Method and apparatus for interoperable validation of key recovery information in a cryptographic system

Assignee

• International Business Machines Corporation · US

Inventors

• Coimbatore S. Chandersekaran · Potomac, US
• Rosario Gennaro · The Bronx, US
• Sarbari Gupta · Rockville, US
• Stephen M. Matyas · Manassas, US
• David R. Safford · Brewster, US
• Nevenko Zunic · Wappingers Falls, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/3268
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In a cryptographic communications system, a method and apparatus for allowing a sender of encrypted data to demonstrate to a receiver its ability to correctly generate key recovery information that is transmitted along with the encrypted data and from which law enforcement agents or others may recover the original encryption key. Initially, the sender generates a key pair comprising a private signature key and a corresponding public verification key and sends the latter to a key recovery validation service (KRVS). Upon a satisfactory demonstration by the sender of its ability to correctly generate key recovery information, the KRVS generates a certificate certifying the public verification key and the ability of the sender to correctly generate key recovery information. The sender uses its private signature key to generate a digital signature on the key recovery information, which is sent along with the key recovery information and encrypted data to the receiver. The receiver verifies the signature on the key recovery information using the certified public verification key and decrypts the encrypted data only if the signature is verified as being a valid signature.