Secure transmission of data is known to include encrypting the data using an encryption algorithm and an associated encryption key. The encrypted data is then sent to a receiving party who, based on the encryption key and a corresponding decryption algorithm, decrypts the encrypted data to recapture the original data. Such an encryption algorithm and corresponding decryption algorithm may be the widely used Data encryption standard ("DES"), which utilizes a symmetric key.
An issue with the use of symmetric keys arises in getting the key securely from the sending party to the receiving party. One rather effective technique is to encrypt the symmetric key (which is sometimes referred to as a session key) using an encryption public key of the receiving party. Thus, the sending party can prepare an encrypted message by encrypting the symmetric key with the receiving party, or parties, public key and encrypting the message and/or data using the symmetric key. When the receiving party, or parties, receives the encrypted message, the receiving party decrypts the symmetric key using its private decryption key. Once the receiving party has recovered the symmetric key, it can decrypt the encrypted message and/or data. In addition, the sending party may address itself as a virtual recipient by including a copy of the symmetric key encrypted under the sending party's public key such that the sending party may subsequently access the encrypted message.
In a typical commercial application, a public-private key pair is valid for an extended period of time (E.g., one year or longer). Under the valid key pair, a user may accumulate a very large number of files (and/or e-mail messages or EDI [electronic data interchange]), each having a distinct symmetric key. If the user's private decryption key (which is sometimes referred to as a long term private key) is lost, the user is unable to decrypt any of these files and/or e-mail messages securely. To safeguard against the loss of a user's private decryption key, it is customary to store the key on a hardware token, such as a smart card or a PCMCIA Card ("PC Card"), or in a software file encrypted under an encryption key (or "pass key") derived from the user's password and other additional information.
Despite such safeguards, access to a user's private decryption key is sometimes lost (E.g., token is lost or destroyed, user forgot the password, file corruption). As such, additional safeguards have been implemented. One such implementation is to have an organization store a back-up copy of the private decryption key for each user in a secured. centralized server. Such an organization should be entitled to recover the key. For example the organization could be the users' employer. Thus, when a user loses his/her private decryption key, the user makes a request of the organization to restore his/her private decryption key. The request typically involves authentication and identification information. The organization verifies the user based on the authentication and identification information and subsequently provides, in a secure manner, the private decryption key to the user.
While the organization may provide satisfactory recovery of lost keys in the commercial setting described above, it might not adequately meet the needs of third parties, such as law enforcement agencies. The centralized organization solution fails to meet law enforcement agencies' needs because these agencies typically want to monitor, via wire-tap warrants, communications of a user without notice to the user and/or the organization. Typically, the law enforcement agency will capture encrypted communications to and from a targeted user. However, without the private decryption key or session key, the law enforcement agency is unable to read the files. Thus, to obtain access to the plain text files, the organization, or the user, would have to provide the key, thus removing the anonymity of the wire-tapping.
To provide law enforcement agencies the stealth they desire while performing a wire-tap, a Key Recovery Agent (KRA) was developed and added to secure systems. A KRA is a trusted third-party which has its own private/public key pair. Each legitimate user of the secure system has a copy of the KRA's public key and uses it to encrypt a copy of the session key for the KRA, and include this in a message header, as an additional virtual recipient. If a law enforcement official then sends the header portion of the message to the KRA, the KRA is then able to recover the session key using its private decryption key. The session key may then be given to properly authorized law enforcement officials who, assuming they are also in possession of the corresponding ciphertext, can use the session key to recover the plain text message.
While the KRA works well for third-party needs to access a particular communication, it does not work well in the commercial setting where a particular user may have a hundred or more files that have been encrypted based on its public encryption key. To recover the session key for each communication, the user has to make individual requests to the KRA for the respective session keys, which is a cumbersome process. Further, the KRA does not restore the private decryption key to the user, thus, for incoming encrypted messages, the user would have to make individual requests to the KRA for the session keys of these new messages. This, obviously, is impractical for commercial use.
Therefore, a need exists for a method and apparatus that allows for controlled access of user specific encryption information that is acceptable to law enforcement agencies and is acceptable to meet the commercial requirements of the private sector.