Information-centric security
First Claim
1. A system for encrypting a data encryption key, the system comprising:
- a key encryption key generator configured to receive a public portion of a label, the label including an asymmetric key pair of the public portion and a private portion, the key encryption key generator being further configured to process the public portion of the label to obtain a key encryption key; and
a data encryption key encoder configured to receive the key encryption key from the key encryption key generator and to receive a data encryption key from a random number generator, the encoder being further configured to encrypt the data encryption key using the key encryption key to produce an encrypted data encryption key and to provide the encrypted data encryption key to an encryption device.
3 Assignments
0 Petitions
Accused Products
Abstract
A system for encrypting a data encryption key includes a key encryption key generator configured to receive a public portion of a label, the label including an asymmetric key pair of the public portion and a private portion, the key encryption key generator being further configured to process the public portion of the label to obtain a key encryption key, and a data encryption key encoder configured to receive the key encryption key from the key encryption key generator and to receive a data encryption key from a random number generator, the encoder being further configured to encrypt the data encryption key using the key encryption key to produce an encrypted data encryption key and to provide the encrypted data encryption key to an encryption device.
190 Citations
25 Claims
-
1. A system for encrypting a data encryption key, the system comprising:
-
a key encryption key generator configured to receive a public portion of a label, the label including an asymmetric key pair of the public portion and a private portion, the key encryption key generator being further configured to process the public portion of the label to obtain a key encryption key; and
a data encryption key encoder configured to receive the key encryption key from the key encryption key generator and to receive a data encryption key from a random number generator, the encoder being further configured to encrypt the data encryption key using the key encryption key to produce an encrypted data encryption key and to provide the encrypted data encryption key to an encryption device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for decrypting an encrypted data encryption key, the system comprising:
-
a key encryption key generator configured to receive a private portion of a label, the label including an asymmetric key pair of a public portion and the private portion, the key encryption key generator being further configured to process the private portion of the label to obtain a key encryption key; and
a data encryption key decoder configured to receive the key encryption key from the key encryption key generator and to receive an encrypted data encryption key associated with ciphertext, the decoder being further configured to decrypt the data encryption key using the key encryption key to produce an unencrypted data encryption key and to provide the unencrypted data encryption key to a decryption device. - View Dependent Claims (10, 11)
-
-
12. A computer program product for encrypting/decrypting information, the computer program-product residing on a computer-readable medium and comprising computer-readable instructions configured to cause a computer to:
-
receive a public portion of a label for key encryption and to receive a private portion of the label for key decryption, the label including an asymmetric key pair of the public and private portions;
process the public portion and an ephemeral private key to obtain a key encryption key for information encryption and to process the private portion and an ephemeral public key to obtain the key encryption key for information decryption;
for information encryption;
receive a data encryption key from a random number generator;
encrypt the data encryption key using the key encryption key to produce an encrypted data encryption key; and
provide the encrypted data encryption key to an encryption device; and
for information decryption;
receive the key encryption key and an encrypted data encryption key associated with ciphertext;
decrypt the data encryption key using the key encryption key to produce an unencrypted data encryption key; and
provide the unencrypted data encryption key to a decryption device. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A cryptographic system for providing cryptographic key management, the system comprising:
-
a communications interface configured to communicate electronically with a plurality of clients;
a memory configured to store at least one of a public and a private portion of a cryptographic key pair associated with different levels of access; and
a key management module configured and connected to communicate with the interface and the memory and configured to;
split public and private portions of encryption keys into asymmetric pieces;
provide access by clients through the communication interface to public and private portions of keys if the clients satisfy at least one authentication mechanism associated with a first security level at least as high as a second security level associated with the portions of keys that the client desires to access; and
encrypt a data encryption key that is for use in encrypting a plaintext message. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
Specification