| CPC H04L 9/0894 (2013.01) [H04L 9/0877 (2013.01); H04L 9/3247 (2013.01); H04L 9/3268 (2013.01); H04L 63/0823 (2013.01)] | 15 Claims |
|
1. A computer-implemented method for escrow of master keys, the method comprising:
initializing each of three third-party hardware security modules (HSMs) as master escrow recovery devices, wherein:
each third-party HSM corresponds to a different third party;
the different third parties are different from a single first party; and
the different third parties and the single first party all peer review the master escrow recovery device initialization;
performing a bootstrap operation on an authoritative blockchain to generate three master keys;
generating a first set of master key shard ciphertexts using a first one of the three master escrow recovery devices, a second set of master key shard ciphertexts using a second one of the three master escrow recovery devices, and a third set of master key shard ciphertexts using a third one of the three master escrow recovery devices;
storing the first set of master key shard ciphertexts, the second set of master key shard ciphertexts, and the third set of master key shard ciphertexts as opaque objects in each of two first-party HSMs, the two first-party HSMs corresponding to the single first party; and
initializing each of three additional third-party HSMs as redundant master escrow recovery devices, each redundant master escrow recovery device corresponding to one master escrow recovery device.
|