Method for backing up and restoring an encryption key
First Claim
1. A method for backing up and restoring an encryption key, which is applicable to an encryption key for data encryption/decryption generated inside trusted chips, a trusted chip in which an encryption key to be backed up is present being set as a source trusted chip, and a trusted chip in which an encrypted encryption key to be restored is present being set as a destination trusted chip, the method comprising:
- creating a backup key for backing up the encryption key inside the source trusted chip;
encrypting the encryption key with the backup key;
exporting the encrypted encryption key from the source trusted chip;
storing the exported encrypted encryption key;
exporting the backup key from the source trusted chip;
setting up an access password of the backup key;
encrypting the backup key and the access password together;
transmitting the backup key and the access password encrypted together to a trusted third party;
storing the backup key and the access password encrypted together received by the trusted third party;
acquiring the backup key from the trusted third party based on the access password;
importing the backup key and the encrypted encryption key to the destination trusted chip when the encrypted encryption key needs to be restored inside the destination trusted chip; and
decrypting the encrypted encryption key with the backup key inside the destination trusted chip to obtain the encryption key of the source trusted chip;
wherein the step of encrypting said backup key and the access password together comprises the steps of;
acquiring a public key of the trusted third party by a terminal where the source trusted chip is located; and
encrypting together the backup key and the password with the public key and transmitting the backup key and the access password encrypted together to the trusted third party,wherein the step of storing the backup key and the access password encrypted together received by the trusted third party comprises;
acquiring directly the backup key and the access password encrypted together, andwherein the step of acquiring the backup key from the trusted third party based on the access password comprises the steps of;
transmitting the access password and an acquired public key of the destination trusted chip to the trusted third party;
decrypting the backup key and the access password encrypted together using a private key of the trusted third party to acquire the backup key and the access password;
confirming consistency the access password corresponding to the backup key;
encrypting the backup key with the public key of the destination trusted chip;
transmitting the encrypted backup key encrypted with the public key of the destination trusted chip to the destination trusted chip by the trusted third party; and
decrypting the encrypted backup key encrypted with the public key of the destination trusted chip with the private key of the destination trusted chip to acquire the backup key by the destination trusted chip.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention allows creation of a backup key for backing up an encryption key inside a source trusted chip, encrypting the encryption key with the backup key, exporting the encrypted encryption key from the source trusted chip and storing it in a storage device, encrypting the backup key for transmission to a trusted third party. If the encrypted encryption key needs to be restored inside a destination trusted chip, the backup key and the encryption key encrypted with the backup key are imported to the destination trusted chip, where the encrypted encryption key is decrypted with the backup key inside the destination trusted chip to obtain the encryption key of the source trusted chip.
30 Citations
11 Claims
-
1. A method for backing up and restoring an encryption key, which is applicable to an encryption key for data encryption/decryption generated inside trusted chips, a trusted chip in which an encryption key to be backed up is present being set as a source trusted chip, and a trusted chip in which an encrypted encryption key to be restored is present being set as a destination trusted chip, the method comprising:
-
creating a backup key for backing up the encryption key inside the source trusted chip; encrypting the encryption key with the backup key; exporting the encrypted encryption key from the source trusted chip; storing the exported encrypted encryption key; exporting the backup key from the source trusted chip; setting up an access password of the backup key; encrypting the backup key and the access password together; transmitting the backup key and the access password encrypted together to a trusted third party; storing the backup key and the access password encrypted together received by the trusted third party; acquiring the backup key from the trusted third party based on the access password; importing the backup key and the encrypted encryption key to the destination trusted chip when the encrypted encryption key needs to be restored inside the destination trusted chip; and decrypting the encrypted encryption key with the backup key inside the destination trusted chip to obtain the encryption key of the source trusted chip; wherein the step of encrypting said backup key and the access password together comprises the steps of; acquiring a public key of the trusted third party by a terminal where the source trusted chip is located; and encrypting together the backup key and the password with the public key and transmitting the backup key and the access password encrypted together to the trusted third party, wherein the step of storing the backup key and the access password encrypted together received by the trusted third party comprises; acquiring directly the backup key and the access password encrypted together, and wherein the step of acquiring the backup key from the trusted third party based on the access password comprises the steps of; transmitting the access password and an acquired public key of the destination trusted chip to the trusted third party; decrypting the backup key and the access password encrypted together using a private key of the trusted third party to acquire the backup key and the access password; confirming consistency the access password corresponding to the backup key; encrypting the backup key with the public key of the destination trusted chip; transmitting the encrypted backup key encrypted with the public key of the destination trusted chip to the destination trusted chip by the trusted third party; and decrypting the encrypted backup key encrypted with the public key of the destination trusted chip with the private key of the destination trusted chip to acquire the backup key by the destination trusted chip. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification