Cryptography – Key management – Key escrow or recovery
Reexamination Certificate
1997-11-26
2001-06-12
Swann, Tod (Department: 2132)
Cryptography
Key management
Key escrow or recovery
Reexamination Certificate
active
06246771
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to an encryption system and method, and in particular to a system and method for recovering a session key so as to provide access by an authorized third party to data encrypted by the session key, the system and method being capable of use with a variety of strong encryption software, thereby enabling the strong encryption software to comply with U.S. encryption technology export restrictions.
The invention also relates to procedures for ensuring that only certified parties will have access to the recreated session keys and decrypted data, thereby protecting the privacy of all non-suspect communications utilizing the subject software, as well as of the information contained in the suspect communications.
2. Description of Related Art
The principal problem addressed by the invention is the problem of providing strong encryption software to protect sensitive communications while affording legal authorities access to the communications in order to comply with U.S. Government regulations concerning the export of encryption software.
Export of encryption products from the United States of America is controlled by the U.S. Government's Bureau of Export Administration (BXA) in the Commerce Department. In December of 1996, the rules for export of encryption products were modified so that it became possible, in some circumstances, for U.S. manufacturers of encryption products to ship software/hardware components that utilize “strong” encryption algorithms, i.e., symmetric algorithms with key sizes larger than 56 bits, so long as recovery of the encrypted data, or the keys protecting the data, were available to law enforcement agents to satisfy investigatory requirements.
The mechanisms anticipated by the government that would satisfy the regulations were generally classified as “Trusted Third Party” services, wherein a separate organization would provide escrow, or recovery services, to customers wishing to employ strong encryption to protect electronic commerce transactions, the customers being required to prepend to the file an encrypted version of the session key so as to enable recovery by a third party in possession of the key necessary to decrypt the encrypted session key. However, the regulations also left open the possibility that an organization could perform its own escrow services, i.e., provide for recovery of session keys by decrypting the “key recovery keys” or law enforcement fields containing the keys, if safeguards concerning certification of the parties involved in the escrow services could be implemented, so as to meet the requirements without potentially exposing data to a third party.
The present invention takes another approach, which permits the organization to manage its own key recovery services, but which is fundamentally different from prior third or first party escrow approaches in that modification of the encryption software to provide for a key recovery key or law enforcement field is not required. Instead of providing for recovery of an encrypted session key through the use of a key recovery or escrow agent with the ability to decrypt the key recovery key, the present invention recreates the original key exchange process with the assistance of the authentication server to recover the session key based on a recording of clear text or non-encrypted data exchanged during the handshaking procedure by which the original session key was generated.
Like the escrow approach, the system and method of the invention can be applied to situations in which a communication contains data encrypted by a session key unique to the communication. The system and method of the invention utilizes the property of certain encryption systems, to which the present invention is applicable, that a recording of the suspect communication, which can be made without the knowledge of the parties to the communication using wiretapping and similar methods, will include all information necessary to generate the session key, including clear text session-specific values in the case of a shared secret key encryption protocol, or the original key exchange ticket in the case of public/private key cryptosystem based key exchange procedures. Where the shared secret key used to generate the session key, or the private key used to decrypt a session key contained in a recorded key exchange or authorization ticket is held in a database protected by an authentication server, access to the shared secret key or private key can easily be provided by a secured communications link to the server.
Significantly, unlike the previously proposed escrow approaches, the present invention also has the advantage that it can be implemented without modifying the underlying encryption software, there being no need to modify the software to generate the key recovery key, law enforcement field of a transmission, or the like, which eliminates the possibility of tampering by the parties to the suspect communication, and enables the method and system of the invention to be adapted for use with a wide variety of existing encryption software, including software already being marketed in the U.S. but not otherwise exportable.
Despite the capability of recovering session keys used in strong encryption systems, the system and method of the invention is capable of being implemented using simple Windows™ based software running on a laptop or notebook computer, in conjunction with a smartcard reader or similar device, and can be provided by the vendor to the customer or licensee in the form of a software and hardware “kit,” upon BXA approval, which involves certification of the various persons responsible for the key recovery functions, and does not require any modification of the basic encryption system to which access is required, allowing a variety of existing strong encryption software to be approved for export simply by licensing the encryption software with the appropriately adapted “kit” and certifying appropriate personnel of the customer.
As indicated above, the invention is to be distinguished from prior key recovery methods, such as the ones described in copending U.S. Ser. No. 08/892,947, assigned to V-One Corporation, and in U.S. Pat. Nos. 5,557,346 and 5,557,765, assigned to Trusted Information Systems, which involve encrypting the session key by means of the public key of a public/private key cryptosystem, the private key to which is held by the key recovery agent in order to permit the session key to be recovered, and prepending the resulting “key recovery key” or “law enforcement access field” to the encrypted file or transmission.
Because, unlike third party escrow-based session key recover methods, the present invention requires that the key recovery agent request the authentication server to again generate the session key, the present invention also relates to ensuring that the key recovery agent is properly certified and authenticated, and that all communications involving retrieval of session keys, or information protected thereby, are properly secured.
It will be appreciated that the invention can be used in connection with any system or method in which the session key is generated by an exchange of clear text data between clients, and in which the secret or private keys used to generate the session key based on the clear text data are stored at a location and in a manner accessible to the customer. An example of such a system is the SmartGate™ system offered by V-One Corporation, and described in U.S. Pat. No. 5,602,918, herein incorporated by reference. Other systems to which the invention is applicable include SSL ticket-based key exchange procedures and procedures based on the Diffie-Hellman method.
For example, in the SmartGate™ system, which is described herein in order to illustrate one particular application of the invention, and is not intended to be limiting, the client initiating the communication sends its user ID via a client node to an authentication server, which retrieves a shared secret key associated with the u
Brook Christopher T.
Loane Russell F.
Stanton Leroy K.
Wright Steven R.
Bacon & Thomas PLLC
Meislahn Douglas
Swann Tod
V-ONE Corporation
LandOfFree
Session key recovery system and method does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Session key recovery system and method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Session key recovery system and method will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2478425