Computer system employing a split-secret cryptographic key linked to a password-based cryptographic key security scheme
First Claim
Patent Images
1. A cryptographic system in a computer system, comprising:
- at least one server; and
at least one secret value including a master key, the master key being split into two or more parts wherein fewer than all the parts are required for reassembling the master key, the parts being encrypted by a password-derived or token-based key, each part being associated with a password wherein the at least one server can update the master key by requiring only some of the passwords to be revealed.
4 Assignments
0 Petitions
Accused Products
Abstract
In computer environments where passwords are used to compute retained secrets by methods such as password-based encryption, a need often arises to update these secrets. Retaining the password value, or the keys computed from the password, would be unwise; and requiring each password owner to type in their password would be cumbersome. The present invention describes a method that allows a fully operational system to modify the retained secrets without retaining passwords or requiring human intervention.
-
Citations
7 Claims
-
1. A cryptographic system in a computer system, comprising:
-
at least one server; and
at least one secret value including a master key, the master key being split into two or more parts wherein fewer than all the parts are required for reassembling the master key, the parts being encrypted by a password-derived or token-based key, each part being associated with a password wherein the at least one server can update the master key by requiring only some of the passwords to be revealed. - View Dependent Claims (2, 3, 4)
-
-
5. A method used in a cryptographic system, comprising:
-
providing at least one secret value including a master key;
splitting the master key into two or more parts wherein fewer than all the parts are required for reassembling the master key; and
encrypting the parts by a password-derived or token-based key, each part being associated with a password, wherein the master key can be reassembled by requiring only some of the passwords to be revealed. - View Dependent Claims (6, 7)
-
Specification