Cryptography – Key management – Key escrow or recovery
Reexamination Certificate
1998-12-31
2002-05-28
Barron, Jr., Gilberto (Department: 2132)
Cryptography
Key management
Key escrow or recovery
C713S181000, C380S030000
Reexamination Certificate
active
06396929
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to a cryptographic key recovery system and, more particularly, to a high-availability multi-agent cryptographic key recovery system.
2. Description of the Related Art
Copending U.S. patent application filed herewith, Ser. No. 09/224,886 entitled “Apparatus, Method, And Computer Program Product For Achieving Interoperability Between Cryptographic Key Recovery Enabled And Unaware Systems,” assigned to the International Business Machines Corporation, is incorporated herein by reference. This cited patent application describes a key recovery system.
U.S. patent application of D. B. Johnson et al., Ser. No. 08/629,815, now U.S. Pat. No. 5,815,573 filed Apr. 10, 1996, entitled “Cryptographic Key Recovery System” (“Johnson et al. I”), assigned to the International Business Machines Corporation, is incorporated herein by reference. This cited patent application describes a key recovery system using multiple key recovery agents.
U.S. patent application of D. B. Johnson et al., Ser. No. 08/681,679, now U.S. Pat. No. 5,796,830 filed Jul. 29, 1996, entitled “Interoperable Cryptographic Key Recovery System” (“Johnson et al. II”), assigned to the International Business Machines Corporation, is incorporated herein by reference. This cited patent application describes another key recovery system.
U.S. patent application of S. Chandersekaran et al., Ser. No. 08/971,204, now U.S. Pat. No. 6,355,972 filed Nov. 14, 1997, entitled “Frame-Work Based Cryptographic Key Recovery System” (“Chandersekaran et al.”), assigned to the International Business Machines Corporation, is incorporated herein by reference. This cited patent application describes a key recovery system.
Data encryption systems are well known in the data processing art. In general, such systems operate by performing an encryption operation on a plaintext input block, using an encryption key, to produce a ciphertext output block. The receiver of an encrypted message performs a corresponding decryption operation, using a decryption key, to recover the plaintext block.
Encryption systems fall into two general categories. Symmetric (or private key ) encryption systems such as the Data Encryption Standard (DES) system use the same secret key for both encrypting and decrypting messages. In the DES system, a key having 56 independently specifiable bits is used to convert 64-bit plaintext blocks to ciphertext blocks, or vice versa.
Asymmetric (or public key ) encryption systems, on the other hand, use different keys that are not feasibly derivable from one another for encryption and decryption. A person wishing to receive messages generates a pair of corresponding encryption and decryption keys. The encryption key is made public, while the corresponding decryption key is kept secret. Anyone wishing to communicate with the receiver may encrypt a message using the receiver's public key. Only the receiver may decrypt the message, however, since only he has the private key. Perhaps the best-known asymmetric encryption system is the RSA encryption system, named after its originators Rivest, Shamir and Adleman.
Asymmetric encryption systems are generally more computationally intensive than symmetric encryption systems, but have the advantage that they do not require a secure channel for the transmission of encryption keys. For this reason, asymmetric encryption systems are often used for the one-time transport of highly sensitive data such as symmetric encryption keys.
Data encryption systems of all types have attracted the attention of government intelligence agencies and law enforcement agencies because the same cryptographic strength that prevents decryption by unauthorized third parties also prevents decryption by intelligence or law enforcement officials having a legitimate reason for wanting to access the plaintext data. Because of such concerns, governments have either prohibited the use or export of strong encryption systems or have conditioned their approval on the use of weakened keys that are susceptible to key-exhaustion attacks (that is, systematically testing all possible keys until the right one is found). Such weak encryption systems have the obvious disadvantage that they are just as vulnerable to unauthorized third parties as they are to authorized government officials.
Various cryptographic key recovery systems have recently been proposed as a compromise between the demands of communicating parties for privacy in electronic communications and the demands of law enforcement agencies for access to such communications when necessary to uncover crimes or threats to national security. Generally, in such key recovery systems, all or part of the key used by the communicating parties is made available to one or more key recovery agents, either by actually giving the key portions to the key recovery agents (in which case the key portions are said to be “escrowed”) or by providing sufficient information in the communication itself (as by encrypting the key portions) to allow the key recovery agents to regenerate the key portions. Key recovery agents would reveal the escrowed or regenerated key portions to a requesting law enforcement agent only upon presentation of proper evidence of authority, such as a court order authorizing the interception. The use of multiple key recovery agents, all of which must cooperate to recover the key, minimizes the possibility that a law enforcement agent can improperly recover a key by using a corrupt key recovery agent.
Key recovery systems serve the communicants' interest in privacy, since their encryption system retains its full strength against third parties and does not have to be weakened to comply with domestic restrictions on encryption or to meet export requirements. At the same time, key recovery systems serve the legitimate needs of law enforcement by permitting the interception of encrypted communications in circumstances where unencrypted communications have previously been intercepted (such as where a court order has been obtained).
In addition to serving the needs of law enforcement, key recovery systems find application in purely private contexts. Thus, organizations may be concerned about employees using strong encryption of crucial files where keys are not recoverable. Loss of keys may result in loss of important stored data.
The term “key recovery” encompasses mechanisms that allow authorized third parties to retrieve the cryptographic keys used for data confidentiality, with the ultimate goal of recovery of encrypted data. There are two classes of key recovery mechanisms based on the ways keys are held to enable key recovery: key escrow and key encapsulation. Key escrow techniques are based on the paradigm that the government or a trusted third party called an “escrow agent,” holds the actual user keys or portions thereof. Key encapsulation techniques, on the other hand, are based on the paradigm that a cryptographically encapsulated form of the key is made available to third parties that require key recovery; the encapsulation technique ensures that only certain trusted third parties called “recovery agents” can perform the unwrap operation to retrieve the key material buried inside. There may also be hybrid schemes that use some escrow mechanisms in addition to encapsulation mechanisms.
An orthogonal way to classify key recovery mechanisms is based on the nature of the key that is either escrowed or encapsulated. Some schemes rely on the escrow or encapsulation of long-term keys, such as private keys, while other schemes are based on the escrow or encapsulation of ephemeral keys such as session keys.
Since escrow schemes involve the actual archival of keys, they typically deal with long-term keys, in order to avoid the proliferation problem that arises when trying to archive myriad ephemeral keys. These long-term “escrowed” keys are then used to retrieve the ephemeral keys used for data confidentiality.
Key encapsulation techniques can also choose to archive the encapsulated keys, but usually they d
Chandersekaran Sekar
Malik Sohail
Muresan Michael
Vasudevan Narayanan
Barron Jr. Gilberto
International Business Machines - Corporation
Morgan & Finnegan L.L.P.
Redmond, Jr. Joseph C.
Zand Kambiz
LandOfFree
Apparatus, method, and computer program product for... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Apparatus, method, and computer program product for..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Apparatus, method, and computer program product for... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2907650