Two-phase cryptographic key recovery system

Assignee

• International Business Machines Corporation · US

Inventors

• Rosario Gennaro · The Bronx, US
• Donald B. Johnson · Manassas, US
• Paul A. Karger · Chappaqua, US
• Stephen M. Matyas · Manassas, US
• Mohammad Peyravian · Cary, US
• David R. Safford · Brewster, US
• Marcel Mordechay Yung · New York, US
• Nevenko Zunic · Wappingers Falls, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/0897
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A cryptographic key recovery system that operates in two phases. In the first phase, the sender establishes a secret value with the receiver. For each key recovery agent, the sender generates a key-generating value as a one-way function of the secret value and encrypts the key-generating value with a public key of the key recovery agent. In the second phase, performed for a particular cryptographic session, the sender generates for each key recovery agent a key-encrypting key as a one-way function of the corresponding key-generating value and multiply encrypts the session key with the key-encrypting keys of the key recovery agents. The encrypted key-generating values and the multiply encrypted session key are transmitted together with other recovery information in a manner permitting their interception by a party seeking to recover the secret value. To recover the secret value, the party seeking recovery presents the encrypted key-generating values and public recovery information to the key recovery agents, who decrypt the key-generating values, regenerate the key-encrypting keys from the corresponding key-generating values, and provide the regenerated key-encrypting keys to the re…