Cryptographic system with methods for user-controlled message recovery

US 7,139,399 B1
Filed: 06/21/2001
Issued: 11/21/2006
Est. Priority Date: 06/06/1997
Status: Expired due to Term

First Claim

Patent Images

1. A system for providing public key cryptography including assistance in recovery of messages sent to users, the method comprising:

a first key pair generated for a particular user, the first key pair comprising a public key employed for encrypting messages sent to the particular user and comprising a private key employed for decrypting messages which have been encrypted using the public key of the first key pair;

a second key pair generated for message recovery, the second key pair comprising a public key employed for recovering messages which have been encrypted using the public key of the first key pair and comprising a private key employed for decrypting messages which have been encrypted using the public key of the second key pair;

information referencing the public key of the second key pair embedded within the public key of the first key pair; and

an encryption module automatically employing the public key of the second key pair during encryption of the message under the public key of the first key pair so that the message being encrypted can be directly decrypted using the private key of the second key pair.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptosystem is described which automatically provides an extra “message recovery” recipient(s) when an encrypted message is generated in the system. The system is typically configured such that the extra recipient or “message recovery agent” (MRA)—an entity which itself has a public key (i.e., a MRA public key)—is automatically added, under appropriate circumstances, as a valid recipient for an encrypted message created by a user. In a corporate setting, for example, the message recovery agent is the “corporate” message recovery agent designated for that company (firm, organization, or other group) and the user is an employee (or member) of that company (or group). In operation, the system embeds a pointer (or other reference mechanism) to the MRA public key into the public key of the user or employee, so that encrypted messages sent to the company'"'"'s employees from outside users (e.g., those individuals who are not employees of the company) can nevertheless still be recovered by the company. Alternatively, the MRA public key itself can be embedded within the public key of the employee or user (i.e., a key within a key), but typically at the cost of increasing the storage requirement of the user'"'"'s key. By including in the user'"'"'s key (e.g., an employee) a pointer to a message recovery agent'"'"'s key (or the MRA key itself), the system provides a mechanism for assisting a user outside a group (e.g., a user who is outside a particular company) with the task of including in an automatic and non-intrusive manner the key of an additional recipient, such as one intended for message recovery.

Citations

32 Claims

1. A system for providing public key cryptography including assistance in recovery of messages sent to users, the method comprising:
- a first key pair generated for a particular user, the first key pair comprising a public key employed for encrypting messages sent to the particular user and comprising a private key employed for decrypting messages which have been encrypted using the public key of the first key pair;
  
  a second key pair generated for message recovery, the second key pair comprising a public key employed for recovering messages which have been encrypted using the public key of the first key pair and comprising a private key employed for decrypting messages which have been encrypted using the public key of the second key pair;
  
  information referencing the public key of the second key pair embedded within the public key of the first key pair; and
  
  an encryption module automatically employing the public key of the second key pair during encryption of the message under the public key of the first key pair so that the message being encrypted can be directly decrypted using the private key of the second key pair.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A system according to claim 1, further comprising:
    - information which uniquely identifies the public key of the second key pair stored into the public key of the first key pair.
  - 3. A system according to claim 2, wherein said information which uniquely identifies the public key of the second key pair includes information pointing to a location where the second key pair is stored.
  - 4. A system according to claim 1, further comprising:
    - a copy of the public key of the second key pair embedded within the public key of the first key pair.
  - 5. A system according to claim 1, further comprising:
    - assertion information appended to the public key of the first key pair, said assertion information including a pointer which uniquely identifies the public key of the second key pair.
  - 6. A system according to claim 5, wherein said assertion information includes constraints specifying use of the public key of the first key pair.
  - 7. A system according to claim 6, wherein the constraints include a constraint specifying that use of the public key of the second key pair is mandatory during encryption of a message using the public key of the first key pair.
  - 8. A system according to claim 1, wherein at least one key pair comprises a Diffie-Hellman-compatible key pair.
  - 9. A system according to claim 1, wherein at least one key pair comprises an RSA-compatible key pair.
  - 10. A system according to claim 1, wherein said message being encrypted comprises a selected one of a text file and a binary file.

11. In a computer system providing public key cryptography, a method for assisting with recovery of messages sent to users, the method comprising:
- generating a first key pair for a particular user, the first key pair comprising a public key employed for encrypting messages sent to the particular user and comprising a private key employed for decrypting messages which have been encrypted using the public key of the first key pair;
  
  generating a second key pair for message recovery, the second key pair comprising a public key employed for recovering messages which have been encrypted using the public key of the first key pair and comprising a private key employed for decrypting messages which have been encrypted using the public key of the second key pair;
  
  embedding within the public key of the first key pair information referencing the public key of the second key pair; and
  
  automatically employing the public key of the second key pair during encryption of the message under the public key of the first key pair so that the message being encrypted can be directly decrypted using the private key of the second key pair.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. A method according to claim 11, further comprising:
    - storing information which uniquely identifies the public key of the second key pair.
  - 13. A method according to claim 12, wherein said information which uniquely identifies the public key of the second key pair includes information pointing to a location where the second key pair is stored.
  - 14. A method according to claim 11, further comprising:
    - storing a copy of the public key of the second key pair embedded within the public key of the first key pair.
  - 15. A method according to claim 11, further comprising:
    - appending assertion information to the public key of the first key pair, said assertion information including a pointer which uniquely identifies the public key of the second key pair.
  - 16. A method according to claim 15, wherein said assertion information includes constraints specifying use of the public key of the first key pair.
  - 17. A method according to claim 16, wherein the constraints include a constraint specifying that use of the public key of the second key pair is mandatory during encryption of a message using the public key of the first key pair.
  - 18. A method according to claim 11, wherein at least one key pair comprises a Diffie-Hellman-compatible key pair.
  - 19. A method according to claim 11, wherein at least one key pair comprises an RSA-compatible key pair.
  - 20. A method according to claim 11, wherein said message being encrypted comprises a selected one of a text file and a binary file.
  - 21. A computer-readable storage medium having computer executable instructions for performing the method according to claims 11, 12, 14 or 15.

22. A public key encryption system integrating a message recovery key, comprising:
- a session encryption module block-cipher encrypting a plaintext message into cyphertext using a session key;
  
  a public key encryption module encrypting the session key using a public key of a user, the public key of the user being associated with a private key generated simultaneously thereto and encrypting the session key using a public key of a message recovery agent automatically triggered upon use of the public key of the user, the public key of the message recovery agent being associated with a private key generated simultaneously thereto;
  
  a digital envelope forming an encrypted message comprising the cyphertext and the encrypted session key;
  
  a reference stored into the public key of the user to automatically use the public key of the message recovery agent upon use of the public key of the user;
  
  a pointer to the public key of the message recovery agent embedded as the reference into the public key of the user; and
  
  at least one of a cryptographic hash and a message digest of the pointer stored as the reference to the public key of the message recovery agent.
- View Dependent Claims (23, 24, 25, 26)
- - 23. A system according to claim 22, further comprising:
    - a public key decryption module decrypting the encrypted message by the user, by decrypting the encrypted session key using the private key of the user and block-cipher decrypting the cyphertext using the decrypted session key.
  - 24. A system according to claim 22, further comprising:
    - a public key decryption module decrypting the encrypted message by the message recovery agent, by decrypting the encrypted session key using the private key of the message recovery agent and block-cipher decrypting the cyphertext using the decrypted session key.
  - 25. A system according to claim 22, further comprising:
    - the public key of the message recovery agent embedded as the reference into the public key of the user.
  - 26. A system according to claim 22, further comprising:
    - a digital signature formed from the private key of the user; and
      
      the reference stored into the public key of the user upon successfully authenticating the digital signature.

27. A method for integrating a message recovery key into a public key encryption system, comprising:
- block-cipher encrypting a plaintext message into cyphertext using a session key;
  
  encrypting the session key using a public key of a user, the public key of the user being associated with a private key generated simultaneously thereto;
  
  encrypting the session key using a public key of a message recovery agent automatically triggered upon use of the public key of the user, the public key of the message recovery agent being associated with a private key generated simultaneously thereto;
  
  forming an encrypted message comprising the cyphertext and the encrypted session key;
  
  providing a reference into the public key of the user to automatically use the public key of the message recovery agent upon use of the public key of the user;
  
  embedding a pointer to the public key of the message recovery agent as the reference into the public key of the user; and
  
  storing the reference as at least one of a cryptographic hash and a message digest of the pointer to the public key of the message recovery agent.
- View Dependent Claims (28, 29, 30, 31, 32)
- - 28. A method according to claim 27, further comprising:
    - decrypting the encrypted message by the user, comprising;
      
      decrypting the encrypted session key using the private key of the user; and
      
      block-cipher decrypting the cyphertext using the decrypted session key.
  - 29. A method according to claim 27, further comprising:
    - decrypting the encrypted message by the message recovery agent, comprising;
      
      decrypting the encrypted session key using the private key of the message recovery agent; and
      
      block-cipher decrypting the cyphertext using the decrypted session key.
  - 30. A method according to claim 27, further comprising:
    - embedding the public key of the message recovery agent as the reference into the public key of the user.
  - 31. A method according to claim 27, further comprising:
    - forming a digital signature from the private key of the user; and
      
      storing the reference into the public key of the user upon successfully authenticating the digital signature.
  - 32. A computer-readable storage medium having computer executable instructions for performing the method according to claims 27, 28, or 29.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
PGP Corporation (Gen Digital Inc.)
Inventors
Zimmermann, Philip
Primary Examiner(s)
Song, Hosuk

Application Number

US09/887,776
Time in Patent Office

1,979 Days
Field of Search

380277-286, 380 44- 46, 380 28- 30, 713/176, 713181-189, 713/168, 713170-171
US Class Current

380/277
CPC Class Codes

H04L 9/0894 Escrow, recovery or storing...

Cryptographic system with methods for user-controlled message recovery

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic system with methods for user-controlled message recovery

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links