Interoperable cryptographic key recovery system
First Claim
1. A method of providing, in a manner verifiable by a possessor of a cryptographic key, for the recovery of said key using a plurality of cooperating key recovery agents, comprising the steps of:
- generating a plurality of shared key recovery values from which said key may be recovered, said key recovery values being generated as a function only of said key and public information;
encrypting said shared key recovery values under respective keys of said key recovery agents to generate encrypted recovery values; and
transmitting said encrypted recovery values over a communications channel to make said shared key recovery values available to said key recovery agents, whereby said shared key recovery values may be regenerated from said cryptographic key and said public information by a possessor of said key to verify said encrypted recovery values without requiring additional secret information.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptographic key recovery system that is interoperable with existing systems for establishing keys between communicating parties. The sender uses a reversible key inversion function to generate key recovery values P, Q and (optionally) R as a function of a session key and public information, so that the session key may be regenerated from the key recovery values P, Q and (if generated) R. Key recovery values P and Q are encrypted using the respective public recovery keys of a pair of key recovery agents. The encrypted P and Q values are included along with other recovery information in a session header accompanying an encrypted message sent from the sender to the receiver. The key recovery agents may recover the P and Q values for a law enforcement agent by decrypting the encrypted P and Q values in the session header, using their respective private recovery keys corresponding to the public keys. The R value, if generated, is not made available to the key recovery agents, but is ascertained using standard cryptanalytic techniques in order to provide a nontrivial work factor for law enforcement agents. The receiver checks the session header of a received message to ensure that the sender has included valid recovery information. Only when the receiver has verified that the sender has included valid recovery information does the receiver decrypt the received message.
-
Citations
32 Claims
-
1. A method of providing, in a manner verifiable by a possessor of a cryptographic key, for the recovery of said key using a plurality of cooperating key recovery agents, comprising the steps of:
-
generating a plurality of shared key recovery values from which said key may be recovered, said key recovery values being generated as a function only of said key and public information; encrypting said shared key recovery values under respective keys of said key recovery agents to generate encrypted recovery values; and transmitting said encrypted recovery values over a communications channel to make said shared key recovery values available to said key recovery agents, whereby said shared key recovery values may be regenerated from said cryptographic key and said public information by a possessor of said key to verify said encrypted recovery values without requiring additional secret information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. Apparatus for providing, in a manner verifiable by a possessor of a cryptographic key, for the recovery of said key using a plurality of cooperating key recovery agents, comprising:
-
means for generating a plurality of shared key recovery values from which said key may be recovered, said key recovery values being generated as a function only of said key and public information; means for encrypting said shared key recovery values under respective keys of said key recovery agents to generate encrypted recovery values; and means for transmitting said encrypted recovery values over a communications channel to make said shared key recovery values available to said key recovery agents, whereby said shared key recovery values may be regenerated from said cryptographic key and said public information by a possessor of said key to verify said encrypted recovery values without requiring additional secret information. - View Dependent Claims (28, 29)
-
-
30. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for providing, in a manner verifiable by a possessor of a cryptographic key, for the recovery of said key using a plurality of cooperating key recovery agents, said method steps comprising:
-
generating a plurality of shared key recovery values from which said key may be recovered, said key recovery values being generated as a function only of said key and public information; encrypting said shared key recovery values under respective keys of said key recovery agents to generate encrypted recovery values; and transmitting said encrypted recovery values over a communications channel to make said shared key recovery values available to said key recovery agents, whereby said shared key recovery values may be regenerated from said cryptographic key and said public information by a possessor of said key to verify said encrypted recovery values without requiring additional secret information. - View Dependent Claims (31, 32)
-
Specification