Backup system with multiple recovery keys
First Claim
1. For a particular device in a set of related devices, each device in the set of related devices having a public key and a private key, a method for backing up data items synchronized between the set of related devices, the method comprising:
- storing the backup data items encrypted with a set of data encryption keys;
storing the set of data encryption keys encrypted with a master recovery key; and
storing a copy of master recovery key data for each device in the set of related devices, each copy of the master recovery key data encrypted using a respective public key of a respective related device, wherein after a loss of access to the synchronized data by one of the related devices, said related device restores the backup data items by (i) decrypting a respective copy of the master recovery key data using the private key of said related device and (ii) decrypting the encrypted backup data item using the decrypted master recovery key data.
1 Assignment
0 Petitions
Accused Products
Abstract
Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the set of related devices. The method stores the backup data encrypted with a set of data encryption keys. The method also stores the set of data encryption keys encrypted with a master recovery key. The method also stores several copies of master recovery key data, each copy of the master recovery key data encrypted with a public key of a different one of the related devices. The backup data is only recoverable by accessing a private key of any one of the related devices.
-
Citations
22 Claims
-
1. For a particular device in a set of related devices, each device in the set of related devices having a public key and a private key, a method for backing up data items synchronized between the set of related devices, the method comprising:
-
storing the backup data items encrypted with a set of data encryption keys; storing the set of data encryption keys encrypted with a master recovery key; and storing a copy of master recovery key data for each device in the set of related devices, each copy of the master recovery key data encrypted using a respective public key of a respective related device, wherein after a loss of access to the synchronized data by one of the related devices, said related device restores the backup data items by (i) decrypting a respective copy of the master recovery key data using the private key of said related device and (ii) decrypting the encrypted backup data item using the decrypted master recovery key data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An electronic device that is one of a set of related devices, each device in the set of related devices having a public key and a private key, the electronic device comprising:
-
a set of processing units; and a non-transitory machine readable medium storing a program which when executed by at least one of the processing units backs up data synchronized between the electronic device and the set of related devices, the program comprising sets of instructions for; storing the backup data items encrypted with a set of data encryption keys; storing the set of data encryption keys encrypted with a master recovery key; and storing a copy of master recovery key data for each device in the set of related devices, each copy of the master recovery key data encrypted using a respective public key of a respective related device, wherein after a loss of access to the synchronized data by one of the related devices, said related device restores the backup data items by (i) decrypting a respective copy of the master recovery key data using the private key of said related device and (ii) decrypting the encrypted backup data item using the decrypted master recovery key data. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A non-transitory machine readable medium storing a program which when executed by at least one processing unit of a particular device in a set of related devices backs up data synchronized between the set of related devices, each device in the set of related devices having a public key and a private key, the program comprising sets of instructions for:
-
storing the backup data items encrypted with a set of data encryption keys; storing the set of data encryption keys encrypted with a master recovery key; and storing a copy of the master recovery key data for each device in the set of related devices, each copy of the master recovery key data encrypted using a respective public key of a respective related device, wherein after a loss of access to the synchronized data by one of the related devices, said related device restores the backup data items by (i) decrypting a respective copy of the master recovery key data using the private key of said related device and (ii) decrypting the encrypted backup data item using the decrypted master recovery key data. - View Dependent Claims (19, 20, 21, 22)
-
Specification