SECURE SELF MANAGED DATA (SSMD)
First Claim
1. A system comprising:
- a master key for encryption of data;
an encryption key site accessible by a computer, wherein the encryption key site stores a first piece of the master key;
a configuration file resident in a computer file system, the configuration file storing a second piece of the master key;
a computer database storing a third piece of the master key;
a master-key seal key used to encrypt the master key, wherein a secure self managed data (SSMD) key is obtained by assembling and decrypting the first piece, the second piece and the third piece using the master-key seal key;
a unique ID for the data;
a classification level for the data; and
an expiration time for the data, wherein the data, the unique ID, the classification level, and the expiration time are encrypted together using the SSMD key to form an SSMD encoded data.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, according to one embodiment, includes a master key for encryption of data; an encryption key site accessible by computer and storing a first piece of the master key; a configuration file resident in a computer file system, the configuration file storing a second piece of the master key; a computer database storing a third piece of the master key; a master-key seal key used to encrypt the master key, wherein a secure self managed data (SSMD) key is obtained by assembling and decrypting the first piece, the second piece and the third piece using the master-key seal key; a unique ID for the data; a classification level for the data; and an expiration time for the data, wherein the data, the unique ID, the classification level, and the expiration time are encrypted together using the SSMD key to form an SSMD encoded data.
48 Citations
20 Claims
-
1. A system comprising:
-
a master key for encryption of data; an encryption key site accessible by a computer, wherein the encryption key site stores a first piece of the master key; a configuration file resident in a computer file system, the configuration file storing a second piece of the master key; a computer database storing a third piece of the master key; a master-key seal key used to encrypt the master key, wherein a secure self managed data (SSMD) key is obtained by assembling and decrypting the first piece, the second piece and the third piece using the master-key seal key; a unique ID for the data; a classification level for the data; and an expiration time for the data, wherein the data, the unique ID, the classification level, and the expiration time are encrypted together using the SSMD key to form an SSMD encoded data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for securing data, the method comprising:
-
assigning a classification level to the data; assigning a unique ID to the data; assigning an expiration period to the data; obtaining a master application key for encryption from a key site, wherein the master application key is specific to a user application; and encoding the data, unique ID, expiration period, and data classification level using a secure self managed data (SSMD) key based on the master application key to form an SSMD encoded data. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method for accessing secure data by an application, the method comprising:
-
obtaining a classification level of an identity associated with the application; obtaining a secure self managed data (SSMD) encoded data and a unique ID associated with the SSMD encoded data; obtaining a master application key for encryption from a key site, wherein the master application key is specific to the application; using the unique ID, the classification level, and the master application key to decode the SSMD encoded data; and returning the decoded SSMD encoded data to the application if the data has not expired and the classification level of the identity associated with the application subsumes a classification level of the data. - View Dependent Claims (17, 18, 19, 20)
-
Specification