Abstract:
A method and apparatus for ensuring that a key recovery-enabled (KR-enabled) system communicating with a non-KR-enabled system in a cryptographic communication system transmits the information necessary to permit key recovery by a key recovery entity. In a first embodiment, data is encrypted under a second key K that is generated as a one-way function of a first key Kâ and a key recovery block KRB generated on the first key Kâ. The key recovery block KRB and the encrypted data e(K, data) are transmitted to the receiver, who cannot decrypt the data without regenerating the second key K from the first key Kâ and the key recovery block KRB. In a second embodiment, data is encrypted under a second key K that is generated independently of the first key Kâ. A third key X, generated as a one-way function of the first key Kâ and a key recovery block KRB generated on the second key K, is used to encrypt the XOR product Y of the first and second keys Kâ, K. The key recovery block KRB, the encrypted XOR product e(X, Y) and the encrypted data e(K, data) are transmitted to the receiver, who cannot decrypt the data without regenerating the third key X from the first key Kâ and the key recovery block KRB, decrypting the XOR product Y using the regenerated third key X, and recombining the XOR product Y with the first key Kâ to regenerate the second key K.