Browse Prior Art Database

Extending Secure Sockets Layer for Key Recovery

IP.com Disclosure Number: IPCOM000122817D
Original Publication Date: 1998-Jan-01
Included in the Prior Art Database: 2005-Apr-04
Document File: 2 page(s) / 85K

Publishing Venue

IBM

Related People

Buhler, P: AUTHOR [+3]

Abstract

Disclosed is a method for achieving key recovery in the well-known Secure Socket Layer (SSL) protocol (1) which uses encryption to provide secure sessions between clients and servers. The purpose of key recovery is to make the cryptographic parameters of a secure session between A and B available to an authorized third party, C, where C is typically a law enforcement agency. A method of extending SSL for key recovery based defining a common polynomial suitable for sharing the master secret of a session is disclosed.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Extending Secure Sockets Layer for Key Recovery

      Disclosed is a method for achieving key recovery in the
well-known Secure Socket Layer (SSL) protocol (1) which uses
encryption to provide secure sessions between clients and servers.
The purpose of  key recovery is to make the cryptographic parameters
of a secure session  between A and B available to an authorized third
party, C, where C is typically a law enforcement agency.  A method of
extending SSL for key  recovery based defining a common polynomial
suitable for sharing the master secret of a session is disclosed.

      The main cryptographic parameter of an SSL session is the
master secret, a 48-byte quantity negotiated by the client and
server.  The client and server also negotiate the cryptographic
algorithms to be used in the session, which in turn determines the
set of cryptographic keys required for the session.  The
cryptographic keys  and associated parameters are referred to as the
keying material. SSL  defines a sequence a cryptographic hashing
operations that take the master secret and two random numbers
negotiated by the client and server  as inputs to produce a byte
sequence from which the keying material is  derived.

      An SSL session consists of a number of physical connections
that have the same session identification tag.  Each connection
begins by executing the handshake protocol which derives a new master
secret if this is the first connection of the session, or updates the
existing master secret if this connection is resuming the session.
Each time the master key is updated, the keying material for the
connection is also updated through a hashing process.

      A key recovery block for SSL is a block of additional
information sent during the protocol which permits authorized third
parties to recover the keying material for one, several or all
connections of a session.  It is anticipated that in the case where
the authorized third party is a law enforcement agency, then the
keying material to be recovered is that associated with all
connections of the  session, and this is the scenario which is
specifically addressed in this disclosure.

      Typically, the construction of a key rec...