Flexible method of security data backup

US 7,251,828 B1
Filed: 09/01/2000
Issued: 07/31/2007
Est. Priority Date: 09/01/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of restoring data of a key-server in communication with a communication network comprising:

providing the key-server for storing secure electronic keys, the key-server in communication with the communication network;

providing to at least a computer in communication with the communication network, a plurality of portable data storage devices each having stored thereon secure electronic key data relating to a single authorized user; and

,copying from each of the plurality of portable data storage devices for storage in the key-server, secure electronic key data relating to the single authorized user, wherein secure electronic key data specific to each of the plurality of authorized users of the communication network is stored on a separate portable data storage device assigned uniquely to respective authorized users, wherein the secure electronic key data of the key-server is partially stored within each portable data storage device and wherein all data within the plurality of portable data storage devices is sufficient to restore security data to the key-server in the event of a data loss thereto.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of supporting a substantially secure backup copy of a key-server database, said database comprising security information specific to a plurality of users, absent the need for a duplicate key-server is disclosed. According to the method, each individual'"'"'s security data is stored within the key-server database and is also stored on a portable data storage device, such as a smart card or a PCMCIA token. If the key-server crashes and the database stored thereon is lost, a duplicate key-server database is reconstructed using the aggregate of the partial database files stored on each individual'"'"'s portable data storage device. Similarly, when a portable data storage device is lost, it can be rebuilt from the data stored within the key-server.

Citations

46 Claims

1. A method of restoring data of a key-server in communication with a communication network comprising:
- providing the key-server for storing secure electronic keys, the key-server in communication with the communication network;
  
  providing to at least a computer in communication with the communication network, a plurality of portable data storage devices each having stored thereon secure electronic key data relating to a single authorized user; and
  
  ,copying from each of the plurality of portable data storage devices for storage in the key-server, secure electronic key data relating to the single authorized user, wherein secure electronic key data specific to each of the plurality of authorized users of the communication network is stored on a separate portable data storage device assigned uniquely to respective authorized users, wherein the secure electronic key data of the key-server is partially stored within each portable data storage device and wherein all data within the plurality of portable data storage devices is sufficient to restore security data to the key-server in the event of a data loss thereto.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A method of restoring data of a key-server in communication with a communication network as defined in claim 1 wherein the step of copying comprises:
    - forming a secure communication session between at least one of the plurality of portable data storage devices and the key-server;
      
      transferring the secure electronic key data via the secure communication session from the portable data storage device to the key-server; and
      
      ,storing the transferred secure electronic key data within memory means of the key-server.
  - 3. A method of restoring data of a key-server in communication with a communication network as defined in claim 2 wherein the plurality of portable data storage devices comprise all the secure electronic key data to be restored in the key-server.
  - 4. A method of restoring data of a key-server in communication with a communication network as defined in claim 3 wherein the plurality of portable data storage devices includes memory having stored therein secure electronic key data relating to each single authorized user of the communication network.
  - 5. A method of restoring data of a key-server in communication with a communication network as defined in claim 2 wherein the portable data storage device includes a processor for ciphering data using the secure electronic key data stored therein and comprising:
    - providing cryptographic functions within the portable data storage device using the secure electronic key data stored therein.
  - 6. A method of restoring data of a key-server in communication with a communication network as defined in claim 2 wherein the key-server includes a processor for ciphering data using the secure electronic key data stored therein and comprising:
    - providing cryptographic functions within the key-server using the secure electronic key data stored therein.
  - 7. A method of restoring data of a key-server in communication with a communication network as defined in claim 6 comprising:
    - determining at least an available user information entry device from a plurality of known user information entry devices;
      
      receiving unique user identification information via the at least an available user information entry device; and
      
      ,registering the received user identification information against security data for that user stored in the key-server;
      
      wherein, when the user identification information is indicative of an authorized user ciphering of data is performed with secure electronic key data associated with the authorized user.
  - 8. A method of restoring data of a key-server in communication with a communication network as defined in claim 3 wherein each of the plurality of portable data storage devices are provided at each of a plurality of computers in communication with the network.
  - 9. A method of restoring data of a key-server in communication with a communication network as defined in claim 8 wherein the portable data storage device is one of a token and a smart card.
  - 10. A method of restoring data of a key-server in communication with a communication network as defined in claim 2 wherein the portable data storage device is one of a token and a smart card.
  - 11. A method of restoring data of a key-server in communication with a communication network as defined in claim 2 wherein at least a portable data storage device provides dedicated cryptographic functions for the at least a computer in communication with the communication network using the security data stored internal to the at least a portable data storage device.
  - 12. A method of restoring data of a key-server in communication with a communication network as defined in claim 11 wherein the security data stored internal to the at least a portable data storage device are not accessible in a useable form from outside of the key-server and the at least a portable data storage device.
  - 13. A method of restoring data of a key-server in communication with a communication network as defined in claim 2 wherein the key-server provides dedicated cryptographic functions for the at least a computer in communication with the communication network using the security data stored internal to the key-server.

14. A method of backing up data of a key-server in communication with a communication network comprising:
- providing the key-server in communication with the communication network, the key-server having stored thereon the unique user identification information for a plurality of authorized users of the communication network and the secure electronic key data for use by the specific authorized user in accessing data within the network;
  
  providing to at least a computer in communication with the communication network, a portable data storage device;
  
  receiving user identification data indicative of an authorized user of the communication network; and
  
  ,copying from the key-server to the portable data storage device, secure electronic key data relating to the authorized user for use by the specific authorized user in accessing data within the network, wherein secure electronic key data specific to each of the plurality of authorized users of the communication network is stored on a separate portable data storage device assigned uniquely to respective authorized users, wherein the secure electronic key data of the key-server is partially stored within each portable data storage device and wherein all data within the plurality of portable data storage devices is sufficient to restore security data to the key-server in the event of a data loss thereto.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. A method of backing up data of a key-server in communication with a communication network as defined in claim 14 wherein copying comprises:
    - forming a secure communication session between the key-server and the portable data storage device;
      
      transferring the secure electronic key data relating to a specific authorized user via the secure communication session from the key-server to the portable data storage device assigned to that specific authorized user; and
      
      ,storing the transferred secure electronic key data relating to a specific authorized user within memory means of the portable data storage device.
  - 16. A method of backing up data of a key-server in communication with a communication network as defined in claim 15 wherein the portable data storage device includes a processor for ciphering data using the secure electronic key data stored therein and comprising:
    - providing cryptographic functions within the portable data storage device using the secure electronic key data stored therein.
  - 17. A method of backing up data of a key-server in communication with a communication network as defined in claim 15 wherein the key-server includes a processor for ciphering data using the secure electronic key data stored therein and comprising:
    - providing cryptographic functions within the key-server using the secure electronic key data stored therein.
  - 18. A method of backing up data of a key-server in communication with a communication network as defined in claim 17 comprising:
    - determining at least an available user information entry device from a plurality of known user information entry devices;
      
      receiving unique user identification information via the at least an available user information entry device; and
      
      ,registering the received user identification information against secure electronic key data for that user stored in the key-server,wherein, when the user identification information is indicative of an authorized user, ciphering of data is performed with secure electronic key data associated with the authorized user.
  - 19. A method of backing up data of a key-server in communication with a communication network as defined in claim 15 wherein each of the plurality of portable data storage devices are provided at each of a plurality of computers in communication with the network.
  - 20. A method of backing up data of a key-server in communication with a communication network as defined in claim 19 wherein the portable storage device comprises an interface.
  - 21. A method of backing up data of a key-server in communication with a communication network as defined in claim 15 wherein the portable storage device comprises an interface.
  - 22. A method of backing up data of a key-server in communication with a communication network as defined in claim 15 wherein the portable data storage device provides dedicated cryptographic functions for the at least a computer in communication with the communication network using secure electronic key data stored internal to the portable data storage device.
  - 23. A method of backing up data of a key-server in communication with a communication network as defined in claim 22 wherein the secure electronic key data stored internal to the portable data storage device are not accessible from outside of the key-server and the portable data storage device.
  - 24. A method of backing up data of a key-server in communication with a communication network as defined in claim 15 wherein the key-server provides dedicated cryptographic functions for the at least a computer in communication with the communication network using secure electronic key data stored internal to the key-server.
  - 25. A method of backing up data of a key-server in communication with a communication network as defined in claim 24 wherein the secure electronic key data stored internal to the key-server are not accessible in a useable form outside of the key-server and the portable data storage device.

26. A system for storing secure electronic keys, comprising:
- a key-server for storing the secure electronic keys, the key-server in communication with a communication network;
  
  a computer in communication with the communication network, the computer having a data reading device for reading data from a portable data storage device; and
  
  a plurality of portable data storage devices each having stored thereon secure electronic key data relating to a single authorized user,whereby the secure electronic key data relating to the single authorized user is copied from each of the plurality of portable data storage devices for storage in the key-server for restoring or backing up the key data stored in the key-server, wherein secure electronic key data specific to each of a plurality of authorized users of the communication network is stored on a separate portable data storage device assigned uniquely to one of the plurality of authorized users, wherein the secure electronic key data of the key-server is partially stored within each portable data storage device and wherein all data within the plurality of portable data storage devices is sufficient to restore security data to the key-server in the event of a data loss thereto.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 27. A system as defined in claim 26 wherein the key-server has memory means and the key-server and computer form a secure communication session between the key-server and at least one of the plurality of portable data storage devices read by the data reading device and transfer the secure electronic key data via the secure communication session from the portable data storage device to the key-server for storage of the transferred secure electronic key data within the memory means of the key-server.
  - 28. A system as defined in claim 27 wherein the plurality of portable data storage devices includes memory having stored therein all the secure electronic key data to be restored or backed up in the key-server.
  - 29. A system as defined in claim 27 wherein the plurality of portable data storage devices include memory having stored therein secure electronic key data relating to a single authorized user of the communication network.
  - 30. A system as defined in claim 27 wherein at least one portable data storage device includes a processor for ciphering data using the secure electronic key data stored therein by providing cryptographic functions within the portable data storage device using the secure electronic key data stored therein.
  - 31. A system as defined in claim 27 wherein the key-server includes a processor for ciphering data using the secure electronic key data stored therein by providing cryptographic functions within the key-server using the secure electronic key data stored therein.
  - 32. A system as defined in claim 31 wherein the processor is programmed to determine at least an available user information entry device from a plurality of known user information entry devices, to receive unique user identification information via the at least an available user information entry device, and to register the received user identification information against security data for that user stored in the key-server, wherein when the user identification information is indicative of an authorized user the processor ciphers data with secure electronic key data associated with the authorized user.
  - 33. A system as defined in claim 26 wherein the portable data storage device is one of a token and a smart card.
  - 34. A system as defined in claim 27 wherein at least one portable data storage device includes a processor that provides dedicated cryptographic functions for the computer in communication with the communication network using the security data stored internal to the at least one portable data storage device.
  - 35. A system as defined in claim 34 wherein the security data stored internal to the at least one portable data storage device are not accessible in a useable form from outside of the key-server and the at least a portable data storage device.
  - 36. A system as defined in claim 27 wherein the key-server provides dedicated cryptographic functions for the computer in communication with the communication network using the security data stored internal to the key-server.

37. A system for storing secure electronic keys, comprising:
- a key-server in communication with a communication network, the key-server having stored therein the unique user identification information for a plurality of authorized users of the communication network and the secure electronic key data for use by the specific authorized user in accessing data within the network;
  
  a computer in communication with the communication network, the computer having a device for reading/writing data from/to a portable data storage device and a device that receives user identification data indicative of an authorized user of the communication network; and
  
  a plurality of portable data storage devices each having stored thereon secure electronic key data relating to a single authorized user, wherein at least one portable data storage device receives from the key-server secure electronic key data relating to the authorized user for use by the specific authorized user in accessing data within the network, wherein secure electronic key data specific to each of a plurality of authorized users of the communication network is stored on a separate portable data storage device assigned uniquely to one of the plurality of authorized users, wherein the secure electronic key data of the key-server is partially stored within each portable data storage device and wherein all data within the plurality of portable data storage devices is sufficient to restore security data to the key-server in the event of a data loss thereto.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 38. A system as defined in claim 37 wherein the at least one portable data storage device has memory means and is assigned to the specific authorized user and the key-server and computer form a secure communication session between the key-server and the at least one portable data storage device read by the data reading/writing device and transfer the secure electronic key data relating to the specific authorized user via the secure communication session from the key-server to the at least one portable data storage device for storage of the transferred secure electronic key data within the memory means of the at least one portable data storage device.
  - 39. A system as defined in claim 37 wherein the portable data storage device includes a processor for ciphering data using the secure electronic key data stored therein by providing cryptographic functions within the portable data storage device using the secure electronic key data stored therein.
  - 40. A system as defined in claim 37 wherein the key-server includes a processor for ciphering data using the secure electronic key data stored therein by providing cryptographic functions within the key-server using the secure electronic key data stored therein.
  - 41. A system as defined in claim 40 wherein the processor is programmed to determine at least an available user information entry device from a plurality of known user information entry devices, to receive unique user identification information via the at least an available user information entry device, and to register the received user identification information against security data for that user stored in the key-server, wherein when the user identification information is indicative of an authorized user the processor ciphers data with secure electronic key data associated with the authorized user.
  - 42. A system as defined in claim 37 wherein at least one portable storage device comprises an interface.
  - 43. A system as defined in claim 38 wherein the at least one portable data storage device provides dedicated cryptographic functions for the computer in communication with the communication network using secure electronic key data stored internal to the at least one portable data storage device.
  - 44. A system as defined in claim 43 wherein the secure electronic key data stored internal to the at least one portable data storage device are not accessible from outside of the key-server and the at least one portable data storage device.
  - 45. A system as defined in claim 38 wherein the key-server provides dedicated cryptographic functions for the computer in communication with the communication network using secure electronic key data stored internal to the key-server.
  - 46. A system as defined in claim 45 wherein the secure electronic key data stored internal to the key-server are not accessible in a useable form outside of the key-server and the at least one portable data storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Activcard Ireland, Limited (Assa Abloy AB)
Original Assignee
Activcard Ireland, Limited (Assa Abloy AB)
Inventors
Hillhouse, Robert D., Hamid, Laurence
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
Abrishamkar; Kaveh

Application Number

US09/653,804
Time in Patent Office

2,524 Days
Field of Search

713/201, 713/200, 713/202, 713/185, 713/172, 726/9, 729/9
US Class Current

726/9
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 9/0897   involving additional device...

H04L 9/3231   Biological data, e.g. finge...

Flexible method of security data backup

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Flexible method of security data backup

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links