1. Field of Invention
The present invention relates to a cryptographic key management apparatus and method.
2. Background Information
As known in the prior art, the secure interchange of data between entities that make up a distributed system, for example, domain members of a communications domain, requires the use of cryptography. Cryptography requires the distribution and use of cryptographic keys. Conventional key management involves providing respective pairs of domain members with a private key, i.e. a key which is shared between, and only known and used by, the pair of domain members, for communication between the pair of domain members in either direction. As such, the same key is used for encrypting and decrypting a message during communication between two domain members. Thus, it is essential to the security of the domain to keep these keys secret and known only by the intended users. This creates problems for key distribution.
Public key cryptography is also known in which two different but related cryptographic keys are provided and the key belonging to one of the pair of domain members is a public key which need not be kept secret. As such, the public key can be distributed throughout the domain without concern for its security and so the key distribution problem experienced with private keys does not arise. However, one pair of keys allows for communication in one direction only and so two further keys are necessary to implement two-way communication between two domain members.
Conventional key management that involves the use of private keys, is disadvantageous in that a large number of secure keys are required for such symmetrical key usage. The number of secure keys required is the square of the number of members in a particular domain, and this also renders the management and secure distribution of the keys particularly problematic.
Known public, or asymmetrical, key management, is also disadvantageous in that it is relatively expensive to implement and computation intensive and so relatively slow in use.
It is known from U.S. Pat. No. 4,941,176; 4,924,515; and 4,924,514 to control the use of cryptographic keys by means of control information associated with the cryptographic key information. However, the above-mentioned disadvantages are also found in such known systems.