System and method for access field verification
First Claim
1. In an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key, a method for verifying the authenticity of an access field, comprising, the steps of:
- (1) obtaining an access field forrecovery of athird encryption key, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key;
(2) obtaining a verification field, wherein said verification field includes information that is used to authenticate said access field; and
(3) verifying, using said verification field, that the first encryption key used to encrypt the communication and said third encryption key are equivalent.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for key escrow cryptography for use in a system comprising a sender and a receiver. Only public escrow keys are stored in the sender and the receiver. The sender encrypts a message using a secret session key (KS), and generates a leaf verification string (LVS) by combining an unique program identifier (UIP), a public portion of a program unique key (KUpub), and a signature. The sender encrypts the KS using the KUpub to generate a first encrypted session key (EKS), and generates a first law enforcement access field (LEAF) by encrypting a combination of the first EKS and the UIP with a copy of a public portion of a family key (KFpub) stored in the sender. The encrypted message, the LVS, and the first LEAF are transmitted from the sender to the receiver. The receiver stores therein a public portion of the KEPF key (KEPFpub). The receiver extracts the UIP, KUpub, and the signature from the LVS, and then encrypts the KS using the extracted KUpub to generate a second encrypted session key (EKS). The receiver generates a second LEAF by encrypting a combination of the second EKS and the extracted UIP with a copy of the KFpub stored in the receiver. The receiver then compares the first LEAF to the second LEAF. If the first LEAF is equal to the second LEAF, then the receiver decrypts the encrypted message using the KS.
-
Citations
53 Claims
-
1. In an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key, a method for verifying the authenticity of an access field, comprising, the steps of:
-
(1) obtaining an access field forrecovery of athird encryption key, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key; (2) obtaining a verification field, wherein said verification field includes information that is used to authenticate said access field; and (3) verifying, using said verification field, that the first encryption key used to encrypt the communication and said third encryption key are equivalent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. In an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key, an apparatus for verifying the authenticity of an access field, comprising:
-
means for obtaining an access field for recovery of a third encryption key, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key; means for obtaining a verification field, wherein said verification field includes information that is used to authenticate said access field; and means for verifying, using said verification field, that the first encryption key used to encrypt the communication and said third encryption key are equivalent. - View Dependent Claims (23)
-
-
24. A computer program product for use with a computer system, comprising:
-
a computer usable medium having computer readable program code means embodied in said medium for enabling the computer system to implement a method for verifying the authenticity of an access field, said method for verifying the authenticity of an access field operative in an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key, said computer readable program code means including, computer readable program code means for enabling a computer to effect an obtainment of an access field for recovery of a third encryption key, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key; computer readable program code means for enabling a computer to effect an obtainment of a verification field, wherein said verification field includes information that is used to authenticate said access field; and computer readable program code means for enabling a computer to effect a verification using said verification field, said verification verifying that the first encryption key used to encrypt the communication and said third encryption key are equivalent. - View Dependent Claims (25, 26, 27)
-
-
28. In an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key, a method for verifying the authenticity of an access field, comprising the step of:
verifying, using a verification field, that the first encryption key used to encrypt the communication and a second encryption key that is recovered using an access field are equivalent, wherein said access field is an encrypted data structure created using a public portion of a third encryption key and said verification field includes information that can be used to authenticate said access field.
-
29. In an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key and generates an access field, a method for verifying the authenticity of an access field, comprising the steps of:
-
(1) obtaining an access field for recovery of a third encryption key, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key; (2) obtaining a verification field, wherein said verification field includes information that is used to authenticate said access field; and (3) verifying, using said verification field, that said access field that is obtained by the receiver, and the access field that is generated by the sender are equivalent. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
-
48. In an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key and generates an access field, an apparatus for verifying the authenticity of an access field, comprising:
-
means for obtaining an access field for recovery of a third encryption key, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key; means for obtaining a verification field, wherein said verification field includes information that is used to authenticate said access field; and means for verifying, using said verification field, that said access field that is obtained by the receiver, and the access field that is generated by the sender are equivalent. - View Dependent Claims (49)
-
-
50. A computer program product for use with a computer system, comprising:
-
a computer usable medium having computer readable program code means embodied in said medium for enabling the computer system to implement a method for verifying the authenticity of an access field, said method for verifying the authenticity of an access field operative in an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key and generates an access field, said computer readable program code means including, computer readable program code means for enabling a computer to effect an obtainment of an access field for recovery of a third encryption key, wherein said access field is an encrypted data structure created using at least a public portion of a second encryption key; computer readable program code means for enabling a computer to effect an obtainment of a verification field, wherein said verification field includes information that is used to authenticate said access field; and computer readable program code means for enabling a computer to effect a verification using said verification field, said verification verifying that said access field that is obtained by the receiver, and the access field that is generated by the sender are equivalent. - View Dependent Claims (51)
-
-
52. In an environment that includes a sender and a receiver, wherein the sender encrypts a communication using a first encryption key and generates an access field for recovery of a third encryption key, a method for verifying the authenticity of an access field, comprising the step of:
verifying, using said verification field, that an access field that is obtained by the receiver, and the access field that is generated by the sender are equivalent, wherein an access field is an encrypted data structure created using at least a public portion of a second encryption key, wherein said verification field includes information that can be used to authenticate said access field. - View Dependent Claims (53)
Specification