Digital inheritance: a special caseof digital escrow

Tobias Christen

;Michael Tschannen

; Marc Rennhard

Lifecycle of digital values

Digital essence

Today most individuals produce daily a high-volume of digital data, including email, chat,text messaging, letters, presentations, digital photos, personal movies. In addition wepurchase assets that either are themselves represented in digital form (e.g. contracts,policies) or offer access to an online service that require access credentials. Clearly wecontinue to extend our digital footprint daily and the value of the assets increases. As aconsequence, in case our computers or smartphones are lost or broken we might not onlyface an incredible amount of hassle to try to retrieve access to this data but in many casesloose our digital memories forever.

Secure storage

The safety of personal data that is stored on a personal computer is often overestimated.First we underestimate both the strength of non-intentional threats like drive failure or errorin data handling, but we also misinterprete where the weakest link in a secure remote dataaccess solution is. Most security experts agree that the weakest link is again the computerand the danger that the data owner inadvertently deletes his data.Even if storage on a hosted service seems intuitively less secure than storage on apersonally owned device because we do not have the ultimate control and we have nodefinite proof of the trustworthiness of the provider, we can well argue that storageproviders which guarantee privacy, that provide end-to-end data encryption and operatehighly redundant storage infrastructures in certified data centers reduce the risk to personaldata greatly.

Secure access and access recovery

Some of the factors that generate the trustworthiness of the online storage solution are theway data is accessed and how the access is protected. Privacy policies, quality assuranceprocesses, and secure solution architectures and implementations are other factors thatgenerate trustworthiness however they are more difficult to judge by the individualcustomer. To guarantee privacy and security of the customer's data there are two importantaspects to be considered; a) does the provider know the password (and hence has

potentially unrestricted access to the data) and b) does the service provider offer strongauthentication and encrypted transmission and storage of data.If the service provider does not have access to the password and is not able to generatevalid new passwords on demand, we face a problem: what happens if the customer looseshis password Access must be recoverable to adhere availability. To prevent that the serviceprovider can have access to the data, there must be an alternative credential that only theclient knows and that is difficult enough to guess that it offers an even stronger protectionthan the primary access credential.Another factor for guaranteed privacy protection is that the encryption keys that are used toencrypt and decrypt the customers data are not accessible to the service provider. One wayto achieve this is to re-encrypt the keys with and derive that key from the password of thecustomer.

The problem of authorizing conditional access

The need for conditional access

The owner of the data may want to arrange conditional access to his data for a wide rangeof reasons. For example make sure that the data is accessible to the heirs after the ownerdeceases, or make sure relatives have access (e.g to health data) if the owner has anaccident. Or there may be an arrangement where temporal data ownership is given to acustodian but the original owner wants to ensure he can enforce access if necessary (e.g. acompany arranges with a contractor the custodianship of its data but wants to make surethey can escrow without the need of a legal procedure).If we now assume that there is an arrangement for conditional access to data as describedabove, the problem arrises how a solution provider can distinguish between legitible accessclaims and none legitimal.

The analogy to the physical world is troublesome

In the physical world, conditions can be proven for example with a death certificate, but theproblem remains how to recognize the originality of a death certificate from a different jurisdiction. Other examples may be authorizations based on physical identities, but theproblem remains how a service provider can recognize the originality of document copies,that are possibly faxed around the world.

The concept of a trusted authorized activator

A solution that is often used is that at least two persons need to claim the access andprovide their credentials. An alternative and even more flexible solution is to use a neutraltrusted authority that claims the conditional access for another person. We call this conceptthe "authorized activator". Typically the activator is neutral and does not benefit from the

act of activation. This can be a company internal neutral authority like the HR department, atrusted friend, a relative or an appointed legal authority.It is important that the solution provider protects the privacy of the data owner in particularbefore the conditional access is activated. Meaning that the solution provider has toguarantee that a) there is no parallel path allowing access to the data with the authorizedactivators credential and b) that the owner is notified of conditional access, potentiallycombined with a safety delay period during which the data owner has the opportunity tointervene in case abuse is detected.

Technical Solution

Baseline

DataInherit tries to integrate a variety of security mechanisms in a simple but effectivesolution. The following requirements were defined and are met by the solution implementedin DataInherit:•Secure login, using either one- or two-factor authentication•Secure transmission of sensitive data•Secure server-side storage•Secure and tamper-proof triggering of the inheritance process•Secure and tamper-proof account recovery•There exists no way for DataInherit personnel to gain access to any user's data oraccount•Extensibility: Features such as document sharing should be possible to be integratedin the future without significant changes to the architecture•Usage of well-known and proven cryptographic standards•Performance-optimized use of cryptography, in particular with respect to minimizingthe number of public key computations

Server-Side Storage

The following figure shows the basics of the key management implemented in DataInherit: