Showing papers on "Key escrow published in 2001"
TL;DR: Burk et al. as discussed by the authors translated Japanese translation of article published in the Harvard Journal of Law and Technology to Japanese. But they did not specify the translation of the article into Japanese.
Abstract: Author(s): Burk, Dan L; Cohen, Julie E | Abstract: Japanese translation of article published in the Harvard Journal of Law and Technology
114 citations
Patent•
30 Nov 2001
TL;DR: In this article, a software-based commercial key escrow system (KES) for the PKI environment that enables an entity such as the court to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users is presented.
Abstract: The present invention discloses a software-based commercial key escrow system (KES) for the PKI environment that enables an entity such as the court to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users. The present invention provides a key escrow system providing a PKI-roaming service and the perfect forward secrecy to the key management agent (KMA).
48 citations
Journal Article•
TL;DR: This paper provides a formal definition of this new notion and gives an efficient construction of an identity escrow scheme with appointed verifiers provably secure under common number-theoretic assumptions in the public-key model.
Abstract: An identity escrow scheme allows a member of a group to prove membership in this group without revealing any extra information. At the same time, in case of abuse, his identity can still be discovered. Such a scheme allows anonymous access control. In this paper, we put forward the notion of an identity escrow scheme with appointed verifiers. Such a scheme allows the user to only convince an appointed verifier (or several appointed verifiers) of his membership; but no unauthorized verifier can verify a user's group membership even if the user fully cooperates, unless the user is completely under his control. We provide a formal definition of this new notion and give an efficient construction of an identity escrow scheme with appointed verifiers provably secure under common number-theoretic assumptions in the public-key model.
45 citations
19 Aug 2001
TL;DR: In this article, the notion of an identity escrow scheme with appointed verifiers was proposed and proved to be provably secure under common number-theoretic assumptions in the public-key model.
Abstract: An identity escrow scheme allows a member of a group to prove membership in this group without revealing any extra information. At the same time, in case of abuse, his identity can still be discovered. Such a scheme allows anonymous access control. In this paper, we put forward the notion of an identity escrow scheme with appointed verifiers. Such a scheme allows the user to only convince an appointed verifier (or several appointed verifiers) of his membership; but no unauthorized verifier can verify a user's group membership even if the user fully cooperates, unless the user is completely under his control. We provide a formal definition of this new notion and give an efficient construction of an identity escrow scheme with appointed verifiers provably secure under common number-theoretic assumptions in the public-key model.
41 citations
Patent•
26 Feb 2001
TL;DR: In this article, a method and system for enabling a secure transaction using the Internet is disclosed, which comprises using a Personal Identification Number (PIN) for business transactions wherein the customer does not directly reveal financial or home address information during the transaction, instead, an escrow agent supplies delivery instructions to the merchant.
Abstract: A method and system for enabling a secure transaction using the Internet is disclosed. The method comprises using a Personal Identification Number (PIN) for business transactions wherein the customer does not directly reveal financial or home address information during the transaction. Instead, an escrow agent supplies delivery instructions to the merchant. The escrow agent then collects payment from the customer and places the payment in an escrow account. Shipping information is not provided to the merchant until the payment is in escrow. Payment is only made to the merchant after the merchant confirms the goods have been shipped.
38 citations
TL;DR: A common pattern of threshold key escrow scheme based on public key cryptosystem, and a detailed design based on the improved RSA algorithm is given, and the above problem is solved.
Abstract: In key escrow field it is important to solve the problem that user's secret key completely depends on the trusted escrow agency. In 1995, some methods of solving the problem were presented. But these methods are no better than that of directly using threshold cryptography. In this paper, we present a common pattern of threshold key escrow scheme based on public key cryptosystem, and a detailed design based on the improved RSA algorithm is given. The above problem is solved by this scheme.
30 citations
13 Feb 2001
TL;DR: A PVSS for sharing discrete logs that is as hard to break as the Discrete-Log problem itself is presented and an algebraic decoupling of the recovering participants is provided, which diverts from the traditional polynomial-secret-sharing-based VSS.
Abstract: A Publicly Verifiable Secret Sharing (PVSS)sc heme allows a prover to verifiably prove that a value with specific properties is shared among a number of parties. This verification can be performed by anyone. Stadler introduced a PVSS for proving that the discrete log of an element is shared [S96], and based the PVSS on double-decker exponentiation. Schoenmakers recently presented a PVSS scheme that is as hard to break as deciding Diffie-Hellman (DDH)[Sc h99]. He further showed how a PVSS can be used to improve on a number of applications: fair electronic cash (with anonymity revocation), universally verifiable electronic voting, and software key escrow schemes. When the solution in [Sch99] is used for sharing a key corresponding to a given public key, the double-decker exponentiation method and specific assumptions are still required. Here we improve on [Sch99] and present a PVSS for sharing discrete logs that is as hard to break as the Discrete-Log problem itself, thus weakening the assumption of [Sch99]. Our solution differs in that it can be used directly to implement the sharing of private keys (avoiding the double decker methods). The scheme can therefore be implemented with any semantically secure encryption method (paying only by a moderate increase in proof length). A major property of our PVSS is that it provides an algebraic decoupling of the recovering participants (who can be simply represented by any set of public keys)from the sharing operation. Thus, our scheme diverts from the traditional polynomial-secret-sharing-based VSS. We call this concept Separable Shareholders.
20 citations
Patent•
30 Jan 2001TL;DR: In this article, the authors proposed a method whereby the entity starting a communication session generates a session key using a pseudo-random generator initialised by the secret key (Sa) of the entity and an initial value (VI).
Abstract: The invention concerns a method whereby the entity starting a communication session generates a session key (KS) using a pseudo-random generator initialised by the secret key (Sa) of the entity and an initial value (VI). The message is encrypted by the session key. The latter can be retrieved by the escrow authority (Ta), which archives the secret key (Sa) and can recover the initial value (VI). The invention is applicable to secure communications.
16 citations
11 Jun 2001
TL;DR: This paper considers the notion of strong forward in which crytographically processed data is protected not only for the periods prior to key exposure but also after key exposure, and presents two applications with this novel property.
Abstract: Forward security has been propose as a method to minimized the consequences of key exposure In this paper we analyze this method and consider vulnerability, which is due to the fact that the exposure may not have been detected All forward secure crytosystems proposed so far are vulnerable during the period between key exposure and it detection We consider the notion of strong forward in which crytographically processed data is protected not only for the periods prior to key exposure but also after key exposure, and present two applications with this novel property: a basic public key crytosystem and an EIGamal-based key escrow scheme
12 citations
Patent•
[...]
03 Aug 2001
TL;DR: In this paper, a key deposit agent is provided for a group cipher communication system which conducts a cipher communication by using a group session key when a dummy user is registered as a member of the communication group.
Abstract: PROBLEM TO BE SOLVED: To constitute a cipher key deposit system at low cost and to shorten the time up to the start of an interception by an investigation agency SOLUTION: A key deposit agent is provided for a group cipher communication system which conduct a cipher communication by using a group session key When the key deposit agency generates and distributes the group session key to form a communication group, a dummy user is registered as a member of the communication group For investigation, a dummy user of a communication group as an object of interception is assigned to the investigation agency and a cipher communication is intercepted and deciphered The cipher communication of the communication group can speedily be intercepted when necessary in investigation and even if the group member constitution changes, the investigation agency is included as a group member only in the communication group including an object person to be investigated, so that the cipher communication can securely be intercepted
3 citations
TL;DR: An efficient interactive protocol for realizing verifiable partial escrow of the factors of an integer n with time-delayed and threshold key recovery features with practical method for fine tuning the time complexity for factoring an integer.
Abstract: We construct an efficient interactive protocol for realizing verifiable partial escrow of the factors of an integer n with time-delayed and threshold key recovery features. The computational cost of the new scheme amounts to 10k\log_2P multiplications of numbers of size of P, where P is a protocol parameter which permits n of size up to (\log_2P) -4 to be dealt with and k is a security parameter which controls the error probability for correct key escrow under 1/2^k. The new scheme realizes a practical method for fine tuning the time complexity for factoring an integer, where the complexity tuning has no respect to the size of the integer.
20 Jun 2001
TL;DR: This paper surveys three popular key escrow products of Netscape's, VeriSign's and Entrust's and proposes forward-secure KESs (Key Escrow Systems) and analyzes their security.
Abstract: Key escrow system has been studied widely in recent years to reduce the gap between the needs for individual privacy and the needs for public security. In this paper, we survey three popular key escrow products of Netscape's, VeriSign's and Entrust's. And we also propose forward-secure KESs (Key Escrow Systems) and analyze their security.
01 Jan 2001
TL;DR: A new key escrow scheme is proposed where any assigned number of escrow side is allowable in recovering session key and no more than 4n+1 RSA operations are needed respectively for key split or key recover.
Abstract: The known key escrow scheme requires equal number in key recover escrow side.This paper proposes a new key escrow scheme.In recovering session key,any assigned number of escrow side is allowable.When increasing,reducing and changing the member of escrow side,it is not necessary to modify the storing key part,and no more than 4n+1 (n is positive integer) RSA operations are needed respectively for key split or key recover.
28 May 2001
TL;DR: A new construction for key escrow scheme is presented, which compared to previous solutions by Chen, Gollman, Mitchell and later by Martin, achieves improvements in efficiency and security.
Abstract: In this paper we present secure and efficient key escrow protocols that guarantees escrow secrecy, public verifiability, and robustness for mobile telecommunications systems. We present a new construction for key escrow scheme, which compared to previous solutions by Chen, Gollman, Mitchell and later by Martin, achieves improvements in efficiency and security. We proposed a new key escrow protocol, designed for the case where the pair of communicating users are in different domains, in which the pair of users and all the third parties jointly generate a session key for end-to-end encryption.
Patent•
13 Jul 2001
TL;DR: In this paper, a PKI-based commercial key entrusting method and system are provided which provides PKIroaming service without changing a system and guarantees perfect forward secrecy for a key management server managing a key recovery server.
Abstract: PURPOSE: A PKI-based commercial key entrusting method and system are provided which provides PKI-roaming service without changing a system and guarantees perfect forward secrecy for a key management server managing a key recovery server. CONSTITUTION: A user A(10) generates a pair of password private key and public key and creates a key recovery block to transmit the key recovery block together with the public key to a registration server(11) in the first step(S201). The registration server transmits the key recovery block and public key to a key managing server(13) at the second step(S202). The key managing server sends a password authentication note issuance permit to the registration server at the third step(S203). The registration server shows the permit to an authentication server(12) and requests a password authentication note with respect to the public key at the fourth step(S204). The authentication server issues the password authentication note and opens the authentication note to a directory server(19) at the fifth step(S205), and transmits the authentication note to the registration server at the sixth step(S206). The registration server delivers the password authentication note to the user A at the seventh step(S207).
13 Feb 2001
TL;DR: It is shown that equitability is much easier to achieve with data confiscation than with key escrow, and therefore, although the RIP act was heavily criticized in the press and on the internet, it inherently maintains a better level of privacy than key Escrow.
Abstract: The British Regulations of Investigatory Powers (RIP) Act 2000 is one of the first modern bills for mandatory disclosure of protected data in a democratic country. In this paper we compare this bill from a technical point of view with the US key escrow proposal (EES) and its variants and then, more generally we compare the merits of data confiscation vs key escrow.
A major problem with key escrow is that once a private key is recovered it can be used to decipher ciphertexts which were sent well before a warrant was issued (or after its expiration). Several alternative key escrow systems have been proposed in the literature to address this issue. These are equitable, in the sense that the control of society over the individual and the control of the individual over society are fairly shared. We show that equitability is much easier to achieve with data confiscation than with key escrow. Consequently, although the RIP act was heavily criticized in the press and on the internet, it inherently maintains a better level of privacy than key escrow.
Finally we present some practical deniable decryption variants of popular public key systems.
11 Jul 2001
TL;DR: The Bell Labs key recovery scheme is extensively modified to enable a user to request on-line key recovery service when the file decryption key is forgotten or lost.
Abstract: In this paper,the Bell Labs key recovery scheme is extensively modified to enable a user to request on-line key recovery service when the file decryption key is forgotten or lost. New practical and important requirements of key recovery are also considered in the proposed schemes, for example, the key recovery server and any intruder over the communication channel should not learn the key to be reconstructed. Furthermore, the necessary authenticity and secrecy between a user and the key recovery server should be provided.
TL;DR: A new paradigm for the design of key recovery systems called hybrid key escrow will be presented and it will be shown that such a design can guard the privacy of system users and at the same time enable authorized key recovery.
Journal Article•
TL;DR: In this paper, the taxonomy, logical implementation phases and typical operational scenarios of key recovery technology are analysed.
Abstract: In this paper,the taxonomy,logical implementation phases and typical operational scenarios of key recovery technology are analysed.
01 Jun 2001
TL;DR: Public key cryptography, the implementation and objectives of a USMC PKI, and the components necessary to operate a PKI are described and tactical issues that have been identified as areas of concern along with their proposed solutions are presented.
Abstract: : Marine forces are expeditionary in nature yet require the full range of Public Key infrastructure (PKI) services at deployed sites with limited bandwidth and access to their respective Registration Authority (RA). The development of a PKI solution for the tactical arena is a fluid and complex challenge that needs to be answered in order to ensure the best support of tactically deployed forces. Deployed Marine forces will need the capability to issue and re-issue certificates, perform certificate revocation, and perform key recovery within the command element of the deployed unit. Since the current United States Marine Corps (USMO) PKI was not designed with the tactical environment in mind, the full extent of PKI deficiencies for field operation is unknown. This thesis begins by describing public key cryptography, the implementation and objectives of a USMC PKI, and the components necessary to operate a PKI. Next, tactical issues that have been identified as areas of concern along with their proposed solutions are presented. Supporting material describes design issues, such as scalability and interoperability, and technical challenges, such as certificate revocation lists (CRL), key escrow and management of tokens.