SYSTEMS AND METHODS FOR IDENTITY ENCAPSULATED CRYPTOGRAHY

US 20110225423A1
Filed: 03/02/2011
Published: 09/15/2011
Est. Priority Date: 03/11/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating a first request for a user key to access a service, the service provided by an enterprise and hosted within a public cloud;

receiving a user key in response to the first request;

transmitting a second request for a country key, the country key assigned to a country of a user;

receiving a country key in response to the second request;

encrypting session data resulting from the use of the service hosted within the public cloud using the user key;

encrypting, using one or more processors, the user key using the country key; and

transmitting the encrypted session data and the encrypted user key to the public cloud.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system to provide identity encapsulated cryptography are provided. A method may comprise receiving a user key to access a service. The service may be provided by an enterprise and hosted within a public cloud. A request for a country key assigned to a country of a user is transmitted and the country key is received. Session data resulting from the use of the service hosted within the public cloud is encrypted using the user key and the user key is encrypted using the country key. The encrypted session data and the encrypted user key are stored in the public cloud. The country key may be provided to a legal agency of the country of the user to decrypt session data of the user and to not decrypt session data of other users of another country.

31 Citations

View as Search Results

22 Claims

1. A method comprising:
- generating a first request for a user key to access a service, the service provided by an enterprise and hosted within a public cloud;
  
  receiving a user key in response to the first request;
  
  transmitting a second request for a country key, the country key assigned to a country of a user;
  
  receiving a country key in response to the second request;
  
  encrypting session data resulting from the use of the service hosted within the public cloud using the user key;
  
  encrypting, using one or more processors, the user key using the country key; and
  
  transmitting the encrypted session data and the encrypted user key to the public cloud.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the first request includes one or more key references, the key references stored on an information claims container in a user device.
  - 3. The method of claim 1, wherein the first request further includes a request for a session key.
  - 4. The method of claim 3, further comprising using the session key to establish a session between a user device and the service hosted by the public cloud.
  - 5. The method of claim 1, wherein the user key is received from a key service.
  - 6. The method of claim 1, wherein the user key is assigned to a user device of a plurality of user devices associated with the user.
  - 7. The method of claim 1, wherein the country key is received from the enterprise.
  - 8. The method of claim 1, further comprising:
    - generating a third request, the third request being for session data of a plurality of users of the country, including an indication of a country associated with a country key;
      
      receiving the country key;
      
      decrypting user keys stored in the public cloud, the user keys used to encrypt the session data of the plurality of the users of the country; and
      
      decrypting the session data of the plurality of the users of the country using the decrypted user keys.
  - 9. The method of claim 8, wherein other user keys stored in the public cloud encrypted using another country key remain encrypted.
  - 10. The method of claim 9, wherein other session data encrypted using the other user keys remain encrypted.
  - 11. The method of claim 1, wherein the user key comprises a digital signature.
  - 12. The method of claim 1, wherein the country key comprises a plurality of encryption keys.

13. A non-transitory machine-readable storage medium having instructions embodied thereon, the instructions executable by one or more processors to perform a method, the method comprising:
- assigning a first country key to a first country of a plurality of first users who are provided a service hosted by a cloud;
  
  assigning a second country key to a second country of a plurality of second users who are provided the service hosted by the cloud;
  
  transmitting the first country key in response to a first request for the first country key from a first user of the plurality of first users, the first user to encrypt a first user key using the first country key and to store the encrypted first user key in the cloud;
  
  transmitting the second country key in response to a second request for the second country key from a second user of the plurality of second users, the second user to encrypt a second user key using the second country key and to store the encrypted second user key in the cloud; and
  
  providing the first country key to a first legal agency of the first country, the first country key to decrypt session data of the plurality of the first users and to not decrypt session data of the plurality of second users.

14. A system comprising:
- a non-transitory memory to store one or more information claims containers, the one or more information claims containers including one or more claims and one or more key references; and
  
  one or more processors to;
  
  generate a first request for a user key to access a service, the service provided by an enterprise and hosted within a public cloud;
  
  receive a user key in response to the first request;
  
  transmit a second request for a country key, the country key assigned to a country of a user;
  
  receive a country key in response to the second request;
  
  encrypt session data resulting from the use of the service hosted within the public cloud using the user key;
  
  encrypt the user key using the country key; and
  
  transmit the encrypted session data and the encrypted user key to the public cloud.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The system of claim 14, wherein the first request includes one or more key references, the key references stored on an information claims container in a user device.
  - 16. The system of claim 14, wherein the first request further includes a request for a session key.
  - 17. The system of claim 16, wherein the one or more processors are further to use the session key to establish a session between a user device and the service hosted by the public cloud.
  - 18. The system of claim 14, wherein the user key is assigned to a user device of a plurality of user devices associated with the user.
  - 19. The system of claim 14, wherein the one more processors are further to:
    - generate a third request, the third request being for session data of a plurality of users of the country, including an indication of a country associated with a country key;
      
      receive the country key;
      
      decrypt user keys stored in the public cloud, the user keys used to encrypt the session data of the plurality of the users of the country; and
      
      decrypt the session data of the plurality of the users of the country using the decrypted user keys.
  - 20. The system of claim 19, wherein other user keys stored in the public cloud encrypted using another country key remain encrypted.
  - 21. The system of claim 20, wherein other session data encrypted using the other user keys remain encrypted.

22. A method comprising:
- receiving a first request for a user key to access a service, the service provided by an enterprise and hosted within a public cloud,the user key for encrypting session data resulting from the user of the service hosted within the public cloud, and for encrypting, using one or more processors, a country key assigned to a country of the user;
  
  transmitting the user key in response to the first request;
  
  receiving a second request for the country key;
  
  transmitting the country key in response to the second request; and
  
  receiving the encrypted session data and the encrypted user key for transmission to the public cloud.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
eBay Inc.
Original Assignee
eBay Inc.
Inventors
Lynch, Liam Sean

Granted Patent

US 8,621,220 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 2463/062   applying encryption of the ...

H04L 63/04   for providing a confidentia...

H04L 9/0827   involving distinctive inter...

SYSTEMS AND METHODS FOR IDENTITY ENCAPSULATED CRYPTOGRAHY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR IDENTITY ENCAPSULATED CRYPTOGRAHY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links