Cryptographic system with methods for user-controlled message recovery
First Claim
1. In a computer system providing public key cryptography, a method for assisting with recovery of messages sent to users, the method comprising:
- generating a first key pair for a particular user, the first key pair comprising a public key employed for encrypting messages sent to the particular user and comprising a private key employed for decrypting messages which have been encrypted using the public key of the first key pair;
generating a second key pair for message recovery, the second key pair comprising a public key employed for recovering messages which have been encrypted using the public key of the first key pair and comprising a private key employed for decrypting messages which have been encrypted using the public key of the second key pair;
embedding within the public key of the first key pair information characterizing the public key of the second key pair;
employing the public key of the first key pair during encryption of a message to create an encrypted copy of a random session key that has been employed directly to encrypt the message; and
when the public key of the first key pair is employed during encryption of a message, automatically employing the public key of the second key pair during encryption of the message so that the message being encrypted can be recovered using the private key of the second key pair.
5 Assignments
0 Petitions
Accused Products
Abstract
A cryptosystem is described which automatically provides an extra “message recovery” recipient(s) when an encrypted message is generated in the system. The system is typically configured such that the extra recipient or “message recovery agent” (MRA)—an entity which itself has a public key (i.e., a MRA public key)—is automatically added, under appropriate circumstances, as a valid recipient for an encrypted message created by a user. In a corporate setting, for example, the message recovery agent is the “corporate” message recovery agent designated for that company (firm, organization, or other group) and the user is an employee (or member) of that company (or group). In operation, the system embeds a pointer (or other reference mechanism) to the MRA public key into the public key of the user or employee, so that encrypted messages sent to the company'"'"'s employees from outside users (e.g., those individuals who are not employees of the company) can nevertheless still be recovered by the company. Alternatively, the MRA public key itself can be embedded within the public key of the employee or user (i.e., a key within a key), but typically at the cost of increasing the storage requirement of the user'"'"'s key. By including in the user'"'"'s key (e.g., an employee) a pointer to a message recovery agent'"'"'s key (or the MRA key itself), the system provides a mechanism for assisting a user outside a group (e.g., a user who is outside a particular company) with the task of including in an automatic and non-intrusive manner the key of an additional recipient, such as one intended for message recovery.
172 Citations
31 Claims
-
1. In a computer system providing public key cryptography, a method for assisting with recovery of messages sent to users, the method comprising:
-
generating a first key pair for a particular user, the first key pair comprising a public key employed for encrypting messages sent to the particular user and comprising a private key employed for decrypting messages which have been encrypted using the public key of the first key pair;
generating a second key pair for message recovery, the second key pair comprising a public key employed for recovering messages which have been encrypted using the public key of the first key pair and comprising a private key employed for decrypting messages which have been encrypted using the public key of the second key pair;
embedding within the public key of the first key pair information characterizing the public key of the second key pair;
employing the public key of the first key pair during encryption of a message to create an encrypted copy of a random session key that has been employed directly to encrypt the message; and
when the public key of the first key pair is employed during encryption of a message, automatically employing the public key of the second key pair during encryption of the message so that the message being encrypted can be recovered using the private key of the second key pair. - View Dependent Claims (2, 3, 4, 5)
-
-
6. In a public key cryptosystem, a method allowing recovery of messages encrypted by the system, the method comprising:
-
generating public and private keys for a message recovery agent;
generating public and private keys for a particular user;
embedding within the public key of the particular user information describing the public key of the message recovery agent; and
encrypting a message by;
encrypting the message with a session key, encrypting the session key using the public key of the particular user, and automatically encrypting the session key using the public key of the message recovery agent, so the encrypted message can be recovered using the private key of the message recovery agent. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
requiring the particular user to digitally sign his or her own public key, for providing consent to recovery of messages that have been encrypted using the public key of the particular user.
-
-
8. The method of claim 6, wherein said embedding step is performed using a cryptographic hash for guarding against tampering.
-
9. The method of claim 6, wherein said information describing the public key of the message recovery agent comprises an identifier for uniquely identifying the public key of the message recovery agent.
-
10. The method of claim 6, wherein said information describing the public key of the message recovery agent comprises an identifier for uniquely identifying the public key of the message recovery agent residing on a key server, said method further comprising:
downloading a copy of the public key of the message recovery agent from the key server.
-
11. The method of claim 6, wherein said information describing the public key of the message recovery agent comprises a copy of the public key of the message recovery agent.
-
12. The method of claim 6, wherein said embedding step comprises:
appending assertion information to the public key of the particular user, said assertion information including a pointer which uniquely identifies the public key of the message recovery agent.
-
13. The method of claim 12, wherein said assertion information includes constraints specifying use of the public key of the particular user.
-
14. The method of claim 13, wherein said constraints specify an expiration date for the public key of the particular user.
-
15. The method of claim 13, wherein said constraints specify whether use of the public key of the message recovery agent during encryption of a message is mandatory.
-
16. The method of claim 6, further comprising:
-
recovering the encrypted message by;
decrypting with the private key of the message recovery agent the copy of the session key which was encrypted using the public key of the message recovery agent, for recovering the session key used for encrypting the message, and decrypting the message with the recovered session key.
-
-
17. The method of claim 6, wherein said session key is randomly generated during said encrypting step.
-
18. The method of claim 6, wherein the session key is employed to encrypt the message using a block cipher.
-
19. The method of claim 18, wherein said block cipher comprises a block cipher selected from one of IDEA, Blowfish, and DES block ciphers.
-
20. The method of claim 6, wherein the public and private keys of the particular user comprise a Diffie-Hellman-compatible key pair.
-
21. The method of claim 6, wherein the public and private keys of the particular user comprise an RSA-compatible key pair.
-
22. The method of claim 6, wherein said encrypting step includes:
-
displaying a first list of public keys for potential recipients, the first list including the public key of the particular user;
displaying a second list of public keys which have been selected from the first list;
receiving user input for selecting from the first list the public key of the particular user; and
in response to said user input, adding both the public key of the particular user and the public key for the message recovery agent to the second list.
-
-
23. The method of claim 22, further comprising:
in response to additional user input, removing the public key for the message recovery agent from the second list.
-
24. The method of claim 23, further comprising:
displaying a warning if removal of the public key for the message recovery agent from the second list violates a policy defined for the public key of the particular user.
-
25. The method of claim 6, wherein said message being encrypted comprises an e-mail message.
-
26. A cryptosystem providing message recovery comprising:
-
key generation means for generating public and private keys for a message recovery agent and for generating public and private keys for a particular user, said means including means for embedding within the public key of the particular user information associating the public key of the message recovery agent with the public key of the particular user;
encryption means for encrypting a message with a random session key; and
means for appending to the encrypted message the random session key that has been encrypted using the public key of the particular user, and for appending to the encrypted message the random session key that has been automatically encrypted using the public key of the message recovery agent, so that the encrypted message can be ultimately recovered using the private key of the message recovery agent. - View Dependent Claims (27, 28, 29, 30, 31)
-
Specification