SYSTEM AND METHOD FOR ROTATING DATA IN CRYPTO SYSTEM

US 20080091955A1
Filed: 09/21/2007
Published: 04/17/2008
Est. Priority Date: 09/22/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for rotating data, comprising:

decrypting a stored value stored at a system with a first key to produce a decrypted value;

encrypting the decrypted value with a second key to produce an encrypted value;

replacing the stored value with the encrypted value; and

maintaining the availability of one or more applications communicably coupled to the system during the decrypting, encrypting, and replacing, wherein the one or more applications may request the stored value.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for cryptography. The system may include a cryptography module in communication with a database and configured to perform cryptography operations on data in the database, a rotation module configured to rotate data in the database, and one or more application interfaces configured to remain responsive while the rotation module rotates the data in the database. Rotating the data in the database may include decrypting a stored value in a system with a first key to produce a decrypted value, encrypting the decrypted value with a second key to produce an encrypted value, and replacing the stored value with the encrypted value.

15 Citations

View as Search Results

24 Claims

1. A method for rotating data, comprising:
- decrypting a stored value stored at a system with a first key to produce a decrypted value;
  
  encrypting the decrypted value with a second key to produce an encrypted value;
  
  replacing the stored value with the encrypted value; and
  
  maintaining the availability of one or more applications communicably coupled to the system during the decrypting, encrypting, and replacing, wherein the one or more applications may request the stored value.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein replacing the stored value comprises performing an operation comprising a plurality of steps configured to replace the stored value with the encrypted value, and a result of each of the plurality of steps is undone if any one of the plurality of steps fails.
  - 3. The method of claim 2, further comprising partitioning the stored values into a plurality of partitions, and reserving one or more of the plurality of partitions as reserved partitions, wherein the operation comprises a step of determining whether the reserved partitions are still reserved.
  - 4. The method of claim 1, wherein replacing the stored value comprises modifying a date representing when the stored value was last referenced to reflect an original reference date.
  - 5. The method of claim 1, wherein decrypting the stored value comprises modifying a date representing when the stored value was last referenced to reflect an original reference date.
  - 6. The method of claim 1, wherein at least one of decrypting the stored value or encrypting the decrypted value comprises encrypting or decrypting data using a hardware-based encryption technology.

7. A computer program embodied on a computer-usable medium, the medium having stored thereon a sequence of instructions which, when executed by a processor, causes the processor to execute a method for rotating data, the method comprising:
- decrypting a stored value stored at a system with a first key to produce a decrypted value;
  
  encrypting the decrypted value with a second key to produce an encrypted value;
  
  replacing the stored value with the encrypted value; and
  
  maintaining the availability of one or more applications communicably coupled to the system during the decrypting, encrypting, and replacing, wherein the one or more applications may request the stored value.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program of claim 7, wherein replacing the stored value comprises performing an operation comprising a plurality of steps configured to replace the stored value with the encrypted value, and a result of each of the plurality of steps is undone if any one of the plurality of steps fails.
  - 9. The method of claim 8, further comprising partitioning the stored values into a plurality of partitions, and reserving one or more of the plurality of partitions as reserved partitions, wherein the operation comprises a step of determining whether the reserved partitions are still reserved.
  - 10. The computer program of claim 7, wherein replacing the stored value comprises modifying a date representing when the stored value was last referenced to reflect an original reference date.
  - 11. The computer program of claim 7, wherein decrypting the stored value comprises modifying a date representing when the stored value was last referenced to reflect an original reference date.
  - 12. The computer program of claim 7, wherein at least one of decrypting the stored value or encrypting the decrypted value comprises encrypting or decrypting data using a hardware-based encryption technology.

13. A system for cryptography, comprising:
- a cryptography module in communication with a database and configured to perform cryptography operations on data in the database;
  
  a rotation module configured to rotate data in the database; and
  
  one or more application interfaces configured to remain responsive while the rotation module rotates the data in the database, wherein rotating the data in the database comprises decrypting a stored value in a system with a first key to produce a decrypted value;
  
  encrypting the decrypted value with a second key to produce an encrypted value; and
  
  replacing the stored value with the encrypted value.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein the one or more application interfaces comprises at least one of Remote Procedure Call (RPC) or web service interfaces.
  - 15. The system of claim 13, wherein the cryptography module is configured to communicate with a hardware encryption technology.
  - 16. The system of claim 15, wherein the hardware encryption technology provides the second key used to produce the encrypted value.
  - 17. The system of claim 15, wherein the hardware encryption technology performs the decrypting and encrypting during a data rotation.
  - 18. The system of claim 13, wherein the rotation service is a first rotation service operating concurrently with a second rotation service embodied on the computer-readable medium, and each of the first and second rotation services rotates different portions of data stored in the database.

19. A method for rotating data, comprising:
- decrypting means for decrypting a stored value stored at a system with a first key to produce a decrypted value;
  
  encrypting means for encrypting the decrypted value with a second key to produce an encrypted value;
  
  replacing means for replacing the stored value with the encrypted value; and
  
  maintaining means for maintaining the availability of one or more applications communicably coupled to the system during the decrypting, encrypting, and replacing, wherein the one or more applications may request the stored value.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The method of claim 19, wherein the replacing means comprises an atomic means for performing an operation comprising a plurality of steps configured to replace the stored value with the encrypted value, and a result of each of the plurality of steps is undone if any one of the plurality of steps fails.
  - 21. The method of claim 20, further comprising partitioning means for partitioning the stored values into a plurality of partitions, and reserving one or more of the plurality of partitions as reserved partitions, wherein the operation comprises a step of determining whether the reserved partitions are still reserved.
  - 22. The method of claim 19, wherein the replacing means comprises modifying a date representing when the stored value was last modified to reflect an original modification date.
  - 23. The method of claim 19, wherein the decrypting means comprises modifying a date representing when the stored value was last read to reflect an original read date.
  - 24. The method of claim 19, wherein at least one of decrypting means or the encrypting means comprises decrypting or encrypting data using a hardware-based encryption technology.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Paymetric Incorporated (Fidelity National Information Services Incorporated)
Original Assignee
Paymetric Incorporated (Fidelity National Information Services Incorporated)
Inventors
Leach, Nathan

Application Number

US11/859,303
Publication Number

US 20080091955A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

H04L 9/06 the encryption apparatus us...

SYSTEM AND METHOD FOR ROTATING DATA IN CRYPTO SYSTEM

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR ROTATING DATA IN CRYPTO SYSTEM

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links