1. Field of the Invention
This invention relates generally to cryptographic encoding and decoding of secret data in data processing systems. More particularly, the present invention relates to systems, methods and apparatus for verifiably encrypting data in order to prevent the decryption of the data until the occurrence of a predetermined event.
2. Description of Related Art
Cryptographic encoding is used in a variety of security and privacy-sensitive applications where one party (hereinafter “user”) needs to send private data securely to another party (hereinafter “verifier”) in a potentially insecure data processing system, for example over an insecure network such as the Internet. Some applications necessarily involve the verifier decoding the private data. In other applications, it is desirable to keep the private data secret from the verifier, unless circumstances arise which necessitate disclosure of the private user information. A common example of the latter scenario is making an on-line purchase where users connect to a remote server via a data communications network to access some service or other resource. The privacy concerns of users and regulatory privacy requirements often demand that users have anonymity in such circumstances, i.e. that the identity of users is not revealed to the service provider. However, to protect the interests of the service provider, there should be a way for the service provider to obtain the identity of misbehaving users, e.g. users who do not pay their bills. This situation therefore demands for privacy protection coupled with user accountability.
In these situations where secret user data should be revealed to a verifier only in certain circumstances, current systems rely on the user sending the verifier a cryptographic construction which encodes the secret data, and which can be decoded if necessary using a cryptographic key held by a trusted third party. For example, the cryptographic construction can be a credential generated using a cryptographic process by a trusted issuing party who has in some manner verified the information for which the credential is issued. The secret data should be encoded in the cryptographic construction using a “verifiable encryption process”, where this term refers generally herein to encryption processes employing cryptographic protocols which allow proofs to be made about the properties of encrypted data (often defined in terms of “attributes”) without revealing the data itself (the “attribute values”). In simple terms, if secret data X is encoded using a verifiable encryption process, then it can be cryptographically proven that the encrypted data contains the data X without actually revealing X. For example, if X is a user ID certified by a government agency, then it can be proven that the encrypted data contains a government-certified ID without revealing the ID itself. In the present scenario therefore, the verifier can cryptographically verify that the received construction contains the required secret data without the secret data itself being revealed. If valid circumstances arise for decrypting the secret data, the verifier can apply to the trusted third party, for example the police or other government agency, to obtain a decryption of the secret data. These systems require a high-level of trust to be invested in the key-holding party by both user and verifier. The need to involve such a highly-trusted authority can also be problematical in practice. For example, bringing a case before a law enforcement agency can be expensive and time consuming. Such systems can also be vulnerable to abuse by malicious verifiers who attempt to obtain unwarranted release of decryption keys.