Cryptographic key management
First Claim
1. A cryptographic coalition administrator for managing information access across multiple organizations, the administrator comprising:
- a communications interface configured to communicate electronically transmit and receive information;
a memory configured to store a plurality of pairs of public and private cryptographic keys associated with different levels of access; and
a key manager configured and connected to communicate with the interface and the memory and configured to;
distribute cryptographic key sets, of public cryptographic keys and private cryptographic keys, to first and second organizations of members;
determine a first group of members in the first organization to have authorization to exchange information with a second group of members in the second organization;
the first and second groups sharing cryptographic parameters, and public and private cryptographic keys; and
distribute a first cryptographic key set, from the cryptographic key sets, to the first group, the first group having a first sensitivity level at least as high as a second sensitivity level associated with the first cryptographic key set.
3 Assignments
0 Petitions
Accused Products
Abstract
A cryptographic coalition administrator for managing information access across multiple organizations includes a communications interface configured to communicate electronically transmit and receive information, a memory configured to store pairs of public and private cryptographic keys associated with different levels of access, and a key manager configured and connected to communicate with the interface and the memory and configured to: distribute cryptographic key sets, of public cryptographic keys and private cryptographic keys, to first and second organizations of members; determine a first group of members in the first organization to have authorization to exchange information with a second group of members in the second organization, the first and second groups sharing cryptographic parameters, and public and private cryptographic keys; and distribute a first cryptographic key set, from the cryptographic key sets, to the first group, the first group having a first sensitivity level at least as high as a second sensitivity level associated with the first cryptographic key set.
-
Citations
13 Claims
-
1. A cryptographic coalition administrator for managing information access across multiple organizations, the administrator comprising:
-
a communications interface configured to communicate electronically transmit and receive information;
a memory configured to store a plurality of pairs of public and private cryptographic keys associated with different levels of access; and
a key manager configured and connected to communicate with the interface and the memory and configured to;
distribute cryptographic key sets, of public cryptographic keys and private cryptographic keys, to first and second organizations of members;
determine a first group of members in the first organization to have authorization to exchange information with a second group of members in the second organization;
the first and second groups sharing cryptographic parameters, and public and private cryptographic keys; and
distribute a first cryptographic key set, from the cryptographic key sets, to the first group, the first group having a first sensitivity level at least as high as a second sensitivity level associated with the first cryptographic key set. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for use in transferring encrypted information between multiple organizations, the system comprising:
-
a communications interface configured to communicate electronically transmit and receive information;
a memory configured to store a plurality of pairs of public and private cryptographic keys; and
a key manager configured and connected to communicate with the interface and the memory and configured to;
receive a first write-only cryptographic key, associated with a first organization, that has been encrypted using a second write-only cryptographic key associated with a second organization;
decrypt the first write-only key using a first private cryptographic key;
encrypt a plaintext message using a data encryption key to produce a ciphertext;
encrypt the data encryption key using the first write-only key to produce a first encrypted key;
send the ciphertext and the first encrypted key toward the first organization;
encrypt the data encryption key using the a third write-only cryptographic key, associated with the second organization, to produce a second encrypted key; and
send the ciphertext and the second encrypted key toward a member of the second organization;
wherein the system is associated with the second organization.
-
-
11. A method of exchanging information, the method comprising:
-
transmitting a first write-only cryptographic key from a first entity to a second entity;
encrypting a second write-only cryptographic key at the second entity using the first write-only key;
transmitting the encrypted second write-only key to the first entity;
decrypting the second write-only key at the first entity using a first private cryptographic key associated with the first write-only key;
encrypting information at the first entity using a data encryption key to produce ciphertext;
encrypting the data encryption key using the second write-only key to produce a first encrypted key;
transmitting the ciphertext and the first encrypted key from the first entity to the second entity;
encrypting the data encryption key using a third write-only cryptographic key to produce a second encrypted key; and
transmitting the ciphertext and the second encrypted key from the first entity to a third entity. - View Dependent Claims (12, 13)
-
Specification