Client controlled data recovery management

US 20030035548A1
Filed: 08/17/2001
Published: 02/20/2003
Est. Priority Date: 08/17/2001
Status: Active Grant

First Claim

Patent Images

1. A method in a data processing system for requesting a digital certificate from a certificate authority and archiving an encryption key outside of the certificate authority, comprising:

receiving a request from a user for a digital certificate; and

receiving an indication of proof of archival of the user'"'"'s encryption key associated with the request, wherein the user'"'"'s encryption key is archived under control of an entity other than the certificate authority.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems in accordance with the present invention allow users'"'"' private keys corresponding to their digital certificates to be stored and archived outside of the control of a Certificate Authority (“CA”). A CA may have a policy that a user'"'"'s private key must be archived in order to receive a digital certificate upon a registration request from the user. Typically, the CA knows that the user'"'"'s private key is archived because it implements the archival of the key, for example, on a data recovery manager and associated internal database that the CA controls. Methods and systems in accordance with the present invention allow for the enforcement of such a policy while allowing the archival of the private keys to be outside of the control of the CA by having a data recovery manager supply a digitally signed proof of archival token with a digital certificate request to a CA. The CA is assured that the key has been archived. Methods and systems allow for the data recovery manager and a database of archived keys to be controlled by other entities, including the user or client, for example.

90 Citations

View as Search Results

33 Claims

1. A method in a data processing system for requesting a digital certificate from a certificate authority and archiving an encryption key outside of the certificate authority, comprising:
- receiving a request from a user for a digital certificate; and
  
  receiving an indication of proof of archival of the user'"'"'s encryption key associated with the request, wherein the user'"'"'s encryption key is archived under control of an entity other than the certificate authority.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising the step of sending a digital certificate associated with the user in response to the received request and indication of proof of archival.
  - 3. The method of claim 1, further comprising the step of receiving the user'"'"'s encryption key.
  - 4. The method of claim 3, wherein the encryption key is encrypted during transmission, and wherein the method further comprises the step of decrypting the encrypted encryption key.
  - 5. The method of claim 3, wherein the encryption key is the user'"'"'s private key.
  - 6. The method of claim 4, wherein the data processing system comprises a data recovery manager that receives and manages archiving of the encryption key, and wherein the encryption key is encrypted during transmission using the data recovery manager'"'"'s public transport key.
  - 7. The method of claim 1, wherein the indication of proof of archival is digitally signed, and wherein the method further comprises the step of verifying a digital signature on the indication of proof of archival.
  - 8. The method of claim 7, wherein the data processing system includes a data recovery manager that receives and manages archiving of the encryption key, and wherein the indication of proof of archival is digitally signed by the data recovery manager.
  - 9. The method of claim 1, wherein the user'"'"'s encryption key is archived under control of the user.

10. A method in a data processing system for requesting a digital certificate from a certificate authority and archiving an encryption key outside of the certificate authority, comprising:
- sending a request for a digital certificate, the request having an indication of proof of archival of an encryption key for the user; and
  
  receiving a digital certificate in response to the request.
- View Dependent Claims (11)
- - 11. The method of claim 10, further comprising the step of digitally signing the indication of proof of archival of the encryption key.

12. A method in a data processing system for archiving an encryption key by an entity other than a certificate authority, comprising:
- receiving an encryption key for archiving;
  
  archiving the received encryption key;
  
  creating an indication of proof of archival of the received encryption key; and
  
  sending the indication of proof of archival.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, further comprising the step of digitally signing the indication proof of archival.
  - 14. The method of claim 13, wherein the archiving step further comprises the step of archiving the received encryption key under control of a user.

15. A data processing system for requesting a digital certificate from a certificate authority and archiving an encryption key outside of the certificate authority, comprising:
- a memory having program instructions; and
  
  a processor configured to execute the program instructions to receive a request from a user for a digital certificate, and receive an indication of proof of archival of the user'"'"'s encryption key associated with the request, wherein the user'"'"'s encryption key is archived under control of an entity other than the certificate authority.

16. A data processing system for requesting a digital certificate from a certificate authority and archiving an encryption key outside of the certificate authority, comprising:
- a memory having program instructions; and
  
  a processor configured to execute the program instructions to send a request for a digital certificate, the request having an indication of proof of archival of an encryption key for the user, and receive a digital certificate in response to the request.

17. A data processing system for archiving an encryption key by an entity other than a certificate authority, comprising:
- a memory having program instructions; and
  
  a processor configured to execute the program instructions to receive an encryption key for archiving, archive the received encryption key, create an indication of proof of archival of the received encryption key, and send the indication of proof of archival.

18. A data processing system for requesting a digital certificate from a certificate authority and archiving an encryption key under control of an entity other than the certificate authority, comprising:
- a registration manager configured to receive a digital certificate request including a user'"'"'s encryption key, send the user'"'"'s encryption key, and in response receive an indication of proof of archival;
  
  a data recovery manager configured to receive the user'"'"'s encryption key, send the user'"'"'s encryption key to a database controlled by an entity other than the certificate authority for archiving, create an indication of proof archival and send the indication of proof of archival;
  
  a certificate authority configured to issue a digital certificate when it is determined that an indication proof of archival was received; and
  
  a database, under control of an entity other than the certificate authority, configured to receive and archive the user'"'"'s encryption key.

19. A computer-readable medium containing instructions for controlling a data processing system to perform a method for requesting a digital certificate from a certificate authority and archiving an encryption key outside of the certificate authority, the method comprising the steps of:
- receiving a request from a user for a digital certificate; and
  
  receiving an indication of proof of archival of the user'"'"'s encryption key associated with the request, wherein the user'"'"'s encryption key is archived under control of an entity other than the certificate authority.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The computer-readable medium of claim 19, wherein the method further comprises the step of sending a digital certificate associated with the user in response to the received request and indication of proof of archival.
  - 21. The computer-readable medium of claim 19, wherein the method further comprises the step of receiving the user'"'"'s encryption key.
  - 22. The computer-readable medium of claim 21, wherein the encryption key is encrypted during transmission, and wherein the method further comprises the step of decrypting the encrypted encryption key.
  - 23. The computer-readable medium of claim 21, wherein the encryption key is the user'"'"'s private key.
  - 24. The computer-readable medium of claim 22, wherein the data processing system comprises a data recovery manager that receives and manages archiving of the encryption key, and wherein the encryption key is encrypted during transmission using the data recovery manager'"'"'s public transport key.
  - 25. The computer-readable medium of claim 19, wherein the indication of proof of archival is digitally signed, and wherein the method further comprises the step of verifying a digital signature on the indication of proof of archival.
  - 26. The computer-readable medium of claim 25, wherein the data processing system includes a data recovery manager that receives and manages archiving of the encryption key, and wherein the indication of proof of archival is digitally signed by the data recovery manager.
  - 27. The computer-readable medium of claim 19, wherein the user'"'"'s encryption key is archived under control of the user.

28. A computer-readable medium containing instructions for controlling a data processing system to perform a method for requesting a digital certificate from a certificate authority and archiving an encryption key outside of the certificate authority, the method comprising the steps of:
- sending a request for a digital certificate, the request having an indication of proof of archival of an encryption key for the user; and
  
  receiving a digital certificate in response to the request.
- View Dependent Claims (29)
- - 29. The computer-readable medium of claim 28, wherein the method further comprises the step of digitally signing the indication of proof of archival of the encryption key.

30. A computer-readable medium containing instructions for controlling a data processing system to perform a method for archiving an encryption key by an entity other than a certificate authority, the method comprising the steps of:
- receiving an encryption key for archiving;
  
  archiving the received encryption key;
  
  creating an indication of proof of archival of the received encryption key; and
  
  sending the indication of proof of archival.
- View Dependent Claims (31, 32)
- - 31. The computer-readable medium of claim 30, wherein the method further comprises the step of digitally signing the indication proof of archival.
  - 32. The computer-readable medium of claim 31, wherein the archiving step further comprises the step of archiving the received encryption key under control of a user.

33. A data processing system for requesting a digital certificate from a certificate authority and archiving an encryption key outside of the certificate authority, comprising:
- means for receiving a request from a user for a digital certificate; and
  
  means for receiving an indication of proof of archival of the user'"'"'s encryption key associated with the request, wherein the user'"'"'s encryption key is archived under control of an entity other than the certificate authority.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Netscape Communications Corporation (Apollo Global Management, Inc.)
Inventors
Kwan, Nang Kon

Granted Patent

US 7,050,589 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/286
CPC Class Codes

H04L 63/04   for providing a confidentia...

H04L 63/0823   using certificates cryptogr...

H04L 63/18   using different networks or...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3263   involving certificates, e.g...

Client controlled data recovery management

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

90 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Client controlled data recovery management

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links