System and method for access field verification

US 5,956,403 A
Filed: 06/16/1997
Issued: 09/21/1999
Est. Priority Date: 08/11/1994
Status: Expired due to Term

First Claim

Patent Images

1. In an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key, a method for verifying the authenticity of an access field, comprising, the steps of:

(1) obtaining an access field forrecovery of athird encryption key, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key;

(2) obtaining a verification field, wherein said verification field includes information that is used to authenticate said access field; and

(3) verifying, using said verification field, that the first encryption key used to encrypt the communication and said third encryption key are equivalent.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for key escrow cryptography for use in a system comprising a sender and a receiver. Only public escrow keys are stored in the sender and the receiver. The sender encrypts a message using a secret session key (KS), and generates a leaf verification string (LVS) by combining an unique program identifier (UIP), a public portion of a program unique key (KUpub), and a signature. The sender encrypts the KS using the KUpub to generate a first encrypted session key (EKS), and generates a first law enforcement access field (LEAF) by encrypting a combination of the first EKS and the UIP with a copy of a public portion of a family key (KFpub) stored in the sender. The encrypted message, the LVS, and the first LEAF are transmitted from the sender to the receiver. The receiver stores therein a public portion of the KEPF key (KEPFpub). The receiver extracts the UIP, KUpub, and the signature from the LVS, and then encrypts the KS using the extracted KUpub to generate a second encrypted session key (EKS). The receiver generates a second LEAF by encrypting a combination of the second EKS and the extracted UIP with a copy of the KFpub stored in the receiver. The receiver then compares the first LEAF to the second LEAF. If the first LEAF is equal to the second LEAF, then the receiver decrypts the encrypted message using the KS.

Citations

53 Claims

1. In an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key, a method for verifying the authenticity of an access field, comprising, the steps of:
- (1) obtaining an access field forrecovery of athird encryption key, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key;
  
  (2) obtaining a verification field, wherein said verification field includes information that is used to authenticate said access field; and
  
  (3) verifying, using said verification field, that the first encryption key used to encrypt the communication and said third encryption key are equivalent.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, wherein:
    - said step (2) comprises obtaining a verification field, wherein said verification field includes public information that is used to authenticate said access field; and
      
      said step (3) comprises verifying, using said public information in said verification field, that the first encryption key used to encrypt the communication and said third encryption key are equivalent.
  - 3. The method of claim 1, wherein said step (1) comprises the step of obtaining an access field, wherein said access field includes at least one part.
  - 4. The method of claim 3, wherein said step (1) comprises the step of obtaining an access field, wherein said access field includes an encryption of the first encryption key used to encrypt the communication using a fourth encryption key.
  - 5. The method of claim 4, wherein said step (1) comprises the step of obtaining an access field, wherein said access field includes an encryption of a first value using a fifth encryption key, wherein said first value is said encryption of the first encryption key used to encrypt the communication using said fourth encryption key.
  - 6. The method of claim 5, wherein said step (1) comprises the step of obtaining an access field, wherein said access field includes an encryption of a concatenation of at least said first value and a second value using said fifth encryption key, wherein said second value is a program unique identifier.
  - 7. The method of claim 3, wherein said step (1) comprises the step of obtaining an access field, wherein said access field includes at least two parts.
  - 8. The method of claim 7, wherein said step (1) comprises the step of obtaining an access field, wherein a first part of said access field includes an encryption of at least part of the first encryption key used to encrypt the communication using a fourth encryption key.
  - 9. The method of claim 8, wherein said step (1) comprises the step of obtaining an access field, wherein a second part of said access field includes an encryption of at least a second part of the first encryption key used to encrypt the communication using a fifth encryption key.
  - 10. The method of claim 1, wherein said step (1) comprises the step of receiving an access field from a sender, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key, said access field allowing an entity to recover a third encryption key.
  - 11. The method of claim 1, wherein said step (1) comprises the step of retrieving an access field from storage, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key, said access field allowing an entity to recover a third encryption key.
  - 12. The method of claim 1, wherein said step (2) comprises the step of obtaining a verification field, wherein said verification field is based on at least one value used to create said access field.
  - 13. The method of claim 1, wherein said step (2) comprises the step of obtaining a verification field, wherein said verification field is created using a public portion of a fourth encryption key.
  - 14. The method of claim 13, wherein said step (2) comprises the step of obtaining a verification field, wherein said verification field includes an encryption of a concatenation of values using the first encryption key used to encrypt the communication, said concatenation of values including a program unique identifier and said public portion of said fourth encryption key.
  - 15. The method of claim 1, wherein said step (2) comprises the step of obtaining a verification field, wherein said verification field includes an encryption of at least a part of the first encryption key used to encrypt the communication using the first encryption key used to encrypt the communication.
  - 16. The method of claim 1, wherein said step (2) comprises the step of receiving a verification field, wherein said verification field includes information that is used to authenticate said access field.
  - 17. The method of claim 16, wherein said step (2) comprises the step of receiving a verification field from a sender, wherein said verification field includes information that is used to authenticate said access field.
  - 18. The method of claim 1, wherein said step (2) comprises the step of retrieving a verification field from storage, wherein said verification field includes information that is used to authenticate said access field.
  - 19. The method of claim 1, wherein said step (3) comprises the step of verifying, by the receiver, using said verification field, that the first encryption key used to encrypt the communication and said third encryption key that is allowed to be recovered using said access field are equivalent.
  - 20. The method of claim 1, wherein said step (3) comprises the steps of:
    - (a) constructing a second access field using at least part of the first encryption key used to encrypt the communication and said public portion of said second encryption key;
      
      (b) comparing said access field obtained in said step (1) to said second access field, wherein if said access field is equivalent to said second access field, the first encryption key used to encrypt the communication and said third encryption key that is recovered using said access field are equivalent.
  - 21. The method of claim 1, further comprising the step of:
    - (4) decrypting the encrypted communication if said verification is successful.

22. In an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key, an apparatus for verifying the authenticity of an access field, comprising:
- means for obtaining an access field for recovery of a third encryption key, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key;
  
  means for obtaining a verification field, wherein said verification field includes information that is used to authenticate said access field; and
  
  means for verifying, using said verification field, that the first encryption key used to encrypt the communication and said third encryption key are equivalent.
- View Dependent Claims (23)
- - 23. The apparatus of claim 22, wherein said verification field includes public information that is used to authenticate said access field;
    - andsaid verifying means comprises means for verifying, using said public information in said verification field, that the first encryption key used to encrypt the communication and said third encryption key are equivalent.

24. A computer program product for use with a computer system, comprising:
- a computer usable medium having computer readable program code means embodied in said medium for enabling the computer system to implement a method for verifying the authenticity of an access field, said method for verifying the authenticity of an access field operative in an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key, said computer readable program code means including,computer readable program code means for enabling a computer to effect an obtainment of an access field for recovery of a third encryption key, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key;
  
  computer readable program code means for enabling a computer to effect an obtainment of a verification field, wherein said verification field includes information that is used to authenticate said access field; and
  
  computer readable program code means for enabling a computer to effect a verification using said verification field, said verification verifying that the first encryption key used to encrypt the communication and said third encryption key are equivalent.
- View Dependent Claims (25, 26, 27)
- - 25. The computer program product of claim 24, wherein said verification field includes public information that is used to authenticate said access field;
    - andsaid verification computer readable program code means comprises means for enabling a computer to effect a verification using public information in said verification field, said verification verifying that the first encryption key used to encrypt the communication and said third encryption key are equivalent.
  - 26. The method of claim 24, wherein said verifying step comprises verifying, using public information in a verification field, that the first encryption key used to encrypt the communication and a second encryption key that can be recovered using an access field are equivalent, wherein said access field is an encrypted data structure created using a public portion of a third encryption key and said verification field includes information that can be used to authenticate said access field.
  - 27. The method of claim 24, wherein:
    - said step (2) comprises obtaining a verification field, wherein said verification field includes public information that is used to authenticate said access field; and
      
      said step (3) comprises verifying, using said public information in said verification field, that said access field that is obtained by the receiver, and the access field that is generated by the sender are equivalent.

28. In an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key, a method for verifying the authenticity of an access field, comprising the step of:
- verifying, using a verification field, that the first encryption key used to encrypt the communication and a second encryption key that is recovered using an access field are equivalent, wherein said access field is an encrypted data structure created using a public portion of a third encryption key and said verification field includes information that can be used to authenticate said access field.

29. In an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key and generates an access field, a method for verifying the authenticity of an access field, comprising the steps of:
- (1) obtaining an access field for recovery of a third encryption key, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key;
  
  (2) obtaining a verification field, wherein said verification field includes information that is used to authenticate said access field; and
  
  (3) verifying, using said verification field, that said access field that is obtained by the receiver, and the access field that is generated by the sender are equivalent.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 30. The method of claim 29, wherein said step (1) comprises the step of obtaining an access field, wherein said access field includes at least one part.
  - 31. The method of claim 30, wherein said step (1) comprises the step of obtaining an access field, wherein said access field includes an encryption of the first encryption key used to encrypt the communication using a fourth encryption key.
  - 32. The method of claim 31, wherein said step (1) comprises the step of obtaining an access field, wherein said access field includes an encryption of a first value using a fifth encryption key, wherein said first value is said encryption of the first encryption key used to encrypt the communication using said fourth encryption key.
  - 33. The method of claim 32, wherein said step (1) comprises the step of obtaining an access field, wherein said access field includes an encryption of a concatenation of at least said first value and a second value using said fifth encryption key, wherein said second value is a program unique identifier.
  - 34. The method of claim 30, wherein said step (1) comprises the step of obtaining an access field, wherein said access field includes at least two parts.
  - 35. The method of claim 34, wherein said step (1) comprises the step of obtaining an access field, wherein a first part of said access field includes an encryption of at least part of the first encryption key used to encrypt the communication using a fourth encryption key.
  - 36. The method of claim 35, wherein said step (1) comprises the step of obtaining an access field, wherein a second part of said access field includes an encryption of at least a second part of the first encryption key used to encrypt the communication using a fifth encryption key.
  - 37. The method of claim 29, wherein said step (1) comprises the step of receiving an access field from a sender, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key, said access field allowing an entity to recover a third encryption key that enables said entity to decrypt the communication.
  - 38. The method of claim 29, wherein said step (1) comprises the step of retrieving an access field from storage, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key, said access field allowing an entity to recover a third encryption key that enables said entity to decrypt the communication.
  - 39. The method of claim 29, wherein said step (2) comprises the step of obtaining a verification field, wherein said verification field is based on at least one value used to create said access field.
  - 40. The method of claim 29, wherein said step (2) comprises the step of obtaining a verification field, wherein said verification field is created using a public portion of a fourth encryption key.
  - 41. The method of claim 40, wherein said step (2) comprises the step of obtaining a verification field, wherein said verification field includes an encryption of a concatenation of values using the first encryption key used to encrypt the communication, said concatenation of values including a program unique identifier and said public portion of said fourth encryption key.
  - 42. The method of claim 29, wherein said step (2) comprises the step of obtaining a verification field, wherein said verification field includes an encryption of at least a part of the first encryption key used to encrypt the communication using the first encryption key used to encrypt the communication.
  - 43. The method of claim 29, wherein said step (2) comprises the step of receiving a verification field, wherein said verification field includes information that is used to authenticate said access field.
  - 44. The method of claim 43, wherein said step (2) comprises the step of receiving a verification field from a sender, wherein said verification field includes information that is used to authenticate said access field.
  - 45. The method of claim 29, wherein said step (2) comprises the step of retrieving a verification field from storage, wherein said verification field includes information that is used to authenticate said access field.
  - 46. The method of claim 29, wherein said step (3) comprises the steps of:
    - (a) constructing a second access field using at least part of the first encryption key used to encrypt the communication and said public portion of said second encryption key;
      
      (b) comparing said access field obtained in said step (1) to said second access field, wherein if said access field is equivalent to said second access field, the first encryption key used to encrypt the communication and said third encryption key that is recovered using said access field are equivalent.
  - 47. The method of claim 29, further comprising the step of:
    - (4) decrypting the encrypted communication if said verification is successful.

48. In an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key and generates an access field, an apparatus for verifying the authenticity of an access field, comprising:
- means for obtaining an access field for recovery of a third encryption key, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key;
  
  means for obtaining a verification field, wherein said verification field includes information that is used to authenticate said access field; and
  
  means for verifying, using said verification field, that said access field that is obtained by the receiver, and the access field that is generated by the sender are equivalent.
- View Dependent Claims (49)
- - 49. The apparatus of claim 48, wherein said verification field includes public information that is used to authenticate said access field;
    - and said verifying means comprises means for verifying, using said public information in said verification field, that said access field that is obtained by the receiver, and the access field that is generated by the sender are equivalent.

50. A computer program product for use with a computer system, comprising:
- a computer usable medium having computer readable program code means embodied in said medium for enabling the computer system to implement a method for verifying the authenticity of an access field, said method for verifying the authenticity of an access field operative in an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key and generates an access field, said computer readable program code means including,computer readable program code means for enabling a computer to effect an obtainment of an access field for recovery of a third encryption key, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key;
  
  computer readable program code means for enabling a computer to effect an obtainment of a verification field, wherein said verification field includes information that is used to authenticate said access field; and
  
  computer readable program code means for enabling a computer to effect a verification using said verification field, said verification verifying that said access field that is obtained by the receiver, and the access field that is generated by the sender are equivalent.
- View Dependent Claims (51)
- - 51. The computer program product of claim 50, wherein said verification field includes public information that is used to authenticate said access field;
    - andsaid verification computer readable program code means comprises means for enabling a computer to effect a verification using said public information in said verification field, said verification verifying that said access field that is obtained by the receiver, and the access field that is generated by the sender are equivalent.

52. In an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key and generates an access field for recovery of a third encryption key, a method for verifying the authenticity of an access field, comprising the step of:
- verifying, using said verification field, that an access field that is obtained by the receiver, and the access field that is generated by the sender are equivalent, wherein an access field is an encrypted data structure created using at least a public portion of a second encryption key, wherein said verification field includes information that can be used to authenticate said access field.
- View Dependent Claims (53)
- - 53. The method of claim 52, wherein said verifying step comprises:
    - verifying, using public information in said verification field, that an access field that is obtained by the receiver, and the access field that is generated by the sender are equivalent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, Inc. (McAfee, LLC)
Original Assignee
Network Associates, Inc.
Inventors
Ellison, Carl M., Walker, Stephen T., Lipner, Steven B., Balenson, David M.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/874,459
Time in Patent Office

827 Days
Field of Search

380/4, 380/21, 380/25, 380/30
US Class Current

713/181
CPC Class Codes

H04L 9/0894 Escrow, recovery or storing...

System and method for access field verification

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

53 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for access field verification

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

53 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links