| 摘要 |
<p>Novel cryptographic key distribution techniques to be used in large computer networks are disclosed. The techniques require trusted key release agent systems in each security domain. The encryptor (10) of a data message nominates to set of authorized decryptors (30), using a set of access control attributes recognized by a key release agent (32) in a target security domain. Data enabling the message decryption key and the access control attributes to be recovered are sent to the decryptor in an access controlled decryption block, which is encrypted under a separate key. The access controlled decryption block can only be decrypted by a key release agent (32) in the correct security domain. The key release agent recovers the decryption key and supplies it to an authorized decryptor (30), which allows the decryptor to recover the original data message.</p> |
