Cryptographic key recovery system
First Claim
1. A method of generating a cryptographic key for use by a pair of communicating parties while providing for the recovery of said key using a plurality of cooperating key recovery agents, said method comprising the steps of:
- generating a plurality of shared key parts that are shared with respective key recovery agents;
generating a nonshared key part that is not shared with any key recovery agent;
generating said key as a function of said shared key parts and said nonshared key part; and
making respective ones of said shared key parts available to said key recovery agents to facilitate said recovery of said key using said key recovery agents.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptographic key recovery system for generating a cryptographic key for use by a pair of communicating parties while simultaneously providing for its recovery using one or more key recover agents. A plurality of m-bit shared key parts (P, Q) are generated which are shared with respective key recovery agents, while an n-bit nonshared key part (R) is generated that is not shared with any key recovery agent. The shared key parts (P, Q) are combined to generate an m-bit value which is concatenated with the nonshared key part (R) to generate an (m+n)-bit value from which an encryption key is generated. The cryptographic system has the effective work factor of an n-bit key to all of the key recovery agents acting in concert, but has the effective work factor of an (m+n)-bit to any other combination of third parties. The quantity n is selected to make authorized key recovery feasible, but not so trivial as to permit routine decryption of intercepted communications, while the quantity m is selected to make decryption by unauthorized third parties infeasible. Means are provided for verifying that the shared key parts have been shared with the key recovery agents before permitting encrypted communications using the thus generated key.
-
Citations
27 Claims
-
1. A method of generating a cryptographic key for use by a pair of communicating parties while providing for the recovery of said key using a plurality of cooperating key recovery agents, said method comprising the steps of:
-
generating a plurality of shared key parts that are shared with respective key recovery agents; generating a nonshared key part that is not shared with any key recovery agent; generating said key as a function of said shared key parts and said nonshared key part; and making respective ones of said shared key parts available to said key recovery agents to facilitate said recovery of said key using said key recovery agents. - View Dependent Claims (2, 3, 4, 5, 6, 19, 20, 21, 22)
-
-
7. Apparatus for generating a cryptographic key for use by a pair of communicating parties while providing for the recovery of said key using a plurality of cooperating key recovery agents, said apparatus comprising:
-
means for generating a plurality of shared key parts that are shared with respective key recovery agents; means for generating a nonshared key part that is not shared with any key recovery agent; means for generating said key as a function of said shared key parts and said nonshared key part; and means for making respective ones of said shared key parts available to said key recovery agents to facilitate said recovery of said key using said key recovery agents. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for generating a cryptographic key for use by a pair of communicating parties while providing for the recovery of said key using a plurality of cooperating key recovery agents, said method steps comprising:
-
generating a plurality of shared key parts that are shared with respective key recovery agents; generating a nonshared key part that is not shared with any key recovery agent; generating said key as a function of said shared key parts and said nonshared key part; and making respective ones of said shared key parts available to said key recovery agents to facilitate said recovery of said key using said key recovery agents. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
23. A method of providing for the recovery of a cryptographic key using a set of key recovery agents selected from a plurality of sets of key recovery agents, each key recovery agent in a particular one of said sets cooperating with the other key recovery agents in said set to recover said key, said method comprising the steps of:
-
generating a plurality of sets of key recovery values, each of said sets of key recovery values corresponding to one of said sets of key recovery agents, each key recovery value in one of said sets corresponding to a key recovery agent in that set, each of said sets of key recovery values having the property that said cryptographic key is recoverable from the key recovery values in said set without requiring the key recovery values in any other of said sets; and making the respective key recovery values of each of said sets of key recovery values available to the corresponding key recovery agents in that set to facilitate the recovery of said key using a selected one of said sets of key recovery agents and without requiring the cooperation the key recovery agents of any other of said sets. - View Dependent Claims (24, 25)
-
-
26. Apparatus for providing for the recovery of a cryptographic key using a set of key recovery agents selected from a plurality of sets of key recovery agents, each key recovery agent in a particular one of said sets cooperating with the other key recovery agents in said set to recover said key, said apparatus comprising:
-
means for generating a plurality of sets of key recovery values, each of said sets of key recovery values corresponding to one of said sets of key recovery agents, each key recovery value in one of said sets corresponding to a key recovery agent in that set, each of said sets of key recovery values having the property that said cryptographic key is recoverable from the key recovery values in said set without requiring the key recovery values in any other of said sets; and means for making the respective key recovery values of each of said sets of key recovery values available to the corresponding key recovery agents in that set to facilitate the recovery of said key using a selected one of said sets of key recovery agents and without requiring the cooperation the key recovery agents of any other of said sets.
-
-
27. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for providing for the recovery of a cryptographic key using a set of key recovery agents selected from a plurality of sets of key recovery agents, each key recovery agent in a particular one of said sets cooperating with the other key recovery agents in said set to recover said key, said method steps comprising:
-
generating a plurality of sets of key recovery values, each of said sets of key recovery values corresponding to one of said sets of key recovery agents, each key recovery value in one of said sets corresponding to a key recovery agent in that set, each of said sets of key recovery values having the property that said cryptographic key is recoverable from the key recovery values in said set without requiring the key recovery values in any other of said sets; and making the respective key recovery values of each of said sets of key recovery values available to the corresponding key recovery agents in that set to facilitate the recovery of said key using a selected one of said sets of key recovery agents and without requiring the cooperation the key recovery agents of any other of said sets.
-
Specification