| 摘要 |
The invention provides a cryptographic system and method with a key escrow feature that uses a method for verifiably splitting users' private keys into components and for sending those components to trusted agents chosen by the particular users, and provides a system that uses a modern public key certificate management, enforced by a chip device that also self-certifies. A preferred embodiment of this invention provides a method for generating verifiably trusted communications among a plurality of users, comprising the steps of escrowing at a trusted escrow center a plurality of asymmetric cryptographic keys to be used by a plurality of users; verifying each of said plurality of keys at the escrow center; certifying the authorization of each of said plurality of keys upon verification; and initiating a communication from each of said plurality of users using a respective one of said plurality of keys contingent upon certification. Further preferred embodiments provide for rekeying and upgrading of device firmware using a certificate system, and encryption of stream-oriented data.
|
