Interoperable cryptographic key recovery system

Assignee

• International Business Machines Corporation · US

Inventors

• Donald B. Johnson · Manassas, US
• Paul A. Karger · Chappaqua, US
• Charles W. Kaufman · Northborough, US
• Stephen M. Matyas · Manassas, US
• David R. Safford · Brewster, US
• Marcel Mordechay Yung · New York, US
• Nevenko Zunic · Wappingers Falls, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/0894
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A cryptographic key recovery system that is interoperable with existing systems for establishing keys between communicating parties. The sender uses a reversible key inversion function to generate key recovery values P, Q and (optionally) R as a function of a session key and public information, so that the session key may be regenerated from the key recovery values P, Q and (if generated) R. Key recovery values P and Q are encrypted using the respective public recovery keys of a pair of key recovery agents. The encrypted P and Q values are included along with other recovery information in a session header accompanying an encrypted message sent from the sender to the receiver. The key recovery agents may recover the P and Q values for a law enforcement agent by decrypting the encrypted P and Q values in the session header, using their respective private recovery keys corresponding to the public keys. The R value, if generated, is not made available to the key recovery agents, but is ascertained using standard cryptanalytic techniques in order to provide a nontrivial work factor for law enforcement agents. The receiver checks the session header of a received message to ensure that th…