US Patent 11019040 Cloud key escrow system

Embodiments are directed to storing encrypted data in a data store and to securely providing access to the encrypted data according to a predefined policy. A data storage system receives encrypted data. The data is encrypted using a private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption and the policy prevents the storage system from unencrypting the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system decrypting the encrypted data. The data storage system can acknowledge that the received encrypted data has been verified and successfully stored.