Cryptography – Key management – Key escrow or recovery
Reexamination Certificate
1998-03-26
2001-02-06
Swann, Tod R. (Department: 2767)
Cryptography
Key management
Key escrow or recovery
C380S044000, C380S279000, C380S281000, C713S162000, C713S182000, C713S168000, C713S171000
Reexamination Certificate
active
06185308
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a key recovery system for recovering a key to an encrypted sentence in an emergency when an operator on the user side is absent, when a user loses his or her private key, etc. in encrypting data using a key and storing the encrypted data as an encrypted sentence.
2. Description of the Related Art
There are two methods of realizing a key recovery system, that is, a method of previously depositing a key of each user; and a method of encrypting a data key using a system key. The present invention relates to a key recovery system according to the latter method.
When data is encrypted, each user encrypts, using a preliminarily obtained system key (hereinafter referred to as a public key), a key for use in encrypting data (hereinafter referred to as a data key), and stores the encrypted data, the encrypted data key, and a recovery condition as key recovery information.
The above described public key is obtained from at least one key recovery device (also referred to as a key recovery center).
When the user possesses a private key, the user decrypts encrypted data by decrypting using a private key a data key encrypted using the user's public key. If the user has lost the private key or the third party urgently needs to decrypt the encrypted data, key recovery information attached to the encrypted data is retrieved and is transmitted to the key recovery device in order to recover the data key through the key recovery device.
The key recovery device refers to the key recovery information, checks whether or not a recoverer who attempts recovery has a recovery right. If yes, the data key is recovered from the key recovery information, and is output to the recoverer.
In the conventional key recovery system, a key recovery device has a private key, and therefore can recover all encrypted sentences provided with the key recovery information encrypted using its public key. To avoid this, it is necessary to distribute the recovery ability of the key recovery device. Thus, a plurality of key recovery devices are provided, and key recovery information is generated from a plurality of public keys of the plurality of key recovery devices so that a key cannot be recovered without obtaining agreements of all key recovery devices.
FIG. 1
shows the SKR (secure key recovery) system of IBM as an example of the conventional technology. As shown in
FIG. 1
, the system includes a key recovery service provider
1
. A recoverer device
2
is checked by the key recovery service provider
1
for authentication. If the key recovery service provider
1
has authenticated the recoverer device
2
, then the key recovery service provider
1
transmits key recovery information to a key recovery device
3
, each of the key recovery devices
3
recovers key information, and the key is returned to the recoverer device
2
through the key recovery service provider
1
based on the key information.
According to the conventional system shown in
FIG. 1
, a data key is recovered based on the authentication between the key recovery service provider
1
and the recoverer device
2
. Therefore, if a sentence encrypter specifies a recovery condition for each key recovery device, the key recovery service provider
1
may not perform an authenticating process depending on a key recovery device due to a large overhead, resulting in an impossible key recovery.
If the key recovery service provider
1
illegally authenticates a recoverer, there is the problem that all encrypted sentences are recovered by the key recovery service provider
1
.
SUMMARY OF THE INVENTION
The present invention aims at providing a key recovery system for allowing a recoverer device and a key recovery device to directly authenticate a recoverer in order to provide a key for the recoverer device based on the authentication although direct communications between the recoverer device and all key recovery devices are not performed and in other words, all the communications between the recoverer device and all key recovery devices are performed through the key recovery service provider.
To solve the above described problems with the conventional technology, the key recovery service provider is replaced with a key recovery information distribution device. The key recovery information distribution device manages all information about relevant key recovery devices, and enables the communications between a recoverer device and the key recovery devices to be established at a request of the recoverer device. However, the key recovery information distribution device does not authenticate any recoverer device. A recoverer device is authenticated directly by a key recovery device. In this case, the key recovery information distribution device establishes communications between the key recovery device and the recoverer device. Based on the authentication, a key recovery system for finally providing a data key for the recoverer device can be obtained.
According to an aspect of the present invention, a key recovery system stores encrypted data, a data key encrypted by a public key, and key recovery information. It normally recovers the encrypted data using the data key. However, when there is no key for decrypting the data key, the key recovery system retrieves the data key from the key recovery information added to the encrypted data, and decrypts the encrypted data. The key recovery system includes a recoverer device for requesting key recovery; a key recovery information distribution device for providing a communications line for a key recovery device at a recovery request; and at least one key recovery device for decrypting and retrieving all or a part of a data key from key recovery information, and authenticating a recoverer directly with the recoverer device.
According to another aspect of the present invention, a key recovery system includes a recoverer device for storing an encrypted sentence with key recovery information, transmitting a key recovery request when it is issued, transmitting authentication response information corresponding to authentication information input by a key recoverer when an authentication request is received, and recovering the data key when key information is received; a key recovery information distribution device for obtaining access information about a key recovery device according to key recovery information from a database when the key recovery information is received from the recoverer device, transmitting the authentication request to the recoverer device when the authentication request is received, transmitting an authentication response to the key recovery device when the authentication response is received from the recoverer device, and transmitting key information to the recoverer device when the key information is received; and a key recovery device for obtaining the key information from the key recovery information when the key recovery information is received, transmitting the authentication request using the key information to the recoverer device through the key recovery information distribution device, verifying the authentication response when the authentication response is received from the recoverer device, and transferring the key information to the recoverer device through the key recovery information distribution device when the verification result is correct.
According to a further aspect of the present invention, a key recovery system includes a recoverer device for requesting recovery of a data key; a key recovery information distribution device for providing a communications line for a corresponding key recovery device at a request for key recovery; at least one key recovery device for decrypting and retrieving a part of data key information from key recovery information; a unit for transmitting the key recovery information from the key recoverer device to each of the key recovery devices through the key recovery information distribution device in order to recover the data key and a recovery condition; a unit for al
Ando Hiroyuki
Domyo Seiichi
Kanno Seiko
Kuroda Yasutsugu
Miyauchi Hiroshi
Fujitsu Limited
Staas & Halsey , LLP
Sulpizio Ronald
Swann Tod R.
LandOfFree
Key recovery system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Key recovery system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Key recovery system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2566995