Method for preventing inadvertent betrayal by a trustee of escrowed digital secrets
DCFirst Claim
1. A computer having a legitimate user of the computer including a processor and a memory device coupled to said processor, a digital data structure corresponding to the legitimate user stored in said memory device including:
- identifying information identifying the legitimate computer user, andsecret encrypted digital information other than said identifying information,wherein the digital data structure is used by a trustee to confirm the identify of the legitimate computer user and to recover the secret encrypted digital information; and
information identifying said trustee.
5 Assignments
Litigations
0 Petitions
Accused Products
Abstract
The invention employs a voluntary identification/definition phase performed, for example, shortly after a computer is purchased, and a secret information retrieval phase. In the definition phase, the true owner/customer defines an escrow record which provides self-identification data together with encrypted password data. The present invention prompts a user to voluntarily escrow password or other secret information for later retrieval by entering a series of information uniquely describing himself or herself. The identification indicia is combined with the secret information (such as the user'"'"'s encryption password) and is then encrypted under the control of the trustee'"'"'s public key. The combined information may be encrypted, for example, under a random symmetric key (such as DES) which is then encrypted under the trustee'"'"'s public key. After unique identification data has been entered, the user is asked to select a password to protect the system. Thereafter, all the personal identifying data, together with the password, is encrypted with the trustee'"'"'s public key and is stored, for example, in the users computer as an escrow security record. The password is then used to encrypt all data on the users disk. If at some point in time in the future, the user forgets the password, the retrieval phase of the applicant'"'"'s invention is performed. Under such circumstances, the user contacts the trustees, e.g., the vendor or manufacturer. The trustee utilizes documentary evidence presented by the alleged legitimate user and determines whether such evidence matches with the previously encrypted escrow information stored in the escrow record created by the user. If they agree, then the trustee has confidence that the true owner is making the request, and that revealing the secret key will not betray the owner'"'"'s interest.
80 Citations
18 Claims
-
1. A computer having a legitimate user of the computer including a processor and a memory device coupled to said processor, a digital data structure corresponding to the legitimate user stored in said memory device including:
-
identifying information identifying the legitimate computer user, and secret encrypted digital information other than said identifying information, wherein the digital data structure is used by a trustee to confirm the identify of the legitimate computer user and to recover the secret encrypted digital information; and information identifying said trustee. - View Dependent Claims (2, 15)
-
-
3. A computer having a legitimate user of the computer including a processor and a memory device coupled to said processor, a digital data structure corresponding to the legitimate user stored in said memory device including:
-
identifying information identifying the legitimate computer user, secret encrypted digital information other than said identifying information, wherein the digital data structure is used by a trustee to confirm the identify of the legitimate computer user and to recover the secret encrypted digital information; and instructions originated by the legitimate computer user to be followed by the trustee in the event an applicant seeks to gain access to said secret information.
-
-
4. A computer having a legitimate user of the computer including a processor and a memory device coupled to said processor, a digital data structure corresponding to the legitimate user stored in said memory device including:
-
identifying information identifying the legitimate computer user, secret encrypted digital information other than said identifying information, wherein the digital data structure is used by a trustee to confirm the identify of the legitimate computer user and to recover the secret encrypted digital information; and at least one question authored by the legitimate computer user to be posed by the trustee to a person attempting to recover said secret information.
-
-
5. In a computer system having a processor and a memory device coupled to said processor associated with a legitimate user of the computer system, a method for permitting secret digital information of the legitimate computer user to be subsequently recovered by a trustee, comprising the steps of:
-
storing identifying information identifying the legitimate computer user in an original digital data structure corresponding to the legitimate computer user; storing secret encrypted digital information other than said identifying information in said digital data structure; the trustee using said digital data structure to confirm the identity of the legitimate computer user, and after positive confirmation of identity, recovering the secret digital information; and storing information identifying said trustee. - View Dependent Claims (8, 16)
-
-
6. In a computer system having a processor and a memory device coupled to said processor associated with a legitimate user of the computer system, a method for permitting secret digital information of the legitimate computer user to be subsequently recovered by a trustee, comprising the steps of:
-
storing identifying information identifying the legitimate computer user in an original digital data structure corresponding to the legitimate computer user; storing secret encrypted digital information other than said identifying information in said digital data structure; the trustee using said digital data structure to confirm the identity of the legitimate computer user, and after positive confirmation of identity, recovering the secret digital information; and storing an encrypted version of an encrypting key used to encrypt said secret digital information in said digital data structure.
-
-
7. In a computer system having a processor and a memory device coupled to said processor associated with a legitimate user of the computer system, a method for permitting secret digital information of the legitimate computer user to be subsequently recovered by a trustee, comprising the steps of:
-
storing identifying information identifying the legitimate computer user in an original digital data structure corresponding to the legitimate computer user; storing secret encrypted digital information other than said identifying information in said digital data structure; the trustee using said digital data structure to confirm the identity of the legitimate computer user, and after positive confirmation of identity, recovering the secret digital information; and storing a hash of said identifying information and said secret digital information in said digital data structure.
-
-
9. In a computer system having a processor and a memory device coupled to said processor associated with a legitimate user of the computer system, a method for permitting secret digital information of the legitimate computer user to be subsequently recovered by a trustee, comprising the steps of:
-
storing identifying information identifying the legitimate computer user in an original digital data structure corresponding to the legitimate computer user; storing secret encrypted digital information other than said identifying information in said digital data structure; the trustee using said digital data structure to confirm the identity of the legitimate computer user, and after positive confirmation of identity, recovering the secret digital information; and storing instructions originated by the legitimate computer user to be followed by the trustee in the event an applicant seeks to gain access to said secret information.
-
-
10. In a computer system having a processor and a memory device coupled to said processor associated with a legitimate user of the computer system, a method for permitting secret digital information of the legitimate computer user to be subsequently recovered by a trustee, comprising the steps of:
-
storing identifying information identifying the legitimate computer user in an original digital data structure corresponding to the legitimate computer user; storing secret encrypted digital information other than said identifying information in said digital data structure; the trustee using said digital data structure to confirm the identity of the legitimate computer user, and after positive confirmation of identity, recovering the secret digital information; and storing at least one question authored by the legitimate computer user to be posed by the trustee to a person attempting to recover said secret information.
-
-
11. A computer having a legitimate user of the computer including a processor and a memory device coupled to said processor, a digital data structure corresponding to the legitimate user stored in said memory device including:
-
identifying information identifying the legitimate computer user, secret encrypted digital information other than said identifying information, wherein the digital data structure is used by a trustee to confirm the identify of the legitimate computer user and to recover the secret encrypted digital information; and wherein the secret digital information is a password or an encryption key associated with the legitimate computer user and the identifying information includes at least one question authored by the legitimate computer user to be posed by the trustee to a person attempting to recover said password or encryption key.
-
-
12. A computer having a legitimate user of the computer including a processor and a memory device coupled to said processor, a digital data structure corresponding to the legitimate user stored in said memory device including:
-
identifying information identifying the legitimate computer user, secret encrypted digital information other than said identifying information, wherein the digital data structure is used by a trustee to confirm the identify of the legitimate computer user and to recover the secret encrypted digital information; and an encrypted version of an encrypting key used to encrypt said secret digital information.
-
-
13. A computer having a legitimate user of the computer including a processor and a memory device coupled to said processor, a digital data structure corresponding to the legitimate user stored in said memory device including:
-
identifying information identifying the legitimate computer user, secret encrypted digital information other than said identifying information, wherein the digital data structure is used by a trustee to confirm the identify of the legitimate computer user and to recover the secret encrypted digital information; and a hash of said identifying information and said secret digital information.
-
-
14. A computer having a legitimate user of the computer including a processor and a memory device coupled to said processor, a digital data structure corresponding to the legitimate user stored in said memory device including:
-
identifying information identifying the legitimate computer user, secret encrypted digital information other than said identifying information, wherein the digital data structure is used by a trustee to confirm the identify of the legitimate computer user and to recover the secret encrypted digital information; and wherein the secret encrypted digital information is split among plural trustees.
-
-
17. In a computer system having a processor and a memory device coupled to said processor associated with a legitimate user of the computer system, a method for permitting secret digital information of the legitimate computer user to be subsequently recovered by a trustee, comprising the steps of:
-
storing identifying information identifying the legitimate computer user in an original digital data structure corresponding to the legitimate computer user; storing secret encrypted digital information other than said identifying information in said digital data structure; the trustee using said digital data structure to confirm the identity of the legitimate computer user, and after positive confirmation of identity, recovering the secret digital information; obtaining credentials identifying an applicant requesting said secret encrypted digital information and a digital data structure supplied by the applicant; retrieving the digital data structure; and comparing the obtained credentials of the applicant and information from the supplied data structure with information from the original digital data structure. - View Dependent Claims (18)
-
Specification