Backup System with Multiple Recovery Keys

US 20160352518A1
Filed: 09/30/2015
Published: 12/01/2016
Est. Priority Date: 05/31/2015
Status: Active Grant

First Claim

Patent Images

1. For a particular device in a set of related devices, a method for backing up data synchronized between the set of related devices, the method comprising:

storing the backup data encrypted with a set of data encryption keys;

storing the set of data encryption keys encrypted with a master recovery key; and

storing a plurality of copies of master recovery key data, each copy of the master recovery key data encrypted with a public key of a different one of the related devices, wherein the backup data is only recoverable by accessing a private key of any one of the related devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the set of related devices. The method stores the backup data encrypted with a set of data encryption keys. The method also stores the set of data encryption keys encrypted with a master recovery key. The method also stores several copies of master recovery key data, each copy of the master recovery key data encrypted with a public key of a different one of the related devices. The backup data is only recoverable by accessing a private key of any one of the related devices.

94 Citations

View as Search Results

22 Claims

1. For a particular device in a set of related devices, a method for backing up data synchronized between the set of related devices, the method comprising:
- storing the backup data encrypted with a set of data encryption keys;
  
  storing the set of data encryption keys encrypted with a master recovery key; and
  
  storing a plurality of copies of master recovery key data, each copy of the master recovery key data encrypted with a public key of a different one of the related devices, wherein the backup data is only recoverable by accessing a private key of any one of the related devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the set of data encryption keys are encrypted with a public master recovery key of a public/private master recovery key pair.
  - 3. The method of claim 2, wherein the master recovery key data comprises one of (i) a private master recovery key of the public/private master recovery key pair and (ii) random data from which the public/private master recovery key pair is generated.
  - 4. The method of claim 1, wherein the master recovery key is generated based on random data generated by the particular device.
  - 5. The method of claim 1, wherein the master recovery key is not stored on any of the devices and is only accessible by decrypting one of the copies of the master recovery key with the private key of one of the devices.
  - 6. The method of claim 1 further comprising:
    - encrypting the private key of the particular device, with a public escrow key of a public/private key pair generated by the particular device based on user-entered data, to create a first secure object;
      
      encrypting the first secure object, with a public key of a set of secure servers, to create a second secure object; and
      
      storing the second secure object with the set of secure servers.
  - 7. The method of claim 6, wherein storing the second secure object with the set of secure servers comprises storing the second secure object with a proxy server for the set of secure servers.
  - 8. The method of claim 6, wherein the first secure object comprises (i) the encrypted private key of the particular device and (ii) a set of verification data generated from the private escrow key of the public/private key pair generated by the particular device based on the user-entered data.
  - 9. The method of claim 1, wherein the backup data synchronized between the related devices comprises at least one of passwords for a plurality of web domains, cryptographic keys, and account numbers.
  - 10. The method of claim 1, wherein the particular device receives the public keys of the other related devices from the other related devices in order to enable the data synchronization with the other related devices.
  - 11. The method of claim 1, wherein the encrypted backup data, the encrypted set of data encryption keys, and the plurality of encrypted copies of the master recovery key data are stored in a cloud storage associated with a particular user account.
  - 12. The method of claim 1, wherein the encrypted backup data, the encrypted set of data encryption keys, and the plurality of encrypted copies of the master recovery key data are stored on a drive external to the set of related devices.

13. A method for recovering a set of backup data for installation on a new device, wherein the backup data is stored for a set of related devices by one of the related devices, the method comprising:
- receiving input of user-entered data used to generate a public/private escrow key pair associated with a particular one of the related devices;
  
  transmitting data that proves possession of the private escrow key to a set of secure servers that store a plurality of secure escrow objects for the set of related devices, each of the secure escrow objects comprising a private recovery key of a different device encrypted with a public key of the secure servers and the public escrow key associated with the device;
  
  when the user-entered data is correct, receiving the private recovery key of the particular device from the set of secure servers; and
  
  using the received private recovery key to access one of a plurality of master recovery objects stored with the backup data, each of the master recovery objects comprising a master recovery key for accessing the backup data encrypted with a public recovery key of a different one of the related devices.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, wherein receiving the private recovery key comprises:
    - receiving a recovery object comprising the private recovery key encrypted with the public escrow key; and
      
      decrypting the recovery object with the private escrow key to recover the private recovery key.
  - 15. The method of claim 13, wherein the new device is one of the related devices after re-installation of an operating system of the device.
  - 16. The method of claim 13, wherein receiving input of the user-entered data comprises input of a device passcode for the new device, the method further comprising:
    - identifying the devices in the set of related devices; and
      
      automatically selecting one of the related devices most likely to have a same passcode as the device passcode input for the new device according to a set of heuristics,wherein the private escrow key is identified as the escrow key for decrypting a particular one of the secure escrow objects corresponding to the automatically selected device.
  - 17. The method of claim 13, wherein transmitting the data that proves possession of the private escrow key comprises:
    - setting up a secure channel with the set of secure servers; and
      
      transmitting the data to the set of secure servers via the secure channel,wherein the private recovery key is received from the set of secure servers via the secure channel, wherein the set of secure servers and the secure channel prevent a centralized entity that stores the backups from being able to acquire the private recovery key.
  - 18. The method of claim 13, wherein the set of secure servers comprises a set of hardware security modules that store the private keys of the secure servers and a set of proxy servers that store the secure escrow objects, wherein the set of hardware security modules performs the decryption of the secure escrow object.
  - 19. The method of claim 13, wherein:
    - when the user-entered data is incorrect, the set of secure servers decrements a number of available attempts to access the particular secure escrow object that the new device attempted to access; and
      
      when the number of available attempts reaches zero, the particular secure escrow object is made inaccessible.

20. An electronic device that is one of a set of related devices, the electronic device comprising:
- a set of processing units; and
  
  a machine readable medium storing a program which when executed by at least one of the processing units backs up data synchronized between the electronic device and the set of related devices, the program comprising sets of instructions for;
  
  storing the backup data encrypted with a set of data encryption keys;
  
  storing the set of data encryption keys encrypted with a master recovery key; and
  
  storing a plurality of copies of master recovery key data, each copy of the master recovery key data encrypted with a public key of a different one of the related devices, wherein the backup data is only recoverable by accessing a private key of any one of the related devices.
- View Dependent Claims (21, 22)
- - 21. The electronic device of claim 20, wherein the set of data encryption keys are encrypted with a public master recovery key of a public/private master recovery key pair.
  - 22. The electronic device of claim 20, wherein the master recovery key data comprises one of (i) a private master recovery key of the public/private master recovery key pair and (ii) random data from which the public/private master recovery key pair is generated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Ford, Michael D., Hauck, Jerrold V., Watson, Matthew G., Adler, Mitchell D., De Atley, Dallas B., Wilson, James

Granted Patent

US 9,904,629 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/1448   Management of the data invo...

G06F 12/1408   by using cryptography for d...

G06F 21/6218   to a system of files or obj...

G06F 2201/80   Database-specific techniques

G06F 2212/1052   Security improvement

H04L 9/006   involving public key infras...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/088   Usage controlling of secret...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/0897   involving additional device...

Backup System with Multiple Recovery Keys

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

94 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Backup System with Multiple Recovery Keys

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links