Master key escrow process
Abstract
Methods, computer readable media, and devices for escrow of master keys and recovery of previously escrowed master keys may be disclosed. A method for escrow of master keys may include registering a root certificate authority (CA) within each of two first-party hardware security modules (HSMs), initializing each of three third-party HSMs as master escrow recovery devices, performing a bootstrap operation on an authoritative blockchain to generate three master keys, generating a first set of master key shard ciphertexts using a first one of the three master escrow recovery devices, a second set using a second one of the three master escrow recovery devices, and a third set using a third one of the three master escrow recovery devices, and storing the first, the second, and the third set of master key shard ciphertexts as opaque objects in each of the two first-party HSMs.
Claims
exact text as granted — not AI-modified1 . A computer-implemented method for escrow of master keys, the method comprising:
initializing each of three third-party hardware security modules (HSMs) as master escrow recovery devices, wherein each third-party HSM corresponds to a different entity; generating three master keys; generating:
a first set of master key shard ciphertexts using a first one of the three master escrow recovery devices,
a second set of master key shard ciphertexts using a second one of the three master escrow recovery devices, and
a third set of master key shard ciphertexts using a third one of the three master escrow recovery devices;
storing the first set of master key shard ciphertexts, the second set of master key shard ciphertexts, and the third set of master key shard ciphertexts in each of two first-party HSMs, the two first-party HSMs corresponding to a first party different from each of the entities corresponding to the third-party HSMs; and initializing each of three additional third-party HSMs as redundant master escrow recovery devices, each redundant master escrow recovery device corresponding to one master escrow recovery device.
2 . The computer-implemented method of claim 1 , wherein initializing each of the three third-party HSMs as master escrow recovery devices comprises:
loading a certificate into each of the third-party HSM, the certificate comprising a public key signed by an intermediate CA corresponding to a root CA; and registering the certificate into each of the two first-party HSMs
3 . The computer-implemented method of claim 2 , further comprising, for each of the three third-party HSMs:
registering a serial number of the corresponding third-party HSM into each of the two first-party HSMs; generating a public private key pair of the corresponding third-party HSM, an attestation certificate of the public private key pair being verified by the first party without export capability; exporting the public key portion from the corresponding third-party HSM; and registering the exported public key portion into each of the two first-party HSMs.
4 . The computer-implemented method of claim 1 , wherein generating a first set of master key shard ciphertexts using the first master escrow recovery device, a second set of master key shard ciphertexts using the second master escrow recovery device, and a third set of master key shard ciphertexts using the third master escrow recovery devices comprises:
generating, for each of the three master keys, a first master key shard, a second master key shard, and a third master key shard; encrypting each of the first master key shards using a first public key exported from the first master escrow recovery device to generate the first set of master key shard ciphertexts; encrypting each of the second master key shards using a second public key exported from the second master escrow recovery device to generate the second set of master key shard ciphertexts; and encrypting each of the third master key shards using a third public key exported from the third master escrow recovery device to generate the third set of master key shard ciphertexts, wherein the first, second, and third public keys are registered in each of the two first-party HSMs.
5 . The computer-implemented method of claim 4 , further comprising:
registering the first, second, and third public keys in each of the two first-party HSMs
6 . The computer-implemented method of claim 1 , further comprising:
initializing at least one additional third-party HSMs as an additional master escrow recovery device, each additional third-party HSM corresponding to a different third party; generating at least one additional set of master key shard ciphertexts using the at least one additional master escrow recovery device; storing the at least one additional set of master key shard ciphertexts in the at least two different write once read many (WORM) storage; and storing the at least one additional set of master key shard ciphertexts in each of the two first-party HSMs.
8 . The computer-implemented method of claim 1 , further comprising:
storing the first set of master key shard ciphertexts, the second set of master key shard ciphertexts, and the third set of master key shard ciphertexts in at least two different write once read many (WORM) storage devices.
9 . A computer-implemented method comprising:
escrowing three master keys of a first party with three different third parties; and recovering the three master keys from escrow, wherein the recovering involves the first party and at least two of the three different third parties; wherein recovering the three master keys from escrow comprises:
retrieving three sets of master key shard ciphertexts corresponding to the three master keys of the authoritative blockchain of the first party, wherein:
the first set of master key shard ciphertexts comprises a first master key shard ciphertext of the first master key, a first master key shard of the second master key, and a first master key shard of the third master key, the first set of master key shard ciphertexts previously escrowed using a first master escrow recovery device;
the second set of master key shard ciphertexts comprises a second master key shard ciphertext of the first master key, a second master key shard of the second master key, and a second master key shard of the third master key, the second set of master key shard ciphertexts previously escrowed using a second master escrow recovery device;
the third set of master key shard ciphertexts comprises a third master key shard ciphertext of the first master key, a third master key shard of the second master key, and a third master key shard of the third master key, the third set of master key shard ciphertexts previously escrowed using a third master escrow recovery device;
each master escrow recovery device corresponds to a different one of the three third parties; and
the first party is different from each of the three third parties;
obtaining a set of master escrow recovery devices, wherein:
each master escrow recovery device comprises a third-party hardware security module (HSM);
each third-party HSM was previously initialized as a master escrow recovery device by registering information corresponding to each third-party HSM in a first-party HSM of the first party; and
the set of master escrow recovery devices includes at least two of the first, the second, and the third master escrow recovery devices.
10 . The computer-implemented method of claim 9 , further comprising:
decrypting, using the set of master escrow recovery devices, at least two master key shard ciphertexts of each set of master key shard ciphertexts to produce three sets of master key shards; generating, for each of three groups of first-party HSMs, a public private key pair; loading a first set of recovered master key shards on the first group of first-party HSMs, a second set of recovered master key shards on the second group of first-party HSMs, and a third set of recovered master key shards on the third group of first-party HSMs; decrypting, using a corresponding private key of the corresponding group of first-party HSMs, each master key shard of the three sets of recovered master key shards; and recovering, using the three sets of recovered master key shards, the three master keys.
11 . The computer-implemented method of claim 9 , wherein escrowing the three master keys:
initializing each of three third-party hardware security modules (HSMs) as master escrow recovery devices, wherein:
each third-party HSM corresponds to a different one of the three different third parties; and
the different third parties are different from the single first party;
generating the three master keys; generating a first set of master key shard ciphertexts using a first one of the three master escrow recovery devices, a second set of master key shard ciphertexts using a second one of the three master escrow recovery devices, and a third set of master key shard ciphertexts using a third one of the three master escrow recovery devices; and storing the first set of master key shard ciphertexts, the second set of master key shard ciphertexts, and the third set of master key shard ciphertexts in each of two first-party HSMs, the two first-party HSMs corresponding to the first party.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.