SECURE DATA HANDLING AND STORAGE
First Claim
1. A method comprising:
- receiving a plurality of keys for unlocking an encryption engine, each key associated with a key holder;
combining at least a subset of the plurality of keys to generate a master key;
unlocking the encryption engine using the master key;
receiving, at the encryption engine on a continuous basis, encrypted data, the data encrypted using a first encryption key, the data comprising sensitive information for one or more users;
decrypting the encrypted data using the first encryption key; and
re-encrypting the decrypted data using a second encryption key, the second encryption key newer than the first encryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
Apparatuses, methods, systems, and program products are disclosed for secure data handling and storage. A method includes receiving a plurality of keys for unlocking an encryption engine. Each key may be associated with a key holder. At least a subset of the plurality of keys are combined to generate a master key. An encryption engine is unlocked using the master key. Encrypted data is received at the encryption engine on a continuous basis. The encrypted data is encrypted using a first encryption key, and includes sensitive information for one or more users. The encrypted data is decrypted using the first encryption key. The decrypted data is re-encrypted using a second encryption key that is newer than the first encryption key.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving a plurality of keys for unlocking an encryption engine, each key associated with a key holder; combining at least a subset of the plurality of keys to generate a master key; unlocking the encryption engine using the master key; receiving, at the encryption engine on a continuous basis, encrypted data, the data encrypted using a first encryption key, the data comprising sensitive information for one or more users; decrypting the encrypted data using the first encryption key; and re-encrypting the decrypted data using a second encryption key, the second encryption key newer than the first encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus comprising:
-
a lock module that; receives a plurality of keys for unlocking an encryption engine, each key associated with a key holder; combines at least a subset of the plurality of keys to generate a master key; unlocks the encryption engine using the master key; a data module that receives, at the encryption engine on a continuous basis, encrypted data, the data encrypted using a first encryption key, the data comprising sensitive information for one or more users; a decryption module that decrypts the encrypted data using the first encryption key; and an encryption module that re-encrypts the decrypted data using a second encryption key, the second encryption key newer than the first encryption key. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A program product comprising a computer readable storage medium that stores code executable by a processor, the executable code comprising code to perform:
-
receiving a plurality of keys for unlocking an encryption engine, each key associated with a key holder; combining at least a subset of the plurality of keys to generate a master key; unlocking the encryption engine using the master key; receiving, at the encryption engine on a continuous basis, encrypted data, the data encrypted using a first encryption key, the data comprising sensitive information for one or more users; decrypting the encrypted data using the first encryption key; and re-encrypting the decrypted data using a second encryption key, the second encryption key newer than the first encryption key.
-
Specification