Theft and tamper resistant data protection
First Claim
Patent Images
1. A method implemented by a client system for keeping encrypted data tamper resistant, comprising:
- encrypting a cluster of data using an encryption key;
creating a unique key identifier of the cluster of encrypted data;
encrypting the decryption key using a public key, wherein the decryption key is interrelated to the encryption key and configured for decrypting the cluster of encrypted data;
storing the encrypted decryption key and the unique key identifier in the cluster of encrypted data as metadata;
sending a private key and the unique key identifier to a server that has access to a key ID database that stores private keys and unique key identifiers, wherein the private key is interrelated to the public key and configured for decrypting the encrypted decryption key;
initiating boot of the client system;
sending a communication request to a server that has access to the key ID database;
receiving a response from the server granting the request;
sending the unique key identifier and the encrypted decryption key to the server;
receiving a decrypted decryption key from the server; and
decrypting the cluster of encrypted data using the decrypted decryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for adding security to client data by maintaining decryption keys at a server that provide access to encrypted keys that are maintained at a client system with encrypted client data. A specialized protocol is utilized for accessing the decryption keys from the server. Once obtained, the decryption key is used to decrypt the encrypted key at the client and then the newly decrypted decryption key is used to decrypt the encrypted data. A server can also perform policy checks or trigger additional authentication such as SMS, phone, or email notification before allowing access to the server decryption key. Furthermore, in some instances, the server can also prevent access to the server decryption keys in response to anomalies, such as decommissioning and other asset management events.
-
Citations
6 Claims
-
1. A method implemented by a client system for keeping encrypted data tamper resistant, comprising:
-
encrypting a cluster of data using an encryption key; creating a unique key identifier of the cluster of encrypted data; encrypting the decryption key using a public key, wherein the decryption key is interrelated to the encryption key and configured for decrypting the cluster of encrypted data; storing the encrypted decryption key and the unique key identifier in the cluster of encrypted data as metadata; sending a private key and the unique key identifier to a server that has access to a key ID database that stores private keys and unique key identifiers, wherein the private key is interrelated to the public key and configured for decrypting the encrypted decryption key; initiating boot of the client system; sending a communication request to a server that has access to the key ID database; receiving a response from the server granting the request; sending the unique key identifier and the encrypted decryption key to the server; receiving a decrypted decryption key from the server; and decrypting the cluster of encrypted data using the decrypted decryption key. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
InventorsField, Scott A., Thoram, Aravind N., Walton, John Michael, Zhou, Dayi, Semenko, Alex M., Ben-Menahem, Avraham Michael
-
Primary Examiner(s)Williams, Jeffery L
-
Application NumberUS15/639,698Publication NumberTime in Patent Office585 DaysField of SearchNoneUS Class CurrentCPC Class CodesG06F 12/1408 by using cryptography for d...G06F 21/109 by using specially-adapted ...G06F 21/126 Interacting with the operat...G06F 21/40 by quorum, i.e. whereby two...G06F 21/575 Secure bootG06F 21/6218 to a system of files or obj...G06F 21/64 Protecting data integrity, ...G06F 21/72 in cryptographic circuitsG06F 21/78 to assure secure storage of...G06F 21/86 Secure or tamper-resistant ...G06F 9/4401 Bootstrapping security arra...G06F 9/4416 Network booting; Remote ini...H04L 63/0428 wherein the data content is...H04L 63/045 wherein the sending and rec...H04L 63/061 for key exchange, e.g. in p...H04L 63/067 using one-time keys cryptog...H04L 63/0853 using an additional device,...H04L 9/0822 using key encryption keyH04L 9/0825 using asymmetric-key encryp...H04L 9/0877 using additional device, e....View All
