Method for preventing inadvertent betrayal by a trustee of escrowed digital secrets
DCFirst Claim
1. A method of operating a computer to permit a computer user'"'"'s secret digital information to be subsequently recovered by a trustee, comprising the steps of:
- establishing digital identifying information that identifies a specified computer user;
combining the identifying information with the user'"'"'s secret information;
encrypting at least part of said combined digital information such that said combined digital information can be decrypted only by the trustee; and
storing the encrypted digital information for processing by a trustee.
5 Assignments
Litigations
0 Petitions
Accused Products
Abstract
The invention employs a voluntary identification/definition phase performed, for example, shortly after a computer is purchased, and a secret information retrieval phase. In the definition phase, the true owner/customer defines an escrow record which provides self-identification data together with encrypted password data. The present invention prompts a user to voluntarily escrow password or other secret information for later retrieval by entering a series of information uniquely describing himself or herself. The identification indicia is combined with the secret information (such as the user'"'"'s encryption password) and is then encrypted under the control of the trustee'"'"'s public key. The combined information may be encrypted, for example, under a random symmetric key (such as DES) which is then encrypted under the trustee'"'"'s public key. After unique identification data has been entered, the user is asked to select a password to protect the system. Thereafter, all the personal identifying data, together with the password, is encrypted with the trustee'"'"'s public key and is stored, for example, in the user'"'"'s computer as an escrow security record. The password is then used to encrypt all data on the user'"'"'s disk. If at some point in time in the future, the user forgets the password, the retrieval phase of the applicant'"'"'s invention is performed. Under such circumstances, the user contacts the trustees, e.g., the vendor or manufacturer. The trustee utilizes documentary evidence presented by the alleged legitimate user and determines whether such evidence matches with the previously encrypted escrow information stored in the escrow record created by the user. If they agree, then the trustee has confidence that the true owner is making the request, and that revealing the secret key will not betray the owner'"'"'s interest.
-
Citations
36 Claims
-
1. A method of operating a computer to permit a computer user'"'"'s secret digital information to be subsequently recovered by a trustee, comprising the steps of:
-
establishing digital identifying information that identifies a specified computer user; combining the identifying information with the user'"'"'s secret information; encrypting at least part of said combined digital information such that said combined digital information can be decrypted only by the trustee; and storing the encrypted digital information for processing by a trustee. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of operating a computer for permitting a trustee to safely reveal escrowed digital secret information contained in an escrow record to an applicant comprising the steps of:
-
obtaining credentials identifying the applicant; obtaining the escrowed record; decrypting the escrowed record; comparing the applicant'"'"'s credentials with identifying information embodied in the escrowed information; revealing the secret information to the applicant if the credentials match with the escrowed identifying information. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. In a computer system having a processor and a memory device coupled to said processor, a digital data structure stored in said memory device for permitting a computer user'"'"'s secret digital information to be subsequently recovered by a trustee, said digital data structure comprising:
-
means for storing identifying information identifying the computer user; means for storing secret digital information in an encrypted form; and means for storing an encrypted version of the encrypting key used to encrypt said secret digital information. - View Dependent Claims (26, 27, 28, 29, 30)
-
-
31. In a computer system having a processor and a memory device coupled to said processor, a digital data structure stored in said memory device for permitting a computer user'"'"'s secret digital information to be subsequently recovered by a trustee, said digital data structure comprising:
-
means for storing identifying information identifying the computer user; means for storing secret digital information in an encrypted form; and further including means for storing a hash of said identifying information and said secret digital information. - View Dependent Claims (32, 33, 34, 35, 36)
-
Specification