公开(公告)号：US06535607B1

公开(公告)日：2003-03-18

申请号：US09184002

申请日：1998-11-02

申请人： Coimbatore S. Chandersekaran ,  Rosario Gennaro ,  Sarbari Gupta ,  Stephen M. Matyas, Jr. ,  David R. Safford ,  Nevenko Zunic

发明人： Coimbatore S. Chandersekaran ,  Rosario Gennaro ,  Sarbari Gupta ,  Stephen M. Matyas, Jr. ,  David R. Safford ,  Nevenko Zunic

IPC分类号： H04L900

CPC分类号： H04L9/0841 ,  H04L9/0894

摘要： A method and apparatus for ensuring that a key recovery-enabled (KR-enabled) system communicating with a non-KR-enabled system in a cryptographic communication system transmits the information necessary to permit key recovery by a key recovery entity. In a first embodiment, data is encrypted under a second key K that is generated as a one-way function of a first key K′ and a key recovery block KRB generated on the first key K′. The key recovery block KRB and the encrypted data e(K, data) are transmitted to the receiver, who cannot decrypt the data without regenerating the second key K from the first key K′ and the key recovery block KRB. In a second embodiment, data is encrypted under a second key K that is generated independently of the first key K′. A third key X, generated as a one-way function of the first key K′ and a key recovery block KRB generated on the second key K, is used to encrypt the XOR product Y of the first and second keys K′, K. The key recovery block KRB, the encrypted XOR product e(X, Y) and the encrypted data e(K, data) are transmitted to the receiver, who cannot decrypt the data without regenerating the third key X from the first key K′ and the key recovery block KRB, decrypting the XOR product Y using the regenerated third key X, and recombining the XOR product Y with the first key K″ to regenerate the second key K. In a third embodiment, an integrity value is computed on a key K and its key recovery block KRB. The integrity value and the key K are encrypted to form an encrypted portion of a key exchange block KEB, while the key recovery block KRB is put in an unencrypted portion of the key exchange block KEB, which is sent along with the encrypted data e(K, data) to the receiver. The receiver decrypts the encrypted portion, recomputes the integrity value and compares it with the received integrity value. Only if the two integrity values compare is the key K extracted and used to decrypt the data.

公开(公告)号：US6058188A

公开(公告)日：2000-05-02

申请号：US899855

申请日：1997-07-24

申请人： Coimbatore S. Chandersekaran ,  Rosario Gennaro ,  Sarbari Gupta ,  Stephen M. Matyas, Jr. ,  David R. Safford ,  Nevenko Zunic

发明人： Coimbatore S. Chandersekaran ,  Rosario Gennaro ,  Sarbari Gupta ,  Stephen M. Matyas, Jr. ,  David R. Safford ,  Nevenko Zunic

IPC分类号： H04L9/08 ,  H04L9/32

CPC分类号： H04L9/3247 ,  H04L9/0894 ,  H04L9/3268

摘要： In a cryptographic communications system, a method and apparatus for allowing a sender of encrypted data to demonstrate to a receiver its ability to correctly generate key recovery information that is transmitted along with the encrypted data and from which law enforcement agents or others may recover the original encryption key. Initially, the sender generates a key pair comprising a private signature key and a corresponding public verification key and sends the latter to a key recovery validation service (KRVS). Upon a satisfactory demonstration by the sender of its ability to correctly generate key recovery information, the KRVS generates a certificate certifying the public verification key and the ability of the sender to correctly generate key recovery information. The sender uses its private signature key to generate a digital signature on the key recovery information, which is sent along with the key recovery information and encrypted data to the receiver. The receiver verifies the signature on the key recovery information using the certified public verification key and decrypts the encrypted data only if the signature is verified as being a valid signature.

摘要翻译： 在加密通信系统中，允许加密数据的发送方向接收机证明正确地生成与加密数据一起发送的密钥恢复信息的能力的方法和装置，并且执法人员或其他人可以从其恢复原始 加密密钥 最初，发送者生成包括私有签名密钥和对应的公共验证密钥的密钥对，并将其发送到密钥恢复验证服务（KRVS）。 在发送方能够正确生成密钥恢复信息的令人满意的演示之后，KRVS生成证明公共验证密钥的证书以及发送方正确生成密钥恢复信息的能力。 发送方使用其私有签名密钥在密钥恢复信息上生成数字签名，密钥恢复信息与密钥恢复信息和加密数据一起发送给接收者。 接收者使用经认证的公开验证密钥来验证密钥恢复信息上的签名，并且只有当签名被验证为有效签名时才对加密数据进行解密。