COMPUTER NETWORK CRYPTOGRAPHIC KEY DISTRIBUTION SYSTEM

摘要

Novel cryptographic key distribution techniques to be used in large computer networks are disclosed. The techniques require trusted key release agent systems in each security domain. The encryptor of a data message nominates the set of authorized decryptors, using a set of access control attributes recognized by a key release agent in a target security domain. Data enabling the message decryption key and the access control attributes to be recovered are sent to the decryptor in an access controlled decryption block, which is encrypted under a separate key. The access controlled decryption block can only be decrypted by a key release agent in the correct security domain. The key release agent recovers the decryption key and supplies it to an authorized decryptor, which allows the decryptor to recover the original data message.