Cryptography – Key management – Key escrow or recovery
Reexamination Certificate
1998-07-07
2001-08-07
Peeso, Thomas R. (Department: 2132)
Cryptography
Key management
Key escrow or recovery
C380S281000, C380S284000, C380S286000, C380S268000, C380S046000
Reexamination Certificate
active
06272225
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to key recovery condition encryption and decryption apparatuses and, more particularly, to key recovery condition encryption and decryption apparatuses for adding an encryption key used for encryption to protect data privacy and recovering the encrypted data.
In general, to encrypt and store data, a decryption key is required to decrypt the encrypted data. It is, however, impossible for an authentic user to decrypt the encrypted data if he loses the decryption key. A key recovery technique is known as the state-of-the-art technique for solving this problem. In a key recovery technique of this type, key information is added (appended) to the encrypted data, and the decryption key is recovered from the key information using secret information of a third-party organization.
In the key recovery technique, the key recovery condition must be set. More specifically, even if a person who illicitly acquired encrypted data by some method presents the encrypted data to the third-party organization, decryption of the illicitly acquired encrypted data must be prevented. There is therefore provided a method of adding, to key information, a key recovery condition, i.e., a condition to determine whether a person who requests key recovery has the authentic right of key recovery.
A method of encrypting a user name and adding the encrypted user name to key information is proposed as a conventional method of determining the presence or absence of the right of key recovery using such a key recovery condition, as described in File Encryption System Using Public Key Cryptography, Proceedings of the Information Processing Society of Japan, 47th, October 1993, 4-197.
U.S. Pat. No. 5,557,765 proposes a method of registering a key recovery condition in a third-party organization in advance, combining an issued registration number and an encryption key, and encrypting the combination using a public key of the third-party organization.
There is also provided still another method of causing a plurality of third-party organizations to determine the right of key recovery, and recovering the key only when all the third-party organizations admit the authentic right of key recovery. According to this method, as described in WO93/21708, data decryption key information is divided into pieces in advance, the third-party organizations obtain parts of the data decryption key from the divided pieces, and these divided pieces are collected and concatenated to allow recovery of the data decryption key.
The conventional key recovery techniques described above have the following drawbacks. According to the method of encrypting the user name and adding the encrypted user name to the key information, only the authentic user can decrypt the encrypted data. It is actually impossible to assign an agent to decrypt the encrypted data when the authentic user is absent or dead. In addition, the third party can relatively easily access the key recovery condition because the user name is used.
According to the method of registering the key recovery condition, every time a new key recovery condition is set, it must be registered in the third-party organization. The procedures including authentication in registration become cumbersome. The key recovery condition is not added to the key information.
SUMMARY OF THE INVENTION
It is an object of the present invention to provide key recovery condition encryption and decryption apparatuses capable of adding a key recovery condition having relatively complex contents to key information without registering the key recovery condition in a third-party organization.
In order to achieve the above object of the present invention, there is provided a key recovery condition encryption apparatus for encrypting a key recovery condition which determines recovery permission of a decryption key used in decrypting an encrypted message, and for adding the decrypted key recovery condition to key information, comprising hashing means for calculating a hash value on the basis of a hash function using a key recovery information text serving as information necessary for performing key recovery, first concatenating means for concatenating the hash value from the hashing means to the key recovery condition, and condition information encryption means for encrypting a concatenating result from the first concatenating means by using a first encryption key.
REFERENCES:
patent: 5201000 (1993-04-01), Matayas et al.
patent: 5557765 (1996-09-01), Lipner et al.
patent: 5631961 (1997-05-01), Mills et al.
patent: 6058188 (2000-05-01), Chandersekaran et al.
“File Encryption System Using Public Key Cryptography”, 47th Proceedings of the Information Processing Society of Japan, Oct. 1993, pp. 4-197-4-198.
Ando Hiroyuki
Domyo Seiichi
Kanno Seiko
Kuroda Yasutsugu
Miyauchi Hiroshi
Jack Todd
NEC Corporation
Peeso Thomas R.
Sughrue Mion Zinn Macpeak & Seas, PLLC
LandOfFree
Key recovery condition encryption and decryption apparatuses does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Key recovery condition encryption and decryption apparatuses, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Key recovery condition encryption and decryption apparatuses will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2442816