Client controlled data recovery management
First Claim
1. A method in a data processing system for requesting a digital certificate from a certificate authority and archiving an encryption key outside of the certificate authority, comprising:
- receiving a request from a user for a digital certificate; and
receiving an indication of proof of archival of the user'"'"'s encryption key associated with the request, wherein the user'"'"'s encryption key is archived under control of an entity other than the certificate authority.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems in accordance with the present invention allow users'"'"' private keys corresponding to their digital certificates to be stored and archived outside of the control of a Certificate Authority (“CA”). A CA may have a policy that a user'"'"'s private key must be archived in order to receive a digital certificate upon a registration request from the user. Typically, the CA knows that the user'"'"'s private key is archived because it implements the archival of the key, for example, on a data recovery manager and associated internal database that the CA controls. Methods and systems in accordance with the present invention allow for the enforcement of such a policy while allowing the archival of the private keys to be outside of the control of the CA by having a data recovery manager supply a digitally signed proof of archival token with a digital certificate request to a CA. The CA is assured that the key has been archived. Methods and systems allow for the data recovery manager and a database of archived keys to be controlled by other entities, including the user or client, for example.
90 Citations
33 Claims
-
1. A method in a data processing system for requesting a digital certificate from a certificate authority and archiving an encryption key outside of the certificate authority, comprising:
-
receiving a request from a user for a digital certificate; and
receiving an indication of proof of archival of the user'"'"'s encryption key associated with the request, wherein the user'"'"'s encryption key is archived under control of an entity other than the certificate authority. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method in a data processing system for requesting a digital certificate from a certificate authority and archiving an encryption key outside of the certificate authority, comprising:
-
sending a request for a digital certificate, the request having an indication of proof of archival of an encryption key for the user; and
receiving a digital certificate in response to the request. - View Dependent Claims (11)
-
-
12. A method in a data processing system for archiving an encryption key by an entity other than a certificate authority, comprising:
-
receiving an encryption key for archiving;
archiving the received encryption key;
creating an indication of proof of archival of the received encryption key; and
sending the indication of proof of archival. - View Dependent Claims (13, 14)
-
-
15. A data processing system for requesting a digital certificate from a certificate authority and archiving an encryption key outside of the certificate authority, comprising:
-
a memory having program instructions; and
a processor configured to execute the program instructions to receive a request from a user for a digital certificate, and receive an indication of proof of archival of the user'"'"'s encryption key associated with the request, wherein the user'"'"'s encryption key is archived under control of an entity other than the certificate authority.
-
-
16. A data processing system for requesting a digital certificate from a certificate authority and archiving an encryption key outside of the certificate authority, comprising:
-
a memory having program instructions; and
a processor configured to execute the program instructions to send a request for a digital certificate, the request having an indication of proof of archival of an encryption key for the user, and receive a digital certificate in response to the request.
-
-
17. A data processing system for archiving an encryption key by an entity other than a certificate authority, comprising:
-
a memory having program instructions; and
a processor configured to execute the program instructions to receive an encryption key for archiving, archive the received encryption key, create an indication of proof of archival of the received encryption key, and send the indication of proof of archival.
-
-
18. A data processing system for requesting a digital certificate from a certificate authority and archiving an encryption key under control of an entity other than the certificate authority, comprising:
-
a registration manager configured to receive a digital certificate request including a user'"'"'s encryption key, send the user'"'"'s encryption key, and in response receive an indication of proof of archival;
a data recovery manager configured to receive the user'"'"'s encryption key, send the user'"'"'s encryption key to a database controlled by an entity other than the certificate authority for archiving, create an indication of proof archival and send the indication of proof of archival;
a certificate authority configured to issue a digital certificate when it is determined that an indication proof of archival was received; and
a database, under control of an entity other than the certificate authority, configured to receive and archive the user'"'"'s encryption key.
-
-
19. A computer-readable medium containing instructions for controlling a data processing system to perform a method for requesting a digital certificate from a certificate authority and archiving an encryption key outside of the certificate authority, the method comprising the steps of:
-
receiving a request from a user for a digital certificate; and
receiving an indication of proof of archival of the user'"'"'s encryption key associated with the request, wherein the user'"'"'s encryption key is archived under control of an entity other than the certificate authority. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A computer-readable medium containing instructions for controlling a data processing system to perform a method for requesting a digital certificate from a certificate authority and archiving an encryption key outside of the certificate authority, the method comprising the steps of:
-
sending a request for a digital certificate, the request having an indication of proof of archival of an encryption key for the user; and
receiving a digital certificate in response to the request. - View Dependent Claims (29)
-
-
30. A computer-readable medium containing instructions for controlling a data processing system to perform a method for archiving an encryption key by an entity other than a certificate authority, the method comprising the steps of:
-
receiving an encryption key for archiving;
archiving the received encryption key;
creating an indication of proof of archival of the received encryption key; and
sending the indication of proof of archival. - View Dependent Claims (31, 32)
-
-
33. A data processing system for requesting a digital certificate from a certificate authority and archiving an encryption key outside of the certificate authority, comprising:
-
means for receiving a request from a user for a digital certificate; and
means for receiving an indication of proof of archival of the user'"'"'s encryption key associated with the request, wherein the user'"'"'s encryption key is archived under control of an entity other than the certificate authority.
-
Specification