Hidden link dynamic key manager for use in computer systems with database structure for storage of encrypted data and method for storage and retrieval of encrypted data
First Claim
1. A computer system containing cryptographic keys and cryptographic key identifiers, the computer system comprising:
- a repository cryptographic engine operable to communicate securely with a remote cryptographic engine, the repository cryptographic engine associated with a user data store having at least one hidden link including a session key identifier encrypted with at least one protection key, the hidden link associated with at least one remote data entity;
at least one session key encrypted with at least one session-key-protection key, the session key operable to be used in connection with cryptographic operations on the remote data entity; and
a repository key exchange module operable to exchange the session key with a remote key exchange module.
4 Assignments
0 Petitions
Accused Products
Abstract
A computer system is disclosed that contains cryptographic keys and cryptographic key identifiers. The system has a repository cryptographic engine that communicates securely with a remote cryptographic engine, and the repository cryptographic engine is associated with a user data store. The user data store includes a hidden link including a session key identifier encrypted with a protection key. The hidden link is associated with a remote data entity. A key data store associated with the repository server includes a session key encrypted with a session-key-protection key. The session key is used to encrypt and decrypt the remote data entity. The system also includes a repository key exchange module operable to exchange the session key with a remote key exchange module.
-
Citations
21 Claims
-
1. A computer system containing cryptographic keys and cryptographic key identifiers, the computer system comprising:
-
a repository cryptographic engine operable to communicate securely with a remote cryptographic engine, the repository cryptographic engine associated with a user data store having at least one hidden link including a session key identifier encrypted with at least one protection key, the hidden link associated with at least one remote data entity;
at least one session key encrypted with at least one session-key-protection key, the session key operable to be used in connection with cryptographic operations on the remote data entity; and
a repository key exchange module operable to exchange the session key with a remote key exchange module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A distributed network including a repository server containing cryptographic keys, the distributed network comprising:
-
a repository cryptographic engine operable to communicate securely with a remote cryptographic engine;
a remote cryptographic agent operable to communicate securely with the remote cryptographic engine; and
a business application coupled with the remote cryptographic agent, wherein authenticity of the business application is verified by the remote cryptographic engine by comparing a stored fingerprint of the business application with a calculated fingerprint of the remote cryptographic agent. - View Dependent Claims (13, 14, 15)
-
-
16. A computer readable data transmission medium containing a data structure for facilitating the secure exchange and use of encrypted data, the data structure comprising:
-
at least one data entity encrypted by at least one encryption key;
at least one key association that associates the data entity with the encryption key; and
instructions operable to receive commands from an application software component to generate a new encryption key, to store the data entity in encrypted form, and to transmit an unencrypted form of the data entity to the application software component, the commands proxied through a trusted cryptographic agent.
-
-
17. A cryptographic method for facilitating the secure storage of information, the method comprising:
-
receiving a key request for a session key from a requesting key exchange module at a remote computer system, the key request including a hidden link;
accessing and decrypting the session key based on the hidden link using a protection key;
receiving an exchange public key corresponding to the requesting key exchange module;
encrypting the session key in the exchange public key, resulting in an encrypted session key;
transmitting the encrypted session key to the requesting key exchange module;
decrypting, at a computer system associated with a requester, the encrypted session key with an exchange private key corresponding to the exchange public key;
encrypting a data entity with the session key, and attaching the hidden link to the data entity; and
storing the data entity.
-
-
18. A cryptographic method for facilitating the secure retrieval of information, the method comprising:
-
providing at least one encrypted data entity to a requester;
receiving access control information corresponding to the requester;
determining whether the requester has sufficient access rights to decrypt the encrypted data entity;
transmitting a session key to a key exchange module, the session key corresponding to the encrypted data entity;
receiving an exchange public key from a user database;
encrypting the session key in the exchange public key, resulting in an encrypted session key;
transmitting the encrypted session key to the requester;
decrypting the encrypted session key at a computer system associated with the requester using an exchange private key corresponding to the exchange public key; and
decrypting the encrypted data entity with the session key.
-
-
19. A cryptographic method for facilitating the secure processing of information using trusted components, the method comprising:
-
receiving electronic code associated with a software component;
receiving a component identifier associated with the software component;
calculating a fingerprint associated with the electronic code;
reading a registration key from a registration key source;
executing a registration challenge response protocol using the registration key, whereby authority to register the software component is demonstrated;
storing registration information and the fingerprint in connection with the component identifier of the software component;
receiving request from the software component at a cryptographic agent to perform an authorized cryptographic operation; and
transmitting a request for challenge to a cryptography server regarding the software component;
providing a challenge to agent;
receiving a response to the challenge;
verifying the response to the challenge including calculating the fingerprint and verifying an operational key. - View Dependent Claims (20)
-
-
21. A cryptographic system for facilitating the secure processing of information, the system comprising:
-
means for providing at least one encrypted data entity to a requester;
means for receiving access control information corresponding to the requester;
means for determining whether the requester has sufficient access rights to access the encrypted data entity;
means for transmitting a session key to a key exchange module, the session key corresponding to the encrypted data entity;
means for receiving an exchange public key from a user database;
means for encrypting the session key in the exchange public key, resulting in an encrypted session key;
means for transmitting the encrypted session key to the requester;
means for decrypting the encrypted session key at a computer system associated with the requester using an exchange private key corresponding to the exchange public key; and
means for decrypting the encrypted data entity with the session key.
-
Specification