System and method for data recovery
First Claim
1. A system for controlling access by an emergency decrypting system to a user secret, the system comprising:
- first means for retrieving at least part of a user secret;
second means for retrieving at least one access rule index, said at least one access rule index identifying an access rule, stored in a corresponding data recovery center that controls access by an emergency decrypting system to said at least part of said user secret, wherein an access rule includes an authentication test or a compound authorization rule; and
means for generating a data recovery field using said at least part of said user secret, said at least one access rule index and a data recovery center public key, wherein emergency decryption comprises decryption using a data recovery field.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for data escrow cryptography are described. An encrypting user encrypts a message using a secret storage key (KS) and attaches a data recovery field (DRF), including an access rule index (ARI) and KS, to the encrypted message. The DRF and the encrypted message are stored in a storage device. To recover KS, a decrypting user extracts and sends the DRF to a data recovery center (DRC) that issues a challenge based on access rules (ARs) originally defined by the encrypting user. If the decrypting user meets the challenge, the DRC sends KS in a message to the decrypting user. Generally, KS need not be an encryption key but could represent any piece of confidential information that can fit inside the DRF. In all cases, the DRC limits access to decrypting users who can meet the challenge defined in either the ARs defined by the encrypting user or the ARs defined for override access.
191 Citations
42 Claims
-
1. A system for controlling access by an emergency decrypting system to a user secret, the system comprising:
-
first means for retrieving at least part of a user secret; second means for retrieving at least one access rule index, said at least one access rule index identifying an access rule, stored in a corresponding data recovery center that controls access by an emergency decrypting system to said at least part of said user secret, wherein an access rule includes an authentication test or a compound authorization rule; and means for generating a data recovery field using said at least part of said user secret, said at least one access rule index and a data recovery center public key, wherein emergency decryption comprises decryption using a data recovery field. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for controlling access by an emergency decrypting system to a user secret, the method comprising the steps of:
-
(1) retrieving at least part of a user secret; (2) retrieving at least one access rule index, said at least one access rule index identifying an access rule, stored in a corresponding data recovery center that controls access by an emergency decrypting system to said at least part of said user secret, wherein an access rule includes an authentication test or a compound authorization rule; and (3) generating a data recovery field using said at least part of said user secret, said at least one access rule index and a data recovery center public key, wherein emergency decryption comprises decryption using a data recovery field. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A computer program product, comprising:
-
a computer usable medium having computer readable program code means embodied in said medium for implementing a method of controlling access by an emergency decrypting system to a user secret, said computer readable program code means comprising computer readable first program code means for enabling a computer to effect a retrieval of at least part of a user secret; computer readable second program code means for enabling a computer to effect a retrieval of at least one access rule index, said at least one access rule index identifying an access rule, stored in a corresponding data recovery center that controls access by an emergency decrypting system to said at least part of said user secret, wherein an access rule includes an authentication test or a compound authorization rule; and computer readable third program code means for enabling a computer to effect a generation of a data recovery field using said at least part of said user secret, said at least one access rule index and a data recovery center public key, wherein emergency decryption comprises decryption using a data recovery field. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
Specification