Cryptography – Key management – Key escrow or recovery
Reexamination Certificate
1998-07-07
2001-07-24
Swann, Tod (Department: 2132)
Cryptography
Key management
Key escrow or recovery
C380S282000
Reexamination Certificate
active
06266421
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a key recovery system in which an encrypted message obtained by encapsulating a data key serving as a data encryption/decryption key with a system key serving as a data encryption key is decrypted by using a master key serving as a data decryption key in accordance with a user's request, thereby decapsulating the data key.
2. Description of Related Art
A data encryption system for encrypting and decrypting data with numerical value data called as a “key” has been known as a technique for ensuring security of data such as secret (confidential) information, etc. With the data encryption system, only a user having a decryption key is able to decrypt an encrypted message.
The data such as secret information, etc. have the following characteristics.
(1) Duty of maintaining secrecy until a predetermined time is imposed under Law, Rule or Agreements. That is, it is required to hold data for a predetermined term (for example, for several years) while keeping the data encrypted.
(2) It is rare to decrypt an encrypted message and use the decrypted message. That is, if data are temporarily encrypted and saved, the data are rarely accessed afterwards.
(3) It must be ensured that data can be decrypted as occasion demands.
In the data encryption system described above, when a decryption key is lost for some reason, it is actually impossible to decrypt encrypted message. For example, when an encrypted message is held in a file or the like and after some days the data are required to be taken out, the data concerned could not be restored to original data if there is no decryption key. This is equivalent to the case where the data are lost. It is an actual possible case that a decryption key is lost. For example, it may be considered that a user erroneously deletes a file in which a decryption key is held, or in a company a person who manages a decryption key is transferred to another office or resigns from the company, so that a place at which a decryption key is held is unknown.
In the present situation, management of a key is usually entrusted to a responsible person for management of secret information. Therefore, it is expected that various problems will occur in management of keys more and more as encryption of secret information more widespread.
Accordingly, there has been proposed a key recovery system which enables accurate decryption of an encrypted message when a decryption key is lost, thereby backing up data such as secret information, etc.
In the following description, a system using a method to attach a tag to an encrypted message, which is called a “KRF (Key Recovery Field) system”, will be described as a conventional key recovery system.
FIG. 7
is a schematic diagram showing the construction of a key recovery system to which the conventional KRF system is applied. This system is implemented among plural information processing devices (for example, personal computers) which are connected to one another through a network
54
such as a LAN or the like.
In
FIG. 7
, terminals
50
a
to
50
c
are information processing devices used by users of this system, and each terminal has a function of data encryption/decryption data. This function is implemented through execution of data encryption/decryption program
504
b loaded from a magnetic disk
502
onto a memory
504
through a disk controller
506
by a CPU
502
. In
FIG. 7
, reference numeral
504
a
represents an operating system (OS), and reference numeral
505
represents a network controller for implementing communications through the network
54
. Three terminals are illustrated in
FIG. 7
, but the number of terminals is not limited to any specific value.
When a person who wishes to decrypt an encrypted message loses its decryption key, he/she can recover his/her lost key with the assistance of a key recovery center
52
which is an information processing device having a function of recovering the decryption key concerned. This function is implemented through execution of a key recovery program
524
b
and a check program
524
c
loaded from a magnetic disk
522
into a memory
524
through a disk controller
526
by a CPU
523
. In
FIG. 7
, reference numeral
524
a
represents OS, and reference numeral
525
represents a network controller for implementing communications through the network
54
.
In addition to the OS
524
a
, the key recovery program
524
b
, the check program
524
c
, a key recovery condition (RC: Recovery Condition) for judging whether a person who requests recovery of a lost decryption key has authorization to access the decryption key concerned is stored as a data base in the magnetic disk
522
.
It is now assumed that the user of each of the terminals
50
a
to
50
c
instructs his/her terminal to execute the data encryption/decryption program
504
b
thereof so that data m such as secret information or the like are encrypted with his/her private key and then saved as data in the magnetic disk
502
in FIG.
7
.
According to the KRF system, the structure of the encrypted message is as follows.
KRF |
main body of encrypted message
[RCI | KS]KRCpub |
[KS]Userpub | [m]KS
Here, KRCpub represents a public key of the key recovery center
52
. This public key is in paired relationship with a private key KRCpri of the key recovery center
52
. Userpub represents a public key of the user of each terminal, and this is in paired relationship with a private key Userpri of the user concerned. The public key and the private key mean a public key and a private key on the basis of a public key encryption algorithm such as RSA (Rivest, Shamir, Adleman) or the like.
KS represents a common key based on a common key encryption algorithm such as DES (Data Encryption Standard) or the like. RCI represents a recovery condition of a person who can recover a key, that is, a recovery condition index for specifying RC. As described above, the key recovery center
52
has a data base of RC stored in the magnetic disc
522
, and RCI is used when RC is searched from the data base.
Further, [a]b represents an encrypted message obtained by encrypting data a by using a key b. For example, [m]KS represents an encrypted message obtained by encrypting data m with a common key KS, and “|” means data coupling.
As described above, according to the KRF system, an encrypted message has a structure of addition of the main body of encrypted message ([KS]Userpub|[m]KS) with the data ([RCI|KS]KRCpub) as KRF.
When a user wishes to decrypt an encrypted message [RCI|KS]KRCpub|[KS]Userpub|[m]KS to obtain the data m, the processing is usually carried out according to the following procedure by the data encryption/decryption program
504
b.
(1) The common key KS is obtained by decrypting [KS]Userpub with the private key Userpri held by the user.
(2) The data m are obtained by decrypting [m]KS with the obtained common key KS.
The process of decrypting the encrypted message according to the above procedure is hereinafter referred to as “normal recovery”.
On the other hand, when the user of the terminal cannot decrypt the encrypted message according to the procedure of the normal recovery because the private key Userpri is lost or the like, the encrypted message is decrypted by using the common key KS which is obtained in the key management center
52
. This process is hereinafter referred to as “urgent recovery” as opposed to the usual recovery.
The processing flow of the urgent recovery will be described with reference to FIG.
8
.
FIG. 8
is a diagram showing the data flow of the urgent recovery of a key recovery system using the conventional KRF system.
(1) First, the terminal of the user transmits KRF([RCI|KS]KRCpub) added to the main body of the encrypted message through the network
54
to the key recovery cente
Ando Hiroyuki
Domyo Seiichi
Kanno Seiko
Kuroda Yasutsugu
Miyauchi Hiroshi
Antonelli Terry Stout & Kraus LLP
Hitachi Ltd
Kabakoff Steve
Swann Tod
LandOfFree
Key recovery system and key recovery method does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Key recovery system and key recovery method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Key recovery system and key recovery method will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2559754