The storage, distribution and safeguarding of valuable and proprietary information presents special and difficult problems. Traditionally, devices such as the safety deposit box, for example, have been used for secure storage of both personal and commercial information and other valuable materials. The safety deposit box provides security in the sense that it is physically located in a secure vault having limited access, and at least two keys, one in the possession of the vault administers and one in the possession of the user, are required for access to the safety deposit box.
Today, virtually anything that can be represented by words, numbers, graphics, or system of commands and instructions can be formatted into electronic digital information. Typically, a user could back up critical files or documents to a portable storage medium and then transport the data to a secure storage facility, such as safety deposit box or the like. This involves transportation to and from the facility and physical storage of the files in multiple formats, which may or may not become obsolete by the time it is required to recover the data. Additionally, if it is desired to update the data, the data must first be physically retrieved from the storage facility and then physically replaced at the storage facility when any updates are complete.
A common example is the software escrow account. Software customers sometimes request that program source code and design documentation be placed into an escrow account for safe keeping. The software customer desires some assurance that the software will survive the demise of the vendor organization (or the departure of key personnel) that developed the software. On the other hand, software source code and design documentation are the crown jewels, the pattern or template from which unlimited quantities of saleable product can be manufactured and vendors typically are very reluctant to provide copies of this material to their customers.
Escrow arrangements, however, suffer from several weaknesses, some of them almost intractable. In addition to the problems generally associated with safety deposit boxes, escrow arrangements are not cheap to set up or to maintain. The escrow materials must be updated periodically—an administrative headache where a third-party escrow agent is involved.
In some situations a software owner's concerns about unauthorized access might be satisfactorily addressed by providing encrypted source code and design documentation to a customer. The code and a decryption key could be given to a high-level official of the customer along with contract documents including specific safekeeping requirements (e.g., mandating the use of an off-site safety deposit box) as well as instructions to release the decryption key only in specified circumstances. A double-encryption scheme could also be employed. However, encryption is no more a panacea than the escrow account. In addition to the above described problems associated with escrow accounts, a customer might be too small a company for such an encryption scheme to be workable or the software vendor may not have any basis for trusting any of the officials of the customer.
Traditional electronic information protection systems are often inflexible and inefficient, and, further, are vulnerable to unauthorized access. Authorization passwords and protocols, license servers, “lock/unlock” distribution methods, and non-electronic contractual limitations imposed on users are a few of the more prevalent protection schemes. In a business and commercial context, these efforts are inefficient and limited solutions.
Accordingly there is a need for a way to securely store digital information, whether it be a company's critical business records or software source code, for example, without the attendant limitations and disadvantages described above.