Method for preventing inadvertent betrayal of stored digital secrets by a trustee

The invention employs a voluntary identification/definition phase performed, for example, shortly after a computer is purchased, and a secret information retrieval phase. In the definition phase, the true owner/customer defines an escrow record which provides self-identification data together with encrypted password data. The present invention prompts a user to voluntarily escrow password or other secret information for later retrieval by entering a series of information uniquely describing himself or herself. The identification indicia is combined with the secret information (such as the user's encryption password) and is then encrypted under the control of the trustee's public key. The combined information may be encrypted, for example, under a random symmetric key (such as DES) which is then encrypted under the trustee's public key. After unique identification data has been entered, the user is asked to select a password to protect the system. Thereafter, all the personal identifying data, together with the password, is encrypted with the trustee's public key and is stored, for example, in the user's computer as an escrow security record. The password is then used to encrypt all data on the user's disk. If at some point in time in the future, the user forgets the password, the retrieval phase of the applicant's invention is performed. Under such circumstances, the user contacts the trustees, e.g., the vendor or manufacturer. The trustee utilizes documentary evidence presented by the alleged legitimate user and determines whether such evidence matches with the previously encrypted escrow information stored in the escrow record created by the user. If they agree, then the trustee has confidence that the true owner is making the request, and that revealing the secret key will not betray the owner's interest.