Key recovery system
First Claim
Patent Images
1. A key recovery system for storing encrypted data and key recovery information containing a data key for providing said encrypted data, retrieving the data key from the key recovery information, and decrypting the encrypted data, comprising:
- a recoverer device for providing a recovery request for said data key from a recoverer;
a key recovery information distribution device for providing a communications line in response to said recovery request; and
at least one key recovery device, connected to said recovery device through said communications line, for decrypting all or a part of the data key in the key recovery information, authenticating said recoverer by communicating directly with said recoverer device through said communications line or a direct connection line between said recoverer device and said key recovery device, and providing key information corresponding to said data key to said recoverer device.
1 Assignment
0 Petitions
Accused Products
Abstract
A key recovery information distribution device is provided between a recoverer device and a key recovery device, recovers a data key for the recoverer device, and reduces the load of the recoverer device. Data is encrypted using the data key and stored with key recovery information. The recoverer device which decrypts the encrypted data distributes the key recovery information to key recovery devices through the key recovery information distribution device to recover key information. A recoverer is authenticated directly between the key recovery device and the recoverer device, and then the key information is transmitted to the recoverer device, and the recoverer device recovers the data key.
-
Citations
35 Claims
-
1. A key recovery system for storing encrypted data and key recovery information containing a data key for providing said encrypted data, retrieving the data key from the key recovery information, and decrypting the encrypted data, comprising:
-
a recoverer device for providing a recovery request for said data key from a recoverer;
a key recovery information distribution device for providing a communications line in response to said recovery request; and
at least one key recovery device, connected to said recovery device through said communications line, for decrypting all or a part of the data key in the key recovery information, authenticating said recoverer by communicating directly with said recoverer device through said communications line or a direct connection line between said recoverer device and said key recovery device, and providing key information corresponding to said data key to said recoverer device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
said recoverer is authenticated using a message encrypted by a session key shared between said recoverer device and said key recovery device. -
3. The system according to claim 1, wherein
said key recovery information further comprises a key recovery condition. -
4. The system according to claim 1, wherein
said data key is encrypted using a public key obtained from said key recovery device and stored as the key recovery information in said recoverer device; - said encrypted data is normally decrypted using the data key, but when there is no private key opposing to said public key in said recoverer device, the data key is decrypted according to the key recovery information.
-
5. The system according to claim 1, wherein
said key recovery information further comprises a key recover condition; - said recovery request is transmitted to said key recovery device through said key recovery information distribution device;
said recoverer is authenticated directly between said recoverer device and said key recovery device according to a recovery condition through said key recovery information distribution device;
when said recoverer is authenticated, said key recovery device transmits key information to said recoverer device through said key recovery information distribution device; and
said recoverer device recovers said data key according to the key information.
- said recovery request is transmitted to said key recovery device through said key recovery information distribution device;
-
6. The system according to claim 5, wherein
said recoverer is authenticated according to a message encrypted by a session key shared between said recoverer device and said key recovery device. -
7. The system according to claim 5, wherein
said key information transmitted from said key recovery device to said recoverer device is encrypted by a session key common between said key recovery device and said recoverer device. -
8. The system according to claim 5, wherein
said recoverer device recovers data based on the data key. -
9. The system according to claim 5, wherein
said recoverer is authenticated through said direct connection line between said recoverer device and said key recovery device without said key recovery information distribution device. -
10. The system according to claim 9, wherein
said recoverer device recovers data based on said data key. -
11. The system according to claim 1, wherein
said key recovery information further comprises a key recovery condition; - a recover request is transmitted to said key recovery device through said key recovery information distribution device;
said recoverer is authenticated directly between said recoverer device and said key recovery device according to a recovery condition through said key recovery information distribution device;
when said recoverer is authenticated, said key recovery information distribution device obtains the key information from said key recovery device; and
said key recovery information distribution device recovers the data key according to the key information, and transmits the data key to said recoverer device.
- a recover request is transmitted to said key recovery device through said key recovery information distribution device;
-
12. The system according to claim 11, wherein
said recoverer is authenticated through a direct connection line between said recoverer device and said key recovery device without said key recovery information distribution device. -
13. The system according to claim 1, wherein
said key recovery information further comprises an ID of said key recovery device. -
14. The system according to claim 1, wherein
authority for said key recovery information is distributed in a parallel method to each key recovery device. -
15. The system according to claim 1, wherein
said key recovery information distribution device comprises as a database an ID of said key recovery device, a name of each key recovery device, an access address of each key recovery device, and a correspondence table of a communications protocol.
-
-
16. A key recovery system comprising:
-
a recoverer device for storing an encrypted sentence with key recovery information, transmitting a key recovery request when the key recovery request is received, transmitting authentication response information by a key recoverer'"'"'s inputting authentication information when an authentication request is received, and recovering a key when key information is received;
a key recovery information distribution device for obtaining access information according to the key recovery information and distributing the key recovery information when the key recovery information is received from said recoverer device, transmitting an authentication request to said recoverer device when the authentication request is received, transmitting an authentication response when the authentication response is received from said recoverer device, and transmitting the key information to said recoverer device when the key information is received; and
at least one key recovery device, which is accessed based on said access information by said key recovery information distribution device, for obtaining the key information from the key recovery information when the key recovery information is received, decrypting a recovery condition according to the key information, transmitting the authentication request based on the recovery condition to said recoverer device through said key recovery information distribution device, authenticating a recoverer directly with said recoverer device by verifying the authentication response when the authentication response is received from said recoverer device, and transferring the key information to said recoverer device through said key recovery information distribution device when the recoverer is successfully authenticated.
-
-
17. A recoverer device, which is used in a key recovery system for recovering a key by distributing key recovery information from the recoverer device to at least one key recovery device through a key recovery information distribution device, comprising means for storing an encrypted sentence with the key recovery information, means for authenticating a recoverer directly with the key recovery device by transmitting a key recovery request when the key recovery request is received, means for transmitting authentication response information by the recoverer'"'"'s inputting authentication information when an authentication request is received, and means for recovering the key when key information is received.
-
18. A key recovery information distribution device, which is used in a key recovery system for recovering a key by distributing key recovery information from the recoverer device to at least one key recovery device through the key recovery information distribution device, comprising means for obtaining access information about the key recovery device from a database according to the key recovery information when the key recovery information is received from the recoverer device, means for transmitting an authentication request to the recoverer device when the authentication request is received, means for transmitting an authentication response to the key recovery device when the authentication response is received from the recoverer device in response to the authentication request, and means for transmitting key information to the recoverer device when the key information is received.
-
19. A key recovery device, which is used in a key recovery system for recovering a key by distributing key recovery information from a recoverer device to at least one key recovery device through a key recovery information distribution device, comprising means for obtaining the key from the key recovery information when the key recovery information is received, decrypting a recovery condition using the key, means for transmitting to the recoverer device an authentication request based on the recovery condition, verifying an authentication response when the authentication response is received from the recoverer device, and means for transferring key information to the recoverer device when the authentication response is successfully verified.
-
20. A key recovery system comprising:
-
a recoverer device for providing a key recovery request for a data key from a recoverer;
a key recovery information distribution device for providing a communications line in response to the key recovery request;
at least one key recovery device, connected to said recoverer device through said communications line, for decrypting the data key or data key information in key recovery information;
means for transmitting the key recovery information from said recoverer device to each key recovery device through said communications line, and recovering the data key and a recovery condition;
means for authenticating said recoverer by direct communications between said recoverer device and said key recovery device under the recovery condition; and
means for transmitting to said recoverer device the data key or the data key information recovered by said key recovery device when the recoverer is authenticated.
-
-
21. A key recovery method comprising:
-
a recoverer step for storing encrypted data and key recovery information comprising an encrypted data key and a recovery condition, and providing a key recovery request for the data key when there is no key for decrypting the data key;
a key recovery information distributing step for providing a communications line in response to said recovery request; and
at least one key recovery step, corresponding to said key recovery information distributing step, for decrypting the data key or a part of the data key in the key recovery information and authenticating a recoverer by communicating directly with said recoverer step through said communications line or a direct connection line between said recoverer step and said key recovery step.- View Dependent Claims (22, 23)
said recovery request is transmitted to said key recovery step through said key recovery information distributing step, said recoverer is authenticated according to the recovery condition directly between said recoverer step and said key recovery step through said key recovery information distributing step; - a key recovery step transmits key information through said key recovery information distributing step when the recoverer is successfully authenticated; and
said recoverer step recovers a key according to the key information.
-
23. The method according to claim 21, wherein
said recovery request is transmitted to said key recovery step through said key recovery information distributing step, said recoverer is authenticated according to the recovery condition directly between said recoverer step and said key recovery step through said key recovery information distributing step; - said key recovery information distributing step obtains key information from said key recovery step when the recoverer is successfully authenticated; and
said key recovery information distributing step recovers the key according to the key information, and transmits the key to said recoverer step.
- said key recovery information distributing step obtains key information from said key recovery step when the recoverer is successfully authenticated; and
-
-
24. A key recovery method comprising:
-
a recoverer step for storing an encrypted sentence with key recovery information, transmitting a key recovery request when the key recovery request is received, transmitting authentication response information by a key recoverer'"'"'s inputting authentication information when an authentication request is received, and recovering a key when key information is received;
a key recovery information distributing step for obtaining access information about a key recovery step from a database according to the key recovery information and distributing the key recovery information to the key recovery step when the key recovery information is received from said recoverer step, and transmitting the key information to said recoverer step when the key information is received; and
key recovery step for obtaining the key information when the key recovery information is received, transmitting an authentication request to said recoverer step through said key recovery information distributing step, verifying an authentication response when the authentication response is received from said recoverer step, and transferring the key information to said recoverer step through said key recovery information distributing step when the authentication response is successfully verified.
-
-
25. A key recovery method for recovering a data key when there is no key for decrypting the data key using a recoverer device for providing a key recovery request for the data key from a recoverer, a distribution device for providing a communication line for a corresponding key recovery device in response to said key recovery request, and at least one key recovery device for decrypting a part of data key information in key recovery information, said method comprising the steps of:
-
transmitting the key recovery information from the recoverer device to each key recovery device through said communications line to recover the data key and a recovery condition;
authenticating said recoverer by direct communications between the recoverer device and the key recovery device under the recovery condition; and
transmitting the key recovered by the key recovery device to the recoverer device when the recoverer is successfully authenticated.
-
-
26. A computer-readable storage medium used to direct a computer to perform:
a recoverer function for storing encrypted data and key recovery information comprising a data key encrypted using a public key and a recovery condition, normally recovering the encrypted data using the data key, but providing a key recovery request for the data key when there is no key for decrypting the data key;
a key recovery information distributing function for providing a communications line for a corresponding key recovery function in response to said key recovery request; and
at least one key recovery function for decrypting the data key or a part of the data key in the key recovery information and authenticating a recoverer by communicating directly with said recoverer function through said communications line or a direct connection line between said recoverer function and siad key recovery function.
-
27. A computer-readable storage medium used to direct a computer to perform:
-
a recoverer function for storing an encrypted sentence with key recovery information, transmitting a key recovery request when the key recovery request is received, transmitting authentication response information by a key recoverer'"'"'s inputting authentication information when an authentication request is received, and recovering a key when key information is received;
a key recovery information distributing function for obtaining access information about a key recovery function from a database according to the key recovery information and distributing the key recovery information to the key recovery function when the key recovery information is received from said recoverer function, transmitting an authentication request to said recoverer function when the authentication request is received, transmitting an authentication response to the recoverer function when the authentication response is received from said recoverer function in response to the authentication request, and transmitting the key information to said recoverer function when the key information is received; and
key recovery function for obtaining the key information when the key recovery information is received, transmitting an authentication request to said recoverer function through said key recovery information distributing function, authenticating a recoverer directly with said recoverer function by verifying an authentication response when the authentication response is received from said recoverer function, and transferring the key information to said recoverer function through said key recovery information distributing function when the authentication response is successfully verified.
-
-
28. A computer-readable storage medium used to direct a computer to perform:
-
a recoverer function for providing a key recovery request for a data key from a recoverer;
a key recovery information distributing function for providing a communication line for a corresponding key recovery function in response to the key recovery request;
at least one key recovery function for decrypting a part of data key information in key recovery information;
a function of transmitting the key recovery information from the recoverer function to each key recovery function through said communications line to recover the data key and a recovery condition;
a function of authenticating said recoverer by direct communication between said recoverer function and said key recovery function under the recovery condition; and
a function of transmitting the key recovered by said key recovery function to said recoverer function when the recoverer is successfully authenticated.
-
-
29. A computer-readable storage medium used to direct a computer to perform the function of:
storing an encrypted sentence with key recovery information, authenticating a recoverer directly with a key recovery function by transmitting a key recovery request when the key recovery request is received, transmitting authentication response information by a key recoverer'"'"'s inputting authentication information when an authentication request is received, and recovering a key when key information is received.
-
30. A computer-readable storage medium used to direct a computer to perform the function of:
a key recovery information distributing function for obtaining access information about a key recovery function from a database according to the key recovery information when the key recovery information is received from said recoverer function, transmitting an authentication request to said recoverer function when the authentication request is received, authenticating a recoverer directly between the recoverer function and the key recovery function by transmitting an authentication response to the key recovery function when the authentication response is received from said recoverer function in response to the authentication request, and transmitting the key information to said recoverer function when the key information is received.
-
31. A computer-readable storage medium used to direct a computer to perform:
a key recovery function for obtaining a key from key recovery information when the key recovery information is received, decrypting a recovery condition using the key, transmitting an authentication request based on the recovery condition to said recoverer function, authenticating a recoverer directly between the recoverer function and a key recovery function by verifying an authentication response when the authentication response is received from the recoverer function, and transferring the key information to the recoverer function when the recoverer is successfully authenticated.
-
32. A key recovery system for storing encrypted data and key recovery information containing data key for providing said encrypted data, retrieving the data key from the key recovery information, and decrypting the encrypted data, comprising:
-
a recoverer device for providing a recovery request for said data key from a recoverer;
a key recovery information distribution device for providing a communications line in response to said recovery request; and
at least one key recovery device, connected to said communications line, for decrypting and retrieving all or a part of the data key from the key recovery information, authenticating said recoverer directly with the recoverer device, and providing key information corresponding to said data key to said recoverer device, wherein said key recovery information further comprises a key recovery condition;
a recover request is transmitted to said key recovery device through said key recovery information distribution device;
said recoverer is authenticated directly between said recoverer device and said key recovery device according to a recovery condition through said key recovery information distribution device;
when said recoverer is authenticated, said key recovery information distribution device obtains the key information from said key recovery device; and
said key recovery information distribution device recovers the data key according to the key information, and transmits the data key to said recoverer device, andwherein said key recovery information distribution device recovers data based on said data key.
-
-
33. A key recovery system for storing encrypted data and key recovery information containing data key for providing said encrypted data, retrieving the data key from the key recovery information, and decrypting the encrypted data, comprising:
-
a recoverer device for providing a recovery request for said data key from a recoverer;
a key recovery information distribution device for providing a communications line in response to said recovery request; and
at least one key recovery device, connected to said communications line, for decrypting and retrieving all or a part of the data key from the key recovery information, authenticating said recoverer directly with the recoverer device, and providing key information corresponding to said data key to said recoverer device, wherein said key recovery information further comprises a key recovery condition;
a recover request is transmitted to said key recovery device through said key recovery information distribution device;
said recoverer is authenticated directly between said recoverer device and said key recovery device according to a recovery condition through said key recovery information distribution device;
when said recoverer is authenticated, said key recovery information distribution device obtains the key information from said key recovery device; and
said key recovery information distribution device recovers the data key according to the key information, and transmits the data key to said recoverer device, andwherein said recoverer is authenticated through a direct connection line between said recoverer device and said key recovery device without said key recovery information distribution device, and further wherein said key recovery information distribution device recovers data based on said data key.
-
-
34. A key recovery system for storing encrypted data and key recovery information containing data key for providing said encrypted data, retrieving the data key from the key recovery information, and decrypting the encrypted data, comprising:
-
a recoverer device for providing a recovery request for said data key from a recoverer;
a key recovery information distribution device for providing a communications line in response to said recovery request; and
at least one key recovery device, connected to said communications line, for decrypting and retrieving all or a part of the data key from the key recovery information, authenticating said recoverer directly with the recoverer device, and providing key information corresponding to said data key to said recoverer device, wherein authority for said key recovery information is distributed in a serial method to each key recovery device.
-
-
35. A method for recovering an encryption key, comprising:
-
storing an encrypted sentence including key recovery information;
authenticating a recoverer directly with a key recovery function by transmitting a key recovery request when the key recovery request is received from the recoverer;
transmitting authentication response information by the recoverer'"'"'s inputting authentication information when an authentication request is received; and
recovering a key when the authentication response is authenticated.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeFujitsu Limited, Hitachi, Ltd., NEC Corporation
-
Original AssigneeFujitsu Limited, Hitachi, Ltd., NEC Corporation
-
InventorsAndo, Hiroyuki, Kanno, Seiko, Mo̅rita, Ichiro̅u, Yamazaki, Masashi, Miyauchi, Hiroshi, Tsuchiya, Hiroyoshi, Domyo, Seiichi, Torii, Naoya, Sako, Kazue, Kuroda, Yasutsugu
-
Primary Examiner(s)Swann, Tod R.
-
Assistant Examiner(s)SULPIZIO JR, RONALD F
-
Application NumberUS09/048,096Time in Patent Office1,048 DaysField of Search380/44, 380/279, 380/281, 380/286, 713/162, 713/182, 713/168, 713/171US Class Current380/286CPC Class CodesH04L 9/0897 involving additional device...H04L 9/3226 using a predetermined code,...
