A first trusted authority, such as an originating certification authority, that stores key history data, such as private decryption keys for one or more subscribers, includes a key history exportation engine operative to generate a security key history exportation packet. The security key history exportation packet contains at least encrypted security key history data uniquely associated with a subscriber. A second trusted authority, such as a destination certification authority, includes a security key history importation engine operative to decrypt the security key history exportation packet. The retrieved security key history data then is stored and made accessible through the second trust authority for later access by the subscriber. The second trusted authority serves as a new trust anchor instead of the first trust authority.