Encrypted data recovery method using split storage key and system thereof
First Claim
1. An encrypted data recovery method in a system including a user security apparatus for encrypting a message by means of a data key, preparing enveloped data for encrypting said data key by means of a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, a key registration apparatus for managing key storage apparatus certificates and key storage information, and a key recovery apparatus for decrypting said data key by means of said split secret keys and said enveloped data, said system connected to said user security apparatus, said key registration apparatus, said key storage apparatus and said key recovery apparatus through a network, comprising:
- a key registration request step of encrypting said split secret keys by means of said public key of said key storage apparatus and requesting registration;
a key registration response step of registering said requested split secret keys, wherein said key registration response step includes a step of preparing a first identifier by means of a random number, a step of sending said first identifier to said user security apparatus, and a key storage request step that includes a step of preparing a second identifier by means of said first identifier and an identifier of said key storage apparatus;
a key storage response step of keeping each of said registered split secret keys in each of said key storage apparatuses in custody in relation to said second identifier;
a data key recovery request step of combining a plurality of partial recovery data keys prepared for each of said key storage apparatuses to decrypt said data key, wherein said data key recovery request step includes a step of calculating said second identifier by means of said first identifier sent to said user security apparatus and said identifier of said key storage apparatus; and
a data key recovery response step of partially decrypting said data key encrypted by said public key of a user and contained in said enveloped data by means of said split secret keys of said key storage apparatuses, wherein said data recovery response step includes a step of using said calculated second identifier to search for said split secret key kept in said key storage apparatus in custody.
1 Assignment
0 Petitions
Accused Products
Abstract
When a secret is encrypted and stored, it is necessary to provide a countermeasure for the situation where a key is lost (key recovery system). In the present invention, a key recovery system for an enveloped data format in which a common key is used to encrypt a plaintext (secret) and a user'"'"'s public key is used to encrypt the common key and attached to an encrypted text is provided. In the present invention, only the common key is decrypted to recover the secret without reconstruction of split secret keys kept in a plurality of key storage apparatuses.
-
Citations
22 Claims
-
1. An encrypted data recovery method in a system including a user security apparatus for encrypting a message by means of a data key, preparing enveloped data for encrypting said data key by means of a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, a key registration apparatus for managing key storage apparatus certificates and key storage information, and a key recovery apparatus for decrypting said data key by means of said split secret keys and said enveloped data, said system connected to said user security apparatus, said key registration apparatus, said key storage apparatus and said key recovery apparatus through a network, comprising:
-
a key registration request step of encrypting said split secret keys by means of said public key of said key storage apparatus and requesting registration; a key registration response step of registering said requested split secret keys, wherein said key registration response step includes a step of preparing a first identifier by means of a random number, a step of sending said first identifier to said user security apparatus, and a key storage request step that includes a step of preparing a second identifier by means of said first identifier and an identifier of said key storage apparatus; a key storage response step of keeping each of said registered split secret keys in each of said key storage apparatuses in custody in relation to said second identifier; a data key recovery request step of combining a plurality of partial recovery data keys prepared for each of said key storage apparatuses to decrypt said data key, wherein said data key recovery request step includes a step of calculating said second identifier by means of said first identifier sent to said user security apparatus and said identifier of said key storage apparatus; and a data key recovery response step of partially decrypting said data key encrypted by said public key of a user and contained in said enveloped data by means of said split secret keys of said key storage apparatuses, wherein said data recovery response step includes a step of using said calculated second identifier to search for said split secret key kept in said key storage apparatus in custody.
-
-
2. An encrypted data recovery method according to claim 1, wherein said step of sending said first identifier to said user security apparatus includes a step of issuing a public key certificate containing said first identifier.
-
3. An encrypted data recovery method according to claim 1, wherein said step of sending said first identifier to said user security apparatus including a step of outputting said first identifier to a portable medium in relation to an output time of identifier or information relative to division of said secret key.
-
4. An encrypted data recovery system comprising a user security apparatus for preparing enveloped data, a key registration apparatus, a key storage apparatus and a key recovery apparatus;
-
said user security apparatus including; key registration client means for requesting a key storage apparatus certificate and splitting a secret key of a user to register said split secret keys in said key registration apparatuses; said key registration apparatus including; key storage certificate notifying server means for producing said key storage apparatus certificate in response to said requirement thereof; key registration server means for issuing receipts of said split secret keys and transmitting received split secret keys to a plurality of key storage server means, wherein said key registration server means includes; means for preparing a first identifier, means for notifying a receipt of said secret key to said key registration client means, and means for preparing a second identifier from said first identifier and a key storage apparatus identifier; and key storage apparatus information notifying server means for producing key storage apparatus information; said key storage apparatus including; key storage server means for keeping received split secret keys in custody, wherein said key storage server means includes means for keeping said second identifier and said split secret key in relation to each other in custody; and data recovery server means for receiving an encrypted data key from data recovery client means to decrypt said encrypted data key by means of said kept split secret keys and returning partially recovered data key to said data recovery client means, wherein said data recovery sever means includes means for searching for said split secret key related to said second identifier sent from said data recovery client means; and said key recovery apparatus including; data recovery client means for requiring said key storage apparatus information to the said key storage certificate notifying server means and transmitting said encrypted data key contained in said enveloped data to a plurality of said data recovery server means, combining said data key from a plurality of said partially recovered data keys returned by said data recovery server means to decrypt a ciphertext contained in said enveloped data by means of said combined data key, wherein said data recovery client means includes means for calculating said second identifier from said receipt of said secret key and said key storage apparatus identifier.
-
-
5. An encrypted data recovery method in a system including a user security apparatus for encrypting a message by means of a data key, preparing enveloped data for encrypting said data key by means of a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, a key registration apparatus for managing key storage apparatus certificates and key storage information, and a key recovery apparatus for decrypting said data key by means of said split secret keys and said enveloped data, said system connected to said user security apparatus, said key registration apparatus, and said key storage apparatus through a network, comprising:
-
a key registration request step of encrypting said split secret keys by means of said public key of said key storage apparatus and requesting registration; a key registration response step of registering said requested split secret keys, wherein said key registration response step includes a step of preparing a first identifier by means of a random number, a step of sending said first identifier to said user security apparatus, and a key storage request step that includes a step of preparing a second identifier by means of said first identifier and an identifier of said key storage apparatus; and a key storage response step of keeping each of said registered split secret keys in each of said key storage apparatuses in custody in relation to said second identifier.
-
-
6. An encrypted data recovery method according to claim 5, wherein said step of sending said first identifier to said user security apparatus includes a step of issuing a public key certificate containing said first identifier.
-
7. An encrypted data recovery method according to claim 5, wherein said step of sending said first identifier to said user security apparatus includes a step of outputting said first identifier to a portable medium in relation to an output time of identifier or information relative to division of said secret key.
-
8. An encrypted data recovery method in a system including a user security apparatus for encrypting a message by means of a data key, preparing enveloped data for encrypting said data key by means of a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, a key registration apparatus for managing key storage apparatus certificates and key storage information, preparing a first identifier by means of a random number, and preparing a second identifier by means of said first identifier and an identifier of said key storage apparatuses, and a key recovery apparatus for decrypting said data key by means of said split secret keys and said enveloped data, said system connected to said user security apparatus, said key registration apparatus, said key storage apparatus and said key recovery apparatus through a network, comprising:
-
a data key recovery request step of combining a plurality of partial recovery data keys prepared for each of said key storage apparatuses to decrypt said data key, wherein said data recovery request step includes a step of calculating said second identifier by means of said first identifier sent to said user security apparatus and said identifier of said key storage apparatus; and a data key recovery response step of partially decrypting said data key encrypted by said public key of a user and contained in said enveloped data by means of said split secret keys of said key storage apparatuses, wherein said data recovery response step includes a step of using said calculated second identifier to search for said split secret key kept in said key storage apparatus in custody.
-
-
9. An encrypted data recovery method according to claim 8, wherein said key registration apparatus issues a public key certificate containing said first identifier.
-
10. An encrypted data recovery method according to claim 8, wherein said key registration apparatus outputs said first identifier to a portable medium in relation to an output time of identifier or information relative to division of said secret key.
-
11. An encrypted data recovery system including a user security apparatus for encrypting a message using a data key, preparing enveloped data for encrypting said data key using a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, and a key registration apparatus for managing key storage apparatus certificates and key storage information, said system connected to said user security apparatus, said key registration apparatus, and said key storage apparatus through a network, comprising:
-
key registration request means for encrypting said split secret keys using said public key of said key storage apparatus and requesting registration; key registration response means for registering said requested split secret keys, wherein said key registration response means includes means for preparing a first identifier using a random number, means for sending said first identifier to said user security apparatus, and means for preparing a second identifier using said first identifier and an identifier of said key storage apparatus; and key storage response means for keeping each of said registered split secret keys in each of said key storage apparatuses in custody in relation to said second identifier.
-
-
12. An encrypted data recovery system according to claim 11, wherein said means for sending said first identifier to said user security apparatus includes means for issuing a public key certificate containing said first identifier.
-
13. An encrypted data recovery system according to claim 11, wherein said means for sending said first identifier to said user security apparatus includes means for outputting said first identifier to a portable medium in relation to an output time of identifier or information relative to division of said secret key.
-
14. An article according to claim 11, wherein said instructions that cause said encrypted data recovery system to send said first identifier to said user security apparatus include instructions that cause said encrypted data recovery system to issue a public key certificate containing said first identifier.
-
15. An article according to claim 11, wherein said instructions that cause said encrypted data recovery system to send said first identifier to said user security apparatus include instructions that cause said encrypted data recovery system to output said first identifier to a portable medium in relation to an output time of identifier or information relative to division of said secret key.
-
16. An encrypted data recovery system including a user security apparatus for encrypting a message using a data key, preparing enveloped data for encrypting said data key using a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, a key registration apparatus for managing key storage apparatus certificates and key storage information, preparing a first identifier using a random number, sending said first identifier to said user security apparatus, and preparing a second identifier using said first identifier and an identifier of said key storage apparatuses, and a key recovery apparatus for decrypting said data key using said split secret keys and said enveloped data, said system connected to said user security apparatus, said key registration apparatus, said key storage apparatus and said key recovery apparatus through a network, comprising:
-
data key recovery request means for combining a plurality of partial recovery data keys prepared for each of said key storage apparatuses to decrypt said data key, wherein said data key recovery request means includes means for calculating said second identifier using said first identifier sent to said user security apparatus and said identifier of said key storage apparatus; and data key recovery response means for partially decrypting said data key encrypted by said public key of a user and contained in said enveloped data using said split secret keys of said key storage apparatuses, wherein said data recovery response step includes a step of using said calculated second identifier to search for said split secret key kept in said key storage apparatus in custody.
-
-
17. An encrypted data recovery system according to claim 16, wherein said key registration apparatus issues a public key certificate containing said first identifier.
-
18. An encrypted data recovery system according to claim 16, wherein said key registration apparatus outputs said first identifier to a portable medium in relation to an output time of identifier or information relative to division of said secret key.
-
19. An article comprising a medium storing instructions, wherein said article is used in an encrypted data recovery system including a user security apparatus for encrypting a message using a data key, preparing enveloped data for encrypting said data key using a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, and a key registration apparatus for managing key storage apparatus certificates and key storage information, said system connected to said user security apparatus, said key registration apparatus, and said key storage apparatus through a network, wherein said instructions cause said encrypted data recovery system to:
-
encrypt said split secret keys using said public key of said key storage apparatus and request registration; register said requested split secret keys; prepare a first identifier using a random number; send said first identifier to said user security apparatus; prepare a second identifier using said first identifier and an identifier of said key storage apparatus; and keep each of said registered split secret keys in each of said key storage apparatuses in custody in relation to said second identifier.
-
-
20. An article comprising a medium storing instructions, wherein said article is used in an encrypted data recovery system including a user security apparatus for encrypting a message using a data key, preparing enveloped data for encrypting said data key using a public key and splitting a secret key paired with said public key, a plurality of key storage apparatuses each keeping each of said split secret keys in custody, a key registration apparatus for managing key storage apparatus certificates and key storage information, preparing a first identifier using a random number, sending said first identifier to said user security apparatus, and preparing a second identifier using said first identifier and an identifier of said key storage apparatuses, and a key recovery apparatus for decrypting said data key using said split secret keys and said enveloped data, said system connected to said user security apparatus, said key registration apparatus, said key storage apparatus and said key recovery apparatus through a network, wherein said instructions cause said encrypted data recovery system to:
-
combine a plurality of partial recovery data keys prepared for each of said key storage apparatuses to decrypt said data key, calculate said second identifier using said first identifier sent to said user security apparatus and said identifier of said key storage apparatus; and partially decrypt said data key encrypted by said public key of a user and contained in said enveloped data using said split secret keys of said key storage apparatuses, wherein said calculated second identifier is used to search for said split secret key kept in said key storage apparatus in custody.
-
-
21. An article according to claim 20, wherein said key registration apparatus issues a public key certificate containing said first identifier.
-
22. An article according to claim 20, wherein said key registration apparatus outputs said first identifier to a portable medium in relation to an output time of identifier or information relative to division of said secret key.
Specification