2012 | OriginalPaper | Buchkapitel
RIKE: Using Revocable Identities to Support Key Escrow in PKIs
verfasst von : Nan Zhang, Jingqiang Lin, Jiwu Jing, Neng Gao
Erschienen in: Applied Cryptography and Network Security
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Public key infrastructures (PKIs) are proposed to provide various security services. Some security services such as confidentiality, require key escrow in certain scenarios; while some others such as non-repudiation, prohibit key escrow. Moreover, these two conflicting requirements can coexist for one user. The common solution in which each user has two certificates and an escrow authority backups all escrowed private keys for users, faces the problems of efficiency and scalability. In this paper, a novel key management infrastructure called
RIKE
is proposed to integrate the
inherent key escrow
of identity-based encryption (IBE) into PKIs. In RIKE, a user’s PKI certificate also serves as a
revocable identity
to derive the user’s IBE public key, and the revocation of its IBE key pair is achieved by the certificate revocation of PKIs. Therefore, the certificate binds the user with two key pairs, one of which is escrowed and the other is not. RIKE is an effective certificate-based solution and highly compatible with traditional PKIs.