Method of public key cryptography that includes key escrow
First Claim
1. A method of encryption that includes key escrow, comprising the steps of:
- a) having, by a first user, n secret encryption keys, where n is a positive integer, and where Si1 denotes the ith secret encryption key of the first user;
b) having, by the first user, n public encryption keys corresponding to the n secret encryption keys of the first user, where Pi1 denotes the ith public encryption key of the first user;
c) having, by a second user, n secret encryption keys, where Si2 denotes the ith secret encryption key of the second user;
d) having, by the second user, n public encryption keys corresponding to the n secret encryption keys of the second user, where Pi2 denotes the ith public encryption key of the second user;
e) receiving, by the first user, the n public encryption keys of the second user;
f) receiving, by the first user, a unique identifier ID2 of the second user;
g) generating, by the first user, n values ai =F1 (Si1, Pi2, ID1, ID2, r1), where ai =F1 (Si2, Pi1, ID1, ID2, r1), where ai does not equal F1 (Si1, Pi2, ID2, ID1, r1), where F1 is a first function, where ID1 is a unique identifier of the first user, where r1 is a first of m access restriction values r1, r2, . . . ,rm, and where m is a positive integer;
h) generating, by the first user, n values bi =hm-1 ( . . . h2 (h1 (a1,r2),r3), . . . ,rm), where h1,h2, . . . ,hm-1 are one-way hash functions;
i) generating, by the first user, key=h(F2 (b1, b2, . . . ,bn),x), where F2 is a second function, where h is a one-way hash function, and where x is a random number;
j) encrypting, by the first user, a message using key;
k) appending, by the first user, r1,r2, . . . ,rm, x, ID1, and ID2 to the encrypted message; and
l) transmitting, by the first user, the result of step (k) to a storage medium.
4 Assignments
0 Petitions
Accused Products
Abstract
A key escrow encryption method, where two users each have secret encryption keys and corresponding public encryption keys. One user receives the public encryption keys of the other user and generates a first datum based on them, an identifier of the other user, the secret encryption keys and identifier of the user, and an access restriction. The user generates a second datum based on the first datum and another access restriction. The user generates a key based on the first and second datums. The user encrypts a message using the key and sends it to the other user. Key escrow is included by requiring each user to distribute its secret encryption keys among escrow agents. The escrow agents transform, sign, and transmit it to a certifying authority. The certifying authority signs and publishes it as user'"'"'s public key certificate. To communicate, a user retrieves the certificate of the other user, forms a key, encrypts a message, and transmits it to the other user. The other user retrieves the certificate of the user, forms the key, and decrypts the message. A key encryption key scheme may be used. A third party may intercept the message, receive authorization, receive portions of the key from the escrow agents, recover the key, and recover the message. A data recovery scheme may be used.
-
Citations
53 Claims
-
1. A method of encryption that includes key escrow, comprising the steps of:
-
a) having, by a first user, n secret encryption keys, where n is a positive integer, and where Si1 denotes the ith secret encryption key of the first user; b) having, by the first user, n public encryption keys corresponding to the n secret encryption keys of the first user, where Pi1 denotes the ith public encryption key of the first user; c) having, by a second user, n secret encryption keys, where Si2 denotes the ith secret encryption key of the second user; d) having, by the second user, n public encryption keys corresponding to the n secret encryption keys of the second user, where Pi2 denotes the ith public encryption key of the second user; e) receiving, by the first user, the n public encryption keys of the second user; f) receiving, by the first user, a unique identifier ID2 of the second user; g) generating, by the first user, n values ai =F1 (Si1, Pi2, ID1, ID2, r1), where ai =F1 (Si2, Pi1, ID1, ID2, r1), where ai does not equal F1 (Si1, Pi2, ID2, ID1, r1), where F1 is a first function, where ID1 is a unique identifier of the first user, where r1 is a first of m access restriction values r1, r2, . . . ,rm, and where m is a positive integer; h) generating, by the first user, n values bi =hm-1 ( . . . h2 (h1 (a1,r2),r3), . . . ,rm), where h1,h2, . . . ,hm-1 are one-way hash functions; i) generating, by the first user, key=h(F2 (b1, b2, . . . ,bn),x), where F2 is a second function, where h is a one-way hash function, and where x is a random number; j) encrypting, by the first user, a message using key; k) appending, by the first user, r1,r2, . . . ,rm, x, ID1, and ID2 to the encrypted message; and l) transmitting, by the first user, the result of step (k) to a storage medium. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
-
Specification