Methods and apparatus for recovering keys
First Claim
1. A system for decrypting a key recovery file comprising an encrypted first key, the system comprising:
- a first decryptor, having a first input operatively coupled to receive at least a portion of the key recovery file and a second input operatively coupled to receive a second key, the first decryptor for decrypting at least a portion of the portion of the key recovery file received responsive to the second key received to produce a first decrypted first key and for providing at an output the first decrypted first key;
a private information encoder having an input operatively coupled to receive a first set of private information, the private information encoder for encoding the first set of private information to produce encoded private information and for providing at an output the encoded private information; and
a second decryptor having a first input coupled to the first decryptor output for receiving the first decrypted first key and a second input coupled to the private information encoder output for receiving the encoded private information, the second decryptor for decrypting the first decrypted first key received at the second decryptor first input responsive to the encoded private information received at the second decryptor second input to produce the first key and for providing the first key at an output coupled to a system output.
2 Assignments
0 Petitions
Accused Products
Abstract
A key such as a private key or key password of a private key is encrypted for storage, and may be decrypted if the private key becomes lost or unavailable. The key is encrypted by encoding, for example, by hashing, private information such as mother'"'"'s maiden name and social security number, and the result is used as a key to encrypt the private key using DES or another symmetric encryption technique. The encrypted key is again encrypted, for example using asymmetric encryption, using the public key of a trusted party such as the certificate authority that generated the private key. The result may be stored as a key recovery file by the principal of the private key or another party. To decrypt the key recovery file, the private key corresponding to the public key used to encrypt the key recovery file is used to decrypt the key recovery file, for example by asymmetric decryption. The result is symmetrically decrypted using a key obtained by encoding, for example, by hashing, the private information in the same manner as was used to encrypt the key. The result of this decryption is the key.
119 Citations
34 Claims
-
1. A system for decrypting a key recovery file comprising an encrypted first key, the system comprising:
-
a first decryptor, having a first input operatively coupled to receive at least a portion of the key recovery file and a second input operatively coupled to receive a second key, the first decryptor for decrypting at least a portion of the portion of the key recovery file received responsive to the second key received to produce a first decrypted first key and for providing at an output the first decrypted first key; a private information encoder having an input operatively coupled to receive a first set of private information, the private information encoder for encoding the first set of private information to produce encoded private information and for providing at an output the encoded private information; and a second decryptor having a first input coupled to the first decryptor output for receiving the first decrypted first key and a second input coupled to the private information encoder output for receiving the encoded private information, the second decryptor for decrypting the first decrypted first key received at the second decryptor first input responsive to the encoded private information received at the second decryptor second input to produce the first key and for providing the first key at an output coupled to a system output. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of decrypting a key recovery file comprising an encrypted first key, the method comprising:
-
receiving at least a portion of the key recovery file; receiving a second key; using a first decryptor, decrypting the portion of the key recovery file received responsive to the second key received; receiving a first set of private information; encoding the first set of private information received; and using a second decryptor, and responsive to the first set of private information encoded, decrypting the portion of the key recovery file. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computer program product comprising a computer useable medium having computer readable program code embodied therein for decrypting a key recovery file comprising an encrypted first key, the computer program product comprising:
-
computer readable program code devices configured to cause a computer to receive at least a portion of the key recovery file; computer readable program code devices configured to cause a computer to receive a second key; computer readable program code devices configured to cause a computer using a first decryptor to decrypt the portion of the key recovery file received responsive to the second key received; computer readable program code devices configured to cause a computer to receive a first set of private information; computer readable program code devices configured to cause a computer to encode the first set of private information received; and computer readable program code devices configured to cause a computer using a second decryptor to, responsive to the first set of private information encoded, decrypt the portion of the key recovery file. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
Specification