Secure transmission system
First Claim
1. A method for recovering lost keys in a public key encryption system that includes a central key repository and a plurality of users, where a user'"'"'s public key is stored at the central key repository and user'"'"'s associated private key is stored locally on a user'"'"'s computer, the method comprising:
- designating a recovery question and an answer to the recovery question;
encrypting the user'"'"'s private key using a first hash of the answer as a session key in a symmetric key encryption process;
hashing the answer a predetermined number of times to generate a second hash of the answer;
storing the second hash and the recovery question at the central key repository without exposing the answer to the recovery question to the central key repository;
and when prompted by the user to recover a lost private key;
receiving the answer;
hashing the answer the predetermined number of times to generate a third hash and transmitting the third hash to the central key repository without transmitting the answer itself;
comparing the second and third hashes;
if the second and third hashes match, returning the encrypted private key to the user; and
decrypting the private key using the first hash and storing the private key.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for transferring a message securely from a sender to a recipient over a network and includes at each transfer: creating a message; retrieving the public key of the recipient from an external key server just prior to sending the message; signing the message using the private key of the sender; encrypting the signed message using a public key encryption algorithm and the public key of the recipient producing an encrypted signed message; generating an E-mail message addressed to the recipient; attaching the encrypted signed message as an attachment to the E-mail message; and, transmitting the E-mail message to the recipient.
101 Citations
8 Claims
-
1. A method for recovering lost keys in a public key encryption system that includes a central key repository and a plurality of users, where a user'"'"'s public key is stored at the central key repository and user'"'"'s associated private key is stored locally on a user'"'"'s computer, the method comprising:
-
designating a recovery question and an answer to the recovery question; encrypting the user'"'"'s private key using a first hash of the answer as a session key in a symmetric key encryption process; hashing the answer a predetermined number of times to generate a second hash of the answer; storing the second hash and the recovery question at the central key repository without exposing the answer to the recovery question to the central key repository; and when prompted by the user to recover a lost private key; receiving the answer; hashing the answer the predetermined number of times to generate a third hash and transmitting the third hash to the central key repository without transmitting the answer itself; comparing the second and third hashes; if the second and third hashes match, returning the encrypted private key to the user; and decrypting the private key using the first hash and storing the private key. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method comprising:
-
determining a recovery question having an answer to the recovery question; encrypting data using a first hash of the answer as a symmetric key, wherein the answer has been hashed a first predetermined number of times to generate the first hash of the answer; hashing the answer a second predetermined number of times to generate a second hash of the answer, wherein the first predetermined number of times differs from the second predetermined number of times; storing the encrypted data, the second hash and the recovery question at a central repository, wherein the central repository does not receive the answer to the recovery question; upon receiving a request for the data, providing the recovery question to a user and requesting the answer from the user; upon the user providing the answer, hashing the provided answer the second predetermined number of times to generate a third hash of the answer; transmitting the third hash to the central repository without transmitting the provided answer; comparing the second and third hashes; if the second and third hashes match, sending the encrypted data to the user; and decrypting the encrypted data using the symmetric key. - View Dependent Claims (7, 8)
-
Specification