System and Method to Create Resilient Site Master-key for Automated Access
First Claim
1. An information handling system comprising:
- a storage device for storing a protected private key at a site location;
a processor adapted to determine a plurality of derivatives by randomly selecting an order of site characteristics from a plurality of disjoint sets of site characteristics unique to a software installation or site location;
the processor applying a hash algorithm to each selected site characteristic;
a buffer storage device for storing an order of random selection of the site characteristics for the plurality of derivatives;
the processor encrypting the stored random selection order with a first symmetric encryption key and embedding the first symmetric encryption key in code in obfuscated form;
the processor generating a site specific master key for encrypting the protected private key;
the processor encrypting the site specific master key with each of the plurality of derivatives to form a plurality of encrypted master key forms corresponding to the plurality of derivatives; and
storing the plurality of encrypted master key forms on the storage device at the site location.
14 Assignments
0 Petitions
Accused Products
Abstract
A system encrypts a private key with a master key and includes a storage device for storing a protected private key at a site location, a processor that determines a plurality of derivatives by selecting an order of site characteristics from a plurality of disjoint sets of site characteristics unique to a software installation or site location, wherein the processor applies a hash algorithm to each site characteristic. The system further includes a buffer storage device for storing an order of random selections of the site characteristics for the derivatives. The system encrypts the master key with the derivatives and additionally stores the encrypted form of the master key in a storage device.
45 Citations
20 Claims
-
1. An information handling system comprising:
-
a storage device for storing a protected private key at a site location; a processor adapted to determine a plurality of derivatives by randomly selecting an order of site characteristics from a plurality of disjoint sets of site characteristics unique to a software installation or site location; the processor applying a hash algorithm to each selected site characteristic; a buffer storage device for storing an order of random selection of the site characteristics for the plurality of derivatives; the processor encrypting the stored random selection order with a first symmetric encryption key and embedding the first symmetric encryption key in code in obfuscated form; the processor generating a site specific master key for encrypting the protected private key; the processor encrypting the site specific master key with each of the plurality of derivatives to form a plurality of encrypted master key forms corresponding to the plurality of derivatives; and storing the plurality of encrypted master key forms on the storage device at the site location. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method of creating a resilient, site specific master-key, comprising:
-
creating, via a processor executing instructions at a site location, a plurality of disjoint sets each having a plurality of site characteristics unique to a software installation or site location; determining, via the processor, a plurality of derivatives for each disjoint set by randomly selecting a site characteristic for each disjoint set; storing the order of random selection of the site characteristics for the plurality of disjoint sets in a buffer storage device; encrypting the stored random selection order with a symmetric encryption key and embedding the symmetric encryption key in code; generating a site specific master key and encrypting the site specific master key with each of the plurality of derivatives to form a plurality of encrypted master key forms corresponding to the plurality of derivatives; and storing the plurality of encrypted master key forms on a storage device at the site location. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-implemented method of regenerating a site specific master key to access encrypted private key data comprising:
-
decrypting, via a processor executing instructions at a site location, an order of selection of site characteristics from a plurality of disjointed sets of site characteristics unique to a software installation or site location from a buffer storage device with a first symmetric encryption key; regenerating, via the processor, a plurality of derivatives according to the decrypted order of selection of site characteristics decrypted from the buffer storage device; retrieving a plurality of encrypted site characteristic derivative forms from a storage device; decrypting the plurality of encrypted master key forms with the plurality of derivatives; and determining a regenerated site specific master key by matching any two decrypted master key forms wherein a match yields the correct regenerated site specific master key. - View Dependent Claims (17, 18, 19, 20)
-
Specification