Hidden link dynamic key manager for use in computer systems with database structure for storage of encrypted data and method for storage and retrieval of encrypted data

US 20030021417A1
Filed: 05/15/2002
Published: 01/30/2003
Est. Priority Date: 10/20/2000
Status: Abandoned Application

First Claim

Patent Images

1. A computer system containing cryptographic keys and cryptographic key identifiers, the computer system comprising:

a repository cryptographic engine operable to communicate securely with a remote cryptographic engine, the repository cryptographic engine associated with a user data store having at least one hidden link including a session key identifier encrypted with at least one protection key, the hidden link associated with at least one remote data entity;

at least one session key encrypted with at least one session-key-protection key, the session key operable to be used in connection with cryptographic operations on the remote data entity; and

a repository key exchange module operable to exchange the session key with a remote key exchange module.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system is disclosed that contains cryptographic keys and cryptographic key identifiers. The system has a repository cryptographic engine that communicates securely with a remote cryptographic engine, and the repository cryptographic engine is associated with a user data store. The user data store includes a hidden link including a session key identifier encrypted with a protection key. The hidden link is associated with a remote data entity. A key data store associated with the repository server includes a session key encrypted with a session-key-protection key. The session key is used to encrypt and decrypt the remote data entity. The system also includes a repository key exchange module operable to exchange the session key with a remote key exchange module.

Citations

21 Claims

1. A computer system containing cryptographic keys and cryptographic key identifiers, the computer system comprising:
- a repository cryptographic engine operable to communicate securely with a remote cryptographic engine, the repository cryptographic engine associated with a user data store having at least one hidden link including a session key identifier encrypted with at least one protection key, the hidden link associated with at least one remote data entity;
  
  at least one session key encrypted with at least one session-key-protection key, the session key operable to be used in connection with cryptographic operations on the remote data entity; and
  
  a repository key exchange module operable to exchange the session key with a remote key exchange module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer system according to claim 1, wherein the session key identifier is operable to identify the session key corresponding to the remote data entity.
  - 3. The computer system according to claim 1 further comprising:
    - an authorization module coupled with at least one access control list, wherein access to operations based on the session key is provided based on the access control list.
  - 4. The computer system according to claim 3, wherein the authorization module is further coupled with a user data store and wherein access to the session key is further provided based on the user data store.
  - 5. The computer system according to claim 1, wherein the protection key is a symmetric cryptographic key.
  - 6. The computer system according to claim 1, wherein the session-key-protection key is a symmetric cryptographic key.
  - 7. The computer system according to claim 1, wherein the session-key-protection key and the protection key are equivalent.
  - 8. The computer system according to claim 6, wherein the symmetric cryptographic key is used in connection with the triple Data Encryption Standard.
  - 9. The computer system according to claim 6, wherein the symmetric cryptographic key is used in connection with the Advanced Encryption Standard.
  - 10. The computer system according to claim 1, wherein the hidden link is associated with the remote data entity.
  - 11. The computer system according to claim 10, wherein the remote data entity is a file and the hidden link is embedded into a header of the file.

12. A distributed network including a repository server containing cryptographic keys, the distributed network comprising:
- a repository cryptographic engine operable to communicate securely with a remote cryptographic engine;
  
  a remote cryptographic agent operable to communicate securely with the remote cryptographic engine; and
  
  a business application coupled with the remote cryptographic agent, wherein authenticity of the business application is verified by the remote cryptographic engine by comparing a stored fingerprint of the business application with a calculated fingerprint of the remote cryptographic agent.
- View Dependent Claims (13, 14, 15)
- - 13. The distributed network according to claim 12, wherein the remote cryptographic agent and the remote cryptographic engine are resident in separate computer systems.
  - 14. The distributed network according to claim 12, wherein secure communication between the remote cryptographic agent and the remote cryptographic engine is secured using a shared operational key.
  - 15. The distributed network according to claim 14, wherein the shared operational key is received by the remote cryptographic agent and the remote cryptographic engine from a smart card.

16. A computer readable data transmission medium containing a data structure for facilitating the secure exchange and use of encrypted data, the data structure comprising:
- at least one data entity encrypted by at least one encryption key;
  
  at least one key association that associates the data entity with the encryption key; and
  
  instructions operable to receive commands from an application software component to generate a new encryption key, to store the data entity in encrypted form, and to transmit an unencrypted form of the data entity to the application software component, the commands proxied through a trusted cryptographic agent.

17. A cryptographic method for facilitating the secure storage of information, the method comprising:
- receiving a key request for a session key from a requesting key exchange module at a remote computer system, the key request including a hidden link;
  
  accessing and decrypting the session key based on the hidden link using a protection key;
  
  receiving an exchange public key corresponding to the requesting key exchange module;
  
  encrypting the session key in the exchange public key, resulting in an encrypted session key;
  
  transmitting the encrypted session key to the requesting key exchange module;
  
  decrypting, at a computer system associated with a requester, the encrypted session key with an exchange private key corresponding to the exchange public key;
  
  encrypting a data entity with the session key, and attaching the hidden link to the data entity; and
  
  storing the data entity.

18. A cryptographic method for facilitating the secure retrieval of information, the method comprising:
- providing at least one encrypted data entity to a requester;
  
  receiving access control information corresponding to the requester;
  
  determining whether the requester has sufficient access rights to decrypt the encrypted data entity;
  
  transmitting a session key to a key exchange module, the session key corresponding to the encrypted data entity;
  
  receiving an exchange public key from a user database;
  
  encrypting the session key in the exchange public key, resulting in an encrypted session key;
  
  transmitting the encrypted session key to the requester;
  
  decrypting the encrypted session key at a computer system associated with the requester using an exchange private key corresponding to the exchange public key; and
  
  decrypting the encrypted data entity with the session key.

19. A cryptographic method for facilitating the secure processing of information using trusted components, the method comprising:
- receiving electronic code associated with a software component;
  
  receiving a component identifier associated with the software component;
  
  calculating a fingerprint associated with the electronic code;
  
  reading a registration key from a registration key source;
  
  executing a registration challenge response protocol using the registration key, whereby authority to register the software component is demonstrated;
  
  storing registration information and the fingerprint in connection with the component identifier of the software component;
  
  receiving request from the software component at a cryptographic agent to perform an authorized cryptographic operation; and
  
  transmitting a request for challenge to a cryptography server regarding the software component;
  
  providing a challenge to agent;
  
  receiving a response to the challenge;
  
  verifying the response to the challenge including calculating the fingerprint and verifying an operational key.
- View Dependent Claims (20)
- - 20. The method as set forth in claim 19, wherein the registration key source is a registration smart card.

21. A cryptographic system for facilitating the secure processing of information, the system comprising:
- means for providing at least one encrypted data entity to a requester;
  
  means for receiving access control information corresponding to the requester;
  
  means for determining whether the requester has sufficient access rights to access the encrypted data entity;
  
  means for transmitting a session key to a key exchange module, the session key corresponding to the encrypted data entity;
  
  means for receiving an exchange public key from a user database;
  
  means for encrypting the session key in the exchange public key, resulting in an encrypted session key;
  
  means for transmitting the encrypted session key to the requester;
  
  means for decrypting the encrypted session key at a computer system associated with the requester using an exchange private key corresponding to the exchange public key; and
  
  means for decrypting the encrypted data entity with the session key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Abdallah Farrukh, Central Valley Administrators
Original Assignee
Abdallah Farrukh, Central Valley Administrators
Inventors
Khulusi, Bassam, Ansari, Suhail, Hu, Jinhui, Gan, Ping, Tyshlek, Alexander, Madoukh, Adam A., Vasic, Ognjen

Application Number

US10/146,782
Publication Number

US 20030021417A1
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

G06F 16/10   File systems; File servers

G06F 21/6245   Protecting personal data, e...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2115   Third party

G06F 2221/2151   Time stamp

G06F 2221/2153   Using hardware token as a s...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 63/0428   wherein the data content is...

H04L 63/045   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/062   for key distribution, e.g. ...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0897   involving additional device...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

Hidden link dynamic key manager for use in computer systems with database structure for storage of encrypted data and method for storage and retrieval of encrypted data

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Hidden link dynamic key manager for use in computer systems with database structure for storage of encrypted data and method for storage and retrieval of encrypted data

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links