	US 11,811,751 B2
	Exclusive self-escrow method and apparatus
James C. Collier, Oakland, CA (US); and Michael Pompa, Oakland, CA (US)
Assigned to Oboren Systems, Inc., Berkeley, CA (US)
Filed by Oboren Systems, Inc., Berkeley, CA (US)
Filed on Nov. 10, 2022, as Appl. No. 18/054,518.
Application 18/054,518 is a continuation of application No. 17/490,026, filed on Sep. 30, 2021, granted, now 11,509,649.
Claims priority of provisional application 63/167,974, filed on Mar. 30, 2021.
Claims priority of provisional application 63/086,373, filed on Oct. 1, 2020.
Prior Publication US 2023/0073474 A1, Mar. 9, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/32 (2006.01); H04L 9/14 (2006.01); H04L 9/40 (2022.01)

CPC H04L 63/083 (2013.01) [H04L 9/14 (2013.01); H04L 9/3242 (2013.01)]

32 Claims

1. A method for a third party (TP) having a TP domain to unlock a locked device owner's program domain (DO-PD), said method comprising:

a first authenticating of the TP domain by the DO-PD, where the TP domain has an associated TP key pair including a TP public key and a TP private key and where the DO-PD has an associated PD key pair including a PD public key and a PD private key, where the DO-PD has a DO-PD resident credential, and where the first authenticating of the TP domain by the DO-PD includes

the DO-PD using the TP public key to encrypt the DO-PD resident credential,

the DO-PD sending or releasing the encrypted DO-PD resident credential to the TP domain,

the TP domain using the TP private key to decrypt the encrypted DO-PD resident credential,

forming a DO-PD challenge credential in the TP domain using the decrypted DO-PD resident credential,

the TP domain encrypting the DO-PD challenge credential with the PD public key,

the TP domain sending or releasing the encrypted DO-PD challenge credential to the DO-PD,

the DO-PD using the PD private key to reveal the DO-PD challenge credential, and

successfully authenticating the TP domain by the DO-PD when the DO-PD resident credential is equal to the DO-PD challenge credential;

a second authenticating of the DO-PD by the TP domain, where the TP domain has a TP domain resident credential, and where the second authenticating of the DO-PD by the TP domain includes

the TP domain using the PD public key to encrypt the TP domain resident credential,

the TP domain sending or releasing the encrypted TP domain resident credential to the DO-PD,

the DO-PD using the PD private key to decrypt the encrypted TP domain resident credential,

forming a TP domain challenge credential in the DO-PD using the decrypted TP domain resident credential,

the DO-PD encrypting the TP domain challenge credential with the TP public key,

the DO-PD sending or releasing the encrypted TP domain challenge credential to the TP domain,

the TP domain using the TP private key to reveal the TP domain challenge credential, and

successfully authenticating the DO-PD by the TP domain when the TP domain resident credential is equal to the TP domain challenge credential; and

unlocking the locked DO-PD after successfully authenticating the TP domain by the DO-PD and after the successfully authenticating the DO-PD by the TP domain,

where said DO-PD resident credential is stored or computed in the DO-PD, or where said TP domain resident credential is stored or computed in the TP domain.