KEY RECOVERY PROCESS USED FOR STRONG ENCRYPTION OF MESSAGES

US 20010010723A1
Filed: 10/30/1997
Published: 08/02/2001
Est. Priority Date: 12/04/1996
Status: Active Grant

First Claim

Patent Images

1. A key recovery process used for strong encryption of a message sent by an entity, which message is either to be stored locally or transmitted to another entity, the reading of a message requiring a decryption key which can be reconstructed by at least a trusted third party for key recovery, while the message comprises a compensation field and a compulsory control field which itself comprises at least one key recovery field for allowing at least one trusted third party to supply the decryption key that enables the encrypted message to be read, characterized in that the compulsory control field also comprises, in unencrypted form, the current date and the agreement number of the encryption hardware/software, as well as a dialogue key encrypted under a daily intermediate key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a key recovery process used for strong encryption of a message sent by an entity, which message is either to be stored locally or transmitted to another entity, the reading of a message requiring a decryption key which can be reconstructed at least by a trusted third party for key recovery, while added to the message are a compensation field and a compulsory control field which itself comprises at least one key recovery field for allowing at least one trusted third party to supply the decryption keys that enable the encrypted message to be read. This key recovery process is remarkable in that the compulsory control field also comprises, in unencrypted form, the current date as well as the agreement number of the encryption hardware/software and, encrypted under a daily intermediate key, the dialogue key. This key recovery field also comprises, first of all, the identifier of the appropriate trusted third party for key recovery, as a function of the application type, followed by a dialogue key encrypted under the public key or said trusted third party, and lastly, encrypted under the public key of said trusted third party, the serial number of the approved hardware/software and optionally the identifier of the entity and its manager, a working key being used to calculate the daily intermediate key and the period of validity of said working key. Finally, and equally remarkably, during the period of validity of the working key, said working key makes it possible, with only the compulsory control field having been supplied, to calculate in advance for the time period for which the eavesdropping has been authorized, by means of a prescribed formula, daily intermediate keys used to decrypt the dialogue keys, which are themselves used to calculate, from the compensation field and the compulsory control field, the random keys for decrypting the messages.

178 Citations

21 Claims

1. A key recovery process used for strong encryption of a message sent by an entity, which message is either to be stored locally or transmitted to another entity, the reading of a message requiring a decryption key which can be reconstructed by at least a trusted third party for key recovery, while the message comprises a compensation field and a compulsory control field which itself comprises at least one key recovery field for allowing at least one trusted third party to supply the decryption key that enables the encrypted message to be read, characterized in that the compulsory control field also comprises, in unencrypted form, the current date and the agreement number of the encryption hardware/software, as well as a dialogue key encrypted under a daily intermediate key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The key recovery process according to claim 1, characterized in that each key recovery field first comprises, in unencrypted form, the identifier of the appropriate trusted third party for key recovery, as a function of the application type, followed by a dialogue key encrypted under the public key of said trusted third party and lastly, encrypted under the public key of said trusted third party, the serial number of the approved hardware/software, a working key and the period of validity of this working key.
  - 3. The key recovery process according to claim 2, characterized in that each key recovery field also comprises, in the above-mentioned last field of claim 2, the identifier of the user entity or the manager of this hardware/software, also encrypted under the public key of the appropriate trusted third party for key recovery.
  - 4. The key recovery process according to claims 2 or 3, characterized in that the working key in combination with, among other things, the date, is used to calculate the daily intermediate key, while said daily intermediate key is used to encrypt the dialogue key, thus enabling each trusted third party to calculate these daily intermediate keys in advance and issue them to the decrypting authority for the legal eavesdropping period.
  - 5. The key recovery process according to claim 4, characterized in that the dialogue key is encrypted under the daily intermediate key.
  - 6. The key recovery process according to claim 3, characterized in that approved decryption hardware/software calculates the decryption key by means of a one-way function using as parameters the dialogue key, also exchanged in the protocol, and the result of a collision-proof one-way function calculated on all of the components of the compulsory control field, said result being combined with the compensation field by means of an exclusive OR, thus making it possible to use a decryption key of any value, which can be the “
    - private key”
      
      type for an asymmetric algorithm, or the “
      
      secret key”
      
      type for a symmetric algorithm, since the sender of the message can adjust the value of the decryption key by means of the compensation field.
  - 7. The key recovery process according to claim 5, characterized in that each trusted third party is capable of calculating the decryption key by means of a one-way function using as parameters the recovered dialogue key, either encrypted under its own public key or encrypted under the daily intermediate key, and the result of a collision-proof one-way function calculated on all of the components of the compulsory control field, said result being combined with the compensation field by means of an exclusive OR.
  - 8. The key recovery process according to claim 5, characterized in that the trusted third parties and the recipient use the same calculation process for the decryption key, which is a function of the compulsory control field and the compensation field, and from that point on any alteration, however minimal, of these fields prevents correct decryption by the recipient of the encrypted messages by means of this decryption key.
  - 9. The key recovery process according to any of claims 1 through 8, characterized in that in order to implement said process, two specific types of hardware/software are required, a first hardware/software used by a national decrypting authority to extract the useful part of the compulsory control field and then, using data returned by the trusted third party for key recovery, to decrypt the encrypted data, and a second hardware/software used by the trusted third party for key recovery to supply the decryption key or keys to the decrypting authority.
  - 10. The key recovery process according to any of claims 1 through 9, characterized in that in order to implement said process, the entity using strong decryption, which requests to be registered with the hardware/software vendor, its representative or a user entity registration authority, in order to validate the encryption/decryption hardware/software, communicates to said hardware/software vendor, its representative or the user entity registration authority the agreement number of the hardware/software, the serial number of the hardware/software, its entity name, the coordinates of the manager of the entity and the current date.
  - 11. The key recovery process according to claim 10, characterized in that in order to implement said process, during the registration of the user entity, the hardware/software agreement number, the hardware/software serial number, the name of the entity and the coordinates of the manager of the entity are stored by the vendor in an audit file.
  - 12. The key recovery process according to claim 10 or 11, characterized in that in order to implement said process and to validate the utilization of each hardware/software type for a predetermined period, the master key specific to the hardware/software in question is used to calculate, from the serial number of said hardware/software, a so-called diversified key, at which point the hardware/software vendor, its representative or a user entity registration authority communicates to the user entity the right to use the hardware/software, which is valid for the predetermined period, plus the information that makes it possible to customize the hardware/software, the right to use the hardware/software, which allows the hardware/software to function for the predetermined period, being supplied in the form of information embedded under the so-called diversified key and constituted by a utilization period, the public key of a national authority for approving trusted third parties for key recovery, and optionally, according to claim 3, the identifier of the user or the manager of this hardware/software.
  - 13. The key recovery process according to claim 12, characterized in that in order to implement said process, all trusted third parties for key recovery request approval from the national authority for approving trusted third parties for key recovery, and when a trusted third party for key recovery is approved by this authority, it is added to the list of an index of approved trusted third parties for key recovery, while a certificate of approval is produced in electronic form in order to guarantee the identity of the trusted third party for key recovery, the value of the public key of the trusted third party for key recovery, the encryption algorithm to be used and the duration of this guarantee.
  - 14. The key recovery process according to claim 13, characterized in that in order to implement said process, the public key of the national authority for approving trusted third parties for key recovery allows the hardware/software to verify the certificates of the approved trusted third parties for key recovery for the countries in which said hardware/software has been approved, such certificates, moreover, allowing the authority for approving trusted third parties for key recovery to guarantee, for a given period, the association between the name of a trusted third party for key recovery, the value of its public key and the encryption algorithm to be used.
  - 15. The key recovery process according to claim 14, characterized in that in order to implement said process, from the knowledge of only one public key specific to the national authority for approving the trusted third parties for key recovery of one country, this national authority indirectly issues international certificates of approval to trusted third parties for international key recovery through the national authorities for approving trusted third parties for key recovery of other countries with which a recognition exists, so that when one national authority for approving trusted third parties for key recovery recognizes another national authority for approving trusted third parties for key recovery, this national authority sends a certificate guaranteeing the value of the key of the other national authority for approving trusted third parties for key recovery, and thus, step by step, knowing the public key of one country'"'"'s national authority for approving trusted third parties for key recovery, the public key of another country'"'"'s national authority for approving trusted third parties for key recovery is validated, this other country itself validating the public key of a trusted third party for key recovery of this other country.
  - 16. The key recovery process according to claim 15, characterized in that when the approved decryption hardware/software is used without any prior deposit of a key having taken place, said hardware/software, in order to be used by a communicating entity, will obtain from the identifiers of the countries of origin, for each communicating country, the public keys of the appropriate trusted third parties for key recovery, which in some cases can be chosen by default, each trusted third party for key recovery being provided with a certificate issued by the national approving authority and listed in an index, and once the public keys of both appropriate trusted third parties for key recovery have thus been obtained, the hardware/software can create the compulsory control field.
  - 17. The key recovery process according to claim 16, characterized in that during the period of validity of the working key, said working key makes it possible, using only the compulsory control field, to calculate and supply in advance the daily intermediate keys that make it possible to decrypt each individual dialogue key, and likewise to decrypt all of the messages for the time period indicated by the period of validity of the working key, which is encrypted under the public key of each trusted third party for key recovery, which period is to be compared to the legal eavesdropping period requested by the decrypting authority so as to be able to issue in advance the set or sub-set of daily intermediate keys requested.
  - 18. The key recovery process according to claims 1 through 2 and 4 through 17, characterized in that an a posteriori check, by a control commission, of the content and the validity of the request expressed by the national decrypting authority is carried out relative to the identity of the entity eavesdropped on and to the duration of the eavesdropping period, for which purpose the control commission requests either the vendor or the entity registration authority to supply it with the relation between the entity name and the agreement and serial numbers of the hardware/software, while for its part the trusted third party for key recovery also performs an audit of the information communicated by the decrypting authority, storing it in an audit file, and associating with it the agreement number of the hardware/software, the serial number of this hardware/software and the duration of the eavesdropping, the a posteriori check being carried out by the control commission using the audit file thus constituted and made available to it by the trusted third party for key recovery, and the relation between the serial number of the hardware/software and the user entity made available by the vendor or the entity registration authority, comparing this information to the information supplied by the decrypting authority, in particular the original court order.
  - 19. The key recovery process according to claims 1 through 17, characterized in that an a posteriori check, by a control commission, of the content and the validity of the request expressed by the national decrypting authority is carried out relative to the identity of the entity eavesdropped on and to the duration of the eavesdropping period, for which purpose the control commission requests from the trusted third party for key recovery the identifier of the entity and its manager, the agreement and serial number of the hardware/software, the information communicated by the decrypting authority, and in particular the duration of the eavesdropping requested by the decrypting authority, all of this information being stored in an audit file maintained by the trusted third party for key recovery, the a posteriori check being carried out by the control commission using the audit file thus constituted and made available to it by the trusted third party for key recovery, the audit file maintained by the decrypting authority, and finally, the original court order produced by the decrypting authority.
  - 20. The key recovery process according to any of the preceding claims, characterized in that the control commission can verify a posteriori that the decrypting authorities have not had access to the semantics of communications relative to an entity that does not fall within the scope of a legal inspection, for which purpose either the serial number of the approved hardware/software makes it possible to indirectly verify the identity of the entity being eavesdropped on by comparing it to the information supplied by the entity registration authority or the vendor, which is constituted by the serial number of the approved hardware/software associated with a list of entities, or the identifier of the entity or that of its manager, when it is present in each encrypted part of the compulsory control field, makes it possible to directly verify the identity of the entity or person being eavesdropped on, the content of which relation can be requested by the control commission from the entity registration authorities, whether national or foreign.
  - 21. The key recovery process according to any of the preceding claims, characterized in that the control commission can verify a posteriori that the decrypting authorities have not had access to the semantics of communications outside the periods authorized by the judicial authority, as a result of the current date information that is systematically used during the calculation of the encryption key and hence the decryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bull Sas (Atos SE)
Original Assignee
Bull Sas (Atos SE)
Inventors
PINKAS, DENIS

Granted Patent

US 6,483,920 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/286
CPC Class Codes

H04L 9/0894 Escrow, recovery or storing...

KEY RECOVERY PROCESS USED FOR STRONG ENCRYPTION OF MESSAGES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

178 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

KEY RECOVERY PROCESS USED FOR STRONG ENCRYPTION OF MESSAGES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

178 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links