WO1996028914A1 - A method for providing blind access to an encryption key - Google Patents

A method for providing blind access to an encryption key Download PDF

Info

Publication number
WO1996028914A1
WO1996028914A1 PCT/US1996/000445 US9600445W WO9628914A1 WO 1996028914 A1 WO1996028914 A1 WO 1996028914A1 US 9600445 W US9600445 W US 9600445W WO 9628914 A1 WO9628914 A1 WO 9628914A1
Authority
WO
WIPO (PCT)
Prior art keywords
group
encrypted
encryption key
key
encryption
Prior art date
Application number
PCT/US1996/000445
Other languages
French (fr)
Inventor
Larry Charles Puhl
Louis David Finkelstein
Ezzat A. Dabbish
Original Assignee
Motorola Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Motorola Inc. filed Critical Motorola Inc.
Priority to CA002187923A priority Critical patent/CA2187923C/en
Priority to EP96904458A priority patent/EP0759241A4/en
Priority to AU48558/96A priority patent/AU681822B2/en
Publication of WO1996028914A1 publication Critical patent/WO1996028914A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key

Definitions

  • the present invention relates to accessing encryption keys, and more particularly, to blind access to encryption keys.
  • Private businesses and government agencies may need to access encryption keys used by industry employees without it being apparent whose encyrption key is being accessed.
  • the private businesses may need to access individual keys in order to replace lost tokens and to provide access to management.
  • FIG. 1 is a flow chart of one embodiment of steps in accordance with the method of the present invention.
  • FIG. 2 is a schematic representation of the flow of information in one embodiment of the present invention in which third party verification is utilized.
  • FIG. 3 is a flow chart of an embodiment of steps implemented by a second group receiving blind access to an encryption key of a member of a first group in accordance with the method of the present invention.
  • FIG. 4 is a flow chart of an embodiment of steps implemented by a second group receiving blind access to an encryption key of a member of a first group in accordance with the method of the present invention wherein third party verification is utilized.
  • FIG. 5 is a block diagram showing the flow of encryption key information as it is encrypted in accordance with the present invention.
  • the method of the present invention method provides, to a second group, blind access to an encryption key of a predetermined first group member.
  • This is particularly useful, for example, for provision by a particular private business to an authorized governmental agency, of a set of encryption keys that includes the encryption key of an employee under surveillance so that the governmental agency may obtain access to an encryption key of a particular employee of the business without identifying which employee is being examined, and, in addition, such that the governmental agency only receives access to the particular encryption key of the employee under surveillance.
  • the method may be implemented such that it includes independent verification that ensures that the governmental agency only has access to the encryption key that matches a court order.
  • FIG. 1 is a flow chart of one embodiment of steps in accordance with the method of the present invention.
  • the method provides, to a second group, blind access to an encryption key of a predetermined first group member by: (1 ) encrypting (102), by the first group, a plurality of first group member encryption keys using a predetermined algorithm and transferring, to the second group, the encrypted plurality of first group member encryption keys with corresponding unencrypted first group member identification fields, IDs, and a list of IDs corresponding to the first group members; (2) selecting (104) an encryption key from the encrypted plurality of first group member encryption keys in accordance with an ID corresponding to the predetermined member of the first group; (3) encrypting (106), by the second group, the selected encryption key using the predetermined algorithm and transferring, to the first group, a doubly encrypted ID-free encryption key; (4) decrypting (108), by the first group, the doubly encrypted ID-free encryption key to obtain a singly encrypted key and transferring the singly encrypted key to
  • step 1 above is from the first group to the second group.
  • the transferring of step 1 above includes (A) transferring to a third group, by the first group, of the encrypted plurality of first group member encryption keys with corresponding unencrypted identification codes, IDs, and a list of IDs corresponding to the first group members; and (B) selecting in step 2 includes selecting by the third group and transferring by the third group to the second group, an encrypted encryption key from the encrypted plurality of first group member encryption keys in accordance with an ID corresponding to the predetermined member of the first group.
  • RSA Public Key encryption is a specific example, as cited in U.S. Patent No. 4,405,829, Sep. 20, 1983 (Cryptographic
  • the corporate identity field may be used by the governmental agency to identify where the keys for an intercepted message have been stored. This access is done blindly so that the corporation does not know which individual is being investigated and so that the governmental agency may only obtain one encryption key as authorized by the court order.
  • Verification that the governmental agency only has access to the key that matches the court order can be accomplished by using a third party (204) to transfer the selected key to the governmental agency (FBI, 206).
  • the corporation provides the encrypted list
  • the steps implemented by the second group include: (1 ) selecting (302) an encryption key from the encrypted plurality of first group member encryption keys in accordance with an ID corresponding to the predetermined member of the first group; (2) encrypting (304; Kg, 506) the selected encryption key using the predetermined commutative encryption algorithm and transferring, to the first group, a doubly encrypted ID-free encryption key; and (3) decrypting (306; K g . 510), upon decryption (K c , 508) by the first group of the doubly encrypted ID-free encryption key to obtain a singly encrypted key and receipt of the singly encrypted key from the first group, the singly encrypted key to obtain the encryption key of the predetermined member of the first group.
  • the steps implemented by the second group include: (1 ) encrypting (402) the encrypted encryption key using the predetermined commutative encryption algorithm and transferring, to the first group, a doubly encrypted ID-free encryption key; and (2) decrypting (404), upon receipt of a singly encrypted key obtained by decryption by the first group of the doubly encrypted ID-free encryption key, the singly encrypted key to obtain the encryption key of the predetermined member of the first group.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Blind access (100, 300, 400) to a desired encryption key of a predetermined first goup member is provided to a second group. The first group encrypts a plurality of first group member encryption keys using a predetermined algorithm and transfers to the second group, the encrypted plurality of first group member encryption keys with corresponding unencrypted first group member identification fields, IDs, and a list of IDs corresponding to the first group members. The desired ID-free encryption key is selected and encrypted by the second group using a predetermined algorithm. The doubly encrypted key is transferred to the first group, decrypted by the first group and transferred to the second group for decryption. Thus, the encryption key is provided without knowledge to the first group of which member's encryption key is being examined and with knowledge to the second group of only the desired encryption key.

Description

A METHOD FOR PROVIDING BLIND ACCESS TO AN ENCRYPTION KEY
Field of the Invention
The present invention relates to accessing encryption keys, and more particularly, to blind access to encryption keys.
Background
Private businesses and government agencies may need to access encryption keys used by industry employees without it being apparent whose encyrption key is being accessed. The private businesses may need to access individual keys in order to replace lost tokens and to provide access to management.
Government agencies generally need to access keys for court- authorized law enforcement purposes. Clearly, private businesses typically will need to access encryption keys more often than government agencies. Thus, it is more efficient for a private business to maintain encryption keys for its employees and to allow for occasional access by governmental agencies when such access is authorized by the courts.
However, when a governmental agency accesses encryption keys of an individual, it typically does not want the private business to know which employee is under surveillance. Thus, there is a need for a method for providing, by a particular private business, to an authorized governmental agency, an encryption key of an employee under surveillance without identifying which employee is being examined. More generally, there is a need for providing, to a second group, blind access to an encryption key of a predetermined first group member.
Brief Descriptions of the Drawings
FIG. 1 is a flow chart of one embodiment of steps in accordance with the method of the present invention.
FIG. 2 is a schematic representation of the flow of information in one embodiment of the present invention in which third party verification is utilized.
FIG. 3 is a flow chart of an embodiment of steps implemented by a second group receiving blind access to an encryption key of a member of a first group in accordance with the method of the present invention.
FIG. 4 is a flow chart of an embodiment of steps implemented by a second group receiving blind access to an encryption key of a member of a first group in accordance with the method of the present invention wherein third party verification is utilized.
FIG. 5 is a block diagram showing the flow of encryption key information as it is encrypted in accordance with the present invention.
Detailed Description of a Preferred Embodiment The method of the present invention method provides, to a second group, blind access to an encryption key of a predetermined first group member. This is particularly useful, for example, for provision by a particular private business to an authorized governmental agency, of a set of encryption keys that includes the encryption key of an employee under surveillance so that the governmental agency may obtain access to an encryption key of a particular employee of the business without identifying which employee is being examined, and, in addition, such that the governmental agency only receives access to the particular encryption key of the employee under surveillance. Further, the method may be implemented such that it includes independent verification that ensures that the governmental agency only has access to the encryption key that matches a court order.
FIG. 1 , numeral 100, is a flow chart of one embodiment of steps in accordance with the method of the present invention. The method provides, to a second group, blind access to an encryption key of a predetermined first group member by: (1 ) encrypting (102), by the first group, a plurality of first group member encryption keys using a predetermined algorithm and transferring, to the second group, the encrypted plurality of first group member encryption keys with corresponding unencrypted first group member identification fields, IDs, and a list of IDs corresponding to the first group members; (2) selecting (104) an encryption key from the encrypted plurality of first group member encryption keys in accordance with an ID corresponding to the predetermined member of the first group; (3) encrypting (106), by the second group, the selected encryption key using the predetermined algorithm and transferring, to the first group, a doubly encrypted ID-free encryption key; (4) decrypting (108), by the first group, the doubly encrypted ID-free encryption key to obtain a singly encrypted key and transferring the singly encrypted key to the second group; and (5) decrypting (110), by the second group, the singly encrypted key to obtain the encryption key of the predetermined first group member.
In one implementation, the first group may be a business, the second group may be a governmental agency, and the predetermined member of the first group is an employee of the business that is specified in an order of a court of law.
Where third party verification is not utilized for determining that the second party has access only to a specific key, the transferring of step 1 above is from the first group to the second group.
Where third party verification is utilized for determining that the second party has access only to a specific key, the transferring of step 1 above includes (A) transferring to a third group, by the first group, of the encrypted plurality of first group member encryption keys with corresponding unencrypted identification codes, IDs, and a list of IDs corresponding to the first group members; and (B) selecting in step 2 includes selecting by the third group and transferring by the third group to the second group, an encrypted encryption key from the encrypted plurality of first group member encryption keys in accordance with an ID corresponding to the predetermined member of the first group.
Typically, communication and data files are generated by the first group members and at least one of the communication and data files have a corporate identity field that is utilized by the second group to determine files generated by the first group.
The predetermined algorithm is a commutative encryption algorithm. A commutative encryption algorithm has the property that a doubly encrypted message that has been encrypted using, for example, for any selected two keys KA and KB, the doubly encrypted message may be decrypted by using KA then KB or by using KB then KA. Public key encryption algorithms based on exponentiation have this property since:
XAB mod n = X^A mod n.
RSA Public Key encryption is a specific example, as cited in U.S. Patent No. 4,405,829, Sep. 20, 1983 (Cryptographic
Communications Systems and Method). When using RSA Public Key encryption to encrypt a message m and encode keys A and B, decode keys C and D respectively, and modulus n, where n is a preselected integer, the enciphered form c_ of text obtained for m is of a form:
c. « (mA mod n)B mod n
may be decoded by
Figure imgf000007_0001
or by
m = (£D mod n)C mod n
FIG. 2, numeral 200, is a schematic representation of the flow of information in one embodiment of the present invention in which third party verification is utilized. In this example, a corporation (202) utilizes its security department to maintain a backup list of encryption keys (Kc, all keys) for each employee of the corporation. The list contains an identity (ID) and the associated encryption key for each employee. Generally, each communication and data file that the employee generates contains a corporate identity field to identify the corporation. Where a governmental agency has received an order of a court (U.S. Court, 208) to examine the communication and data files of a particular employee of the corporation, the government agency approaches the identified corporation to obtain the encryption key. Alternatively, the governmental agency may approach a verification center or government oversight committee which then approaches the corporation to obtain the encryption key. The corporate identity field may be used by the governmental agency to identify where the keys for an intercepted message have been stored. This access is done blindly so that the corporation does not know which individual is being investigated and so that the governmental agency may only obtain one encryption key as authorized by the court order.
The typical protocol is as follows: (1 ) the corporation encrypts its employee keys using a commutative encryption algorithm and the ID associated with each key is not encrypted; (2) the encrypted list of employee keys is provided to the governmental agency and the governmental agency selects the employee that matches the court order based on the ID; (3) the governmental agency encrypts the selected employee key using the same commutative encryption algorithm and this doubly encrypted employee key is given back to the corporation without the corresponding ID; (4) the corporation decrypts the doubly encrypted message obtaining a singly encrypted employee key that is only encrypted under the government's key, and the key is then given back to the governmental agency; (5) the government decrypts the singly encrypted employee key to obtain the employee key.
Thus, all the keys made available to the government are encrypted except for the selected key. Therefore, the governmental agency only has access to one key. The single key that the corporation decodes has been encrypted by the governmental agency so the corporation does not know which key has been selected by the governmental agency.
Verification that the governmental agency only has access to the key that matches the court order can be accomplished by using a third party (204) to transfer the selected key to the governmental agency (FBI, 206). The corporation provides the encrypted list
(Kc(all keys)) of employee keys to the third party. The third party selects the encrypted key that matches the court order and provides only this encrypted key (KC(K)) to the governmental agency. The governmental agency encrypts this key and gives it (Kg(Kc(K)) back to the corporation, either directly, or via the third party. The corporation (202) decrypts the doubly encrypted key (Kg(Kc(K)) to provide a singly encrypted key (Kg(K)) and sends the singly encrypted key (Kg(K)) either directly to the governmental agency or via the third party. Using this procedure the governmental agency only has access to the authorized key and the third party does not have access to the unencrypted keys.
FIG. 3, numeral 300, is a flow chart of an embodiment of steps implemented by a second group receiving blind access to an encryption key of a member of a first group in accordance with the method of the present invention. FIG. 5, numeral 500, is a block diagram showing the flow of encryption key information as it is encrypted in accordance with the present invention. The method provides blind access wherein decrypting is implemented by a second group, of an encryption key of a predetermined member of a first group, utilizing an encrypted plurality (Kc, 504) of first group member encryption keys, received from the first group, that has been encrypted using a predetermined commutative encryption algorithm and a list of IDs corresponding to first group members, wherein the first group member encryption keys Key #i or Ki, i a whole number, have corresponding unencrypted first group member identification fields (502), IDs, comprising, by the second group. The steps implemented by the second group include: (1 ) selecting (302) an encryption key from the encrypted plurality of first group member encryption keys in accordance with an ID corresponding to the predetermined member of the first group; (2) encrypting (304; Kg, 506) the selected encryption key using the predetermined commutative encryption algorithm and transferring, to the first group, a doubly encrypted ID-free encryption key; and (3) decrypting (306; Kg. 510), upon decryption (Kc, 508) by the first group of the doubly encrypted ID-free encryption key to obtain a singly encrypted key and receipt of the singly encrypted key from the first group, the singly encrypted key to obtain the encryption key of the predetermined member of the first group.
Again, typically, the predetermined member of the first group is specified in an order of a court of law. Also, again, at least one of: communication and data files are generated by first group members and the communication and data files have a corporate identity field that may be utilized by the second group to determine files generated by the first group.
FIG. 4, numeral 400, is a flow chart of an embodiment of steps implemented by a second group receiving blind access to an encryption key of a member of a first group in accordance with the method of the present invention wherein third party verification is utilized. The method provides blind access wherein decrypting is implemented by a second group, of an encryption key of a predetermined member of a first group, utilizing an encrypted encryption key obtained by a third group from an encrypted plurality of first group member encryption keys provided to the third group by the first group, wherein the encrypted plurality of first group member encryption keys has been encrypted using a predetermined commutative encryption algorithm and the third group has preselected the encrypted encryption key as the encrypted encryption key of the predetermined member of the first group based on a list of first group member unencrypted identification fields, IDs, corresponding to first group members. The steps implemented by the second group include: (1 ) encrypting (402) the encrypted encryption key using the predetermined commutative encryption algorithm and transferring, to the first group, a doubly encrypted ID-free encryption key; and (2) decrypting (404), upon receipt of a singly encrypted key obtained by decryption by the first group of the doubly encrypted ID-free encryption key, the singly encrypted key to obtain the encryption key of the predetermined member of the first group.
The predetermined member of the first group may be specified as described above. Also, the communication and data files may be utilized as described above. Although exemplary embodiments are described above, it will be obvious to those skilled in the art that many alterations and modifications may be made without departing from the invention. Accordingly, it is intended that all such alterations and modifications be included within the spirit and scope of the invention as defined in the appended claims.
We claim:

Claims

CLAIMS :
1 . A method for providing, to a second group, blind access to an encryption key of a predetermined first group member, comprising the steps of:
1 A) encrypting, by the first group, a plurality of first group member encryption keys using a predetermined algorithm and transferring, to the second group, the encrypted plurality of first group member encryption keys with corresponding unencrypted first group member identification fields, IDs, and a list of IDs corresponding to the first group members; 1 B) selecting an encryption key from the encrypted plurality of first group member encryption keys in accordance with an ID corresponding to the predetermined member of the first group;
1 C) encrypting, by the second group, the selected encryption key using the predetermined algorithm and transferring, to the first group, a doubly encrypted ID-free encryption key;
TD) decrypting, by the first group, the doubly encrypted ID-free encryption key to obtain a singly encrypted key and transferring the singly encrypted key to the second group; and
1 E) decrypting, by the second group, the singly encrypted key to obtain the encryption key of the predetermined first group member.
2. The method of claim 1 wherein at least one of 2A-2C: 2A) the predetermined member of the first group is specified in an order of a court of law;
2B) the predetermined algorithm is a commutative encryption algorithm; and
2C) the transferring of step 1 A is directly from the first group to the second group.
3. The method of claim 1 wherein: 3A) the transferring of step 1A includes transferring to a third group, by the first group, of the encrypted plurality of first group member encryption keys with corresponding unencrypted identification codes, IDs, and a list of IDs corresponding to the first group members; and 3B) the step of selecting of step 1 B includes selecting by the third group and transferring by the third group to the second group, an encryption key from the encrypted plurality of first group member encryption keys in accordance with an ID corresponding to the predetermined member of the first group. and where further selected, wherein the third group is a verification center/government oversight committee.
4. The method of claim 1 wherein at least one of: communication and data files are generated by the first group members and at least one of the communication and data files have a corporate identity field that is utilized by the second group to determine files generated by the first group.
5. A method for blind access decrypting, by a second group, of an encryption key of a predetermined member of a first group, utilizing an encrypted plurality of first group member encryption keys, received from the first group, that has been encrypted using a predetermined commutative encryption algorithm and a list of IDs corresponding to first group members, wherein the first group member encryption keys have corresponding unencrypted first group member identification fields, IDs, comprising, by the second group, the steps of: 5A) selecting an encryption key from the encrypted plurality of first group member encryption keys in accordance with an ID corresponding to the predetermined member of the first group;
5B) encrypting the selected encryption key using the predetermined commutative encryption algorithm and transferring, to the first group, a doubly encrypted ID-free encryption key; and
5C) decrypting, upon decryption by the first group of the doubly encrypted ID-free encryption key to obtain a singly encrypted key and receipt of the singly encrypted key from the first group, the singly encrypted key to obtain the encryption key of the predetermined member of the first group.
6. The method of claim 5 wherein the predetermined member of the first group is specified in an order of a court of law.
7. The method of claim 5 wherein at least one of: communication and data files are generated by first group members and the communication and data files have a corporate identity field that is utilized by the second group to determine files generated by the first group.
8. A method for blind access decrypting, by a second group, of an encryption key of a predetermined member of a first group, utilizing an encrypted encryption key obtained by a third group from an encrypted plurality of first group member encryption keys provided to the third group by the first group, wherein the encrypted plurality of first group member encryption keys has been encrypted using a predetermined commutative encryption algorithm and the third group has preselected the encrypted encryption key as the encrypted encryption key of the predetermined member of the first group based on a list of first group member unencrypted identification fields, IDs, corresponding to first group members, comprising, for the second group, the steps of: 8A) encrypting the encrypted encryption key using the predetermined commutative encryption algorithm and transferring, to the first group, a doubly encrypted ID-free encryption key;
8B) decrypting, upon receipt of a singly encrypted key obtained by decryption by the first group of the doubly encrypted ID-free encryption key, the singly encrypted key to obtain the encryption key of the predetermined member of the first group.
9. The method of claim 8 wherein the predetermined member of the first group is specified in an order of a court of law.
10. The method of claim 8 wherein at least one of: communication and data files are generated by first group members and the communication and data files have a corporate identity field that is utilized by the second group to determine files generated by the first group.
PCT/US1996/000445 1995-03-09 1996-01-16 A method for providing blind access to an encryption key WO1996028914A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CA002187923A CA2187923C (en) 1995-03-09 1996-01-16 A method for providing blind access to an encryption key
EP96904458A EP0759241A4 (en) 1995-03-09 1996-01-16 A method for providing blind access to an encryption key
AU48558/96A AU681822B2 (en) 1995-03-09 1996-01-16 A method for providing blind access to an encryption key

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/401,592 1995-03-09
US08/401,592 US5564106A (en) 1995-03-09 1995-03-09 Method for providing blind access to an encryption key

Publications (1)

Publication Number Publication Date
WO1996028914A1 true WO1996028914A1 (en) 1996-09-19

Family

ID=23588368

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1996/000445 WO1996028914A1 (en) 1995-03-09 1996-01-16 A method for providing blind access to an encryption key

Country Status (6)

Country Link
US (1) US5564106A (en)
EP (1) EP0759241A4 (en)
CN (1) CN1148453A (en)
AU (1) AU681822B2 (en)
CA (1) CA2187923C (en)
WO (1) WO1996028914A1 (en)

Families Citing this family (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5557346A (en) * 1994-08-11 1996-09-17 Trusted Information Systems, Inc. System and method for key escrow encryption
US5557765A (en) * 1994-08-11 1996-09-17 Trusted Information Systems, Inc. System and method for data recovery
US6272632B1 (en) 1995-02-21 2001-08-07 Network Associates, Inc. System and method for controlling access to a user secret using a key recovery field
US5917911A (en) * 1997-01-23 1999-06-29 Motorola, Inc. Method and system for hierarchical key access and recovery
JP3656688B2 (en) 1997-03-31 2005-06-08 栄司 岡本 Cryptographic data recovery method and key registration system
US20010011349A1 (en) * 1998-09-03 2001-08-02 Greg B. Garrison System and method for encrypting a data session between a client and a server
RU2153191C2 (en) 1998-09-29 2000-07-20 Закрытое акционерное общество "Алкорсофт" Method for blind production of digital rsa signature and device which implements said method
US20010016836A1 (en) * 1998-11-02 2001-08-23 Gilles Boccon-Gibod Method and apparatus for distributing multimedia information over a network
RU2157001C2 (en) 1998-11-25 2000-09-27 Закрытое акционерное общество "Алкорсофт" Method for conducting transactions
CN1109423C (en) * 1999-02-10 2003-05-21 河北工业大学 Permutation code encryption and decryptment method and its encryption and decryptment equipment
US7142676B1 (en) * 1999-06-08 2006-11-28 Entrust Limited Method and apparatus for secure communications using third-party key provider
US6944762B1 (en) 1999-09-03 2005-09-13 Harbor Payments Corporation System and method for encrypting data messages
AU2001239887A1 (en) 2000-02-24 2001-09-03 Valicert Corporation Mechanism for efficient private bulk messaging
US20040073617A1 (en) 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
DE10142498A1 (en) * 2001-08-30 2003-03-27 Siemens Ag Encoding/decoding communications data involves transmitting key information as number of selected with each data packet, decoding data by associating key number with key stored in table
US20030105830A1 (en) * 2001-12-03 2003-06-05 Duc Pham Scalable network media access controller and methods
CN100338627C (en) * 2002-06-04 2007-09-19 佳能株式会社 Image processing apparatus and its controlling method and image proessing system
US6931530B2 (en) * 2002-07-22 2005-08-16 Vormetric, Inc. Secure network file access controller implementing access control and auditing
US7334124B2 (en) * 2002-07-22 2008-02-19 Vormetric, Inc. Logical access block processing protocol for transparent secure file storage
US6678828B1 (en) * 2002-07-22 2004-01-13 Vormetric, Inc. Secure network file access control system
US7143288B2 (en) * 2002-10-16 2006-11-28 Vormetric, Inc. Secure file system server architecture and methods
US7363499B2 (en) * 2003-09-18 2008-04-22 Sun Microsystems, Inc. Blinded encryption and decryption
US8670564B1 (en) 2006-08-14 2014-03-11 Key Holdings, LLC Data encryption system and method
AU2009200408B2 (en) * 2006-09-12 2012-05-10 Cpc Patent Technologies Pty Ltd Password generator
US7860244B2 (en) * 2006-12-18 2010-12-28 Sap Ag Secure computation of private values
FR2913550A1 (en) * 2007-03-07 2008-09-12 Inside Contactless Sa METHOD FOR SECURELY LOADING ACCESS DATA TO A SERVICE IN AN NFC CHIPSET
US20080267411A1 (en) * 2007-04-27 2008-10-30 General Instrument Corporation Method and Apparatus for Enhancing Security of a Device
US8954740B1 (en) * 2010-10-04 2015-02-10 Symantec Corporation Session key proxy decryption method to secure content in a one-to-many relationship
CN103262491A (en) * 2011-11-09 2013-08-21 华为技术有限公司 Method, device and system for protecting data security in cloud
US10318956B2 (en) 2014-09-22 2019-06-11 Payactiv, Inc. Systems and methods for utilization of earned but unpaid income
US10887293B2 (en) 2018-03-20 2021-01-05 International Business Machines Corporation Key identifiers in an obliviousness pseudorandom function (OPRF)-based key management service (KMS)
US10887088B2 (en) * 2018-03-20 2021-01-05 International Business Machines Corporation Virtualizing a key hierarchy using a partially-oblivious pseudorandom function (P-OPRF)
US10841080B2 (en) * 2018-03-20 2020-11-17 International Business Machines Corporation Oblivious pseudorandom function in a key management system
US11115206B2 (en) 2018-08-23 2021-09-07 International Business Machines Corporation Assymetric structured key recovering using oblivious pseudorandom function
US10924267B2 (en) 2018-08-24 2021-02-16 International Business Machines Corporation Validating keys derived from an oblivious pseudorandom function

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4399323A (en) * 1981-02-09 1983-08-16 Bell Telephone Laboratories, Incorporated Fast real-time public key cryptography
US4683968A (en) * 1985-09-03 1987-08-04 Burroughs Corporation System for preventing software piracy employing multi-encrypted keys and single decryption circuit modules
US4802217A (en) * 1985-06-07 1989-01-31 Siemens Corporate Research & Support, Inc. Method and apparatus for securing access to a computer facility
US5276737A (en) * 1992-04-20 1994-01-04 Silvio Micali Fair cryptosystems and methods of use
US5315658A (en) * 1992-04-20 1994-05-24 Silvio Micali Fair cryptosystems and methods of use

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4405829A (en) * 1977-12-14 1983-09-20 Massachusetts Institute Of Technology Cryptographic communications system and method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4399323A (en) * 1981-02-09 1983-08-16 Bell Telephone Laboratories, Incorporated Fast real-time public key cryptography
US4802217A (en) * 1985-06-07 1989-01-31 Siemens Corporate Research & Support, Inc. Method and apparatus for securing access to a computer facility
US4683968A (en) * 1985-09-03 1987-08-04 Burroughs Corporation System for preventing software piracy employing multi-encrypted keys and single decryption circuit modules
US5276737A (en) * 1992-04-20 1994-01-04 Silvio Micali Fair cryptosystems and methods of use
US5315658A (en) * 1992-04-20 1994-05-24 Silvio Micali Fair cryptosystems and methods of use
US5315658B1 (en) * 1992-04-20 1995-09-12 Silvio Micali Fair cryptosystems and methods of use
US5276737B1 (en) * 1992-04-20 1995-09-12 Silvio Micali Fair cryptosystems and methods of use

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP0759241A4 *

Also Published As

Publication number Publication date
AU4855896A (en) 1996-10-02
EP0759241A4 (en) 1998-06-17
CN1148453A (en) 1997-04-23
EP0759241A1 (en) 1997-02-26
AU681822B2 (en) 1997-09-04
CA2187923A1 (en) 1996-09-19
CA2187923C (en) 2000-02-22
US5564106A (en) 1996-10-08

Similar Documents

Publication Publication Date Title
AU681822B2 (en) A method for providing blind access to an encryption key
US7738660B2 (en) Cryptographic key split binding process and apparatus
US7599496B2 (en) Secure encryption key distribution
US6542608B2 (en) Cryptographic key split combiner
US7974410B2 (en) Cryptographic key split combiner
US9208491B2 (en) Format-preserving cryptographic systems
US6367010B1 (en) Method for generating secure symmetric encryption and decryption
US5517567A (en) Key distribution system
US7676040B2 (en) Changing encryption key of encrypted data
US8254570B2 (en) Method and system for encryption of data
US20060095769A1 (en) System and method for initializing operation for an information security operation
US20080044023A1 (en) Secure Data Transmission
US20090271627A1 (en) Secure Data Transmission
CN1327662A (en) Method and apparatus for secure distribution of public/private key pairs
CN101529791A (en) A method and apparatus to provide authentication and privacy with low complexity devices
US20010014156A1 (en) Common key generating method, common key generator, cryptographic communication method and cryptographic communication system
US7917748B2 (en) Secure group secret distribution
US7031469B2 (en) Optimized enveloping via key reuse
EP1038369A2 (en) System and method of sending and receiving secure data using anonymous keys
US20010009583A1 (en) Secret key registration method, secret key register, secret key issuing method, cryptographic communication method and cryptographic communication system
CA2243173A1 (en) System and method for secure data transmission
CN113836588B (en) Privacy protection system of transaction data based on block chain
KR100337637B1 (en) Method for recovering a digital document encrypted
Murray Cryptographic protection of computer-based data files

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 96190148.9

Country of ref document: CN

AK Designated states

Kind code of ref document: A1

Designated state(s): AU CA CN

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE

WWE Wipo information: entry into national phase

Ref document number: 2187923

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 1996904458

Country of ref document: EP

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWP Wipo information: published in national office

Ref document number: 1996904458

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1996904458

Country of ref document: EP