Secure data handling and storage
First Claim
1. A method comprising:
- receiving a request from an aggregation server to access encrypted credential information for a user, the aggregation server aggregating financial data from one or more financial institutions where a user has an account using the encrypted credential information;
determining whether the aggregation server is authorized to communicate with an encryption engine that is used to encrypt the credential information for the user by cross-referencing one or more tokens issued to the aggregation server with one or more predefined tokens designated as allowed tokens;
receiving, in response to determining that the aggregation server is authorized to communicate with the encryption engine, a plurality of keys for unlocking the encryption engine, each key associated with a key holder;
combining at least a subset of the plurality of keys to generate a master key, the subset comprising at least two keys of the plurality of keys;
unlocking the encryption engine using the master key;
receiving, at the encryption engine, the encrypted credential information for accessing the user'"'"'s accounts at the plurality of financial institutions, the credential information encrypted using a first encryption key;
decrypting the encrypted credential information using the first encryption key, the decrypted credential information transmitted to the aggregation server for accessing the one or more financial institutions where the user has an account; and
re-encrypting the decrypted credential information using a second encryption key, the second encryption key newer than the first encryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
Apparatuses, methods, systems, and program products are disclosed for secure data handling and storage. A method includes receiving a plurality of keys for unlocking an encryption engine. Each key may be associated with a key holder. At least a subset of the plurality of keys are combined to generate a master key. An encryption engine is unlocked using the master key. Encrypted data is received at the encryption engine on a continuous basis. The encrypted data is encrypted using a first encryption key, and includes sensitive information for one or more users. The encrypted data is decrypted using the first encryption key. The decrypted data is re-encrypted using a second encryption key that is newer than the first encryption key.
10 Citations
20 Claims
-
1. A method comprising:
-
receiving a request from an aggregation server to access encrypted credential information for a user, the aggregation server aggregating financial data from one or more financial institutions where a user has an account using the encrypted credential information; determining whether the aggregation server is authorized to communicate with an encryption engine that is used to encrypt the credential information for the user by cross-referencing one or more tokens issued to the aggregation server with one or more predefined tokens designated as allowed tokens; receiving, in response to determining that the aggregation server is authorized to communicate with the encryption engine, a plurality of keys for unlocking the encryption engine, each key associated with a key holder; combining at least a subset of the plurality of keys to generate a master key, the subset comprising at least two keys of the plurality of keys; unlocking the encryption engine using the master key; receiving, at the encryption engine, the encrypted credential information for accessing the user'"'"'s accounts at the plurality of financial institutions, the credential information encrypted using a first encryption key; decrypting the encrypted credential information using the first encryption key, the decrypted credential information transmitted to the aggregation server for accessing the one or more financial institutions where the user has an account; and re-encrypting the decrypted credential information using a second encryption key, the second encryption key newer than the first encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus comprising:
-
a lock module that; receives a request from an aggregation server to access encrypted credential information for a user, the aggregation server aggregating financial data from one or more financial institutions where a user has an account using the encrypted credential information; determines, at an encryption engine, whether the aggregation server is authorized to communicate with the encryption engine that is used to encrypt the credential information for the user by cross-referencing one or more tokens issued to the aggregation server with one or more predefined tokens designated as allowed tokens; receives, in response to determining that the aggregation server is authorized to communicate with the encryption engine, a plurality of keys for unlocking the encryption engine, each key associated with a key holder; combines at least a subset of the plurality of keys to generate a master key, the subset comprising at least two keys of the plurality of keys; unlocks the encryption engine using the master key; a data module that receives, at the encryption engine, the encrypted credential information for accessing the user'"'"'s accounts at the plurality of financial institutions, the credential information encrypted using a first encryption key; a decryption module that decrypts the encrypted credential information using the first encryption key, the decrypted credential information transmitted to the aggregation server for accessing the one or more financial institutions where the user has an account; and an encryption module that re-encrypts the decrypted credential information using a second encryption key, the second encryption key newer than the first encryption key. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A program product comprising a computer readable storage medium that stores code executable by a processor, the executable code comprising code to perform:
-
receiving a request from an aggregation server to access encrypted credential information for a user, the aggregation server aggregating financial data from one or more financial institutions where a user has an account using the encrypted credential information; determining whether the aggregation server is authorized to communicate with an encryption engine that is used to encrypt the credential information for the user by cross-referencing one or more tokens issued to the aggregation server with one or more predefined tokens designated as allowed tokens; receiving, in response to determining that the aggregation server is authorized to communicate with the encryption engine, a plurality of keys for unlocking the encryption engine, each key associated with a key holder; combining at least a subset of the plurality of keys to generate a master key, the subset comprising at least two keys of the plurality of keys; unlocking the encryption engine using the master key; receiving, at the encryption engine, the encrypted credential information for accessing the user'"'"'s accounts at the plurality of financial institutions, the credential information encrypted using a first encryption key; decrypting the encrypted credential information using the first encryption key, the decrypted credential information transmitted to the aggregation server for accessing the one or more financial institutions where the user has an account; and re-encrypting the decrypted credential information using a second encryption key, the second encryption key newer than the first encryption key.
-
Specification