خزانة المفاتيح (حاسوب)
خزانة المفاتيح Key escrow (ويعرف أيضا باسم نظام التعمية العادل)، هو ترتيب تخضع فيه المفاتيح اللازمة لفك تشفير البيانات المشفرة بواسطة خزانة،under certain circumstances, an authorized third party may gain access to those keys. These third parties may include businesses, who may want access to employees' private communications, or governments, who may wish to be able to view the contents of encrypted communications.
The technical problem is a largely structural one since access to protected information must be provided only to the intended recipient and at least one third party. The third party should be permitted access only under carefully controlled conditions, as for instance, a court order. Thus far, no system design has been shown to meet this requirement fully on a technical basis alone. All proposed systems also require correct functioning of some social linkage, as for instance the process of request for access, examination of request for 'legitimacy' (as by a court), and granting of access by technical personnel charged with access control. All such linkages / controls have serious problems from a system design security perspective.
On a national level, this is controversial in many countries due to technical mistrust of the security of the escrow arrangement (due to a long history of less than adequate protection of others' information by assorted organizations, public and private, even when the information is held only under an affirmative legal obligation to protect it from unauthorized access), and to a mistrust of the entire system even if it functions as designed. Thus far, no key escrow system has been designed which meets both objections and nearly all have failed to meet even one.
Key escrow is proactive, anticipating the need for access to keys; a retroactive alternative is key disclosure law, where users are required to surrender keys upon demand by law enforcement, or else face legal penalties. Key disclosure law avoids some of the technical issues and risks of key escrow systems, but also introduces new risks like loss of keys. The ambiguous term key recovery is applied to both types of systems.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
انظر أيضا
وصلات خارجية
- Bruce Schneier - The risks of key escrow
- Encryption Policy: Memo for the Vice President CIA memo to Al Gore on suggested US policy on key recovery, 11. September 1996
- Other Related Key Attacks
هذه المقالة كانت في الأصل مبنية على مادة من Free On-line Dictionary of Computing، التي هي مرخصة تحت GFDL.