1. Field
This disclosure generally relates to key management in data security systems. More specifically, this disclosure relates to techniques and systems for recovering a private key.
2. Related Art
Organizations commonly encrypt sensitive data to protect the data from unauthorized accesses. To access the encrypted data, it first needs to be decrypted using a key. However, if the key is unavailable for any reason, the encrypted data becomes useless. Hence, organizations often use a key escrow service to store keys so that the keys can be recovered if they are lost or damaged.
Specifically, in public-key cryptography, when the system generates a key pair, the system can store the key pair on a key escrow server. When the private key needs to be recovered, the system can retrieve the relevant private key from the database, using information associated with the key, e.g., the public key, the serial number, or the user ID, to find the relevant private key.
Unfortunately, conventional key escrow services suffer from serious drawbacks. First, conventional techniques are complex and can require large amounts of storage. Note that even after a user is assigned a new key pair, the system may still need to store the old private key because the user may have encrypted data using the old public key. Hence, in conventional techniques, the system may potentially need to store all of the keys that were ever generated. Further, the database that stores these keys may need to be backed up frequently because the database is highly volatile (it changes every time a key pair is generated).
Second, in conventional techniques, the key assignment system usually communicates with the key recovery system every time a key pair is generated. This increases the network resource requirements and makes the system vulnerable to attacks. Specifically, key assigners are often in geographically diverse locations, and keeping the key database synchronized while keeping it secure can be very challenging. For example, a malicious user may disrupt the system by bringing down the communication link between the assignment servers and the recovery servers. Further, if the key recovery system is reachable over a network, all users on the network may be able to attack the system.
Hence, it is generally desirable to be able to assign recoverable keys without the above-described drawbacks.