Secure transmission system
First Claim
1. In a public key encryption system that includes a central key repository and a plurality of users, where a user'"'"'s public key is stored at the central key repository and user'"'"'s associated private key is stored locally on a user'"'"'s computer, a method for recovering lost keys, comprising:
- designating a recovery question and an answer to the recovery question;
encrypting the user'"'"'s private key using a first hash of the answer as a session key in a symmetric key encryption process;
hashing the answer a predetermined number of times to generate a second hash of the answer;
storing the second hash and the recovery question at the central key repository without exposing the answer to the recovery question to the central key repository;
and when prompted by the user to recover a lost private key;
receiving the answer;
hashing the answer the predetermined number of time to generate a third hash and transmitting the third hash to the central key repository without transmitting the answer itself;
comparing the second and third hashes;
if the second and third hashes match, returning the encrypted private key to the user; and
decrypting the private key using the first hash and storing the private key.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for transferring a message securely from a sender to a recipient over a network and includes at each transfer: creating a message; retrieving the public key of the recipient from an external key server just prior to sending the message; signing the message using the private key of the sender; encrypting the signed message using a public key encryption algorithm and the public key of the recipient producing an encrypted signed message; generating an E-mail message addressed to the recipient; attaching the encrypted signed message as an attachment to the E-mail message; and, transmitting the E-mail message to the recipient.
155 Citations
8 Claims
-
1. In a public key encryption system that includes a central key repository and a plurality of users, where a user'"'"'s public key is stored at the central key repository and user'"'"'s associated private key is stored locally on a user'"'"'s computer, a method for recovering lost keys, comprising:
-
designating a recovery question and an answer to the recovery question;
encrypting the user'"'"'s private key using a first hash of the answer as a session key in a symmetric key encryption process;
hashing the answer a predetermined number of times to generate a second hash of the answer;
storing the second hash and the recovery question at the central key repository without exposing the answer to the recovery question to the central key repository;
and when prompted by the user to recover a lost private key;
receiving the answer;
hashing the answer the predetermined number of time to generate a third hash and transmitting the third hash to the central key repository without transmitting the answer itself;
comparing the second and third hashes;
if the second and third hashes match, returning the encrypted private key to the user; and
decrypting the private key using the first hash and storing the private key. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method for recovering lost data, comprising:
-
determining a recovery question having an answer to the recovery question;
encrypting data using a first hash of the answer as a symmetric key, wherein the answer has been hashed a first predetermined number of times to generate the first hash of the answer;
hashing the answer a second predetermined number of times to generate a second hash of the answer, wherein the first predetermined number of times differs from the second predetermined number of times;
storing the encrypted data, the second hash and the recovery question at a central repository, wherein the central repository does not receive the answer to the recovery question;
upon receiving a request for the data, providing the recovery question to a user and requesting the answer from the user;
upon the user providing the answer, hashing the provided answer the second predetermined number of times to generate a third hash of the answer;
transmitting the third hash to the central repository without transmitting the provided answer;
comparing the second and third hashes;
if the second and third hashes match, sending the encrypted data to the user; and
decrypting the encrypted data using the symmetric key. - View Dependent Claims (7, 8)
-
Specification