Theft and tamper resistant data protection
First Claim
1. A method implemented by a client system for keeping encrypted data tamper resistant, comprising:
- encrypting a cluster of data using an encryption key;
creating a unique key identifier of the cluster of encrypted data;
encrypting the decryption key using a public key, wherein the decryption key is interrelated to the encryption key and configured for decrypting the cluster of encrypted data;
storing the encrypted decryption key and the unique key identifier in the cluster of encrypted data as metadata;
sending a private key and the unique key identifier to a server that has access to a key ID database that stores private keys and unique key identifiers, wherein the private key is interrelated to the public key and configured for decrypting the encrypted decryption key;
initiating boot of the client system;
sending a communication request to a server that has access to the key ID database;
receiving a response from the server granting the request;
sending the unique key identifier and the encrypted decryption key to the server;
receiving a decrypted decryption key from the server; and
decrypting the cluster of encrypted data using the decrypted decryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for adding security to client data by maintaining decryption keys at a server that provide access to encrypted keys that are maintained at a client system with encrypted client data. A specialized protocol is utilized for accessing the decryption keys from the server. Once obtained, the decryption key is used to decrypt the encrypted key at the client and then the newly decrypted decryption key is used to decrypt the encrypted data. A server can also perform policy checks or trigger additional authentication such as SMS, phone, or email notification before allowing access to the server decryption key. Furthermore, in some instances, the server can also prevent access to the server decryption keys in response to anomalies, such as decommissioning and other asset management events.
-
Citations
6 Claims
-
1. A method implemented by a client system for keeping encrypted data tamper resistant, comprising:
-
encrypting a cluster of data using an encryption key; creating a unique key identifier of the cluster of encrypted data; encrypting the decryption key using a public key, wherein the decryption key is interrelated to the encryption key and configured for decrypting the cluster of encrypted data; storing the encrypted decryption key and the unique key identifier in the cluster of encrypted data as metadata; sending a private key and the unique key identifier to a server that has access to a key ID database that stores private keys and unique key identifiers, wherein the private key is interrelated to the public key and configured for decrypting the encrypted decryption key; initiating boot of the client system; sending a communication request to a server that has access to the key ID database; receiving a response from the server granting the request; sending the unique key identifier and the encrypted decryption key to the server; receiving a decrypted decryption key from the server; and decrypting the cluster of encrypted data using the decrypted decryption key. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification