Press Release: Key Reconstruction Patent

PGP CORPORATION ANNOUNCES GRANTING OF
KEY RECONSTRUCTION PATENT

Unique backup approach ensures data can be securely retrieved
when key is lost

Palo Alto, CA/03 June, 2004 – PGP Corporation, a global leader in digital information security, today announced that it had been granted U.S. Patent Number 6,662,299 titled "Method and Apparatus for Reconstituting an Encryption Key Based on Multiple User Responses." The patent addresses a longstanding issue in public key encryption: how to handle lost passphrases. The approach developed by PGP Corporation enables users to securely reconstruct their private keys without circumventing corporate security policy or requiring IT assistance.

Prior industry attempts to solve the problem of lost passphrases-key escrow, data backups, and key splitting-all maintain data integrity and security, but do not obviate the need for IT support. Key reconstruction solves this problem by permitting the owner of the key to split the key among a number of questions to which only he or she knows the answers. By answering some subset of these questions correctly (3 out of 5, 7 out of 10), the owner can thus decrypt his or her own key. The key reconstruction block can be safely stored in an organization's directory because it is encrypted by this unique set of questions.

"Without creative safety measures, strong cryptography and reliability simply don't mix," said Jon Callas, CTO and CSO, PGP Corporation. "Key reconstruction is that safety net. It provides a way for users to recover a lost key by answering a set of questions they've developed and to which only they know the answers. The user also sets the safety 'threshold' by deciding how many questions need to be answered correctly to reconstruct a key. That flexibility means key reconstruction can be tailored for personal- or business-level security by establishing the appropriate safety threshold."

About PGP Corporation
A recognized worldwide leader in secure messaging and information storage, PGP Corporation develops, markets, and supports products used by a broad installed base of enterprises, businesses, governments, individuals, and cryptography experts to secure proprietary and confidential information.

During the past ten years, PGP® technology has built a global reputation for open and trusted security products. The PGP Corporation family of products includes PGP® Universal—an automatic, self-managing, network-based solution for enterprises—as well as desktop, mobile, and SDK solutions. Venture funding is provided by DCM-Doll Capital Management and Venrock Associates. Contact PGP Corporation at www.pgp.com or +1 650 319 9000.

 
PGP is a registered trademark and the PGP logo is a trademark of PGP Corporation. Product and brand names used in this document may be trademarks or registered trademarks of their respective owners. Any such trademarks or registered trademarks are the sole property of their respective owners.