Escrow Mechanism For Personal Security Keys On IBE

With the rapid development of computer technology, the computer has become the primary tool for information processing, information transfer, information storage. As an important channel for information dissemination and issue,Internet has greatly improved the speed of information dissemination and diffusion. Information security has increasingly taken into account by the government, organization and individual. Encrypting with sensitive information is the primary means for information protection.There are two main encryption technology, symmetric encryption and asymmetric encryption,and algorithm is the core of encryption technology, the key generated by algorithm is the critical data for data encryption,data can't be restored without the specified key.Mainstream encryption algorithms are public, only the keys for data decryption are held by certain individuals. The fact that data can't be decrypted without the key when it has been lost led to the emergence of key secure backup requirements. Meanwhile, the government agencies eavesdrop on citizens to break the encrypted content of communications for national security and fighting against crime, they also need to master the information for decrypting the communications by techniques. Therefore, key escrow mechanisms and related bills for the keys escrowed by trusted third party and can be used by goverment to decrypt communications when authorized by law issued. The existing research mainly focused on the compulsory escrow of session key for government monitoring authorized by law, and gave little attention to the voluntary escrow of keys for individuals.Therefore, an escrow mechanism for personal security keys was proposed. A security trust system on IBE, which was composed of private key generator, key management center, and user security component, was constructed to provide identity validation, confidentiality and integrality check for the application, backup, recovery, and renewal of the escrowed personal security keys. Personal security key escrow system model was gave, it designed the composition of key escrow system and the responsibilities of each part.Private key generation center is responsible for generating user's identity key, and the keys will be distributed securely off-line;Key management center is responsible for the escrow of personal personal security; As a client component, user security component is responsible for the implementation of key escrow for users. A secure communication protocol based on IBE scheme was proposed to protect the safety of the communication between the user security component and the key management center. At the same time, this paper presents two key escrow scheme. One is a key escrow scheme implemented by the users complete independently, personal security key generated by the users, key management center is responsible for the storage and backup of personal security keys, users can escrow,restore, renewal personal security key through the key management center; The other is a completely entrusted scheme, key management center generates all personal security keys, store and backup them, users can apply, restore, renewal keys through it.This paper gives the total design of the personal security key escrow experimental system, which consists of PKG, KMC, USC,each subsystem's role is in agreement with the personal security key escrow model. In this paper, the function modules, the main interface, the core business process of the experimental system were all described in detail, finally, the major experimental system performance test data has been given, the test results show that the key escrow mechanism can be realized through programs, with availability and good performance. The experimental system realized with object-oriented design methods and techniques, using Microsoft Visual C + + 6.0 as a development tool, and C + + as the development language.This escrow mechanism takes the secure backup for personal security keys as it's main purpose,it takes advantage of IBE, simplifies the process of authentication and encryption, makes it possible for users to complete independently the escrow of personal security keys, This mechanism can be implemented with stronger feasibility.