Secure Escrow Service
First Claim
1. A method of restoring a set of confidential information items of a first device to a second device using a set of servers, the method comprising:
- generating a public and private key pair;
storing the private key and a corresponding access control on the set of servers, the access control allowing access to the private key only to executable code having a same hash value as a hash value of executable code running on the set of server at a time of generating the public and private key pair;
receiving a request to restore the set of confidential information items to the second device, the request comprising a first secure object, the first secure object comprising a second secure object encrypted with said private key, the second object comprising a recovery key encrypted with a first user-specific key, the recovery key encrypting the confidential information requested by the second device, the first user-specific key generated by the first device based on answers to a set of user-specific questions;
decrypting the first secure object using the private key to access the second secure object, the private key accessible only when a hash value of the executable code running on the set of servers at a time of accessing the private key matches the first hash of the executable code running on the set of servers at the time of generating the private key;
receiving a second user-specific key from the second device, the second user-specific key generated based on a same set of user-specific questions used to generate the first user-specific key by the first device;
generating a progressively increasing timeout each time the second user-specific key received from the second device does not match the first user-specific key;
repeating said receiving the second user-specific key and said generating the progressively increasing timeout as long as the second user-specific key received from the second device does not match the first user-specific key;
decrypting the second secure object with the second user-specific key to get the recovery key when the second user-specific key received from the second device matches the first user-specific key; and
sending the recovery key to the second device after the second secure object is decrypted.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.
43 Citations
26 Claims
-
1. A method of restoring a set of confidential information items of a first device to a second device using a set of servers, the method comprising:
-
generating a public and private key pair; storing the private key and a corresponding access control on the set of servers, the access control allowing access to the private key only to executable code having a same hash value as a hash value of executable code running on the set of server at a time of generating the public and private key pair; receiving a request to restore the set of confidential information items to the second device, the request comprising a first secure object, the first secure object comprising a second secure object encrypted with said private key, the second object comprising a recovery key encrypted with a first user-specific key, the recovery key encrypting the confidential information requested by the second device, the first user-specific key generated by the first device based on answers to a set of user-specific questions; decrypting the first secure object using the private key to access the second secure object, the private key accessible only when a hash value of the executable code running on the set of servers at a time of accessing the private key matches the first hash of the executable code running on the set of servers at the time of generating the private key; receiving a second user-specific key from the second device, the second user-specific key generated based on a same set of user-specific questions used to generate the first user-specific key by the first device; generating a progressively increasing timeout each time the second user-specific key received from the second device does not match the first user-specific key; repeating said receiving the second user-specific key and said generating the progressively increasing timeout as long as the second user-specific key received from the second device does not match the first user-specific key; decrypting the second secure object with the second user-specific key to get the recovery key when the second user-specific key received from the second device matches the first user-specific key; and sending the recovery key to the second device after the second secure object is decrypted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of ensuring integrity of a set of secure servers that provide confidential information items to a plurality of devices, the method comprising:
-
generating a common key recognizable by all servers in the set of servers; associating an access control to the common key, the access control allowing access to the common key only to executable code having a same hash value as a hash value of the executable code running on the set of servers at the time of generating the common key; and ignoring a request to send a set of confidential information items to a device when a hash value of the executable code running on the set of servers at the time of receiving the request does not match the hash value of the executable code running on the set of servers at the time of generating the common key. - View Dependent Claims (12, 13)
-
-
14. A non-transitory computer readable medium storing a program for restoring a set of confidential information items of a first device to a second device, the program executable by at least one processing unit in each server in a set of servers, the program comprising sets of instructions for:
-
generating a public and private key pair; storing the private key and a corresponding access control on the set of servers, the access control allowing access to the private key only to executable code having a same hash value as a hash value of executable code running on the set of server at a time of generating the public and private key pair; receiving a request to restore the set of confidential information items to the second device, the request comprising a first secure object, the first secure object comprising a second secure object encrypted with said private key, the second object comprising a recovery key encrypted with a first user-specific key, the recovery key encrypting the confidential information requested by the second device, the first user-specific key generated by the first device based on answers to a set of user-specific questions; decrypting the first secure object using the private key to access the second secure object, the private key accessible only when a hash value of the executable code running on the set of servers at a time of accessing the private key matches the first hash of the executable code running on the set of servers at the time of generating the private key; receiving a second user-specific key from the second device, the second user-specific key generated based on a same set of user-specific questions used to generate the first user-specific key by the first device; generating a progressively increasing timeout each time the second user-specific key received from the second device does not match the first user-specific key; repeating said receiving the second user-specific key and said generating the progressively increasing timeout as long as the second user-specific key received from the second device does not match the first user-specific key; decrypting the second secure object with the second user-specific key to get the recovery key when the second user-specific key received from the second device matches the first user-specific key; and sending the recovery key to the second device after the second secure object is decrypted. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A non-transitory computer readable medium storing a program for ensuring integrity of a set of secure servers that provide confidential information items to a plurality of devices, the program executable by at least one processing unit of each server in the set of servers, the program comprising sets of instructions for:
-
generating a common key recognizable by all servers in the set of servers; associating an access control to the common key, the access control allowing access to the common key only to executable code having a same hash value as a hash value of the executable code running on the set of servers at the time of generating the common key; and ignoring a request to send a set of confidential information items to a device when a hash value of the executable code running on the set of servers at the time of receiving the request does not match the hash value of the executable code running on the set of servers at the time of generating the common key. - View Dependent Claims (25, 26)
-
Specification