公开(公告)号：US5796830A

公开(公告)日：1998-08-18

申请号：US681679

申请日：1996-07-29

申请人： Donald Byron Johnson ,  Paul Ashley Karger ,  Charles William Kaufman, Jr. ,  Stephen Michael Matyas, Jr. ,  David Robert Safford ,  Marcel Mordechay Yung ,  Nevenko Zunic

发明人： Donald Byron Johnson ,  Paul Ashley Karger ,  Charles William Kaufman, Jr. ,  Stephen Michael Matyas, Jr. ,  David Robert Safford ,  Marcel Mordechay Yung ,  Nevenko Zunic

IPC分类号： G09C1/00 ,  H04K1/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/28 ,  H04L9/32

CPC分类号： H04L9/0894

摘要： A cryptographic key recovery system that is interoperable with existing systems for establishing keys between communicating parties. The sender uses a reversible key inversion function to generate key recovery values P, Q and (optionally) R as a function of a session key and public information, so that the session key may be regenerated from the key recovery values P, Q and (if generated) R. Key recovery values P and Q are encrypted using the respective public recovery keys of a pair of key recovery agents. The encrypted P and Q values are included along with other recovery information in a session header accompanying an encrypted message sent from the sender to the receiver. The key recovery agents may recover the P and Q values for a law enforcement agent by decrypting the encrypted P and Q values in the session header, using their respective private recovery keys corresponding to the public keys. The R value, if generated, is not made available to the key recovery agents, but is ascertained using standard cryptanalytic techniques in order to provide a nontrivial work factor for law enforcement agents. The receiver checks the session header of a received message to ensure that the sender has included valid recovery information. Only when the receiver has verified that the sender has included valid recovery information does the receiver decrypt the received message.

摘要翻译： 可与现有系统互通的加密密钥恢复系统，用于在通信方之间建立密钥。 发送方使用可逆密钥反转功能来产生密钥恢复值P，Q和（可选地）R作为会话密钥和公共信息的函数，使得会话密钥可以从密钥恢复值P，Q和（ 如果生成）R.密钥恢复值P和Q使用一对密钥恢复代理的相应的公共恢复密钥进行加密。 加密的P和Q值与伴随从发送方发送到接收方的加密消息的会话报头中的其他恢复信息一起被包括。 密钥恢复代理可以通过使用它们对应于公钥的各自的私有恢复密钥来解密会话报头中的加密的P和Q值来恢复执法代理的P和Q值。 R值（如果生成的话）不提供给密钥恢复代理，而是使用标准密码分析技术来确定，以便为执法人员提供一个非常重要的工作因素。 接收机检查接收到的消息的会话报头，以确保发送方已经包括有效的恢复信息。 只有当接收方已经验证发送方已经包括有效的恢复信息时，接收方才能解密接收的消息。

公开(公告)号：US6052469A

公开(公告)日：2000-04-18

申请号：US133877

申请日：1998-08-14

申请人： Donald Byron Johnson ,  Paul Ashley Karger ,  Charles William Kaufman, Jr. ,  Stephen Michael Matyas, Jr. ,  David Robert Safford ,  Marcel Mordechay Yung ,  Nevenko Zunic

发明人： Donald Byron Johnson ,  Paul Ashley Karger ,  Charles William Kaufman, Jr. ,  Stephen Michael Matyas, Jr. ,  David Robert Safford ,  Marcel Mordechay Yung ,  Nevenko Zunic

IPC分类号： G09C1/00 ,  H04K1/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/28 ,  H04L9/32

CPC分类号： H04L9/0894

摘要： A cryptographic key recovery system that is interoperable with existing systems for establishing keys between communicating parties. The sender uses a reversible key inversion function to generate key recovery values P, Q and (optionally) R as a function of a session key and public information, so that the session key may be regenerated from the key recovery values P, Q and (if generated) R. Key recovery values P and Q are encrypted using the respective public recovery keys of a pair of key recovery agents. The encrypted P and Q values are included along with other recovery information in a session header accompanying an encrypted message sent from the sender to the receiver. The key recovery agents may recover the P and Q values for a law enforcement agent by decrypting the encrypted P and Q values in the session header, using their respective private recovery keys corresponding to the public keys. The R value, if generated, is not made available to the key recovery agents, but is ascertained using standard cryptanalytic techniques in order to provide a nontrivial work factor for law enforcement agents. The receiver checks the session header of a received message to ensure that the sender has included valid recovery information. Only when the receiver has verified that the sender has included valid recovery information does the receiver decrypt the received message.

摘要翻译： 可与现有系统互通的加密密钥恢复系统，用于在通信方之间建立密钥。 发送方使用可逆密钥反转功能来产生密钥恢复值P，Q和（可选地）R作为会话密钥和公共信息的函数，使得会话密钥可以从密钥恢复值P，Q和（ 如果生成）R.密钥恢复值P和Q使用一对密钥恢复代理的相应的公共恢复密钥进行加密。 加密的P和Q值与伴随从发送方发送到接收方的加密消息的会话报头中的其他恢复信息一起被包括。 密钥恢复代理可以通过使用它们对应于公钥的各自的私有恢复密钥来解密会话报头中的加密的P和Q值来恢复执法代理的P和Q值。 R值（如果生成的话）不提供给密钥恢复代理，而是使用标准密码分析技术来确定，以便为执法人员提供一个非常重要的工作因素。 接收机检查接收到的消息的会话报头，以确保发送方已经包括有效的恢复信息。 只有当接收方已经验证发送方已经包括有效的恢复信息时，接收方才能解密接收的消息。

公开(公告)号：US5815573A

公开(公告)日：1998-09-29

申请号：US629815

申请日：1996-04-10

申请人： Donald Byron Johnson ,  Paul Ashley Karger ,  Charles William Kaufman, Jr. ,  Stephen Michael Matyas, Jr. ,  Marcel Mordechay Yung ,  Nevenko Zunic

发明人： Donald Byron Johnson ,  Paul Ashley Karger ,  Charles William Kaufman, Jr. ,  Stephen Michael Matyas, Jr. ,  Marcel Mordechay Yung ,  Nevenko Zunic

IPC分类号： H04L9/08 ,  H04L9/10 ,  H04K1/00

CPC分类号： H04L9/0894

摘要： A cryptographic key recovery system for generating a cryptographic key for use by a pair of communicating parties while simultaneously providing for its recovery using one or more key recover agents. A plurality of m-bit shared key parts (P, Q) are generated which are shared with respective key recovery agents, while an n-bit nonshared key part (R) is generated that is not shared with any key recovery agent. The shared key parts (P, Q) are combined to generate an m-bit value which is concatenated with the nonshared key part (R) to generate an (m+n)-bit value from which an encryption key is generated. The cryptographic system has the effective work factor of an n-bit key to all of the key recovery agents acting in concert, but has the effective work factor of an (m+n)-bit to any other combination of third parties. The quantity n is selected to make authorized key recovery feasible, but not so trivial as to permit routine decryption of intercepted communications, while the quantity m is selected to make decryption by unauthorized third parties infeasible. Means are provided for verifying that the shared key parts have been shared with the key recovery agents before permitting encrypted communications using the thus generated key.

摘要翻译： 一种加密密钥恢复系统，用于生成密钥，供一对通信方使用，同时使用一个或多个密钥恢复代理提供其恢复。 生成与各个密钥恢复代理共享的多个m位共享密钥部分（P，Q），而生成不与任何密钥恢复代理共享的n位非共享密钥部分（R）。 共享密钥部分（P，Q）被组合以产生与非共享密钥部分（R）连接的m比特值，以生成从其生成加密密钥的（m + n）比特值。 加密系统对所有主要恢复代理人具有一致的n位密钥的有效工作因子，但具有（m + n）位到任何其他第三方组合的有效工作因子。 选择数量n使授权密钥恢复成为可行，但不允许允许例行解密截取的通信，同时选择数量m以使得未经授权的第三方解密不可行。 提供了用于在使用由此产生的密钥进行加密通信之前验证共享密钥部分已经与密钥恢复代理共享的手段。