Method and apparatus for managing cryptographic keys
First Claim
Patent Images
1. A method for managing keys, comprising:
- receiving a request from a user at a database to encrypt/decrypt data at the database;
sending a user-token to the user, wherein the user-token includes a user-key encrypted with a user-secret thereby enabling the user to decrypt the user-key with the user-secret;
receiving the user-key which has been decrypted by the user;
using the user-key to encrypt/decrypt the data at the database; and
deleting the user-key at the database.
1 Assignment
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system for managing keys. During operation, the system receives a request from a user at a database to encrypt/decrypt data at the database. In response to this request, the system sends a user-token to the user, wherein the user-token includes a user-key encrypted with a user-secret thereby enabling the user to decrypt the user-key with the user-secret. Next, the system receives the decrypted user-key from the user. The system then uses the user-key to encrypt/decrypt the data at the database. Finally, the system deletes the user-key at the database.
-
Citations
23 Claims
-
1. A method for managing keys, comprising:
-
receiving a request from a user at a database to encrypt/decrypt data at the database;
sending a user-token to the user, wherein the user-token includes a user-key encrypted with a user-secret thereby enabling the user to decrypt the user-key with the user-secret;
receiving the user-key which has been decrypted by the user;
using the user-key to encrypt/decrypt the data at the database; and
deleting the user-key at the database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for managing keys, comprising:
-
receiving a request from a user at a database to encrypt/decrypt data at the database;
sending a user-token to the user, wherein the user-token includes a user-key encrypted with a user-secret thereby enabling the user to decrypt the user-key with the user-secret;
receiving the user-key which has been decrypted by the user;
using the user-key to encrypt/decrypt the data at the database; and
deleting the user-key at the database. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An apparatus that manages keys, comprising:
-
a database;
a user-token;
a receiving mechanism configured to receive a request from a user at the database to encrypt/decrypt data at the database;
a sending mechanism configured to send the user-token to the user, wherein the user-token includes a user-key encrypted with a user-secret thereby enabling the user to decrypt the user-key with the user-secret;
the receiving mechanism further configured to receive the user-key which has been decrypted by the user;
an encryption/decryption mechanism configured to use the user-key to encrypt/decrypt the data at the database; and
a deleting mechanism configured to delete the user-key at the database. - View Dependent Claims (22, 23)
-
Specification