US2006182283A1PendingUtilityA1
Architecture for asymmetric crypto-key storage
Est. expiryFeb 14, 2025(expired)· nominal 20-yr term from priority
H04L 9/3228H04L 9/0825H04L 9/0894H04L 9/3271
47
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
Techniques for securing an asymmetric crypto-key having a public key and a split private key with multiple private portions are provided. A first one of multiple factors is stored. All of the factors are under the control of a user and all are required to generate a first private portion of the split private key. The first private portion not stored in a persistent state. A second private portion of the split private key under control of an entity other than the user is also stored. The first private portion and the second private portion are combinable to form a complete private portion.
Claims
exact text as granted — not AI-modified1 . A method for securing an asymmetric crypto-key having a public key and a split private key with multiple private portions, comprising:
storing a first one of multiple factors, all of which are under the control of a user, required to generate a first private portion of the split private key, the first private portion not stored in a persistent state; and storing a second private portion of the split private key under control of an entity other than the user; wherein the first private portion and the second private portion are combinable to form a complete private portion.
2 . The method of claim 1 , wherein the first factor is stored at a first location, and further comprising:
storing, at a second location different than the first location, a second one of the multiple factors.
3 . The method of claim 1 , wherein:
the first factor is stored on one of i) a computing device associated with the user, and ii) removable media configured to communicate with the user computing device.
4 . The method of claim 1 , wherein a second one of the multiple factors is not stored in a persistent state.
5 . The method of claim 4 , wherein the second factor is generated based upon a user password.
6 . The method of claim 1 , wherein generation of the first private portion based upon the multiple factors includes cryptographically combining the multiple factors.
7 . The method of claim 1 , wherein:
the asymmetric crypto-key is a first asymmetric crypto-key; and the first factor is a private key of a second asymmetric crypto-key different than the first asymmetric crypto-key.
8 . The method of 1 , further comprising:
generating the first private portion based upon the multiple factors, including the stored first factor; non-persistently storing the generated first private portion for a limited time period; and during the limited time period applying the stored first private portion to authenticate the user multiple times.
9 . The method of claim 1 , further comprising:
storing the public key under control of an entity other than the user.
10 . The method of claim 1 , wherein:
the multiple factors are a first set of multiple factors; and a third private portion of the split private key is based upon a second set of multiple factors.
11 . A system for securing an asymmetric crypto-key having a public key and a split private key with multiple private portions, comprising:
a first data repository configured to store one of multiple factors, all of which are under control of a user, required to generate a first private portion of the split private key, the first private portion not stored in a persistent state and a second data repository configured to store a second private portion of the split private key, the second portion under control of an entity other than the user; wherein the first private portion and the second private portion are combinable to form a complete private portion.
12 . The system of claim 11 , further comprising:
a third data repository configured to store a second one of the multiple factors, the third data repository different than the first data repository.
13 . The system of claim 11 , wherein:
the first data repository is one of i) a drive associated with a user computing device, and ii) removable media configured to communicate with the user's computing device.
14 . The system of claim 11 , wherein a second one of the multiple factors is not stored in a persistent state.
15 . The system of claim 14 , further comprising:
a processor, in communication with the first data repository, configured to generate the second factor based upon a user password.
16 . The system of claim 11 , further comprising:
a processor, in communication with the first data repository, configured cryptographically combine the multiple factors to generate the first private portion.
17 . The system of claim 11 , wherein:
the asymmetric crypto-key is a first asymmetric crypto-key; and the first factor is a private key of a second asymmetric crypto-key different than the first asymmetric crypto-key.
18 . The system of claim 11 , wherein:
a generated first private portion is non-persistently stored for a limited time period after generation; and during the limited time the stored first private portion is applied to authenticate the user multiple times.
19 . The system of claim 11 , further comprising:
a third data repository under control of an entity other than the user and configured to store the public key.
20 . The system of claim 11 , wherein:
the multiple factors are a first set of multiple factors; and a third private portion of the split private key is based upon a second set of multiple factors.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.