-
公开(公告)号:US5917911A
公开(公告)日:1999-06-29
申请号:US788068
申请日:1997-01-23
CPC分类号: H04L9/3247 , H04L9/0836 , H04L9/0894
摘要: A key management system includes a hierarchy (10) of independent key arbitration centers (KAC) for providing access to a user's session keys through key management centers (KMC). When a court order is issued for a user's session keys, a message requesting the keys is transferred down through hierarchy until a terminal KAC (16,36) is reached. Each KAC in the hierarchy adds its ID and signs (116) the message, verifying prior signatures (114). The user's ID is encrypted with the terminal KAC's public key. The terminal KAC engages in a blind key access procedure (129) with the KMC (18,38) to receive the user's session key. The key is provided encrypted with the requesting party's or agency's public key. Accordingly, privacy is assured because only the KMC and the requesting agency have access to the actual key value, and only the terminal KAC and requesting agency have access to the user's ID. No other KACs in the hierarchy have access to the user ID or key value, and the KMC does not know which user's key has been provided.
摘要翻译: 密钥管理系统包括用于通过密钥管理中心(KMC)提供对用户会话密钥的访问的独立密钥仲裁中心(KAC)的层次结构(10)。 当为用户的会话密钥发出法庭命令时,请求密钥的消息通过层次结构传送,直到到达终端KAC(16,36)。 层级中的每个KAC将其ID和符号(116)添加到消息中,验证先前的签名(114)。 使用终端KAC的公钥加密用户的ID。 终端KAC与KMC(18,38)进行盲密钥访问过程(129),以接收用户的会话密钥。 密钥是用请求方或代理公钥加密的。 因此,只有KMC和请求机构能够访问实际的密钥值,并且只有终端KAC和请求机构可以访问用户的ID,才能保证隐私。 层次结构中没有其他KAC可以访问用户ID或密钥值,并且KMC不知道已经提供了哪个用户的密钥。
搜索结果
31 条记录 (耗时 0.026 秒)
