Data encrypting system with encryption service module and supporting infrastructure for transparently providing encryption services to encryption service consumer processes across encryption service state changes

US 10,439,804 B2
Filed: 10/27/2017
Issued: 10/08/2019
Est. Priority Date: 10/27/2017
Status: Active Grant

First Claim

Patent Images

1. A method of providing encryption services in a data encrypting system, comprising:

receiving, from an encrypting consumer process executing on processing circuitry contained in the data encrypting system, by an encryption service module executing on the processing circuitry, an encryption operation request, wherein the encryption operation request includes a set of encryption parameters, and wherein the set of encryption parameters includes a location of a plaintext buffer in a memory of the data encrypting system and a location of an ciphertext output buffer in the memory of the data encrypting system for storing ciphertext resulting from encrypting the contents of the plaintext buffer;

determining, by the encryption service module, whether the set of encryption parameters in the encryption operation request includes an indication of a cryptographic key that is to be used by the encryption service module to transform the contents of the plaintext buffer into ciphertext;

responsive to determining that the set of parameters in the encryption operation request does not include an indication of a cryptographic key that is to be used by the encryption service module to transform the contents of the plaintext buffer into ciphertext, the encryption service module performing an encryption operation at least in part by;

i) retrieving a current cryptographic key stored within a key store located in the data encrypting system,ii) using the current cryptographic key and an associated cryptographic algorithm to encrypt the contents of the plaintext buffer by transforming the contents of the plaintext buffer into ciphertext,iii) creating an encrypted data object that includes the ciphertext and a key identifier that uniquely identifies the current cryptographic key and the associated cryptographic algorithm that were used to encrypt the contents of the plaintext buffer, andiv) storing the encrypted data object into the ciphertext output buffer;

receiving, from a decrypting consumer process, a decryption operation request, wherein the decryption operation request includes a set of decryption parameters, wherein the set of decryption parameters includes a location of a ciphertext buffer containing the encrypted data object and a location of a plaintext output buffer for storing plaintext resulting from decrypting the ciphertext contained in the encrypted data object;

determining whether the set of decryption parameters in the decryption operation request includes an indication of a cryptographic key that is to be used to transform the ciphertext contained in the encrypted data object into plaintext;

responsive to determining that the set of decryption parameters in the decryption operation request does not include an indication of a cryptographic key that is to be used to transform the ciphertext contained in the encrypted data object into plaintext, performing a decryption operation at least in part by;

i) extracting the key identifier from the encrypted data object,ii) using the extracted key identifier to retrieve a cryptographic key indicated by the extracted key identifier,iii) using the extracted key identifier to identify a cryptographic algorithm associated with the retrieved cryptographic key,iv) using the retrieved cryptographic key and the identified cryptographic algorithm to decrypt the ciphertext contained in the encrypted data object by transforming the ciphertext contained in the encrypted data object into plaintext, andv) storing the plaintext into the plaintext output buffer.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In response to determining that an encryption operation request includes no indication of a cryptographic key, an encryption service module performs an encryption operation using a current cryptographic key retrieved by the encryption service module, and creates and stores an encrypted data object that includes the resulting ciphertext and a key identifier that uniquely identifies the cryptographic key and the associated cryptographic algorithm used to perform the encryption. A subsequent decryption operation request to the encryption service module that indicates the encrypted data object is processed by retrieving the cryptographic key and identifying the associated cryptographic using the key identifier contained in the encrypted data object. The encrypted data object may also include an initialization vector used to generate the ciphertext contained in the encrypted data object, as well as an integrity check value generated across the ciphertext and initialization vector.

23 Citations

View as Search Results

15 Claims

1. A method of providing encryption services in a data encrypting system, comprising:
- receiving, from an encrypting consumer process executing on processing circuitry contained in the data encrypting system, by an encryption service module executing on the processing circuitry, an encryption operation request, wherein the encryption operation request includes a set of encryption parameters, and wherein the set of encryption parameters includes a location of a plaintext buffer in a memory of the data encrypting system and a location of an ciphertext output buffer in the memory of the data encrypting system for storing ciphertext resulting from encrypting the contents of the plaintext buffer;
  
  determining, by the encryption service module, whether the set of encryption parameters in the encryption operation request includes an indication of a cryptographic key that is to be used by the encryption service module to transform the contents of the plaintext buffer into ciphertext;
  
  responsive to determining that the set of parameters in the encryption operation request does not include an indication of a cryptographic key that is to be used by the encryption service module to transform the contents of the plaintext buffer into ciphertext, the encryption service module performing an encryption operation at least in part by;
  
  i) retrieving a current cryptographic key stored within a key store located in the data encrypting system,ii) using the current cryptographic key and an associated cryptographic algorithm to encrypt the contents of the plaintext buffer by transforming the contents of the plaintext buffer into ciphertext,iii) creating an encrypted data object that includes the ciphertext and a key identifier that uniquely identifies the current cryptographic key and the associated cryptographic algorithm that were used to encrypt the contents of the plaintext buffer, andiv) storing the encrypted data object into the ciphertext output buffer;
  
  receiving, from a decrypting consumer process, a decryption operation request, wherein the decryption operation request includes a set of decryption parameters, wherein the set of decryption parameters includes a location of a ciphertext buffer containing the encrypted data object and a location of a plaintext output buffer for storing plaintext resulting from decrypting the ciphertext contained in the encrypted data object;
  
  determining whether the set of decryption parameters in the decryption operation request includes an indication of a cryptographic key that is to be used to transform the ciphertext contained in the encrypted data object into plaintext;
  
  responsive to determining that the set of decryption parameters in the decryption operation request does not include an indication of a cryptographic key that is to be used to transform the ciphertext contained in the encrypted data object into plaintext, performing a decryption operation at least in part by;
  
  i) extracting the key identifier from the encrypted data object,ii) using the extracted key identifier to retrieve a cryptographic key indicated by the extracted key identifier,iii) using the extracted key identifier to identify a cryptographic algorithm associated with the retrieved cryptographic key,iv) using the retrieved cryptographic key and the identified cryptographic algorithm to decrypt the ciphertext contained in the encrypted data object by transforming the ciphertext contained in the encrypted data object into plaintext, andv) storing the plaintext into the plaintext output buffer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - wherein the decryption operation request is received by the encryption service module executing on the processing circuitry contained in the data encrypting system;
      
      wherein the location of the ciphertext buffer containing the encrypted data object and the location of the plaintext output buffer are locations within the memory of the data encrypting system;
      
      wherein the encryption service module executing on the processing circuitry contained in the data encrypting system performs the decryption operation; and
      
      wherein the cryptographic key indicated by the extracted key identifier is retrieved from the key store located in the data encrypting system.
  - 3. The method of claim 1, wherein the data encrypting system is a first data encrypting system contained within a cluster of data encrypting systems, wherein the cluster of data encrypting systems further includes a second data encrypting system, and the method further comprising:
    - synchronizing a contents of the key store located in the first data encrypting system with the contents of a key store located in the second data encrypting system, wherein the synchronizing includes copying the current cryptographic key from the key store located in the first data encrypting system to the key store located in the second data encrypting system;
      
      transmitting the encrypted data object from the first data encrypting system to the second data encrypting system;
      
      wherein the decryption operation request is received by an encryption service module executing on processing circuitry contained in the second data encrypting system from a decrypting consumer process executing on the processing circuitry contained in the second data encrypting system;
      
      wherein the location of the ciphertext buffer containing the encrypted data object and the location of the plaintext output buffer are locations within a memory of the second data encrypting system;
      
      wherein the encryption service module executing on the processing circuitry contained in the second data encrypting system performs the decryption operation; and
      
      wherein the cryptographic key indicated by the extracted key identifier is retrieved from the key store located in the second data encrypting system.
  - 4. The method of claim 2, further comprising:
    - wherein performing the encryption operation further includesgenerating an initialization vector,using the initialization vector with the current cryptographic key and associated cryptographic algorithm to encrypt the contents of the plaintext buffer, andcreating the encrypted data object such that the encrypted data object further includes the initialization vector; and
      
      wherein performing the decryption operation further includesextracting the initialization vector from the encrypted data object, andusing the initialization vector with the retrieved cryptographic key and identified cryptographic algorithm to decrypt the ciphertext contained in the encrypted data object.
  - 5. The method of claim 4, further comprising:
    - wherein performing the encryption operation further includesgenerating an integrity check value by applying a cryptographic hash function to the ciphertext and the initialization vector,creating the encrypted data object such that the encrypted data object further includes the integrity check value; and
      
      wherein performing the decryption operation further includes, prior to decrypting the ciphertext contained in the encrypted data object, i) extracting the integrity check value from the encrypted data object, ii) using the integrity check value to check the validity of the ciphertext and initialization vector, and iii) only decrypting the ciphertext contained in the encrypted data object responsive to determining, based on the integrity check value, that the ciphertext and initialization vector are valid.
  - 6. The method of claim 5, further comprising:
    - receiving, by the encryption service module after performing the encryption operation, an encryption service state change message that causes a new version of the current cryptographic key to be used to encrypt plaintext during subsequently performed encryption operations;
      
      wherein performing the decryption operation further comprisesdetermining whether the retrieved cryptographic key is the most recent version of the retrieved cryptographic key, andin response to determining that the retrieved cryptographic key is not the most recent version of the retrieved cryptographic key, issuing a completion status to the decrypting consumer process indicating that the retrieved cryptographic key is not the most recent version of the retrieved cryptographic key; and
      
      wherein the completion status indicating that the retrieved cryptographic key is not the most recent version of the retrieved cryptographic key causes the decrypting consumer process to issue an encryption operation request to the encryption service module, whereby the encryption service module encrypts the plaintext stored in the plaintext output buffer using the new version of the current cryptographic key.
  - 7. The method of claim 1, further comprising:
    - receiving, by the encryption service from the encrypting consumer process, a second encryption operation request, wherein the second encryption operation request includes a set of encryption parameters, and wherein the set of encryption parameters includes a location of a second plaintext buffer in a memory of the data encrypting system, a location of a second ciphertext output buffer in the memory of the data encrypting system for storing ciphertext resulting from encrypting the contents of the second plaintext buffer, and a length of the second ciphertext output buffer in the memory of the data encrypting system for storing ciphertext resulting from encrypting the contents of the second plaintext buffer; and
      
      responsive to determining that the set of parameters in the second encryption operation request does not include an indication of a cryptographic key that is to be used by the encryption service module to transform the contents of the second plaintext buffer into ciphertext, the encryption service module performing a second encryption operation at least in part by;
      
      i) retrieving the current cryptographic key stored within the key store located in the data encrypting system,ii) using the current cryptographic key and an associated cryptographic algorithm to encrypt the contents of the second plaintext buffer by transforming the contents of the second plaintext buffer into ciphertext,iii) comparing a length of the ciphertext to the length of the second ciphertext output buffer in the memory of the data encrypting system for storing ciphertext, andiv) responsive to the length of the ciphertext exceeding the length of the second ciphertext output buffer in the memory of the data encrypting system for storing ciphertext, issuing a completion status to the encrypting consumer process indicating that the length of the second ciphertext output buffer in the memory of the data encrypting system for storing ciphertext is too small, and wherein the completion status also indicates the length of the ciphertext.
  - 8. The method of claim 1, further comprising:
    - receiving, by the encryption service from the decrypting consumer process, a second decryption operation request, wherein the second decryption operation request includes a set of decryption parameters, and wherein the set of decryption parameters includes a location of a second ciphertext buffer containing a second encrypted data object, a location of a second plaintext output buffer for storing plaintext resulting from decrypting ciphertext contained in the second encrypted data object, and a length of the second plaintext output buffer; and
      
      responsive to determining that the set of decryption parameters in the second decryption operation request does not include an indication of a cryptographic key that is to be used to transform the ciphertext contained in the second encrypted data object into plaintext, performing a second decryption operation by the encryption service at least in part by;
      
      i) extracting a key identifier from the second encrypted data object,ii) using the key identifier extracted from the second encrypted data object to retrieve a cryptographic key indicated by the key identifier extracted from the second encrypted data object,iii) using the key identifier extracted from the second encrypted data object to identify a cryptographic algorithm associated with the cryptographic key retrieved using the key identifier extracted from the second encrypted data object,iv) using the cryptographic key retrieved using the key identifier extracted from the second encrypted data object and the cryptographic algorithm identified using the key identifier extracted from the second encrypted data object to decrypt the ciphertext contained in the second encrypted data object by transforming the ciphertext contained in the second encrypted data object into plaintext,v) comparing a length of the plaintext to the length of the second plaintext output buffer, andvi) responsive to the length of the plaintext exceeding the length of the second plaintext output buffer, issuing a completion status to the decrypting consumer process indicating that the length of the second plaintext output buffer is too small, and wherein the completion status also indicates the length of the plaintext.

9. An electronic system for encrypting data, comprising:
- a data encrypting system that includes processing circuitry and a memory;
  
  wherein the memory has program code for providing encryption services stored thereon, wherein the program code, when executed by the processing circuitry, causes the processing circuitry to;
  
  receive, from an encrypting consumer process executing on the processing circuitry, an encryption operation request, wherein the encryption operation request includes a set of encryption parameters, and wherein the set of encryption parameters includes a location in the memory of a plaintext buffer and a location in the memory of an ciphertext output buffer for storing ciphertext resulting from encrypting the contents of the plaintext buffer;
  
  determine whether the set of encryption parameters in the encryption operation request includes an indication of a cryptographic key that is to be used to transform the contents of the plaintext buffer into ciphertext;
  
  responsive to a determination that the set of parameters in the encryption operation request does not include an indication of a cryptographic key that is to be used to transform the contents of the plaintext buffer into ciphertext, perform an encryption operation at least in part by causing the processing circuitry to;
  
  i) retrieve a current cryptographic key stored within a key store located in the data encrypting system,ii) use the current cryptographic key and an associated cryptographic algorithm to encrypt the contents of the plaintext buffer by transforming the contents of the plaintext buffer into ciphertext,iii) create an encrypted data object that includes the ciphertext and a key identifier that uniquely identifies the current cryptographic key and the associated cryptographic algorithm that were used to encrypt the contents of the plaintext buffer, andiv) store the encrypted data object into the ciphertext output buffer;
  
  receive from a decrypting consumer process executing on the processing circuitry, a decryption operation request, wherein the decryption operation request includes a set of decryption parameters, wherein the set of decryption parameters includes a location in the memory of a ciphertext buffer containing the encrypted data object and a location in the memory of a plaintext output buffer for storing plaintext resulting from decrypting the ciphertext contained in the encrypted data object;
  
  determine whether the set of decryption parameters in the decryption operation request includes an indication of a cryptographic key that is to be used to transform the ciphertext contained in the encrypted data object into plaintext;
  
  responsive to a determination that the set of decryption parameters in the decryption operation request does not include an indication of a cryptographic key that is to be used to transform the ciphertext contained in the encrypted data object into plaintext, perform a decryption operation at least in part by causing the processing circuitry to;
  
  i) extract the key identifier from the encrypted data object,ii) use the extracted key identifier to retrieve a cryptographic key indicated by the extracted key identifier,iii) use the extracted key identifier to identify a cryptographic algorithm associated with the retrieved cryptographic key,iv) use the retrieved cryptographic key and the identified cryptographic algorithm to decrypt the ciphertext contained in the encrypted data object by transforming the ciphertext contained in the encrypted data object into plaintext, andv) store the plaintext into the plaintext output buffer.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The electronic system for encrypting data of claim 9, further comprising:
    - wherein the program code, when executed by the processing circuitry, when causing the processing circuitry to perform the encryption operation, further causes the processing circuitry to;
      
      generate an initialization vector,use the initialization vector with the current cryptographic key and associated cryptographic algorithm to encrypt the contents of the plaintext buffer, andcreate the encrypted data object such that the encrypted data object further includes the initialization vector; and
      
      wherein the program code, when executed by the processing circuitry, when causing the processing circuitry to perform the decryption operation, further causes the processing circuitry to;
      
      extract the initialization vector from the encrypted data object, anduse the initialization vector with the retrieved cryptographic key and identified cryptographic algorithm to decrypt the ciphertext contained in the encrypted data object.
  - 11. The electronic system for encrypting data of claim of claim 10, further comprising:
    - wherein the program code, when executed by the processing circuitry, when causing the processing circuitry to perform the encryption operation, further causes the processing circuitry to;
      
      generate an integrity check value by applying a cryptographic hash function to the ciphertext and the initialization vector, andcreate the encrypted data object such that the encrypted data object further includes the integrity check value; and
      
      wherein the program code, when executed by the processing circuitry, when causing the processing circuitry to perform the decryption operation, further causes the processing circuitry to;
      
      prior to decrypting the ciphertext contained in the encrypted data object, i) extract the integrity check value from the encrypted data object, ii) use the integrity check value to check the validity of the ciphertext and initialization vector, and iii) only decrypt the ciphertext contained in the encrypted data object responsive to determining, based on the integrity check value, that the ciphertext and initialization vector are valid.
  - 12. The electronic system for encrypting data of claim 11, further comprising:
    - wherein the program code, when executed by the processing circuitry, further causes the processing circuitry to receive, after performing the encryption operation, an encryption service state change message that causes a new version of the current cryptographic key to be used to encrypt plaintext during subsequently performed encryption operations; and
      
      wherein the program code, when executed by the processing circuitry, when causing the processing circuitry to perform the decryption operation, further causes the processing circuitry to;
      
      determine whether the retrieved cryptographic key is the most recent version of the retrieved cryptographic key, andin response to a determination that the retrieved cryptographic key is not the most recent version of the retrieved cryptographic key, issue a completion status to the decrypting consumer process indicating that the retrieved cryptographic key is not the most recent version of the retrieved cryptographic key; and
      
      wherein the program code, when executed by the processing circuitry, further causes the processing circuitry to, in response to the completion status indicating that the retrieved cryptographic key is not the most recent version of the retrieved cryptographic key, issue an encryption operation request from the decrypting consumer process, whereby the plaintext stored in the plaintext output buffer is encrypted using the new version of the current cryptographic key.
  - 13. The electronic system for encrypting data of claim 9, wherein the program code, when executed by the processing circuitry, further causes the processing circuitry to:
    - receive, from the encrypting consumer process, a second encryption operation request, wherein the second encryption operation request includes a set of encryption parameters, and wherein the set of encryption parameters includes a location of a second plaintext buffer in a memory of the data encrypting system, a location of a second ciphertext output buffer in the memory of the data encrypting system for storing ciphertext resulting from encrypting the contents of the second plaintext buffer, and a length of the second ciphertext output buffer in the memory of the data encrypting system for storing ciphertext resulting from encrypting the contents of the second plaintext buffer; and
      
      responsive to a determination that the set of parameters in the second encryption operation request does not include an indication of a cryptographic key that is to be used to transform the contents of the second plaintext buffer into ciphertext, perform a second encryption operation at least in part by causing the processing circuitry to;
      
      i) retrieve the current cryptographic key stored within the key store located in the data encrypting system,ii) use the current cryptographic key and an associated cryptographic algorithm to encrypt the contents of the second plaintext buffer by transforming the contents of the second plaintext buffer into ciphertext,iii) compare a length of the ciphertext to the length of the second ciphertext output buffer in the memory of the data encrypting system for storing ciphertext, andiv) responsive to the length of the ciphertext exceeding the length of the second ciphertext output buffer in the memory of the data encrypting system for storing ciphertext, issue a completion status to the encrypting consumer process indicating that the length of the second ciphertext output buffer in the memory of the data encrypting system for storing ciphertext is too small, and wherein the completion status also indicates the length of the ciphertext.
  - 14. The electronic system for encrypting data of claim 9, wherein the program code, when executed by the processing circuitry, further causes the processing circuitry to:
    - receive, from the decrypting consumer process, a second decryption operation request, wherein the second decryption operation request includes a set of decryption parameters, and wherein the set of decryption parameters includes a location of a second ciphertext buffer containing a second encrypted data object, a location of a second plaintext output buffer for storing plaintext resulting from decrypting ciphertext contained in the second encrypted data object, and a length of the second plaintext output buffer; and
      
      responsive to a determination that the set of decryption parameters in the second decryption operation request does not include an indication of a cryptographic key that is to be used to transform the ciphertext contained in the second encrypted data object into plaintext, perform a second decryption operation at least in part by causing the processing circuitry to;
      
      i) extract a key identifier from the second encrypted data object,ii) use the key identifier extracted from the second encrypted data object to retrieve a cryptographic key indicated by the key identifier extracted from the second encrypted data object,iii) use the key identifier extracted from the second encrypted data object to identify a cryptographic algorithm associated with the cryptographic key retrieved using the key identifier extracted from the second encrypted data object,iv) use the cryptographic key retrieved using the key identifier extracted from the second encrypted data object and the cryptographic algorithm identified using the key identifier extracted from the second encrypted data object to decrypt the ciphertext contained in the second encrypted data object by transforming the ciphertext contained in the second encrypted data object into plaintext,v) compare a length of the plaintext to the length of the second plaintext output buffer, andvi) responsive to the length of the plaintext exceeding the length of the second plaintext output buffer, issue a completion status to the decrypting consumer process indicating that the length of the second plaintext output buffer is too small, and wherein the completion status also indicates the length of the plaintext.

15. A non-transitory computer readable medium for providing encryption services in a data encrypting system having instructions stored thereon that when executed on processing circuitry in the data encrypting system perform the steps of:
- receiving, from an encrypting consumer process executing on the processing circuitry, an encryption operation request, wherein the encryption operation request includes a set of encryption parameters, and wherein the set of encryption parameters includes a location of a plaintext buffer in a memory of the data encrypting system and a location of an ciphertext output buffer in the memory of the data encrypting system for storing ciphertext resulting from encrypting the contents of the plaintext buffer;
  
  determining whether the set of encryption parameters in the encryption operation request includes an indication of a cryptographic key that is to be used to transform the contents of the plaintext buffer into ciphertext;
  
  responsive to determining that the set of parameters in the encryption operation request does not include an indication of a cryptographic key that is to be used to transform the contents of the plaintext buffer into ciphertext, performing an encryption operation at least in part by;
  
  i) retrieving a current cryptographic key stored within a key store located in the data encrypting system,ii) using the current cryptographic key and an associated cryptographic algorithm to encrypt the contents of the plaintext buffer by transforming the contents of the plaintext buffer into ciphertext,iii) creating an encrypted data object that includes the ciphertext and a key identifier that uniquely identifies the current cryptographic key and the associated cryptographic algorithm that were used to encrypt the contents of the plaintext buffer, andiv) storing the encrypted data object into the ciphertext output buffer;
  
  receiving, from a decrypting consumer process executing on the processing circuitry, a decryption operation request, wherein the decryption operation request includes a set of decryption parameters, wherein the set of decryption parameters includes a location of a ciphertext buffer containing the encrypted data object and a location of a plaintext output buffer for storing plaintext resulting from decrypting the ciphertext contained in the encrypted data object;
  
  determining whether the set of decryption parameters in the decryption operation request includes an indication of a cryptographic key that is to be used to transform the ciphertext contained in the encrypted data object into plaintext;
  
  responsive to determining that the set of decryption parameters in the decryption operation request does not include an indication of a cryptographic key that is to be used to transform the ciphertext contained in the encrypted data object into plaintext, performing a decryption operation at least in part by;
  
  i) extracting the key identifier from the encrypted data object,ii) using the extracted key identifier to retrieve a cryptographic key indicated by the extracted key identifier,iii) using the extracted key identifier to identify a cryptographic algorithm associated with the retrieved cryptographic key,iv) using the retrieved cryptographic key and the identified cryptographic algorithm to decrypt the ciphertext contained in the encrypted data object by transforming the ciphertext contained in the encrypted data object into plaintext, andv) storing the plaintext into the plaintext output buffer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Inventors
Zhang, Ping, Kaufman, Charlie, Lazar, Gregory W., Fang, Yi, Tang, Xuan
Primary Examiner(s)
Shayanfar, Ali

Application Number

US15/795,482
Publication Number

US 20190132120A1
Time in Patent Office

711 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0457   wherein the sending and rec...

H04L 63/068   using time-dependent keys, ...

H04L 9/0618   Block ciphers, i.e. encrypt...

H04L 9/065   Encryption by serially and ...

H04L 9/0822   using key encryption key

H04L 9/12   Transmitting and receiving ...

H04L 9/16   the keys or algorithms bein...

H04L 9/3239   involving non-keyed hash fu...

Data encrypting system with encryption service module and supporting infrastructure for transparently providing encryption services to encryption service consumer processes across encryption service state changes

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Data encrypting system with encryption service module and supporting infrastructure for transparently providing encryption services to encryption service consumer processes across encryption service state changes

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others