Method for Backing Up and Restoring an Encryption Key

US 20080192940A1
Filed: 12/07/2005
Published: 08/14/2008
Est. Priority Date: 03/15/2005
Status: Active Grant

First Claim

Patent Images

1. A method for backing up and restoring an encryption key, which is applicable to an encryption key for data encryption/decryption and generated inside trusted chips, a trusted chip in which an encryption key to be backed up is present being set as a source trusted chip, and a trusted chip in which an encrypted encryption key to be restored is present being set as a destination trusted chip, the method comprising:

creating a backup key for backing up the encryption key inside the source trusted chip;

encrypting the encryption key with the backup key;

exporting the encrypted encryption key from the source trusted chip;

storing the exported encrypted encryption key;

exporting the backup key from the source trusted chip;

setting up an access password of the backup key;

encrypting the backup key and the access password together;

transmitting the backup key and the access password encrypted together to a trusted third party;

storing the backup key and the access password encrypted together received by the trusted third party;

acquiring the backup key from the trusted third party based on the access password;

importing the backup key and the encrypted encryption key to the destination trusted chip when the encrypted encryption key needs to be restored inside the destination trusted chip;

decrypting the encrypted encryption key with the backup key inside the destination trusted chip to obtain the encryption key of the source trusted chip.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention allows creation of a backup key for backing up an encryption key inside a source trusted chip, encrypting the encryption key with the backup key, exporting the encrypted encryption key from the source trusted chip and storing it in a storage device, encrypting the backup key for transmission to a trusted third party. If the encrypted encryption key needs to be restored inside a destination trusted chip, the backup key and the encryption key encrypted with the backup key are imported to the destination trusted chip, where the encrypted encryption key is decrypted with the backup key inside the destination trusted chip to obtain the encryption key of the source trusted chip.

Citations

13 Claims

1. A method for backing up and restoring an encryption key, which is applicable to an encryption key for data encryption/decryption and generated inside trusted chips, a trusted chip in which an encryption key to be backed up is present being set as a source trusted chip, and a trusted chip in which an encrypted encryption key to be restored is present being set as a destination trusted chip, the method comprising:
- creating a backup key for backing up the encryption key inside the source trusted chip;
  
  encrypting the encryption key with the backup key;
  
  exporting the encrypted encryption key from the source trusted chip;
  
  storing the exported encrypted encryption key;
  
  exporting the backup key from the source trusted chip;
  
  setting up an access password of the backup key;
  
  encrypting the backup key and the access password together;
  
  transmitting the backup key and the access password encrypted together to a trusted third party;
  
  storing the backup key and the access password encrypted together received by the trusted third party;
  
  acquiring the backup key from the trusted third party based on the access password;
  
  importing the backup key and the encrypted encryption key to the destination trusted chip when the encrypted encryption key needs to be restored inside the destination trusted chip;
  
  decrypting the encrypted encryption key with the backup key inside the destination trusted chip to obtain the encryption key of the source trusted chip.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method according to claim 1, wherein the encrypted encryption key exported from the source trusted chip is stored in a memory device.
  - 3. The method according to claim 2, wherein the memory device is selected from the group consisting of a floppy disk, a mobile hard disk and a terminal where the source trusted chip is located.
  - 4. The method according to claim 1, further comprising:
    - before the steps of encrypting the backup key and the access password together and then transmitting the backup key and the access password encrypted together to a trusted third party, performing identity authentication between a terminal where the source trusted chip is located and the trusted third party; and
      
      before the step of acquiring the backup key from the trusted third party based on the access password, performing identity authentication between a terminal where the destination trusted chip is located and the trusted third party.
  - 5. The method according to claim 4, wherein the step of performing identity authentication between the terminal where the source trusted chip is located and the trusted third party is selected from the group consisting of bilateral identity authentication and unilateral identity authentication, and wherein the step of performing identity authentication between the terminal where the destination trusted chip is located and the trusted third party is selected from the group consisting of bilateral identity authentication or unilateral identity authentication.
  - 6. The method according to claim 1,wherein the step of encrypting said backup key and the access password together comprises the steps of:
    - acquiring a public key of the trusted third party by a terminal where the source trusted chip is located;
      
      encrypting together the backup key and the password with the public key and transmitting the backup key and the access password encrypted together to the trusted third party; and
      
      wherein the step of storing the backup key and the access password encrypted together received by the trusted third party comprises acquiring directly the backup key and the access password encrypted together.
  - 7. The method according to claim 6, wherein the step of acquiring the backup key from the trusted third party based on the access password comprises the steps of:
    - transmitting the access password and an acquired public key of the destination trusted chip to the trusted third party;
      
      decrypting the backup key and the access password encrypted together using a private key of the trusted third party to acquire the backup key and the access password;
      
      confirming consistency the access password corresponding to the backup key;
      
      encrypting the backup key with the public key of the destination trusted chip;
      
      transmitting the encrypted information backup key encrypted with the public key of the destination trusted chip to the destination trusted chip by the trusted third party; and
      
      decrypting the encrypted backup key encrypted with the public key of the destination trusted chip with the private key of the destination trusted chip to acquire the backup key by the destination trusted chip.
  - 8. The method according to claim 7, wherein the trusted third party comprises a device having a third party trusted chip, wherein the trusted third party fulfills both the decryption of the encrypted backup key with the private key of the trusted third party and the encryption of the backup key with the public key of the destination trusted chip inside the third party trusted chip.
  - 9. The method according to claim 1, wherein the backup key is selected from the group consisting of a pair of public and private keys and a symmetrical key and wherein the private key of the backup key is transmitted to the trusted third party if the backup key is a pair of public and private keys.
  - 10. The method according to claim 1, the method further comprising:
    - returning reception-confirming information by the trusted third party to a terminal where the source trusted chip is located, the reception-confirming information includes the backup key, received time stamp and certificate information of the trusted third party and is RSA-signed.
  - 11. The method according to claim 1, the method further comprising:
    - returning reception-confirming information by a terminal where the destination trusted chip is located to the trusted third party, the reception-confirming information includes the backup key, received time stamp and certificate information of the terminal where the destination trusted chip is located and is RSA-signed.
  - 12. The method according to claim 1, wherein the backup key and the access password encrypted together are transmitted to the trusted third party in a manner selected from the group consisting of immediately and with a delay of preset time period.
  - 13. The method according to claim 1, wherein at least one of trusted chip is a security chip TPM.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Beijing Lenovo Software Ltd (Lenovo Group Ltd.), Lenovo (Beijing) Limited (Lenovo Group Ltd.)
Original Assignee
Beijing Lenovo Software Ltd (Lenovo Group Ltd.), Lenovo (Beijing) Limited (Lenovo Group Ltd.)
Inventors
Feng, Rongfeng, Yin, Ping, Wu, Qiuxin

Granted Patent

US 8,055,911 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/286
CPC Class Codes

H04L 9/0894 Escrow, recovery or storing...

Method for Backing Up and Restoring an Encryption Key

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method for Backing Up and Restoring an Encryption Key

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links