Method and system of securely escrowing private keys in a public key infrastructure

US 20040042620A1
Filed: 09/03/2002
Published: 03/04/2004
Est. Priority Date: 09/03/2002
Status: Active Grant

First Claim

Patent Images

1. A method of restricting access to a private key wherein the private key is stored at a primary site, the method comprising:

authenticating, at a secondary site, a key escrow requestor based on a first administrator certificate;

verifying that the authenticated key escrow requester is associated with a key escrow privilege;

receiving a masked session key from the key escrow requester over a secure escrow connection;

storing the masked session key to a memory located at the secondary site;

authenticating, at the secondary site, a key recovery requestor based on a second administrator certificate;

verifying that the key recovery requestor is associated with a key recovery privilege; and

sending the masked session key to the key recovery requestor over a secure recovery connection, the masked session key enabling recovery of the private key.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of restricting access to private keys in a public key infrastructure provides for storage of an encrypted private key at a primary site. A masked session key is stored at a secondary site, where the masked session key enables recovery of the private key. By using distributed storage architecture for recovery data, simplification can be achieved without sacrificing security.

87 Citations

View as Search Results

32 Claims

1. A method of restricting access to a private key wherein the private key is stored at a primary site, the method comprising:
- authenticating, at a secondary site, a key escrow requestor based on a first administrator certificate;
  
  verifying that the authenticated key escrow requester is associated with a key escrow privilege;
  
  receiving a masked session key from the key escrow requester over a secure escrow connection;
  
  storing the masked session key to a memory located at the secondary site;
  
  authenticating, at the secondary site, a key recovery requestor based on a second administrator certificate;
  
  verifying that the key recovery requestor is associated with a key recovery privilege; and
  
  sending the masked session key to the key recovery requestor over a secure recovery connection, the masked session key enabling recovery of the private key.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 further including authenticating a plurality of key escrow requesters based on a corresponding plurality of administrator certificates, authentication of all of the key escrow requestors being required before performing the associating.
  - 3. The method of claim 1 further including authenticating a plurality of key recovery requesters based on a corresponding plurality of administrator certificates, authentication of all of the key recovery requestors being required before performing the sending.

4. A method of restricting access to private keys wherein a protected private key is stored at a primary site, the method comprising:
- storing a protected session value at a secondary site, the protected session value enabling recovery of the private key.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 5. The method of claim 4 further including:
    - authenticating a key escrow requester based on an administrator certificate;
      
      verifying that the authenticated key escrow requester is associated with a key escrow privilege; and
      
      receiving the protected session value from the authenticated key escrow requester over a secure escrow connection.
  - 6. The method of claim 5 further including storing the protected session value to a memory located at the secondary site.
  - 7. The method of claim 5 wherein the authenticated key escrow requester is an administrator at the primary site.
  - 8. The method of claim 5 further including authenticating a plurality of key escrow requesters based on a corresponding plurality of authentication certificates, authentication of all of the key escrow requesters being required before the associating.
  - 9. The method of claim 4 further including:
    - authenticating a key recovery requestor based on an administrator certificate;
      
      retrieving the protected session value from a memory located at the secondary site; and
      
      sending the protected session value to the authenticated key recovery requester over a secure recovery connection.
  - 10. The method of claim 9 further including verifying that the authenticated key recovery requestor is associated with a key recovery privilege.
  - 11. The method of claim 9 wherein the authenticated key recovery requestor is an administrator at the primary site.
  - 12. The method of claim 9 further including authenticating a plurality of key recovery requesters based on a corresponding plurality of administrator certificates, authentication of all of the key recovery requesters being required before performing the sending.
  - 13. The method of claim 9 further including recording the sending in an audit trail.
  - 14. The method of claim 4 wherein the private key is protected by at least one of encrypting the private key with a session key and performing an exclusive-OR (XOR) operation between the private key and a session mask.
  - 15. The method of claim 4 wherein the session value is protected by at least one of performing an exclusive-OR (XOR) operation between the session value and a mask and encrypting the session value with a masking key.
  - 16. The method of claim 4 further including issuing an administrator certificate to an administrator at the primary site.

17. A machine-readable storage medium including a stored set of key escrow instructions capable of being executed by a processor to:
- encrypt a private key of a key pair with a session key;
  
  store a first recovery datum and the encrypted private key at a primary site; and
  
  send a second recovery datum to a secondary site, the first recovery datum and the second recovery datum enabling recovery of the private key.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The medium of claim 17 wherein the instructions are further capable of being executed by a processor to:
    - generate a mask, the first recovery datum including the mask;
      
      perform an exclusive-OR (XOR) operation between the mask and the session key, the XOR operation resulting in a masked session key, the second recovery datum including the masked session key; and
      
      destroying the session key.
  - 19. The medium of claim 18 wherein the instructions are further capable of being executed by a processor to generate the mask based on a pseudo-random string generation algorithm.
  - 20. The medium of claim 18 wherein the mask and the session key have an identical bit length.
  - 21. The medium of claim 17 wherein the first recovery datum is a mask and the second recovery datum is a masked session key.
  - 22. The medium of claim 17 wherein the instructions are further capable of being executed by a processor to:
    - generate the key pair; and
      
      generate the session key.
  - 23. The medium of claim 17 wherein the instructions are further capable of being executed by a processor to send the second recovery datum to the secondary site over a secure escrow connection.

24. A machine-readable storage medium including a stored set of key recovery instructions capable of being executed by a processor to:
- retrieve a first recovery datum and an encrypted private key from a memory located at a primary site;
  
  receive a second recovery datum from a secondary site; and
  
  the decrypting the encrypted private key based on the first recovery datum and the second recovery datum.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The medium of claim 24 wherein the instructions are further capable of being executed by a processor to:
    - performing an exclusive-OR (XOR) operation between the first recovery datum and the second recovery datum, the XOR operation resulting in a session key;
      
      retrieving an encrypted private key from a memory located at the primary site; and
      
      decrypting the encrypted private key based on the session key.
  - 26. The medium of claim 25 wherein the first recovery datum includes a mask and the second recovery datum includes a masked session key.
  - 27. The medium of claim 24 wherein instructions are further capable of being executed by a processor to receive the second recovery datum from the secondary site over a secure recovery connection.
  - 28. The medium of claim 24 wherein the instructions are further capable of being executed by a processor to combine the decrypted private key with a corresponding key pair certificate into a file.

29. A method for recovering a key, including:
- protecting a first key with a session value at a first site;
  
  performing an XOR operation on the session value and a nonce to obtain a masked session value at the first site;
  
  storing the nonce and the protected first key at the first site;
  
  deleting the session value from memory at the first site; and
  
  sending the masked session value to a second site.
- View Dependent Claims (30, 31)
- - 30. The method of claim 29 wherein the first key is protected by at least one of encrypting the first key with a session key and performing an XOR operation between the first key and a session mask.
  - 31. The method of claim 29, including:
    - receiving a key recovery request;
      
      determining if the requester is authentic;
      
      determining if the requester is authorized to recover the key;
      
      if the requester is authentic and authorized to recover the key, then sending the masked session value to the first site;
      
      performing an XOR operation on the nonce and the masked session value at the first site to obtain the session value; and
      
      recovering the protected first key using the session value.

32. A method for recovering a key, including:
- encrypting a key using a secret;
  
  transforming the secret into a first piece of data and a second piece of data;
  
  deleting the secret;
  
  separating the first piece of data from the second piece of data;
  
  reuniting the first and second pieces of data only when certain requirements are met;
  
  after reuniting the first and second pieces of data, transforming the first and second pieces of data into the secret; and
  
  decrypting the key using the secret.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DigiCert Incorporated
Original Assignee
VeriSign, Inc.
Inventors
Andrews, Richard F., Huang, Zhiyong, Ruan, Tom Qi Xiong

Granted Patent

US 6,931,133 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/286
CPC Class Codes

H04L 2209/04 Masking or blinding

H04L 9/0894 Escrow, recovery or storing...

Method and system of securely escrowing private keys in a public key infrastructure

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

32 Claims

Specification

Use Cases

Quick Links

Others

Method and system of securely escrowing private keys in a public key infrastructure

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

32 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others