Method for preventing inadvertent betrayal by a trustee of escrowed digital secrets

US 6,141,423 A
Filed: 06/05/1995
Issued: 10/31/2000
Est. Priority Date: 10/04/1993
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A computer having a legitimate user of the computer including a processor and a memory device coupled to said processor, a digital data structure corresponding to the legitimate user stored in said memory device including:

identifying information identifying the legitimate computer user, andsecret encrypted digital information other than said identifying information,wherein the digital data structure is used by a trustee to confirm the identify of the legitimate computer user and to recover the secret encrypted digital information; and

information identifying said trustee.

View all claims

5 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

The invention employs a voluntary identification/definition phase performed, for example, shortly after a computer is purchased, and a secret information retrieval phase. In the definition phase, the true owner/customer defines an escrow record which provides self-identification data together with encrypted password data. The present invention prompts a user to voluntarily escrow password or other secret information for later retrieval by entering a series of information uniquely describing himself or herself. The identification indicia is combined with the secret information (such as the user'"'"'s encryption password) and is then encrypted under the control of the trustee'"'"'s public key. The combined information may be encrypted, for example, under a random symmetric key (such as DES) which is then encrypted under the trustee'"'"'s public key. After unique identification data has been entered, the user is asked to select a password to protect the system. Thereafter, all the personal identifying data, together with the password, is encrypted with the trustee'"'"'s public key and is stored, for example, in the users computer as an escrow security record. The password is then used to encrypt all data on the users disk. If at some point in time in the future, the user forgets the password, the retrieval phase of the applicant'"'"'s invention is performed. Under such circumstances, the user contacts the trustees, e.g., the vendor or manufacturer. The trustee utilizes documentary evidence presented by the alleged legitimate user and determines whether such evidence matches with the previously encrypted escrow information stored in the escrow record created by the user. If they agree, then the trustee has confidence that the true owner is making the request, and that revealing the secret key will not betray the owner'"'"'s interest.

80 Citations

18 Claims

1. A computer having a legitimate user of the computer including a processor and a memory device coupled to said processor, a digital data structure corresponding to the legitimate user stored in said memory device including:
- identifying information identifying the legitimate computer user, andsecret encrypted digital information other than said identifying information,wherein the digital data structure is used by a trustee to confirm the identify of the legitimate computer user and to recover the secret encrypted digital information; and
  
  information identifying said trustee.
- View Dependent Claims (2, 15)
- - 2. A digital data structure in accordance with claim 1, wherein said identifying information includes at least one of the following:
    - name;
      
      address;
      
      telephone number;
      
      height;
      
      weight;
      
      birth data;
      
      complexion;
      
      race, eye color;
      
      birthplace;
      
      employer;
      
      title;
      
      place of business;
      
      employee identification;
      
      supervisor;
      
      digitized retina information;
      
      information relating to the user'"'"'s DNA;
      
      digitized handwriting sample;
      
      digitized key typing;
      
      stroke analysis; and
      
      DNA pattern.
  - 15. The digital data structure in accordance with claim 1, wherein the information identifying said trustee includes a public encryption key of said trustee.

3. A computer having a legitimate user of the computer including a processor and a memory device coupled to said processor, a digital data structure corresponding to the legitimate user stored in said memory device including:
- identifying information identifying the legitimate computer user,secret encrypted digital information other than said identifying information,wherein the digital data structure is used by a trustee to confirm the identify of the legitimate computer user and to recover the secret encrypted digital information; and
  
  instructions originated by the legitimate computer user to be followed by the trustee in the event an applicant seeks to gain access to said secret information.

4. A computer having a legitimate user of the computer including a processor and a memory device coupled to said processor, a digital data structure corresponding to the legitimate user stored in said memory device including:
- identifying information identifying the legitimate computer user,secret encrypted digital information other than said identifying information,wherein the digital data structure is used by a trustee to confirm the identify of the legitimate computer user and to recover the secret encrypted digital information; and
  
  at least one question authored by the legitimate computer user to be posed by the trustee to a person attempting to recover said secret information.

5. In a computer system having a processor and a memory device coupled to said processor associated with a legitimate user of the computer system, a method for permitting secret digital information of the legitimate computer user to be subsequently recovered by a trustee, comprising the steps of:
- storing identifying information identifying the legitimate computer user in an original digital data structure corresponding to the legitimate computer user;
  
  storing secret encrypted digital information other than said identifying information in said digital data structure;
  
  the trustee using said digital data structure to confirm the identity of the legitimate computer user, and after positive confirmation of identity, recovering the secret digital information; and
  
  storing information identifying said trustee.
- View Dependent Claims (8, 16)
- - 8. A method in accordance with claim 5, wherein said step of storing identifying information includes storing at least one of the following:
    - name;
      
      address;
      
      telephone number;
      
      height;
      
      weight;
      
      birth data;
      
      complexion;
      
      race, eye color;
      
      birthplace;
      
      employer;
      
      title;
      
      place of business;
      
      employee identification;
      
      supervisor;
      
      identification number;
      
      digitized fingerprint;
      
      digitized photograph;
      
      digitized voice sample;
      
      digitized retina information;
      
      information relating to the user'"'"'s DNA;
      
      digitized handwriting sample;
      
      digitized key typing;
      
      stroke analysis; and
      
      DNA pattern.
  - 16. The method in accordance with claim 5, wherein said information identifying said trustee includes a public encryption key associated with said trustee.

6. In a computer system having a processor and a memory device coupled to said processor associated with a legitimate user of the computer system, a method for permitting secret digital information of the legitimate computer user to be subsequently recovered by a trustee, comprising the steps of:
- storing identifying information identifying the legitimate computer user in an original digital data structure corresponding to the legitimate computer user;
  
  storing secret encrypted digital information other than said identifying information in said digital data structure;
  
  the trustee using said digital data structure to confirm the identity of the legitimate computer user, and after positive confirmation of identity, recovering the secret digital information; and
  
  storing an encrypted version of an encrypting key used to encrypt said secret digital information in said digital data structure.

7. In a computer system having a processor and a memory device coupled to said processor associated with a legitimate user of the computer system, a method for permitting secret digital information of the legitimate computer user to be subsequently recovered by a trustee, comprising the steps of:
- storing identifying information identifying the legitimate computer user in an original digital data structure corresponding to the legitimate computer user;
  
  storing secret encrypted digital information other than said identifying information in said digital data structure;
  
  the trustee using said digital data structure to confirm the identity of the legitimate computer user, and after positive confirmation of identity, recovering the secret digital information; and
  
  storing a hash of said identifying information and said secret digital information in said digital data structure.

9. In a computer system having a processor and a memory device coupled to said processor associated with a legitimate user of the computer system, a method for permitting secret digital information of the legitimate computer user to be subsequently recovered by a trustee, comprising the steps of:
- storing identifying information identifying the legitimate computer user in an original digital data structure corresponding to the legitimate computer user;
  
  storing secret encrypted digital information other than said identifying information in said digital data structure;
  
  the trustee using said digital data structure to confirm the identity of the legitimate computer user, and after positive confirmation of identity, recovering the secret digital information; and
  
  storing instructions originated by the legitimate computer user to be followed by the trustee in the event an applicant seeks to gain access to said secret information.

10. In a computer system having a processor and a memory device coupled to said processor associated with a legitimate user of the computer system, a method for permitting secret digital information of the legitimate computer user to be subsequently recovered by a trustee, comprising the steps of:
- storing identifying information identifying the legitimate computer user in an original digital data structure corresponding to the legitimate computer user;
  
  storing secret encrypted digital information other than said identifying information in said digital data structure;
  
  the trustee using said digital data structure to confirm the identity of the legitimate computer user, and after positive confirmation of identity, recovering the secret digital information; and
  
  storing at least one question authored by the legitimate computer user to be posed by the trustee to a person attempting to recover said secret information.

11. A computer having a legitimate user of the computer including a processor and a memory device coupled to said processor, a digital data structure corresponding to the legitimate user stored in said memory device including:
- identifying information identifying the legitimate computer user,secret encrypted digital information other than said identifying information,wherein the digital data structure is used by a trustee to confirm the identify of the legitimate computer user and to recover the secret encrypted digital information; and
  
  wherein the secret digital information is a password or an encryption key associated with the legitimate computer user and the identifying information includes at least one question authored by the legitimate computer user to be posed by the trustee to a person attempting to recover said password or encryption key.

12. A computer having a legitimate user of the computer including a processor and a memory device coupled to said processor, a digital data structure corresponding to the legitimate user stored in said memory device including:
- identifying information identifying the legitimate computer user,secret encrypted digital information other than said identifying information,wherein the digital data structure is used by a trustee to confirm the identify of the legitimate computer user and to recover the secret encrypted digital information; and
  
  an encrypted version of an encrypting key used to encrypt said secret digital information.

13. A computer having a legitimate user of the computer including a processor and a memory device coupled to said processor, a digital data structure corresponding to the legitimate user stored in said memory device including:
- identifying information identifying the legitimate computer user,secret encrypted digital information other than said identifying information,wherein the digital data structure is used by a trustee to confirm the identify of the legitimate computer user and to recover the secret encrypted digital information; and
  
  a hash of said identifying information and said secret digital information.

14. A computer having a legitimate user of the computer including a processor and a memory device coupled to said processor, a digital data structure corresponding to the legitimate user stored in said memory device including:
- identifying information identifying the legitimate computer user,secret encrypted digital information other than said identifying information,wherein the digital data structure is used by a trustee to confirm the identify of the legitimate computer user and to recover the secret encrypted digital information; and
  
  wherein the secret encrypted digital information is split among plural trustees.

17. In a computer system having a processor and a memory device coupled to said processor associated with a legitimate user of the computer system, a method for permitting secret digital information of the legitimate computer user to be subsequently recovered by a trustee, comprising the steps of:
- storing identifying information identifying the legitimate computer user in an original digital data structure corresponding to the legitimate computer user;
  
  storing secret encrypted digital information other than said identifying information in said digital data structure;
  
  the trustee using said digital data structure to confirm the identity of the legitimate computer user, and after positive confirmation of identity, recovering the secret digital information;
  
  obtaining credentials identifying an applicant requesting said secret encrypted digital information and a digital data structure supplied by the applicant;
  
  retrieving the digital data structure; and
  
  comparing the obtained credentials of the applicant and information from the supplied data structure with information from the original digital data structure.
- View Dependent Claims (18)
- - 18. The method in accordance with claim 17, wherein the identifying information is encrypted, said method further comprising the step of decrypting encrypted information in the digital data structures before said comparing step.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Addison M. Fischer
Original Assignee
Addison M. Fischer
Inventors
Fischer, Addison M.
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/464,069
Time in Patent Office

1,975 Days
Field of Search

380/4, 380/23, 380/25, 380/286, 380/277, 380/279, 713/155, 713/182, 713/183, 713/185, 713/186
US Class Current

380/286
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

G06F 2221/2131   Lost password, e.g. recover...

G06Q 20/3821   Electronic credentials

H04L 9/0894   Escrow, recovery or storing...

Method for preventing inadvertent betrayal by a trustee of escrowed digital secrets

First Claim

5 Assignments

Litigations

0 Petitions

Accused Products

Abstract

80 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method for preventing inadvertent betrayal by a trustee of escrowed digital secrets

First Claim

5 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links