Backup System with Multiple Recovery Keys
First Claim
1. For a particular device in a set of related devices, a method for backing up data synchronized between the set of related devices, the method comprising:
- storing the backup data encrypted with a set of data encryption keys;
storing the set of data encryption keys encrypted with a master recovery key; and
storing a plurality of copies of master recovery key data, each copy of the master recovery key data encrypted with a public key of a different one of the related devices, wherein the backup data is only recoverable by accessing a private key of any one of the related devices.
1 Assignment
0 Petitions
Accused Products
Abstract
Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the set of related devices. The method stores the backup data encrypted with a set of data encryption keys. The method also stores the set of data encryption keys encrypted with a master recovery key. The method also stores several copies of master recovery key data, each copy of the master recovery key data encrypted with a public key of a different one of the related devices. The backup data is only recoverable by accessing a private key of any one of the related devices.
94 Citations
22 Claims
-
1. For a particular device in a set of related devices, a method for backing up data synchronized between the set of related devices, the method comprising:
-
storing the backup data encrypted with a set of data encryption keys; storing the set of data encryption keys encrypted with a master recovery key; and storing a plurality of copies of master recovery key data, each copy of the master recovery key data encrypted with a public key of a different one of the related devices, wherein the backup data is only recoverable by accessing a private key of any one of the related devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for recovering a set of backup data for installation on a new device, wherein the backup data is stored for a set of related devices by one of the related devices, the method comprising:
-
receiving input of user-entered data used to generate a public/private escrow key pair associated with a particular one of the related devices; transmitting data that proves possession of the private escrow key to a set of secure servers that store a plurality of secure escrow objects for the set of related devices, each of the secure escrow objects comprising a private recovery key of a different device encrypted with a public key of the secure servers and the public escrow key associated with the device; when the user-entered data is correct, receiving the private recovery key of the particular device from the set of secure servers; and using the received private recovery key to access one of a plurality of master recovery objects stored with the backup data, each of the master recovery objects comprising a master recovery key for accessing the backup data encrypted with a public recovery key of a different one of the related devices. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. An electronic device that is one of a set of related devices, the electronic device comprising:
-
a set of processing units; and a machine readable medium storing a program which when executed by at least one of the processing units backs up data synchronized between the electronic device and the set of related devices, the program comprising sets of instructions for; storing the backup data encrypted with a set of data encryption keys; storing the set of data encryption keys encrypted with a master recovery key; and storing a plurality of copies of master recovery key data, each copy of the master recovery key data encrypted with a public key of a different one of the related devices, wherein the backup data is only recoverable by accessing a private key of any one of the related devices. - View Dependent Claims (21, 22)
-
Specification