SECURING MULTIFACTOR SPLIT KEY ASYMMETRIC CRYPTO KEYS

US 20100202609A1
Filed: 03/23/2010
Published: 08/12/2010
Est. Priority Date: 02/14/2005
Status: Active Grant

First Claim

Patent Images

1. A method for securing an asymmetric crypto-key having a public key and a split private key with multiple private portions, comprising:

storing a first one of multiple factors, all of which are under the control of a user and are required to generate a first private portion of the split private key, the first private portion not stored in a persistent state;

storing a second private portion of the split private key under control of an entity other than the user; and

generating the first private portion by cryptographically signing a second one of the multiple factors with the first factor;

wherein the first private portion and the second private portion are combinable to form a complete private key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for securing an asymmetric crypto-key having a public key and a split private key with multiple private portions are provided. A first one of multiple factors is stored. All of the factors are under the control of a user and all are required to generate a first private portion of the split private key. The first private portion not stored in a persistent state. A second private portion of the split private key under control of an entity other than the user is also stored. The first private portion and the second private portion are combinable to form a complete private portion.

126 Citations

View as Search Results

22 Claims

1. A method for securing an asymmetric crypto-key having a public key and a split private key with multiple private portions, comprising:
- storing a first one of multiple factors, all of which are under the control of a user and are required to generate a first private portion of the split private key, the first private portion not stored in a persistent state;
  
  storing a second private portion of the split private key under control of an entity other than the user; and
  
  generating the first private portion by cryptographically signing a second one of the multiple factors with the first factor;
  
  wherein the first private portion and the second private portion are combinable to form a complete private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 10)
- - 2. The method of claim 1, wherein the first factor is stored at a first location, and further comprising:
    - storing, at a second location different than the first location, a third one of the multiple factors;
      
      wherein the generating of the first private portion also includes cryptographically signing the signed second factor with the third factor.
  - 3. The method of claim 1, wherein:
    - the first factor is stored on one of i) a computing device associated with the user, and ii) removable media configured to communicate with the user computing device.
  - 4. The method of claim 1, wherein the second factor is not stored in a persistent state.
  - 5. The method of claim 4, further comprising:
    - generating the second factor based upon a user password.
  - 6. The method of claim 1, wherein the generating of the first private portion also includes combining the signed factor with a salt and iteration count using the algorithm PKCS-5 (sign{Sha-1 (second factor), first factor}, salt, iteration count).
  - 7. The method of claim 1, wherein:
    - the asymmetric crypto-key is a first asymmetric crypto-key;
      
      the first factor is a private key of a second asymmetric crypto-key different than the first asymmetric crypto-key; and
      
      the first factor is one of D_USBand D_tether.
  - 10. The method of claim 2, wherein:
    - the generating of the first private portion also includes combining the signed factor with a salt and iteration count using the algorithm PKCS-5 (sign{Sha-1 (sign {Sha-1 (second factor), first factor}), third factor}, salt, iteration count).

8. The method of 1, further comprising:
- non-persistently storing the generated first private portion for a limited time period; and
  
  during the limited time period applying the stored first private portion to authenticate the user multiple times.

9. (canceled)

11. A system for securing an asymmetric crypto-key having a public key and a split private key with multiple private portions, comprising:
- a first data repository configured to store a first one of multiple factors, all of which are under control of a user and are required to generate a first private portion of the split private key, the first private portion not stored in a persistent state;
  
  a second data repository configured to store a second private portion of the split private key, the second portion under control of an entity other than the user; and
  
  a processor configured to generate the first private portion by cryptographically signing a second one of the multiple factors with the first factor;
  
  wherein the first private portion and the second private portion are combinable to form a complete private key.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 20)
- - 12. The system of claim 11, further comprising:
    - a third data repository configured to store a third one of the multiple factors, the third data repository different than the first data repository;
      
      wherein the processor is further configured to generate the first private portion by also cryptographically signing the signed second factor with the third factor.
  - 13. The system of claim 11, wherein:
    - the first data repository is one of i) non-removable media associated with a user computing device, and ii) removable media configured to communicate with the user computing device.
  - 14. The system of claim 11, wherein the second factor is not stored in a persistent state.
  - 15. The system of claim 14, wherein:
    - the processor is further configured to generate the second factor based upon a user password.
  - 16. The system of claim 11, wherein:
    - the processor is further configured to generate the first private portion by also combining the signed factor with a salt and iteration count by applying the algorithm PKCS-5 (sign{Sha-1 (second factor), first factor}, salt, iteration count).
  - 17. The system of claim 11, wherein:
    - the asymmetric crypto-key is a first asymmetric crypto-key;
      
      the first factor is a private key of a second asymmetric crypto-key different than the first asymmetric crypto-key; and
      
      the first factor is one of D_USBand D_tether.
  - 18. The system of claim 11, further comprising:
    - the processor is further configured to non-persistently store the generated first private portion for a limited time period after generation, andto apply the stored first private portion to authenticate the user multiple times during the limited time.
  - 20. The system of claim 12, wherein:
    - the processor is further configured to generate the first private portion by also combining the signed factor with a salt and iteration count by applying the algorithm PKCS-5 (sign{Sha-1 (sign{Sha-1 (second factor), first factor}), third factor}, salt, iteration count).

19. (canceled)

21. A method for securing an asymmetric crypto-key having a first key and a second key with one of the first key and the second key being a split key having multiple portions, comprising:
- storing a first one of multiple factors, all of which are under the control of a user and are required to generate a first portion of the split key, the first portion not being stored in a persistent state;
  
  storing a second portion of the split key under control of an entity other than the user; and
  
  generating the first private portion by cryptographically signing a second one of the multiple factors with the first factor;
  
  wherein the first portion and the second portion are combinable to form a complete split key.
- View Dependent Claims (22)
- - 22. The method of claim 21, further comprising:
    - generating the second one of the multiple factors based on a user password; and
      
      generating the first portion of the split key by combining the signed factor with a salt and iteration count by applying the algorithm PKCS-5 (sign{Sha-1 (second factor), first factor}, salt, iteration count);
      
      wherein the asymmetric crypto-key is a first asymmetric crypto-key, and the first factor is one of a public key and a private key of a second asymmetric crypto-key different than the first asymmetric crypto-key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
deSa, Colin Joseph, Bellare, Mihir, Ganesan, Ravi, Schoppert, Brett Jason, Sandhu, Ravinderpal Singh

Granted Patent

US 8,340,287 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3228   One-time or temporary data,...

H04L 9/3271   using challenge-response

SECURING MULTIFACTOR SPLIT KEY ASYMMETRIC CRYPTO KEYS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

126 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

SECURING MULTIFACTOR SPLIT KEY ASYMMETRIC CRYPTO KEYS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

126 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others