The present invention relates to key recovery condition encryption and decryption apparatuses and, more particularly, to key recovery condition encryption and decryption apparatuses for adding an encryption key used for encryption to protect data privacy and recovering the encrypted data.
In general, to encrypt and store data, a decryption key is required to decrypt the encrypted data. It is, however, impossible for an authentic user to decrypt the encrypted data if he loses the decryption key. A key recovery technique is known as the state-of-the-art technique for solving this problem. In a key recovery technique of this type, key information is added (appended) to the encrypted data, and the decryption key is recovered from the key information using secret information of a third-party organization.
In the key recovery technique, the key recovery condition must be set. More specifically, even if a person who illicitly acquired encrypted data by some method presents the encrypted data to the third-party organization, decryption of the illicitly acquired encrypted data must be prevented. There is therefore provided a method of adding, to key information, a key recovery condition, i.e., a condition to determine whether a person who requests key recovery has the authentic right of key recovery.
A method of encrypting a user name and adding the encrypted user name to key information is proposed as a conventional method of determining the presence or absence of the right of key recovery using such a key recovery condition, as described in File Encryption System Using Public Key Cryptography, Proceedings of the Information Processing Society of Japan, 47th, October 1993, 4-197.
U.S. Pat. No. 5,557,765 proposes a method of registering a key recovery condition in a third-party organization in advance, combining an issued registration number and an encryption key, and encrypting the combination using a public key of the third-party organization.
There is also provided still another method of causing a plurality of third-party organizations to determine the right of key recovery, and recovering the key only when all the third-party organizations admit the authentic right of key recovery. According to this method, as described in WO93/21708, data decryption key information is divided into pieces in advance, the third-party organizations obtain parts of the data decryption key from the divided pieces, and these divided pieces are collected and concatenated to allow recovery of the data decryption key.
The conventional key recovery techniques described above have the following drawbacks. According to the method of encrypting the user name and adding the encrypted user name to the key information, only the authentic user can decrypt the encrypted data. It is actually impossible to assign an agent to decrypt the encrypted data when the authentic user is absent or dead. In addition, the third party can relatively easily access the key recovery condition because the user name is used.
According to the method of registering the key recovery condition, every time a new key recovery condition is set, it must be registered in the third-party organization. The procedures including authentication in registration become cumbersome. The key recovery condition is not added to the key information.