Recovering a key in a secure manner
First Claim
1. A method, comprising:
- transmitting, from a first user device to a secure community server, a key distribution request, wherein the key distribution request identifies a second user device, and the first user device and the second user device are members of a same secure community managed by the secure community server;
transmitting, from the first user device, a first portion of a recovery key to the secure community server for forwarding to the second user device, wherein the secure community server forwards the first portion of the recovery key to the second user device;
transmitting, from the first user device, a second portion of the recovery key to the secure community server, wherein the second portion of the recovery key is stored at the secured community server without being further distributed to other user devices;
after transmitting the first portion and the second portion of the recovery key, discarding the first portion and the second portion of the recovery key at the first user device;
transmitting a key recovery request to the secure community server for recovering the recovery key; and
in response to the key recovery request;
receiving, from the secure community server, the second portion of the recovery key that has not been further distributed to other user devices, wherein the received second portion of the recovery key is encrypted using a public key of the first user device; and
receiving the first portion of the recovery key from the second user device.
3 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure describes methods and systems, including computer-implemented methods, computer program products, and computer systems, for distributing recovery keys. One method includes: transmitting, from a first user device to a secure community server, a key distribution request, wherein the key distribution request identifies a second user device, and the first user device and the second user device are members of a same secure community managed by the secure community server; transmitting a first portion of a recovery key to secure community server for forwarding to the second user device; transmitting a second portion of the recovery key to the secure community server; and discarding the first portion and the second portion of the recovery key at the first user device.
26 Citations
12 Claims
-
1. A method, comprising:
-
transmitting, from a first user device to a secure community server, a key distribution request, wherein the key distribution request identifies a second user device, and the first user device and the second user device are members of a same secure community managed by the secure community server; transmitting, from the first user device, a first portion of a recovery key to the secure community server for forwarding to the second user device, wherein the secure community server forwards the first portion of the recovery key to the second user device; transmitting, from the first user device, a second portion of the recovery key to the secure community server, wherein the second portion of the recovery key is stored at the secured community server without being further distributed to other user devices; after transmitting the first portion and the second portion of the recovery key, discarding the first portion and the second portion of the recovery key at the first user device; transmitting a key recovery request to the secure community server for recovering the recovery key; and in response to the key recovery request; receiving, from the secure community server, the second portion of the recovery key that has not been further distributed to other user devices, wherein the received second portion of the recovery key is encrypted using a public key of the first user device; and receiving the first portion of the recovery key from the second user device. - View Dependent Claims (2, 3, 4)
-
-
5. A first user device, comprising:
-
at least one hardware processor; a non-transitory computer-readable storage medium coupled to the at least one hardware processor and storing programming instructions for execution by the at least one hardware processor, wherein the programming instructions instruct the at least one hardware processor to; transmit, from the first user device to a secure community server, a key distribution request, wherein the key distribution request identifies a second user device, and the first user device and the second user device are members of a same secure community managed by the secure community server; transmit, from the first user device, a first portion of a recovery key to the secure community server for forwarding to the second user device, wherein the secure community server forwards the first portion of the recovery key to the second user device; transmit, from the first user device, a second portion of the recovery key to the secure community server, wherein the second portion of the recovery key is stored at the secured community server without being further distributed to other user devices; after transmitting the first portion and the second portion of the recovery key, discard the first portion and the second portion of the recovery key at the first user device; transmit a key recovery request to the secure community server for recovering the recovery key; and in response to the key recovery request; receive, from the secure community server, the second portion of the recovery key that has not been further distributed to other user devices, wherein the received second portion of the recovery key is encrypted using a public key of the first user device; and receive the first portion of the recovery key from the second user device. - View Dependent Claims (6, 7, 8)
-
-
9. A non-transitory computer-readable medium containing instructions which, when executed, cause a computing device to perform operations comprising:
-
transmitting, from a first user device to a secure community server, a key distribution request, wherein the key distribution request identifies a second user device, and the first user device and the second user device are members of a same secure community managed by the secure community server; transmitting, from the first user device, a first portion of a recovery key to the secure community server for forwarding to the second user device, wherein the secure community server forwards the first portion of the recovery key to the second user device; transmitting, from the first user device, a second portion of the recovery key to the secure community server, wherein the second portion of the recovery key is stored at the secured community server without being further distributed to other user devices; after transmitting the first portion and the second portion of the recovery key, discarding the first portion and the second portion of the recovery key at the first user device; transmitting a key recovery request to the secure community server for recovering the recovery key; and in response to the key recovery request; receiving, from the secure community server, the second portion of the recovery key that has not been further distributed to other user devices, wherein the received second portion of the recovery key is encrypted using a public key of the first user device; and receiving the first portion of the recovery key from the second user device. - View Dependent Claims (10, 11, 12)
-
Specification