Cryptography – Key management – Key escrow or recovery
Reexamination Certificate
1997-11-14
2002-01-01
Swann, Tod R (Department: 2767)
Cryptography
Key management
Key escrow or recovery
Reexamination Certificate
active
06335972
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to a cryptographic key recovery system and, more particularly, to a flexible key recovery system that is based on a framework.
2. Description of the Related Art
Copending US Patent Application of D. B. Johnson et al., Ser. No. 08/629,815, filed Apr. 10, 1996, entitled “Cryptographic Key Recovery System” (“Johnson et al. I”), assigned to the International Business Machines Corporation, is incorporated herein by reference. This cited patent application describes a key recovery system using multiple key recovery agents.
Copending application of D. B. Johnson et al., Ser. No. 08/681,679, filed Jul. 29, 1996, entitled “Interoperable Cryptographic Key Recovery System” (“Johnson et al. II”), assigned to the International Business Machines Corporation, is incorporated herein by reference. This cited patent application describes another key recovery system.
1. Background
In recent times, cryptography has come into widespread use in meeting multiple security needs, such as confidentiality, integrity, authentication and non-repudiation [SCHN, MENE]. The use of cryptographic products for confidentiality creates the need for supporting conflicting requirements between users and their respective governments or enterprises. While users have a legitimate need to establish and maintain confidentiality of their data and communications, governments and enterprises have, at times, a legitimate need to intercept and recover such confidential data and communications under proper legal conditions. This conflict becomes especially apparent when users' applications begin to use strong encryption techniques, which can either be too expensive or impossible to break within reasonable time.
Some governments such as the US, Canada, and France, impose controls on the export and foreign dissemination of cryptographic products on the premise that they are critical to national security and foreign policy interests. This is a major hindrance for manufacturers and vendors of cryptographic products since the market for their encryption products is severely restricted by such jurisdiction-based controls. To mitigate this, key recovery techniques have been proposed as a means to relax export controls on cryptographic products. Certain governments, such as the US, now have a stated policy that strong encryption based products can be licensed for general purpose export if they can be shown to incorporate an acceptable mechanism for key recovery. Adoption of such a policy enables cryptographic product vendors to develop a single international version of their product that contains strong encryption along with some technique for key recovery.
Key recovery mechanisms serve other useful purposes as well. They may be used by individuals to recover lost or corrupted keys; they may be used by enterprises to deter corporate insiders from using encryption to bypass the corporate security policy regarding the flow of proprietary information. Corporations may also use key recovery mechanisms to recover employee keys in certain situations, e.g. in the employees absence. Finally, the use of key recovery mechanisms in web based transactional scenarios can serve as an additional technique of non-repudiation and audit, that may be admissible in a court of law. Thus, there appear to be added incentives—beyond those of satisfying the governments needs—for the incorporation as well as adoption of key-recovery mechanisms in local and distributed encryption based systems.
Several vendors, such as Hewlett Packard, Trusted Information Systems and others have or are developing exportable cryptographic systems based on key recovery techniques. Most currently available or proposed architectures for key-recovery-enabled cryptographic systems are somewhat restrictive and inflexible. The design of some of these products is based on restrictive assumptions such as all users need to be certified under a common public key infrastructure (PK). Others products are very inflexible since they bundle a specific key recovery mechanism with a specific key transport mechanism or a specific cryptographic engine. Others support a single proprietary key recovery mechanism, which may not be acceptable for export to certain jurisdictions that choose not to adopt or legislatively support that key recovery mechanism. To avoid these and possibly other limitations, we propose an architecture for key-recovery-enabled cryptographic systems that has the potential to support a wide variety of key recovery mechanisms and cryptographic mechanisms under a common uniform framework. The additional benefits of such a framework-based solution, is that it is not tied to any particular communications protocol or key transport mechanism, and can be adapted to conform to any jurisdiction-based, key-recovery policy.
1.1. Key Recovery Nomenclature
Denning and Branstad [DENN], present a taxonomy of key escrow systems. In this document, a different scheme of nomenclature was adopted in order to exhibit some of the finer nuances of key recovery schemes. The term key recovery encompasses mechanisms that allow authorized parties to retrieve the cryptographic keys used for data confidentiality, with the ultimate goal of recovery of encrypted data. The remainder of this section will discuss the various types of key recovery mechanisms, the phases of key recovery, and the policies with respect to key recovery.
1.1.1. Key Recovery Types
There are two classes of key recovery mechanisms based on the way keys are held to enable key recovery: key escrow and key encapsulation. Key escrow techniques are based on the paradigm that the government or a trusted party called an escrow agent, holds the actual user keys or portions thereof Key encapsulation techniques, on the other hand, are based on the paradigm that a cryptographically encapsulated form of the key is made available to parties that require key recovery; the encapsulation technique ensures that only certain trusted third parties called recovery agents can perform the unwrap operation to retrieve the key material buried inside. There may also be hybrid schemes that use some escrow mechanisms in addition to encapsulation mechanisms.
An orthogonal way to classify key recovery mechanisms is based on the nature of the key that is either escrowed or encapsulated. Some schemes rely on the escrow or encapsulation of long-term keys, such as private keys, while other schemes are based on the escrow or encapsulation of ephemeral keys such as bulk encryption keys. Since escrow schemes involve the actual archival of keys, they typically deal with long-term keys, in order to avoid the proliferation problem that arises when trying to archive the nyriad ephemeral keys. Key encapsulation techniques, on the other hand, usually operate on the ephemeral keys.
For a large class of key recovery (escrow as well as encapsulation) schemes, there are a set of key recovery fields that accompany an enciphered message or file. These key recovery fields may be used by the appropriate authorized parties to recover the decryption key and or the plaintext. Typically, the key recovery fields comprise information regarding the key escrow or recovery agent(s) that can perform the recovery operation; they also contain other pieces of information to enable recovery.
In a key escrow scheme for long-term private keys, the “escrowed” keys are used to recover the ephemeral data confidentiality keys. In such a scheme, the key recovery fields may comprise the identity of the escrow agent(s), identifying information for the escrowed key, and the bulk encryption key wrapped in the recipients public key (which is part of an escrowed key pair); thus the key recovery fields include the key exchange block in this case. In a key escrow scheme where bulk encryption keys are archived, the key recovery fields may comprise information to identity the escrow agent(s), and the escrowed key for that enciphered message.
In a typical key encapsulation scheme for ephemeral bulk encryption keys,
Chandersekaran Sekar
Gupta Sarbari
Smithers Mathew
Swann Tod R
LandOfFree
Framework-based cryptographic key recovery system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Framework-based cryptographic key recovery system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Framework-based cryptographic key recovery system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2836146