SECURE SELF MANAGED DATA (SSMD)

US 20100150352A1
Filed: 03/31/2009
Published: 06/17/2010
Est. Priority Date: 12/15/2008
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a master key for encryption of data;

an encryption key site accessible by a computer, wherein the encryption key site stores a first piece of the master key;

a configuration file resident in a computer file system, the configuration file storing a second piece of the master key;

a computer database storing a third piece of the master key;

a master-key seal key used to encrypt the master key, wherein a secure self managed data (SSMD) key is obtained by assembling and decrypting the first piece, the second piece and the third piece using the master-key seal key;

a unique ID for the data;

a classification level for the data; and

an expiration time for the data, wherein the data, the unique ID, the classification level, and the expiration time are encrypted together using the SSMD key to form an SSMD encoded data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, according to one embodiment, includes a master key for encryption of data; an encryption key site accessible by computer and storing a first piece of the master key; a configuration file resident in a computer file system, the configuration file storing a second piece of the master key; a computer database storing a third piece of the master key; a master-key seal key used to encrypt the master key, wherein a secure self managed data (SSMD) key is obtained by assembling and decrypting the first piece, the second piece and the third piece using the master-key seal key; a unique ID for the data; a classification level for the data; and an expiration time for the data, wherein the data, the unique ID, the classification level, and the expiration time are encrypted together using the SSMD key to form an SSMD encoded data.

48 Citations

View as Search Results

20 Claims

1. A system comprising:
- a master key for encryption of data;
  
  an encryption key site accessible by a computer, wherein the encryption key site stores a first piece of the master key;
  
  a configuration file resident in a computer file system, the configuration file storing a second piece of the master key;
  
  a computer database storing a third piece of the master key;
  
  a master-key seal key used to encrypt the master key, wherein a secure self managed data (SSMD) key is obtained by assembling and decrypting the first piece, the second piece and the third piece using the master-key seal key;
  
  a unique ID for the data;
  
  a classification level for the data; and
  
  an expiration time for the data, wherein the data, the unique ID, the classification level, and the expiration time are encrypted together using the SSMD key to form an SSMD encoded data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein:
    - a user application provides the data to the system; and
      
      the user application stores the SSMD encoded data.
  - 3. The system of claim 1, wherein the system returns a decrypted data upon receiving an input comprising the SSMD encoded data, the unique ID, and the classification level.
  - 4. The system of claim 1, further comprising a data behavior object, wherein:
    - the data behavior object includes the unique ID, the classification level, and the expiration time; and
      
      the data is encrypted and the data behavior object is associated with the encrypted data.
  - 5. The system of claim 4, wherein the encrypted data and the associated data behavior object are encrypted together to form the SSMD encoded data.
  - 6. The system of claim 4 wherein the data behavior object includes:
    - a creation time for the data; and
      
      an expiration period for the data.
  - 7. The system of claim 6, wherein the data behavior object includes:
    - the classification level for the data;
      
      the unique ID for the data; and
      
      an SSMD tag identifier.
  - 8. The system of claim 1, further comprising an external object that is paired with the SSMD encoded data.
  - 9. The system of claim 8, wherein:
    - the external object includes the expiration time for the data; and
      
      the expiration time for the data is accessible from the external object without decryption.
  - 10. The system of claim 8, wherein:
    - the external object includes the classification level for the data; and
      
      the classification level for the data is accessible from the external object without decryption.

11. A method for securing data, the method comprising:
- assigning a classification level to the data;
  
  assigning a unique ID to the data;
  
  assigning an expiration period to the data;
  
  obtaining a master application key for encryption from a key site, wherein the master application key is specific to a user application; and
  
  encoding the data, unique ID, expiration period, and data classification level using a secure self managed data (SSMD) key based on the master application key to form an SSMD encoded data.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, further comprising:
    - forming an external object including at least one of an expiration date for the data and the classification level for the data, wherein the external object is paired with the SSMD encoded data.
  - 13. The method of claim 11, wherein:
    - a user application provides the data; and
      
      the user application stores the SSMD encoded data.
  - 14. The method of claim 11, wherein:
    - a user application provides the data; and
      
      the SSMD encoded data paired with an external object is returned to the user application.
  - 15. The method of claim 11, wherein encoding the data, unique ID, expiration period, and data classification level to form an SSMD encoded data comprises:
    - creating a unique data encryption key from the master application key and the unique ID;
      
      encrypting the data using the unique data encryption key;
      
      creating a data behavior object using a creation time and the expiration period, the classification level, and the unique ID;
      
      obtaining an SSMD master encryption key from a key site;
      
      generating a unique behavior encryption key from the unique ID and the SSMD master encryption key;
      
      using the unique behavior encryption key to encrypt the data behavior object together with the already-encrypted data, encrypted using the unique data encryption key; and
      
      forming the SSMD encoded data from the encrypted data behavior object and doubly encrypted data.

16. A method for accessing secure data by an application, the method comprising:
- obtaining a classification level of an identity associated with the application;
  
  obtaining a secure self managed data (SSMD) encoded data and a unique ID associated with the SSMD encoded data;
  
  obtaining a master application key for encryption from a key site, wherein the master application key is specific to the application;
  
  using the unique ID, the classification level, and the master application key to decode the SSMD encoded data; and
  
  returning the decoded SSMD encoded data to the application if the data has not expired and the classification level of the identity associated with the application subsumes a classification level of the data.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein decoding the SSMD encoded data further comprises:
    - obtaining an SSMD master encryption key from a key site;
      
      generating a behavior decryption key from the unique ID and the SSMD master encryption key;
      
      using the behavior decryption key to decrypt the SSMD encoded data; and
      
      obtaining a data behavior object from the decrypted SSMD encoded data.
  - 18. The method of claim 17, wherein decoding the SSMD encoded data further comprises:
    - using the data behavior object obtained from the decrypted SSMD encoded data to check the classification level of the identity associated with the application against the classification level of the data;
      
      using the data behavior object obtained from the decrypted SSMD encoded data to check an expiration time of the data against a current time to determine if the data has not expired; and
      
      returning an exception to the application if either check fails.
  - 19. The method of claim 16, wherein decoding the SSMD encoded data further comprises:
    - creating a data decryption key from the master application key and the unique ID;
      
      decrypting the data using the data decryption key; and
      
      returning the decrypted data to the application.
  - 20. The method of claim 16, wherein:
    - an external data object is paired with the SSMD encoded data; and
      
      the application checks the external data object without decryption to determine if SSMD encoded data has expired.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
eBay Inc.
Inventors
Nahari, Hadi, Mansour, Rasta A.

Granted Patent

US 8,565,436 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/281
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 9/003   for power analysis, e.g. di...

H04L 9/088   Usage controlling of secret...

SECURE SELF MANAGED DATA (SSMD)

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE SELF MANAGED DATA (SSMD)

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links