Method for encryption backup and method for decryption restoration

US 20050228994A1
Filed: 02/22/2005
Published: 10/13/2005
Est. Priority Date: 04/13/2004
Status: Abandoned Application

First Claim

Patent Images

1. An encryption backup method to be executed by an authenticated device of a system having at least the authenticated device and a backup apparatus as components, comprising the steps of:

generating an encryption/decryption key to encrypt client data therewith;

storing the encryption/decryption key in a storage apparatus;

accepting an arbitrary password through a predetermined input interface;

storing the password as a first password in the storage apparatus;

generating a reissue data processing key from the first password; and

encrypting the encryption/decryption key with the reissue data processing key to generate reissue data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A backup method which encrypts user data with an encryption/decryption key generated in an authenticated device; generates a reissue data processing key from a password and a device key in the authenticated device; generates reissue data by encrypting the encryption/decryption key with the generated key; furthermore, generates emergency reissue data by encrypting the password, an authority ID, and the like with an emergency reissue data processing key generated from an insurer key and a users organization key; and backs up the encrypted user data, the reissue data, and the emergency reissue data in a server.

Citations

26 Claims

1. An encryption backup method to be executed by an authenticated device of a system having at least the authenticated device and a backup apparatus as components, comprising the steps of:
- generating an encryption/decryption key to encrypt client data therewith;
  
  storing the encryption/decryption key in a storage apparatus;
  
  accepting an arbitrary password through a predetermined input interface;
  
  storing the password as a first password in the storage apparatus;
  
  generating a reissue data processing key from the first password; and
  
  encrypting the encryption/decryption key with the reissue data processing key to generate reissue data.
- View Dependent Claims (3, 5, 7, 8)
- - 3. The encryption backup method according to claim 1, further comprising the steps of:
    - accepting second and third passwords from the user through the predetermined input interface;
      
      comparing the second password with the first password stored in the storage apparatus, and when these match, replacing the third password with the first password stored in the storage apparatus;
      
      generating a second reissue data processing key from the third password; and
      
      encrypting the encryption/decryption key with the second reissue data processing key thereby generating second reissue data.
  - 5. The encryption backup method according to claim 1, further comprising the step of:
    - encrypting the first password using an insurer key stored in the storage apparatus so as to be associated with a restoration insurer for backed-up, encrypted client data, thereby generating emergency reissue data.
  - 7. The encryption backup method according to claim 1, further comprising the step of:
    - encrypting the encryption/decryption key using an insurer key stored in the storage apparatus so as to be associated with a restoration insurer for backed-up, encrypted client data, thereby generating emergency reissue data.
  - 8. The encryption backup method according to claim 1, further comprising the step of:
    - the authenticated device sending an apparatus storing client data an encryption backup instruction containing at least the encryption/decryption key to encrypt the client data therewith.

2. An encryption backup method to be executed by an authenticated device of a system having at least the authenticated device and a backup apparatus as components, comprising the steps of:
- accepting an arbitrary password through a predetermined input interface;
  
  storing the password as a first password in a storage apparatus; and
  
  generating a reissue data processing key to encrypt client data therewith from a device key stored in the storage apparatus and the first password.
- View Dependent Claims (9)
- - 9. The encryption backup method according to claim 2, further comprising the step of:
    - the authenticated device sending an apparatus storing client data an encryption backup instruction containing at least the reissue data processing key to encrypt the client data therewith.

4. An encryption backup method to be executed by an authenticated device of a system having at least the authenticated device and a backup apparatus as components, comprising the steps of:
- accepting an arbitrary password through a predetermined input interface;
  
  storing the password as a first password in the storage apparatus;
  
  generating a reissue data processing key to encrypt client data with from the first password; and
  
  encrypting the first password using an insurer key stored in the storage apparatus so as to be associated with a restoration insurer for backed-up, encrypted client data, thereby generating emergency reissue data.
- View Dependent Claims (6)
- - 6. The encryption backup method according to claim 4, wherein not the first password but the reissue data processing key is encrypted using the insurer key.

10. A decryption restoration method to be executed by an authenticated device of a system having at least the authenticated device and a backup apparatus as components, comprising the steps of:
- accepting an arbitrary password through a predetermined input interface;
  
  generating a reissue data processing key from the password;
  
  acquiring reissue data generated beforehand by encrypting an encryption/decryption key with a reissue data processing key generated from a first password that is an arbitrary password accepted through the input interface, from an information processing apparatus storing the reissue data; and
  
  decrypting the reissue data with the reissue data processing key generated in the generating step thereby taking out the encryption/decryption key to decrypt encrypted client data therewith.
- View Dependent Claims (17)
- - 17. The decryption restoration method according to claim 10, further comprising the step of:
    - the authenticated device sending an apparatus storing encrypted client data a decryption restoration instruction containing at least the encryption/decryption key to decrypt the encrypted client data therewith.

11. A decryption restoration method to be executed by an authenticated device of a system having at least the authenticated device and a backup apparatus as components, comprising the steps of:
- accepting an arbitrary password through a predetermined input interface; and
  
  generating a reissue data processing key to decrypt encrypted client data therewith from a device key stored in a storage apparatus and the password.
- View Dependent Claims (18)
- - 18. The decryption restoration method according to claim 11, further comprising the step of:
    - the authenticated device sending an apparatus storing encrypted client data a decryption restoration instruction containing at least the reissue data processing key to decrypt the encrypted client data therewith.

12. A decryption restoration method to be executed by an authenticated device of a system having at least the authenticated device and a backup apparatus as components, comprising the steps of:
- acquiring emergency reissue data generated beforehand by encrypting a first password, that is an arbitrary password accepted through an input interface, using an insurer key stored in a storage apparatus so as to be associated with a restoration insurer for backed-up, encrypted client data, from an information processing apparatus storing the emergency reissue data;
  
  decrypting the emergency reissue data using the insurer key stored in the storage apparatus thereby taking out the first password; and
  
  generating a reissue data processing key to decrypt encrypted client data therewith from the first password.
- View Dependent Claims (19, 20)
- - 19. The decryption restoration method according to claim 12, further comprising the steps of:
    - the authenticated device decrypting the reissue data with an emergency reissue data processing key to acquire a restoration authority list included in the reissue data;
      
      performing authority identification that compares information about restoration authorities written in the list with information held by the authenticated device;
      
      reading out a value of execution authority strength set for each restoration authority identified successfully by the authority identification from the list and calculating a sum of those values; and
      
      when the sum is at or above a predetermined threshold value, sending a user terminal of a restoration authority an instruction to perform an emergency restoration process.
  - 20. The decryption restoration method according to claim 19, further comprising the steps of:
    - calculating the number of restoration authorities in the list identified successfully by the authority identification; and
      
      when the number is at or above a predetermined threshold value, sending a user terminal of a restoration authority an instruction to perform an emergency restoration process.

13. A decryption restoration method to be executed by an authenticated device of a system having at least the authenticated device and a backup apparatus as components, comprising the steps of:
- acquiring emergency reissue data generated beforehand by encrypting a first password that is an arbitrary password accepted through an input interface, using an insurer key stored in a storage apparatus so as to be associated with a restoration insurer for backed-up, encrypted client data, from an information processing apparatus storing the emergency reissue data;
  
  decrypting the emergency reissue data using the insurer key stored in the storage apparatus thereby taking out the first password;
  
  generating a reissue data processing key from the first password;
  
  acquiring reissue data generated beforehand by encrypting an encryption/decryption key with a reissue data processing key generated from a first password that is an arbitrary password accepted through the input interface, from an information processing apparatus storing the reissue data; and
  
  decrypting the reissue data with the reissue data processing key generated in the generating step thereby taking out the encryption/decryption key to decrypt encrypted client data therewith.

14. A decryption restoration method to be executed by an authenticated device of a system having at least the authenticated device and a backup apparatus as components, comprising the steps of:
- acquiring emergency reissue data generated beforehand by encrypting a first password that is an arbitrary password accepted through an input interface, using an insurer key stored in a storage apparatus so as to be associated with a restoration insurer for backed-up, encrypted client data, from an information processing apparatus storing the emergency reissue data;
  
  decrypting the emergency reissue data using the insurer key stored in the storage apparatus so as to be associated with the restoration insurer for backed-up, encrypted client data, thereby taking out the first password; and
  
  generating a reissue data processing key to decrypt encrypted client data therewith from the first password and a device key stored in the storage apparatus.

15. A decryption restoration method to be executed by an authenticated device of a system having at least the authenticated device and a backup apparatus as components, comprising the steps of:
- acquiring emergency reissue data generated beforehand by encrypting an encryption/decryption key to encrypt/decrypt encrypted client data with generated in the authenticated device, using an insurer key stored in a storage apparatus so as to be associated with a restoration insurer for backed-up, encrypted client data, from an information processing apparatus storing the emergency reissue data; and
  
  decrypting the emergency reissue data using the insurer key stored in the storage apparatus, thereby taking out the encryption/decryption key.

16. A decryption restoration method to be executed by an authenticated device of a system having at least the authenticated device and a backup apparatus as components, comprising the steps of:
- acquiring emergency reissue data generated beforehand by encrypting a reissue data processing key generated from a first password that is an arbitrary password accepted through an input interface, using an insurer key stored in a storage apparatus so as to be associated with a restoration insurer for backed-up, encrypted client data, from an information processing apparatus storing the emergency reissue data;
  
  decrypting the emergency reissue data using the insurer key stored in the storage apparatus thereby taking out the reissue data processing key;
  
  acquiring reissue data generated beforehand by encrypting an encryption/decryption key with a reissue data processing key generated from a first password that is an arbitrary password accepted through the input interface, from an information processing apparatus storing the reissue data; and
  
  decrypting the reissue data with the taken-out reissue data processing key thereby taking out the encryption/decryption key to decrypt encrypted client data therewith.

21. An encryption backup method to be executed by a backup apparatus of a system having at least an authenticated device and the backup apparatus as components, comprising the steps of:
- accepting client data encrypted with an encryption/decryption key generated in the authenticated device through a predetermined input interface; and
  
  accepting reissue data generated by encrypting the encryption/decryption key with a reissue data processing key generated in the authenticated device from an arbitrary password through a predetermined input interface.
- View Dependent Claims (24, 26)
- - 24. The encryption backup method according to claim 21, further comprising the step of:
    - accepting emergency reissue data generated by encrypting the arbitrary password with an insurer key stored in the authenticated device through a predetermined input interface.
  - 26. The encryption backup method according to claim 21, further comprising the step of:
    - accepting emergency reissue data generated by encrypting the encryption/decryption key with an insurer key stored in the authenticated device through a predetermined input interface.

22. An encryption backup method to be executed by a backup apparatus of a system having at least an authenticated device and the backup apparatus as components, comprising the step of:
- accepting client data encrypted with a reissue data processing key generated in the authenticated device from a device key stored in the authenticated device and an arbitrary password through a predetermined input interface.

23. An encryption backup method to be executed by a backup apparatus of a system having at least an authenticated device and the backup apparatus as components, comprising the steps of:
- accepting client data encrypted with a reissue data processing key generated in the authenticated device from an arbitrary password through a predetermined input interface; and
  
  accepting emergency reissue data generated by encrypting the arbitrary password with an insurer key stored in the authenticated device through a predetermined input interface.
- View Dependent Claims (25)
- - 25. The encryption backup method according to claim 23, further comprising the step of:
    - accepting emergency reissue data generated by encrypting not the arbitrary password but the reissue data processing key with the insurer key through a predetermined input interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Saito, Motonobu, Kasai, Kaori, Taramura, Takeshi

Application Number

US11/064,911
Publication Number

US 20050228994A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 11/1464   for networked environments

G06F 11/1469   Backup restoration techniques

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/6218   to a system of files or obj...

G06F 2221/2131   Lost password, e.g. recover...

Method for encryption backup and method for decryption restoration

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method for encryption backup and method for decryption restoration

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links