[6628] in cryptography@c2.net mail archive
WIPO in support of Key Recovery?
daemon@ATHENA.MIT.EDU (Axel H Horns)
Tue Feb 15 15:23:35 2000
From: "Axel H Horns" <horns@t-online.de>
To: cryptography@c2.net
Date: Tue, 15 Feb 2000 21:34:17 +0100
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 8BIT
Reply-To: horns@t-online.de
Message-ID: <12Knh1-01LJonC@fmrl01.sul.t-online.de>
Currently the World Intellectual Property Organization WIPO (an UN
subsidiary) makes efforts to implement facilities for electronic
filing of patent applications according the "Patent Cooperation
Treaty" (PCT) to be operative in 2001:
http://www.wipo.int/eng/document/govbody/wo_pct/index_28.htm
De facto this means that on the long run all national Patent and
Trade Mark Offices will have to comply with this technical system.
I think this is relevant well beyond the Intellectual Property
theatre; this project seems to be de facto also a pilot for further e-
government developments, particularly in the field of electronic
court filing.
So, it might be of some general interest to know that the GAK, key
escrow, and key recovery discussion is not finished. This is the
latest draft for a *technical* standard of electronic filing to be
adopted by the WIPO PCT bodies:
http://www.wipo.int/eng/document/govbody/wo_pct/pdf/pct28_3a1.pdf
------------------------------- CUT ----------------------------------
--
[...]
SCIT/P 8/99 Rev.1
Annex 5, page 19
3.4.8 Key Recovery
A subscriber should be able to recover data, which they have
encrypted or that was encrypted for them, even though their
decryption private key becomes unavailable. The key may become
unavailable for a variety of reasons including, inability to access
the stored key (e.g., forgets password), corruption of the stored
key, failure of the storage medium, and theft of the key or storage
medium. An organization should be able to recover its data, which has
been encrypted by subscribers, when the subscriber is unable or
unwilling (e.g., disgruntled, incapacitated, unavailable) to decrypt
the data.
The IP Office PKI may provide the capability for key recovery of
internal and external subscriber decryption keys. In order to meet
these requirements, a copy of each user's private decryption keys
must be obtained and securely stored to enable the authorized
recovery of encrypted data.
Key recovery does not apply to the subscriber's signing keys. The
subscriber's private signing keys are not recoverable due to the
requirement for effective nonrepudiation. Nonrepudiation is
supported by having the subscriber generate his signing key pair on
his own system and only transferring his public verification key to
the Certification Authority during the registration process. The
private signing key must remain under the sole control of the
subscriber so that there is no opportunity to mascarade.
The following discussion applies to decryption key recovery only. It
is a highly sensitive PKI function since it deals with the
confidentiality of communications and files which may, as with patent
application prosecution, be held in confidence by law.
Key recovery for external subscribers may only be initiated by the
subscriber, a Registration Authority, or a Local Registration
Authority by following established key recovery procedures and
interacting with the Registration Authority.
For internal subscribers, a Registration Authority or Local
Registration Authority should initiate key recovery only after
authorization by appropriate IP office management. Such authorization
may result from a request from the internal subscriber or from a
requirement by management to access data encrypted by the subscriber.
[...]
------------------------------- CUT ----------------------------------
--
Surprising especially in view of the fact that the Patent and Trade
Mark Offices acting as "Receiving Offices" in the PCT system are
authorities which usually co-operate with the security branches of
the government since the invention of the patent system ...
At least they should have made a conceptual distinction between
private keys for secure transmission and private keys for secure
archive storage. I think this would make an important difference.
Axel H Horns
