摘要 |
<p>In the field of public key cryptography, e.g. a public key infrastructure, the distribution of trust anchor keys to end-user systems is difficult when the time comes to change the public key, either because a compromise of the private key counterpart is suspected, or as a cryptoperiod policy enforcement. With the present invention, the central organization (from which the trust anchor key originates) is given the opportunity to distribute at once a number of trust anchor keys, in advance of their respective intended period of use, and without exposing the individual public keys to brute force attacks before their actual period of use. At a later time, the central organization distributes unlocking information that enables the use of a public key distributed according to the present invention. The preferred embodiment makes use of an hidden selection of a cryptographic function among a function family.</p> |