Protocol for Controlling Access to Encryption Keys
First Claim
Patent Images
1. A method comprising:
- receiving information to identify a user of a computer;
validating the information; and
transmitting a key-encrypting key through a distributed data network to the computer after validating the information, whereinthe key-encrypting key is to decrypt a private key of a public/private keypair available at the computer.
0 Assignments
0 Petitions
Accused Products
Abstract
A secure remote-data-storage system stores encrypted data and both plaintext and encrypted keys at a server, where data at the server is inadequate to recover the plaintext of the encrypted data; and stores at least one encrypted key at a client system. To decrypt the data, the client must obtain a copy of the encrypted data from the server, and a key to decrypt its locally-stored encrypted key. Once decrypted, the locally-stored key can be used to decrypt the encrypted data, or to decrypt an encrypted key from the server, which may then be used decrypt the encrypted data.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving information to identify a user of a computer; validating the information; and transmitting a key-encrypting key through a distributed data network to the computer after validating the information, wherein the key-encrypting key is to decrypt a private key of a public/private keypair available at the computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable medium containing instructions and data to cause a programmable processor to perform operations comprising:
-
selecting an asymmetric encryption key pair (“
public/private keypair”
);selecting a key-encryption key; encrypting a private key of the public/private keypair using the key-encryption key; transmitting the key-encryption key to a server; transmitting a public key of the public/private keypair to the server; and discarding the key-encryption key. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
transmitting an executable program to a browser at a client computer, the executable program containing instructions to cause the browser to perform operations including; a) opening a cache of usernames and passwords stored at the client computer; b) preparing a document-encryption key; c) encrypting contents of the cache using the document-encryption key; d) encrypting the document-encryption key using a public key of a public/private keypair; and e) transmitting the encrypted contents of the cache and the encrypted document-encryption key; receiving a the encrypted contents of the cache and the encrypted document-encryption key from the client computer; and storing the encrypted contents of the cache and the encrypted document-encryption key.
-
Specification