The present invention relates to a security security-ensuring technique such as data encipherment in a computer network, and more particularly to a key recovery (or key deposition) method and system.
One technique for ensuring the security of data such as electronic mail communicated through a network includes a data ciphering system, called a public-key cryptographic scheme, in which data is ciphered using numeric data, called a public key, and the ciphered data, is deciphered using numeric data called a secret key, having a numerical value different from that of the public key.
In the public-key cryptographic scheme, however, when a secret key is lost for some reason or other, it becomes virturally impossible to decipher the data which is ciphered by the public key paired with the secret key. For example, where the ciphered data is preserved in a file or the like from which it is later taken out, the restoration of this data is impossible if there is no the secret key. This is equivalent to the loss of data. The loss of a secret key is an untenable situation. Absent measures for the relief of this situation, significant trouble, difficulty or inconvenience may be encountered.
Therefore, a key recovery (or deposition) system has been proposed in which an individual or organization confidential information is backed-up by enabling the decipherment of ciphered data in the case where a secret key has been lost due to a.
In this system, provisions against the case of loss of one's own secret key are made by depositing the secret key in a third party (or key-preserving facility or agent) which performs confidential management. For example, one's own secret key is divisionally deposited in a plurality of key-preserving facilities so that in the case where the secret key has been lost, the secret key can be recovered by performing operational processing, such, as exclusive logical sum, addition or the like, for the divisional key parts deposited in the plurality of key-preserving facilities.
The above-mentioned techniques have been disclosed by, for example, Masahiro Manpo and Eiji Okamoto, "Impacts of Network Cryptograph Clippers", BIT, Vol. 28, No. 2, February 1996, and Silvio Micali, "Fair Cryptosystems", MIT/LCS1TR-579.c, Laboratory for Computer Science, Massachusette Institute of Technology, August 1994.
In the above-described conventional key recovery system, however, a secret key as the one and only means for deciphering data ciphered by one's own public key must be deposited in a third party or key preserving facility other than oneself beforehand. In this case, the secret key must be deposited in the key-preserving facility in such a manner as to ensure the confidentiality. This requires considerable labor, time and/or cost. Particularly, in the case where the secret key is divisionally deposited in a plurality of key-preserving facilities, a considerable burder is imposed on the user.