Secure data backup and recovery

US 20050283662A1
Filed: 06/21/2004
Published: 12/22/2005
Est. Priority Date: 06/21/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for secure data backup and recovery of an electronic device having a device identification that is unique and unalterable, comprising:

identifying backup data;

encoding a backup data set that comprises the backup data and the device identification for integrity and authentication using a cryptographic key and an integrity function;

generating decoded backup data and a decoded device identification and verifying integrity by decoding a retrieved backup data set using the cryptographic key and the integrity function;

verifying authenticity by matching the decoded device identification to the device identification; and

restoring the backup data with the decoded backup data only when the integrity and authenticity have been verified.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technology provides secure data backup and recovery for an electronic device (100) having a device identification (115) that is unique and unalterable. A method of the technology includes identifying (205) backup data (405, 805, 1205) to be backed up, encoding (210) a backup data set by coding the device identification (115) and the backup data (405, 805, 1205) for integrity and authentication using a cryptographic key (110) and an integrity function, generating (220) decoded backup data (635, 1015, 1435) and decoded device identification (640, 1020, 1440) by decoding a retrieved backup data set (605, 1005, 1405) using the the cryptographic key (115) and the integrity function, and restoring (225) the backup data with the decoded backup data only when the integrity has been verified and the decoded device identification and the device identification match. Three methods of encoding and decoding are described.

Citations

19 Claims

1. A method for secure data backup and recovery of an electronic device having a device identification that is unique and unalterable, comprising:
- identifying backup data;
  
  encoding a backup data set that comprises the backup data and the device identification for integrity and authentication using a cryptographic key and an integrity function;
  
  generating decoded backup data and a decoded device identification and verifying integrity by decoding a retrieved backup data set using the cryptographic key and the integrity function;
  
  verifying authenticity by matching the decoded device identification to the device identification; and
  
  restoring the backup data with the decoded backup data only when the integrity and authenticity have been verified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method according to claim 1, wherein the integrity function uses a hash function on the backup data and the device identification.
  - 3. The method according to claim 1, wherein the cryptographic key is a symmetric key.
  - 4. The method according to claim 3, wherein the symmetric key is a secret key.
  - 5. The method according to claim 1, wherein the cryptographic key is a public/private key pair.
  - 6. The method according to claim 5, wherein the private key is secret.
  - 7. The method according to claim 5, wherein the public key is tamper proof.
  - 8. The method according to claim 1, wherein the cryptographic key is a symmetric key and wherein the encoding comprises:
    - generating a keyed hash of the backup data and the device identification using the cryptographic key and a keyed hash function; and
      
      forming the backup data set from the backup data, the device identification, and the keyed hash.
  - 9. The method according to claim 8, wherein decoding the retrieved backup data set comprises:
    - identifying the backup data, the device identification, and the keyed hash from the retrieved backup data set to be the decoded backup data, the decoded device identification, and a decoded keyed hash;
      
      generating a verifying keyed hash of the decoded backup data and the decoded device identification using the cryptographic key and the keyed hash function; and
      
      comparing the decoded keyed hash to the verifying keyed hash.
  - 10. The method according to claim 1, wherein the cryptographic key is a symmetric key and wherein the encoding comprises:
    - generating a hash of the backup data and the device identification using a hash function; and
      
      forming the backup data set by encrypting the backup data, the device identification, and the hash for privacy using an encryption/decryption function and the cryptographic key.
  - 11. The method according to claim 10, wherein decoding the retrieved backup data set comprises:
    - decrypting the retrieved backup data set to generate the decoded backup data, the decoded device identification, and a decoded hash using the cryptographic key and the encryption/decryption function;
      
      generating a verifying hash of the decoded backup data and the decoded device identification using the hash function; and
      
      comparing the decoded hash to the verifying hash.
  - 12. The method according to claim 1, wherein the cryptographic key is a public key and private key pair and wherein the encoding comprises:
    - generating a digital signature of the backup data and the device identification using a digital signature generation function and the private key; and
      
      forming the backup data set from the backup data, the device identification, and the digital signature.
  - 13. The method according to claim 12, wherein decoding the retrieved backup data set comprises:
    - identifying the backup data, the device identification, and the digital signature from the retrieved backup data set to be the decoded backup data, the decoded device identification, and a decoded digital signature;
      
      verifying the digital signature of the decoded backup data and the decoded device identification using a digital signature verification function, the decoded digital signature, and the public key.
  - 14. The method according to claim 1, wherein the identifying of the backup data is done under control of a trusted backup function that restricts the backup data to be from a defined set of data.
  - 15. The method according to claim 1, further comprising storing and retrieving the encoded backup data set.
  - 16. The method according to claim 15, wherein the backup data set is stored and retrieved by a wireless communication device over a wireless link.
  - 17. The method according to claim 1, wherein the encoding, decoding, and restoring are done under control of a trusted backup function.

18. An apparatus for secure data backup and recovery, comprising:
- a memory for at least one of application and user data;
  
  a trusted backup and recovery function that identifies backup data in the memory for secure backup that is a member of a defined set of authorized backup data;
  
  a cryptographic key function that provides a cryptographic key; and
  
  a unique and unalterable device identification, wherein the trusted backup and recovery function encodes a backup data set that comprises the device identification and the backup data for integrity and authentication using the cryptographic key and an integrity function;
  
  generates decoded backup data and a decoded device identification and verifying integrity by decoding a retrieved backup data set using the cryptographic key and the integrity function;
  
  verifies authenticity by matching the decoded device identification to the device identification; and
  
  restores the backup data with the decoded backup data only when the integrity and authenticity have been verified.

19. An electronic device, comprising:
- a memory for at least one of application and user data;
  
  a trusted backup and recovery function that identifies backup data in the memory for secure backup that is a member of a defined set of authorized backup data;
  
  a cryptographic key function that provides a cryptographic key; and
  
  a unique and unalterable device identification, wherein the trusted backup and recovery function encodes a backup data set that comprises the device identification and the backup data for integrity and authentication using the cryptographic key and an integrity function;
  
  generates decoded backup data and a decoded device identification and verifying integrity by decoding a retrieved backup data set using the cryptographic key and the integrity function;
  
  verifies authenticity by matching the decoded device identification to the device identification; and
  
  restores the backup data with the decoded backup data only when the integrity and authenticity have been verified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Dabbish, Ezzat A., Vogler, Dean H., Li, Yi Q.

Application Number

US10/872,723
Publication Number

US 20050283662A1
Time in Patent Office

Days
Field of Search
US Class Current

714/13
CPC Class Codes

G06F 11/1451   by selection of backup cont...

G06F 11/1458   Management of the backup or...

G06F 11/1469   Backup restoration techniques

G06F 21/6209   to a single file or object,...

Secure data backup and recovery

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data backup and recovery

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links