to lower level KACs, said KACs being arranged in a hierarchy of KACs; and
  
  said lower level KACs of said hierarchy routing encrypted session keys to said higher level KACs, whereineach KAC that performs the routing a request step, also performs the steps of signing said request with a private key of said KAC and routing said request to one of said lower level KACs, andwherein each KAC receiving said request from a higher level KAC, also performing a step of verifying a signature of said higher level KAC.
- View Dependent Claims (13, 14, 15, 16)
- - 13. A method as claimed in claim 12 further comprising the step of one of said lower level KACs engaging in a blind access protocol with a key management center (KMC) to receive said session keys of said user.
  - 14. A method as claimed in claim 13 further comprising the step of said lower level KAC receiving one of said session keys, said one session key being encrypted with a public key of an organization requesting said one session key.
  - 15. A method as claimed in claim 14 further comprising the steps of:
    - said higher level KAC receiving a request for said one session key, said request being a signed message identifying said user and said organization, said signed message having been signed with a private key of said organization; and
      
      said higher level KAC verifying a signature of said organization using a public key of said organization, said public key of said organization corresponding with said private key of said organization.
  - 16. A method as claimed in claim 15 additionally comprising the step of each of said higher level KACs adding an ID of said each higher level KAC performing said routing a request step, the adding step being performed prior to the routing a request step.

17. A hierarchical key management system comprising:
- a plurality of key arbitration centers (KAC) arranged in a hierarchy for communicating with each other; and
  
  a plurality of key management centers (KMC) for storing session keys of users, each KMC configured for communicating with one of said KACs, whereinsaid KACs route requests for session keys to lower level KACs of said hierarchy,said KACs route encrypted versions of said session keys to designated higher level KACs of said hierarchy, andKACs at end nodes of said hierarchy request said session keys from said KMC.
- View Dependent Claims (18, 19)
- - 18. A system as claimed in claim 17 wherein each KAC that routes one of said requests, also signs said request with a private key of said KAC and routes said request to one of said lower level KACs, andwherein each KAC receiving said request from a higher level KAC, also verifies a signature of said higher level KAC,wherein one of said lower level KAC engages in a blind access protocol with a key management center (KMC) to receive said session keys of said user, and said lower level KAC receives said session key encrypted with a public key of an organization requesting said session key.
  - 19. A system as claimed in claim 18 wherein said higher level KACs add an ID of said each higher level KAC prior to routing said request.

20. In a hierarchical key management system comprising a plurality of key arbitration centers (KAC) arranged in a hierarchy, a method for providing access to an encryption key of a user comprising the steps of:
- receiving a signed message at a first KAC, said signed message requesting said encryption key;
  
  verifying a signature of said signed message by said first KAC;
  
  adding a first KAC ID to a message portion of said signed message;
  
  signing said message portion by said first KAC, to generate a first KAC signature;
  
  sending a second signed message to a second KAC in said hierarchy, said second signed message including said first KAC signature;
  
  verifying, by said second KAC, said first KAC signature; and
  
  said second KAC receiving said encryption key in response to the verifying step.
- View Dependent Claims (21)
- - 21. A method as claimed in claim 20 wherein:
    - the receiving step further comprises the step of receiving said signed message, wherein said signed message comprises a message portion and an organization signature, said message portion identifying said user an organization requesting said encryption key, said organization signature being said message portion signed with a private key of said organization;
      
      wherein the adding step is performed when said organization signature is valid;
      
      wherein the signing step is performed after the adding step, and includes the step of signing by said first KAC, said message portion and said organization signature to generate said first KAC signature;
      
      wherein said second signed message includes said first KAC signature, said organization signature and said message portion, said second KAC being a next lower KAC in said hierarchy,wherein the verifying said first KAC signature step includes the step of verifying said organization signature,and wherein said second KAC receiving step includes the step of engaging in a blind key access protocol with a key management center (KMC) to receive said encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Dynamics C4 Systems Incorporated (General Dynamics Corporation)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Puhl, Larry Charles, Geiger, Robert Lawrence, Dabbish, Ezzat A.
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/788,068
Time in Patent Office

887 Days
Field of Search

380/21, 380/30, 380/49
US Class Current

380/286
CPC Class Codes

H04L 9/0836   using tree structure or hie...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3247   involving digital signatures

Method and system for hierarchical key access and recovery

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

91 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for hierarchical key access and recovery

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links