SECURING MULTIFACTOR SPLIT KEY ASYMMETRIC CRYPTO KEYS
First Claim
1. A method for securing an asymmetric crypto-key having a public key and a split private key with multiple private portions, comprising:
- storing a first one of multiple factors, all of which are under the control of a user and are required to generate a first private portion of the split private key, the first private portion not stored in a persistent state;
storing a second private portion of the split private key under control of an entity other than the user; and
generating the first private portion by cryptographically signing a second one of the multiple factors with the first factor;
wherein the first private portion and the second private portion are combinable to form a complete private key.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for securing an asymmetric crypto-key having a public key and a split private key with multiple private portions are provided. A first one of multiple factors is stored. All of the factors are under the control of a user and all are required to generate a first private portion of the split private key. The first private portion not stored in a persistent state. A second private portion of the split private key under control of an entity other than the user is also stored. The first private portion and the second private portion are combinable to form a complete private portion.
126 Citations
22 Claims
-
1. A method for securing an asymmetric crypto-key having a public key and a split private key with multiple private portions, comprising:
-
storing a first one of multiple factors, all of which are under the control of a user and are required to generate a first private portion of the split private key, the first private portion not stored in a persistent state; storing a second private portion of the split private key under control of an entity other than the user; and generating the first private portion by cryptographically signing a second one of the multiple factors with the first factor; wherein the first private portion and the second private portion are combinable to form a complete private key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 10)
-
-
8. The method of 1, further comprising:
-
non-persistently storing the generated first private portion for a limited time period; and during the limited time period applying the stored first private portion to authenticate the user multiple times.
-
-
9. (canceled)
-
11. A system for securing an asymmetric crypto-key having a public key and a split private key with multiple private portions, comprising:
-
a first data repository configured to store a first one of multiple factors, all of which are under control of a user and are required to generate a first private portion of the split private key, the first private portion not stored in a persistent state; a second data repository configured to store a second private portion of the split private key, the second portion under control of an entity other than the user; and a processor configured to generate the first private portion by cryptographically signing a second one of the multiple factors with the first factor; wherein the first private portion and the second private portion are combinable to form a complete private key. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 20)
-
-
19. (canceled)
-
21. A method for securing an asymmetric crypto-key having a first key and a second key with one of the first key and the second key being a split key having multiple portions, comprising:
-
storing a first one of multiple factors, all of which are under the control of a user and are required to generate a first portion of the split key, the first portion not being stored in a persistent state; storing a second portion of the split key under control of an entity other than the user; and generating the first private portion by cryptographically signing a second one of the multiple factors with the first factor; wherein the first portion and the second portion are combinable to form a complete split key. - View Dependent Claims (22)
-
Specification