| 摘要 |
<p>A method, using a public-key cryptosystem, for enabling a predetermined entity to monitor communications of users [suspected of unlawful activities while protecting the privacy of law-abiding users], wherein each user is assigned a pair of matching secret and public keys. According to the method, each user's secret key is broken into shares. Then, each user provides a plurality of "trustees" pieces of information. The pieces of information provided to each trustee enable that trustee to verify that such information includes a "share" of a secret key of some given public key. Each trustee can verify that the pieces of information provided include a share of the secret key without interaction with any other trustee or by sending messages to the user. Upon a predetermined request or condition, e.g., a court order authorizing the entity to monitor the communications of a user [suspected of unlawful activity], the trustees reveal to the entity the shares of the secret key of such user. This enables the entity to reconstruct the secret key and monitor the [suspect] user's communications.</p> |
