发明名称 |
Two-phase cryptographic key recovery system |
摘要 |
A cryptographic key recovery system that operates in two phases. In the first phase, the sender establishes a secret value with the receiver. For each key recovery agent, the sender generates a key-generating value as a one-way function of the secret value and encrypts the key-generating value with a public key of the key recovery agent. In the second phase, performed for a particular cryptographic session, the sender generates for each key recovery agent a key-encrypting key as a one-way function of the corresponding key-generating value and multiply encrypts the session key with the key-encrypting keys of the key recovery agents. The encrypted key-generating values and the multiply encrypted session key are transmitted together with other recovery information in a manner permitting their interception by a party seeking to recover the secret value. To recover the secret value, the party seeking recovery presents the encrypted key-generating values and public recovery information to the key recovery agents, who decrypt the key-generating values, regenerate the key-encrypting keys from the corresponding key-generating values, and provide the regenerated key-encrypting keys to the recovering party. The recovering party uses the key-encrypting keys to recover the secret value. Since the key-generating values cannot be derived from the key-encrypting keys, they may be used over a period spanning multiple cryptographic sessions without requiring new values or new public key encryptions.
|
申请公布号 |
US5937066(A) |
申请公布日期 |
1999.08.10 |
申请号 |
US19960725102 |
申请日期 |
1996.10.02 |
申请人 |
INTERNATIONAL BUSINESS MACHINES CORPORATION |
发明人 |
GENNARO, ROSARIO;JOHNSON, DONALD BYRON;KARGER, PAUL ASHLEY;MATYAS, JR., STEPHEN MICHAEL;PEYRAVIAN, MOHAMMAD;SAFFORD, DAVID ROBERT;YUNG, MARCEL MORDECHAY;ZUNIC, NEVENKO |
分类号 |
G09C1/00;H04L9/08;(IPC1-7):H04L9/00 |
主分类号 |
G09C1/00 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|