System and Method to Create Resilient Site Master-key for Automated Access

US 20150026461A1
Filed: 07/22/2013
Published: 01/22/2015
Est. Priority Date: 07/22/2013
Status: Active Grant

First Claim

Patent Images

1. An information handling system comprising:

a storage device for storing a protected private key at a site location;

a processor adapted to determine a plurality of derivatives by randomly selecting an order of site characteristics from a plurality of disjoint sets of site characteristics unique to a software installation or site location;

the processor applying a hash algorithm to each selected site characteristic;

a buffer storage device for storing an order of random selection of the site characteristics for the plurality of derivatives;

the processor encrypting the stored random selection order with a first symmetric encryption key and embedding the first symmetric encryption key in code in obfuscated form;

the processor generating a site specific master key for encrypting the protected private key;

the processor encrypting the site specific master key with each of the plurality of derivatives to form a plurality of encrypted master key forms corresponding to the plurality of derivatives; and

storing the plurality of encrypted master key forms on the storage device at the site location.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system encrypts a private key with a master key and includes a storage device for storing a protected private key at a site location, a processor that determines a plurality of derivatives by selecting an order of site characteristics from a plurality of disjoint sets of site characteristics unique to a software installation or site location, wherein the processor applies a hash algorithm to each site characteristic. The system further includes a buffer storage device for storing an order of random selections of the site characteristics for the derivatives. The system encrypts the master key with the derivatives and additionally stores the encrypted form of the master key in a storage device.

45 Citations

View as Search Results

20 Claims

1. An information handling system comprising:
- a storage device for storing a protected private key at a site location;
  
  a processor adapted to determine a plurality of derivatives by randomly selecting an order of site characteristics from a plurality of disjoint sets of site characteristics unique to a software installation or site location;
  
  the processor applying a hash algorithm to each selected site characteristic;
  
  a buffer storage device for storing an order of random selection of the site characteristics for the plurality of derivatives;
  
  the processor encrypting the stored random selection order with a first symmetric encryption key and embedding the first symmetric encryption key in code in obfuscated form;
  
  the processor generating a site specific master key for encrypting the protected private key;
  
  the processor encrypting the site specific master key with each of the plurality of derivatives to form a plurality of encrypted master key forms corresponding to the plurality of derivatives; and
  
  storing the plurality of encrypted master key forms on the storage device at the site location.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the processor discards the site specific master key in response to storing the plurality of encrypted site characteristic derivative forms.
  - 3. The system of claim 1, wherein in response to an authorized access attempt to stored sensitive data at a site location, the processor decrypts each of the plurality of encrypted master key forms with the plurality of derivatives newly-generated with the stored random selection order and compares decrypted master key forms, andwherein any two or more matching decrypted master key forms yields a correct regenerated site specific master key.
  - 4. The method of claim 1, further comprising:
    - decrypting the protected private key stored at the site location with a regenerated site specific master key;
      
      decrypting a second symmetric encryption key stored at the site location with the decrypted private key to permit access to sensitive data.
  - 5. The method of claim 4, wherein the sensitive data is health-care related data with limitations placed on transmission of the sensitive data from the site location in cleartext.
  - 6. The method of claim 3, further comprising:
    - discarding decrypted site characteristic derivative forms not matching the regenerated site specific master key; and
      
      replacing the derivatives corresponding to the discarded site characteristic derivative forms with newly generated derivatives to form a corrected plurality of derivatives.
  - 7. The method of claim 1, wherein the site characteristics include a plurality of site hardware characteristics comprising a processor identification number.

8. A computer-implemented method of creating a resilient, site specific master-key, comprising:
- creating, via a processor executing instructions at a site location, a plurality of disjoint sets each having a plurality of site characteristics unique to a software installation or site location;
  
  determining, via the processor, a plurality of derivatives for each disjoint set by randomly selecting a site characteristic for each disjoint set;
  
  storing the order of random selection of the site characteristics for the plurality of disjoint sets in a buffer storage device;
  
  encrypting the stored random selection order with a symmetric encryption key and embedding the symmetric encryption key in code;
  
  generating a site specific master key and encrypting the site specific master key with each of the plurality of derivatives to form a plurality of encrypted master key forms corresponding to the plurality of derivatives; and
  
  storing the plurality of encrypted master key forms on a storage device at the site location.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, further comprising:
    - discarding the site specific master key in response to encrypting the site specific master key with each of the plurality of derivatives to form a plurality of encrypted master key forms.
  - 10. The method of claim 8, further comprising:
    - decrypting each of the plurality of encrypted master key forms,wherein any two matching decrypted master key forms yields the correct regenerated site specific master key.
  - 11. The method of claim 10, further comprising:
    - discarding decrypted site characteristic derivative forms not matching the regenerated site specific master key; and
      
      replacing the derivatives corresponding to discarded site characteristic derivative forms with newly generated derivatives to form a corrected plurality of derivatives.
  - 12. The method of claim 11, further comprising:
    - encrypting the stored random selection order for the corrected plurality of derivatives with the embedded symmetric encryption key.
  - 13. The method of claim 9, further comprising:
    - discarding all decrypted site characteristic derivative forms when any decrypted site characteristic derivative form does not match the regenerated site specific master key; and
      
      replacing all the derivatives with newly generated derivatives.
  - 14. The method of claim 8, wherein the site characteristics include a plurality of software installation characteristics comprising a binary code checksum and copying timestamp.
  - 15. The method of claim 8, wherein the site characteristics include a plurality of site hardware characteristics comprising a MAC address.

16. A computer-implemented method of regenerating a site specific master key to access encrypted private key data comprising:
- decrypting, via a processor executing instructions at a site location, an order of selection of site characteristics from a plurality of disjointed sets of site characteristics unique to a software installation or site location from a buffer storage device with a first symmetric encryption key;
  
  regenerating, via the processor, a plurality of derivatives according to the decrypted order of selection of site characteristics decrypted from the buffer storage device;
  
  retrieving a plurality of encrypted site characteristic derivative forms from a storage device;
  
  decrypting the plurality of encrypted master key forms with the plurality of derivatives; and
  
  determining a regenerated site specific master key by matching any two decrypted master key forms wherein a match yields the correct regenerated site specific master key.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further comprising:
    - decrypting protected private key data stored at the site location with the regenerated first site specific master key.
  - 18. The method of claim 17, further comprising:
    - decrypting a second symmetric encryption key received at the site location along with encrypted healthcare data using the decrypted private key; and
      
      decrypting the healthcare data using the decrypted second symmetric encryption key.
  - 19. The method of claim 18, further comprising:
    - re-encrypting the private key using the regenerated, site specific master key;
      
      encrypting each of the plurality of derivatives with the regenerated site specific master key to form a plurality of encrypted site characteristic derivative forms;
      
      discarding the regenerated master key.
  - 20. The method of claim 16, further comprising:
    - authenticating a user seeking to regenerate the site specific master key based on user credentials and membership to a unix group identification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Devi, Yogesh M.

Granted Patent

US 9,122,888 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6245   Protecting personal data, e...

H04L 9/0894   Escrow, recovery or storing...

System and Method to Create Resilient Site Master-key for Automated Access

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

45 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method to Create Resilient Site Master-key for Automated Access

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links