Method for preventing inadvertent betrayal by a trustee of escrowed digital secrets

US 5,436,972 A
Filed: 10/04/1993
Issued: 07/25/1995
Est. Priority Date: 10/04/1993
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method of operating a computer to permit a computer user'"'"'s secret digital information to be subsequently recovered by a trustee, comprising the steps of:

establishing digital identifying information that identifies a specified computer user;

combining the identifying information with the user'"'"'s secret information;

encrypting at least part of said combined digital information such that said combined digital information can be decrypted only by the trustee; and

storing the encrypted digital information for processing by a trustee.

View all claims

5 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

The invention employs a voluntary identification/definition phase performed, for example, shortly after a computer is purchased, and a secret information retrieval phase. In the definition phase, the true owner/customer defines an escrow record which provides self-identification data together with encrypted password data. The present invention prompts a user to voluntarily escrow password or other secret information for later retrieval by entering a series of information uniquely describing himself or herself. The identification indicia is combined with the secret information (such as the user'"'"'s encryption password) and is then encrypted under the control of the trustee'"'"'s public key. The combined information may be encrypted, for example, under a random symmetric key (such as DES) which is then encrypted under the trustee'"'"'s public key. After unique identification data has been entered, the user is asked to select a password to protect the system. Thereafter, all the personal identifying data, together with the password, is encrypted with the trustee'"'"'s public key and is stored, for example, in the user'"'"'s computer as an escrow security record. The password is then used to encrypt all data on the user'"'"'s disk. If at some point in time in the future, the user forgets the password, the retrieval phase of the applicant'"'"'s invention is performed. Under such circumstances, the user contacts the trustees, e.g., the vendor or manufacturer. The trustee utilizes documentary evidence presented by the alleged legitimate user and determines whether such evidence matches with the previously encrypted escrow information stored in the escrow record created by the user. If they agree, then the trustee has confidence that the true owner is making the request, and that revealing the secret key will not betray the owner'"'"'s interest.

Citations

36 Claims

1. A method of operating a computer to permit a computer user'"'"'s secret digital information to be subsequently recovered by a trustee, comprising the steps of:
- establishing digital identifying information that identifies a specified computer user;
  
  combining the identifying information with the user'"'"'s secret information;
  
  encrypting at least part of said combined digital information such that said combined digital information can be decrypted only by the trustee; and
  
  storing the encrypted digital information for processing by a trustee.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method in accordance to claim 1, wherein at least part of the identifying information is hashed.
  - 3. A method in accordance to claim 1, wherein at least part of the identifying information is stored in plaintext.
  - 4. A method in accordance to claim 1, wherein said step of establishing includes the step of prompting the computer user to provide a plurality of user identifying characteristic data.
  - 5. A method in accordance to claim 1, wherein said step of establishing includes the step of the user providing physical characteristic information.
  - 6. A method in accordance to claim 1, wherein said step of establishing includes the step of the user providing the user'"'"'s public key.
  - 7. A method in accordance to claim 1, further including the step of soliciting from the computer user instructions to be followed by the trustee if an attempt is made to recover said secret information.
  - 8. A method in accordance to claim 1, wherein said step of establishing includes the step of the user providing at least one question to be asked by the trustee to a person attempting to recover said secret information.
  - 9. A method in accordance to claim 1, wherein said step of encrypting includes the step of generating an encrypting key and encrypting at least said secret information with said encrypting key.
  - 10. A method in accordance to claim 9, wherein said step of encrypting includes the step of encrypting said encrypting key using the public key of the trustee.
  - 11. A method in accordance to claim 1, wherein said step of storing includes the step of storing said encrypted digital information on a memory media of the computer user.
  - 12. A method in accordance to claim 1, wherein said step of storing includes the step of storing, in plain text, information describing the trustee.

13. A method of operating a computer for permitting a trustee to safely reveal escrowed digital secret information contained in an escrow record to an applicant comprising the steps of:
- obtaining credentials identifying the applicant;
  
  obtaining the escrowed record;
  
  decrypting the escrowed record;
  
  comparing the applicant'"'"'s credentials with identifying information embodied in the escrowed information;
  
  revealing the secret information to the applicant if the credentials match with the escrowed identifying information.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. A method according to claim 13, wherein the identifying information is encrypted as part of the information available to the trustee.
  - 15. A method according to claim 13, wherein the hash of the identifying information is encrypted as part of the information available of the trustee.
  - 16. A method according to claim 13, wherein said escrow information is printed in digital form on paper.
  - 17. A method according to claim 13, wherein the identifying digital information includes at least one of the following:
    - name;
      
      address;
      
      telephone number;
      
      height;
      
      weight;
      
      birth date;
      
      complexion;
      
      race;
      
      eye color;
      
      birthplace;
      
      employer;
      
      title;
      
      place of business;
      
      employee identification;
      
      supervisor;
      
      identification number;
      
      digitized fingerprint;
      
      digitized photograph;
      
      digitized voice sample;
      
      digitized retina information;
      
      information relating to the user'"'"'s DNA;
      
      digitized handwriting sample;
      
      digitized key typing;
      
      stroke analysis;
      
      DNA pattern; and
      
      facts unlikely to be generally known except to the computer user.
  - 18. A method according to claim 13, wherein the step of decrypting includes the step of using the private key of the trustee to decrypt at least part of said escrow record.
  - 19. A method according to claim 13, wherein the step of decrypting includes the step of using the private key of the trustee to decrypt the escrow to access a random encrypting key that is used to encrypt other fields in the escrow record.
  - 20. A method according to claim 13, further including the step of computing the hash of a plurality of fields in the escrow record.
  - 21. A method according to claim 13, further including the step of requesting further credentials from the applicant if the credentials do not sufficiently match the escrow data.
  - 22. A method according to claim 21, wherein said step of requesting further credentials includes the step of posing questions to the applicant as specified in the escrow record.
  - 23. A method according to claim 13, further including the step of acquiring different portions of the secret information from a plurality of trustees.
  - 24. A method according to claim 13, wherein at least part of the identifying digital information is indicated by the hash of said information.

25. In a computer system having a processor and a memory device coupled to said processor, a digital data structure stored in said memory device for permitting a computer user'"'"'s secret digital information to be subsequently recovered by a trustee, said digital data structure comprising:
- means for storing identifying information identifying the computer user;
  
  means for storing secret digital information in an encrypted form; and
  
  means for storing an encrypted version of the encrypting key used to encrypt said secret digital information.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. A digital data structure in accordance with claim 25, further including means for storing information identifying said trustee.
  - 27. A digital data structure in accordance with claim 25, further including means for storing a hash of said identifying information and said secret digital information.
  - 28. A digital data structure in accordance with claim 25, wherein said means for storing identifying information includes means for storing at least one of the following:
    - name;
      
      address;
      
      telephone number;
      
      height;
      
      weight;
      
      birth date;
      
      complexion;
      
      race;
      
      eye color;
      
      birthplace;
      
      employer;
      
      title;
      
      place of business;
      
      employee identification;
      
      supervisor;
      
      identification number;
      
      digitized fingerprint;
      
      digitized photograph;
      
      digitized voice sample;
      
      digitized retina information;
      
      information relating to the user'"'"'s DNA;
      
      digitized handwriting sample;
      
      digitized key typing;
      
      stroke analysis;
      
      DNA pattern; and
      
      facts unlikely to be generally known except to the computer user.
  - 29. A digital data structure in accordance with claim 25, further including means for storing instructions to be followed by the trustee in the event an applicant seeks to gain access to said secret information.
  - 30. A digital data structure in accordance with claim 25, further including means for storing at least one question to be posed by the trustee to a person attempting to recover said secret information.

31. In a computer system having a processor and a memory device coupled to said processor, a digital data structure stored in said memory device for permitting a computer user'"'"'s secret digital information to be subsequently recovered by a trustee, said digital data structure comprising:
- means for storing identifying information identifying the computer user;
  
  means for storing secret digital information in an encrypted form; and
  
  further including means for storing a hash of said identifying information and said secret digital information.
- View Dependent Claims (32, 33, 34, 35, 36)
- - 32. A digital data structure in accordance with claim 31, further including means for storing information identifying said trustee.
  - 33. A digital data structure in accordance with claim 31, further including means for storing an encrypted version of the encrypting key used to encrypt said secret digital information.
  - 34. A digital data structure in accordance with claim 31, wherein said means for storing identifying information includes means for storing at least one of the following:
    - name;
      
      address;
      
      telephone number;
      
      height;
      
      weight;
      
      birth date;
      
      complexion;
      
      race;
      
      eye color;
      
      birthplace;
      
      employer;
      
      title;
      
      place of business;
      
      employee identification;
      
      supervisor;
      
      identification number;
      
      digitized fingerprint;
      
      digitized photograph;
      
      digitized voice sample;
      
      digitized retina information;
      
      information relating to the user'"'"'s DNA;
      
      digitized handwriting sample;
      
      digitized key typing;
      
      stroke analysis;
      
      DNA pattern; and
      
      facts unlikely to be generally known except to the computer user.
  - 35. A digital data structure in accordance with claim 31, further including means for storing instructions to be followed by the trustee in the event an applicant seeks to gain access to said secret information.
  - 36. A digital data structure in accordance with claim 31, further including means for storing art least one question to be posed by the trustee to a person attempting to recover said secret information.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Addison M. Fischer
Original Assignee
Addison M. Fischer
Inventors
Fischer, Addison M.
Primary Examiner(s)
Swann, Tod R.

Application Number

US08/130,126
Time in Patent Office

659 Days
Field of Search

380/4, 380/23, 380/24, 380/25, 380/30, 380/49, 235/382.5
US Class Current

380/286
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

G06F 2221/2131   Lost password, e.g. recover...

G06Q 20/3821   Electronic credentials

H04L 9/0894   Escrow, recovery or storing...

Method for preventing inadvertent betrayal by a trustee of escrowed digital secrets

First Claim

5 Assignments

Litigations

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method for preventing inadvertent betrayal by a trustee of escrowed digital secrets

First Claim

5 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links