2-PHASE CRYPTOGRAPHIC KEY RECOVERY-SYSTEM

A two-phase method of key recovery which will be referred to as Secure Key Recovery (SKR) is presented. The proposed key recovery system per mits a portion of the key recovery information to be generated once an d then used for multiple encrypted data communications sessions and en crypted file applications. In particular, the portion of the key recov ery information that is generated just once is the only portion that r equires public key encryption operations. We also describe a verificat ion mode in which the communicating parties each produce SKR recovery information independently, without checking the other's so produced in formation. In this mode, ii at least one side is correctly configured, all required recovery information is correctly produced. In addition, the communicating parties are fi-ee to include any optional recovery fields without causing a false invalidation of what the other parties sent. Further, we present a method of verification of key recovery inf ormation within a key recovery system, based on a variation of the thr ee-party Diffie-Hellman key agreement procedure. Without communication with a trustee, the sender is able to encrypt recovery information in such a way that both the receiver and the respective trustee can decr ypt it. This reduces the number of encryptions, and inherently validat es the recovery information when the receiver decrypts it. The method allows full caching of all public key operations, thus further reducin g computational overhead.