CertiGuide to Security+  9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)       9  4.5  Key Management and Certificate Lifecycles            9  4.5.7  Recovery

Who Can Perform Key Recovery? 1 4.5.8  Renewal

M of N control is a policy of dividing up a task among multiple entities so that no one person acting alone can perform the entire task. As stated above, it is used to help minimize an organization’s exposure to the risk of one person misusing a privilege, and performing a sensitive action like key recovery without authorization.

One simple approach to M of N control might be to double-encrypt the database of keys, such that two staffers, each assigned one of the keys to the database, are required in order to obtain someone’s private key.

M of N control is also provided by some hardware-based key recovery systems, such as the smart-card based KEON KRM (Key Recovery Module) by RSA to control the private key used for key recovery. Each entity is issued some percentage of the entire private key used for recovery, in the form of a token. In order to perform a key recovery, some number of these entities (M) out of the (N) to whom a portion of the recovery key was distributed, must come together and combine their key fragments. This adds additional security to the key recovery process and minimizes opportunities for abuse of Key Recovery Operator privileges.⁴⁰⁸

M of N Control involves dividing a task among multiple entities so that no one person acting alone can perform the entire task. It is often used to minimize the risk of someone misusing a privilege, such as key recovery.

Who Can Perform Key Recovery? 1 4.5.8  Renewal