Methods and systems for key recovery for a token
First Claim
1. A method of recovering keys, comprising:
- generating a key transport session key;
deriving, by a processor, a key encryption key based on a server master key and an identification associated with a token;
encrypting the key transport session key with the key encryption key as a first wrapped key transport session key;
retrieving an encrypted storage session key and an encrypted private key from an archive;
decrypting the encrypted storage session key with a server storage key as a storage session key;
decrypting the encrypted private key with the storage session key;
encrypting the decrypted private key with the key transport session key as a wrapped private key; and
forwarding the wrapped private key and the first wrapped key transport session key.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems and computer readable mediums are provided for recovering keys. A key transport session key is generated, and a key encryption key is derived based on a server master key and an identification associated with a token. The key transport session key is encrypted with the key encryption key as a first wrapped key transport session key. An encrypted storage session key and an encrypted private key are retrieved from an archive. The encrypted storage session key is decrypted with a server storage key as a storage session key. The encrypted private key is decrypted with the storage session key. The decrypted private key is encrypted with the key transport session key as a wrapped private key. The wrapped private key and the first wrapped key transport session key are forwarded.
-
Citations
18 Claims
-
1. A method of recovering keys, comprising:
-
generating a key transport session key; deriving, by a processor, a key encryption key based on a server master key and an identification associated with a token; encrypting the key transport session key with the key encryption key as a first wrapped key transport session key; retrieving an encrypted storage session key and an encrypted private key from an archive; decrypting the encrypted storage session key with a server storage key as a storage session key; decrypting the encrypted private key with the storage session key; encrypting the decrypted private key with the key transport session key as a wrapped private key; and forwarding the wrapped private key and the first wrapped key transport session key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for recovering keys, comprising:
-
a security client configured to manage a token when connected to the token; and a security server computer configured to interface with the security client, the security server computer being configured to generate a key transport session key and derive a key encryption key based on a server master key and an identification associated with the token, encrypt the key transport session key with the key encryption key as a first wrapped key transport session key, retrieve a storage session key and an encrypted private key from an archive, decrypt the encrypted private key with the storage session key, encrypt the private key with the key transport session key as a wrapped private key, and forward the wrapped private key and the wrapped session key to the security client. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification