Method and system of securely escrowing private keys in a public key infrastructure
First Claim
Patent Images
1. A method for escrowing a private key in a public key infrastructure, comprising:
- creating a key pair including a private key and a public key;
creating a session key;
encrypting the private key using the session key;
creating a session key mask;
storing the encrypted private key and the session key mask;
creating a masked session key by exclusive-ORing the session key and the session key mask;
deleting the session key; and
sending the masked session key and a digital certificate to a secondary site.
11 Assignments
0 Petitions
Accused Products
Abstract
A method of restricting access to private keys in a public key infrastructure provides for storage of an encrypted private key at a primary site. A masked session key is stored at a secondary site, where the masked session key enables recovery of the private key. By using distributed storage architecture for recovery data, simplification can be achieved without sacrificing security.
-
Citations
26 Claims
-
1. A method for escrowing a private key in a public key infrastructure, comprising:
-
creating a key pair including a private key and a public key;
creating a session key;
encrypting the private key using the session key;
creating a session key mask;
storing the encrypted private key and the session key mask;
creating a masked session key by exclusive-ORing the session key and the session key mask;
deleting the session key; and
sending the masked session key and a digital certificate to a secondary site. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer readable medium including instructions adapted to be executed by a processor to perform a method for escrowing a private key in a public key infrastructure, the method comprising:
-
creating a key pair including a private key and a public key;
creating a session key;
encrypting the private key using the session key;
creating a session key mask;
storing the encrypted private key and the session key mask;
creating a masked session key by exclusive-ORing the session key and the session key mask;
deleting the session key; and
sending the masked session key and a digital certificate to a secondary site. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for escrowing a private key in a public key infrastructure, comprising:
-
a secondary site, coupled to the network, including a secondary database and a control center; and
a primary site, coupled to a network, including a primary database and a key management server, adapted to;
create a key pair including a private key and a public key, create a session key, encrypt the private key using the session key, create a session key mask, store the encrypted private key and the session key mask in the primary database, create a masked session key by exclusive-ORing the session key and the session key mask, delete the session key, and send the masked session key and a digital certificate to the secondary site for storage within the secondary database. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
Specification