Systems and methods for encryption and provision of information security using platform services
First Claim
1. A method for enrolling a user of an electronic computing device in a multi-party encryption and key management system, comprising the steps of:
- receiving, at a server, an enrollment request from the electronic computing device corresponding to a user of the electronic computing device for enrollment in the multi-party encryption and key management system, the enrollment request comprising identity data corresponding to the user and routing data for routing the enrollment request, wherein at least the identity data is authenticated;
determining, based on the routing data, a key space corresponding to a tenant affiliated with the user;
transmitting the enrollment request from the server to a key service corresponding to the determined key space;
receiving, at the server, a response from the key service, wherein the response comprises a tenant-specific device identifier and cryptographic enrollment data for enrolling the user, wherein the response was generated at the key service based on the enrollment request; and
transmitting the cryptographic enrollment data and tenant-specific device identifier from the server to the electronic computing device for enrollment of the user with the multi-party encryption and key management system.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for securing or encrypting data or other information arising from a user'"'"'s interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or was accessed. The ciphertext can be stored in a user'"'"'s storage device or in an enterprise database (e.g., at-rest encryption) or shared with other users (e.g., cryptographic communication). The system generally allows for secure federation across organizations, including mechanisms to ensure that the system itself and any other actor with pervasive access to the network cannot compromise the confidentially of the protected data.
93 Citations
33 Claims
-
1. A method for enrolling a user of an electronic computing device in a multi-party encryption and key management system, comprising the steps of:
-
receiving, at a server, an enrollment request from the electronic computing device corresponding to a user of the electronic computing device for enrollment in the multi-party encryption and key management system, the enrollment request comprising identity data corresponding to the user and routing data for routing the enrollment request, wherein at least the identity data is authenticated; determining, based on the routing data, a key space corresponding to a tenant affiliated with the user; transmitting the enrollment request from the server to a key service corresponding to the determined key space; receiving, at the server, a response from the key service, wherein the response comprises a tenant-specific device identifier and cryptographic enrollment data for enrolling the user, wherein the response was generated at the key service based on the enrollment request; and transmitting the cryptographic enrollment data and tenant-specific device identifier from the server to the electronic computing device for enrollment of the user with the multi-party encryption and key management system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for enrolling a user of an electronic computing device in a multi-party encryption and key management system, comprising:
-
the electronic computing device that transmits, to a key service, an enrollment request corresponding to a user of the electronic computing device for enrollment in the multi-party encryption and key management system, the enrollment request comprising identity data corresponding to the user and routing data for routing the enrollment request, wherein at least the identity data is authenticated; the key service that receives the enrollment request, wherein the key service generates, based on the enrollment request, a response comprising a tenant-specific device identifier and cryptographic enrollment data for enrolling the user and transmits the response to the electronic computing device; and the electronic computing device that receives the response from the key service, wherein the electronic computing device enrolls the user, based on the cryptographic enrollment data and tenant-specific device identifier, in the multi-party encryption and key management system. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method for enrolling a user of an electronic computing device in a multi-party encryption and key management system, comprising the steps of:
-
generating, at the electronic computing device, an enrollment request corresponding to a user of the electronic computing device for enrollment in the multi-party encryption and key management system, wherein the enrollment request comprises identity data corresponding to the user and routing data for routing the enrollment request; cryptographically signing, at the electronic computing device, at least the identity data with cryptographic information; transmitting the enrollment request from the electronic computing device to a server; and receiving, at the electronic computing device, a response from the server, wherein the response comprises a tenant-specific device identifier and cryptographic enrollment data for enrolling the user, wherein the response was generated both at the server and a key service capable of verifying the cryptographically-signed identity data. - View Dependent Claims (28, 29, 30, 31, 32, 33)
-
Specification