Encryption system with double key wrapping

US 10,536,272 B2
Filed: 12/03/2018
Issued: 01/14/2020
Est. Priority Date: 09/21/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method performed by a computing device where the computing device includes at least a processor for executing instructions from a memory, the method comprising:

selecting a secret key for encryption;

encrypting, by at least the processor, the secret key by applying a first pass of Authenticated Encryption with Additional Data (AEAD) using first keys generated from a random seed value;

encrypting, by at least the processor, the random seed value by applying a second pass of the Authenticated Encryption with Additional Data (AEAD) using second keys generated from the encrypted secret key; and

generating, by at least the processor, a wrapped key by combining the encrypted secret key and the encrypted random seed value.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and other embodiments associated with encryption are described. In one embodiment, a method comprises selecting a secret key for encryption and encrypting the secret key by applying a first pass of Authenticated Encryption with Additional Data (AEAD) using first keys generated from a random seed value. The random seed value is encrypted by applying a second pass of the Authenticated Encryption with Additional Data (AEAD) using second keys generated from the encrypted secret key. A wrapped key is generated by combining the encrypted secret key and the encrypted random seed value.

12 Citations

15 Claims

1. A computer-implemented method performed by a computing device where the computing device includes at least a processor for executing instructions from a memory, the method comprising:
- selecting a secret key for encryption;
  
  encrypting, by at least the processor, the secret key by applying a first pass of Authenticated Encryption with Additional Data (AEAD) using first keys generated from a random seed value;
  
  encrypting, by at least the processor, the random seed value by applying a second pass of the Authenticated Encryption with Additional Data (AEAD) using second keys generated from the encrypted secret key; and
  
  generating, by at least the processor, a wrapped key by combining the encrypted secret key and the encrypted random seed value.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-implemented method of claim 1, wherein encrypting the secret key generates a first encrypted data, and wherein encrypting the random seed generates a second encrypted data without using an outside master key.
  - 3. The computer-implemented method of claim 1, wherein the first keys are generated as an Advanced Encryption Standard (AES) key and a hashed message authentication code (HMAC) key;
    - wherein the AES key and the HMAC key are generated from the secret key, the random seed value, and a selected set of hash parameters.
  - 4. The computer-implemented method of claim 1, wherein the second keys are generated as an Advanced Encryption Standard (AES) key and a hashed message authentication code (HMAC) key;
    - andwherein the AES key and the HMAC key are generated from the encrypted secret key to encrypt the random seed value.
  - 5. The computer-implemented method of claim 1, further comprising unwrapping the wrapped key by at least:
    - decrypting the encrypted random seed value from the wrapped key by applying the AEAD using the second keys generated from the encrypted secret key;
      
      decrypting the encrypted secret key by applying the AEAD using the first keys generated from the decrypted random seed value; and
      
      generating the secret key from the decrypting of the encrypted secret key.

6. A computer system, comprising:
- one or more processors configured to at least execute instructions;
  
  a memory connected to the one or more processors;
  
  a non-transitory computer-readable medium storing instructions that, when executed by the one or more processors of the computing device, cause the computing device to at least;
  
  select a secret key for encryption;
  
  encrypt the secret key by applying a first pass of Authenticated Encryption with Additional Data (AEAD) using first keys generated from a random seed value;
  
  encrypt the random seed value by applying a second pass of the Authenticated Encryption with Additional Data (AEAD) using second keys generated from the encrypted secret key; and
  
  generate a wrapped key by combining the encrypted secret key and the encrypted random seed value.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer system of claim 6, wherein the instructions for encrypting the secret key cause the processor to generate a first encrypted data, andwherein encrypting the random seed generates a second encrypted data without using an outside master key.
  - 8. The computer system of claim 6, wherein the first keys include an Advanced Encryption Standard (AES) key and a hashed message authentication code (HMAC) key;
    - wherein the processor is configured to generate the AES key and the HMAC key from the secret key, the random seed value, and a selected set of hash parameters.
  - 9. The computer system of claim 6, wherein the second keys include an Advanced Encryption Standard (AES) key and a hashed message authentication code (HMAC) key;
    - andwherein the processor is configured to generate the AES key and the HMAC key from the encrypted secret key to encrypt the random seed value.
  - 10. The computer system of claim 6, wherein the non-transitory computer-readable medium further includes instructions that when executed cause the processor to unwrap the wrapped key by at least:
    - decrypt the encrypted random seed value from the wrapped key by applying the AEAD using the second keys generated from the encrypted secret key;
      
      decrypt the encrypted secret key by applying the AEAD using the first keys generated from the decrypted random seed value; and
      
      generate the secret key from the decrypting of the encrypted secret key.

11. A non-transitory computer-readable medium storing instructions that, when executed by one or more processors of a computing device, cause the computing device to at least:
- select a secret key for encryption;
  
  encrypt the secret key by applying a first pass of Authenticated Encryption with Additional Data (AEAD) using first keys generated from a random seed value;
  
  encrypt the random seed value by applying a second pass of the Authenticated Encryption with Additional Data (AEAD) using second keys generated from the encrypted secret key; and
  
  generate a wrapped key by combining the encrypted secret key and the encrypted random seed value.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory computer-readable medium of claim 11, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computing device to at least encrypt the secret key causing the processor to generate a first encrypted data, and wherein encrypting the random seed generates a second encrypted data without using an outside master key.
  - 13. The non-transitory computer-readable medium of claim 11, wherein the first keys are generated as an Advanced Encryption Standard (AES) key and a hashed message authentication code (HMAC) key;
    - wherein the instructions are configured to cause the processor to generate the AES key and the HMAC key from the secret key, the random seed value, and a selected set of hash parameters.
  - 14. The non-transitory computer-readable medium of claim 11, wherein the second keys are generated as an Advanced Encryption Standard (AES) key and a hashed message authentication code (HMAC) key;
    - andwherein the instructions are configured to cause the processor to generate the AES key and the HMAC key from the encrypted secret key to encrypt the random seed value.
  - 15. The non-transitory computer-readable medium of claim 11, wherein the instructions further include instructions that when executed cause the processor to unwrap the wrapped key by at least:
    - decrypting the encrypted random seed value from the wrapped key by applying the AEAD using the second keys generated from the encrypted secret key;
      
      decrypting the encrypted secret key by applying the AEAD using the first keys generated from the decrypted random seed value; and
      
      generating the secret key from the decrypting of the encrypted secret key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Pogmore, George R., Pandey, Pradip K.
Primary Examiner(s)
Smithers, Matthew

Application Number

US16/208,285
Publication Number

US 20190116032A1
Time in Patent Office

407 Days
Field of Search
US Class Current
CPC Class Codes

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0822   using key encryption key

H04L 9/0863   involving passwords or one-...

H04L 9/0869   involving random numbers or...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3236   using cryptographic hash fu...

Encryption system with double key wrapping

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption system with double key wrapping

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links