Method for backing up and restoring an encryption key

US 8,055,911 B2
Filed: 12/07/2005
Issued: 11/08/2011
Est. Priority Date: 03/15/2005
Status: Active Grant

First Claim

Patent Images

1. A method for backing up and restoring an encryption key, which is applicable to an encryption key for data encryption/decryption generated inside trusted chips, a trusted chip in which an encryption key to be backed up is present being set as a source trusted chip, and a trusted chip in which an encrypted encryption key to be restored is present being set as a destination trusted chip, the method comprising:

creating a backup key for backing up the encryption key inside the source trusted chip;

encrypting the encryption key with the backup key;

exporting the encrypted encryption key from the source trusted chip;

storing the exported encrypted encryption key;

exporting the backup key from the source trusted chip;

setting up an access password of the backup key;

encrypting the backup key and the access password together;

transmitting the backup key and the access password encrypted together to a trusted third party;

storing the backup key and the access password encrypted together received by the trusted third party;

acquiring the backup key from the trusted third party based on the access password;

importing the backup key and the encrypted encryption key to the destination trusted chip when the encrypted encryption key needs to be restored inside the destination trusted chip; and

decrypting the encrypted encryption key with the backup key inside the destination trusted chip to obtain the encryption key of the source trusted chip;

wherein the step of encrypting said backup key and the access password together comprises the steps of;

acquiring a public key of the trusted third party by a terminal where the source trusted chip is located; and

encrypting together the backup key and the password with the public key and transmitting the backup key and the access password encrypted together to the trusted third party,wherein the step of storing the backup key and the access password encrypted together received by the trusted third party comprises;

acquiring directly the backup key and the access password encrypted together, andwherein the step of acquiring the backup key from the trusted third party based on the access password comprises the steps of;

transmitting the access password and an acquired public key of the destination trusted chip to the trusted third party;

decrypting the backup key and the access password encrypted together using a private key of the trusted third party to acquire the backup key and the access password;

confirming consistency the access password corresponding to the backup key;

encrypting the backup key with the public key of the destination trusted chip;

transmitting the encrypted backup key encrypted with the public key of the destination trusted chip to the destination trusted chip by the trusted third party; and

decrypting the encrypted backup key encrypted with the public key of the destination trusted chip with the private key of the destination trusted chip to acquire the backup key by the destination trusted chip.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention allows creation of a backup key for backing up an encryption key inside a source trusted chip, encrypting the encryption key with the backup key, exporting the encrypted encryption key from the source trusted chip and storing it in a storage device, encrypting the backup key for transmission to a trusted third party. If the encrypted encryption key needs to be restored inside a destination trusted chip, the backup key and the encryption key encrypted with the backup key are imported to the destination trusted chip, where the encrypted encryption key is decrypted with the backup key inside the destination trusted chip to obtain the encryption key of the source trusted chip.

30 Citations

View as Search Results

11 Claims

1. A method for backing up and restoring an encryption key, which is applicable to an encryption key for data encryption/decryption generated inside trusted chips, a trusted chip in which an encryption key to be backed up is present being set as a source trusted chip, and a trusted chip in which an encrypted encryption key to be restored is present being set as a destination trusted chip, the method comprising:
- creating a backup key for backing up the encryption key inside the source trusted chip;
  
  encrypting the encryption key with the backup key;
  
  exporting the encrypted encryption key from the source trusted chip;
  
  storing the exported encrypted encryption key;
  
  exporting the backup key from the source trusted chip;
  
  setting up an access password of the backup key;
  
  encrypting the backup key and the access password together;
  
  transmitting the backup key and the access password encrypted together to a trusted third party;
  
  storing the backup key and the access password encrypted together received by the trusted third party;
  
  acquiring the backup key from the trusted third party based on the access password;
  
  importing the backup key and the encrypted encryption key to the destination trusted chip when the encrypted encryption key needs to be restored inside the destination trusted chip; and
  
  decrypting the encrypted encryption key with the backup key inside the destination trusted chip to obtain the encryption key of the source trusted chip;
  
  wherein the step of encrypting said backup key and the access password together comprises the steps of;
  
  acquiring a public key of the trusted third party by a terminal where the source trusted chip is located; and
  
  encrypting together the backup key and the password with the public key and transmitting the backup key and the access password encrypted together to the trusted third party,wherein the step of storing the backup key and the access password encrypted together received by the trusted third party comprises;
  
  acquiring directly the backup key and the access password encrypted together, andwherein the step of acquiring the backup key from the trusted third party based on the access password comprises the steps of;
  
  transmitting the access password and an acquired public key of the destination trusted chip to the trusted third party;
  
  decrypting the backup key and the access password encrypted together using a private key of the trusted third party to acquire the backup key and the access password;
  
  confirming consistency the access password corresponding to the backup key;
  
  encrypting the backup key with the public key of the destination trusted chip;
  
  transmitting the encrypted backup key encrypted with the public key of the destination trusted chip to the destination trusted chip by the trusted third party; and
  
  decrypting the encrypted backup key encrypted with the public key of the destination trusted chip with the private key of the destination trusted chip to acquire the backup key by the destination trusted chip.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, wherein the encrypted encryption key exported from the source trusted chip is stored in a memory device.
  - 3. The method according to claim 2, wherein the memory device is selected from the group consisting of a floppy disk, a mobile hard disk and a terminal where the source trusted chip is located.
  - 4. The method according to claim 1, further comprising:
    - before the steps of encrypting the backup key and the access password together and then transmitting the backup key and the access password encrypted together to a trusted third party, performing identity authentication between a terminal where the source trusted chip is located and the trusted third party; and
      
      before the step of acquiring the backup key from the trusted third party based on the access password, performing identity authentication between a terminal where the destination trusted chip is located and the trusted third party.
  - 5. The method according to claim 4, wherein the step of performing identity authentication between the terminal where the source trusted chip is located and the trusted third party is selected from the group consisting of bilateral identity authentication and unilateral identity authentication, and wherein the step of performing identity authentication between the terminal where the destination trusted chip is located and the trusted third party is selected from the group consisting of bilateral identity authentication or unilateral identity authentication.
  - 6. The method according to claim 1, wherein the trusted third party comprises a device having a third party trusted chip, wherein the trusted third party fulfills both the decryption of the encrypted backup key with the private key of the trusted third party and the encryption of the backup key with the public key of the destination trusted chip inside the third party trusted chip.
  - 7. The method according to claim 1, wherein the backup key is selected from the group consisting of a pair of public and private keys and a symmetrical key and wherein the private key of the backup key is transmitted to the trusted third party if the backup key is a pair of public and private keys.
  - 8. The method according to claim 1, the method further:
    - returning reception-confirming information by the trusted third party to a terminal where the source trusted chip is located, the reception-confirming information includes the backup key, received time stamp and certificate information of the trusted third party and is RSA-signed.
  - 9. The method according to claim 1, the method further comprising:
    - returning reception-confirming information by a terminal where the destination trusted chip is located to the trusted third party, the reception-confirming information includes the backup key, received time stamp and certificate information of the terminal where the destination trusted chip is located and is RSA-signed.
  - 10. The method according to claim 1, wherein the backup key and the access password encrypted together are transmitted to the trusted third party in a manner selected from the group consisting of immediately and with a delay of preset time period.
  - 11. The method according to claim 1, wherein at least one of trusted chip is a security chip TPM.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo (Beijing) Limited (Lenovo Group Ltd.)
Original Assignee
Lenovo (Beijing) Limited (Lenovo Group Ltd.)
Inventors
Feng, Rongfeng, Wu, Qiuxin, Yin, Ping
Primary Examiner(s)
REZA, MOHAMMAD W

Application Number

US11/886,344
Publication Number

US 20080192940A1
Time in Patent Office

2,162 Days
Field of Search

380/286, 380/278, 380/281, 380/284, 380/288, 713/171, 713/182, 713/183, 713/187, 713/193, 709/216, 709/208
US Class Current

713/193
CPC Class Codes

H04L 9/0894 Escrow, recovery or storing...

Method for backing up and restoring an encryption key

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method for backing up and restoring an encryption key

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links