Communication Network With Rolling Encryption Keys and Data Exfiltration Control
First Claim
1. An apparatus comprising:
- a memory configured to store;
a plurality of encryption keys, wherein each encryption key is linked with an encryption key index; and
an encrypted data entry, wherein the encrypted data entry comprises an encrypted data element and metadata linked with the encrypted data element, wherein the metadata identifies;
a first encryption key index referencing a first encryption key from the plurality of encryption keys, andan encryption wait time period; and
an encryption service engine configured to;
periodically re-encrypt the encrypted data element, wherein re-encrypting the encrypted data element comprises;
determining that the encryption wait time period has lapsed;
obtaining the first encryption key from the plurality of encryption keys using the first encryption key index;
decrypting the encrypted data element using the first encryption key to recover the original data element;
obtaining a second encryption key;
encrypting the original data element using the second encryption key; and
modifying the metadata linked with the encrypted data element with a second encryption key index referencing the second encryption key;
receive a data request for the encrypted data element;
send the encrypted data element in response to receiving the data request; and
limit the bandwidth of a data channel used to send the encrypted data element.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus that includes a memory configured to store encryption keys and encrypted data entries. The apparatus further includes an encryption service engine configured to periodically re-encrypt the encrypted data element, which includes determining that an encryption wait time period has lapsed, obtaining a first encryption key using a first key index, and decrypting the encrypted data element using the first encryption key to recover the original data. The encryption service engine is further configured to obtain a second encryption key, encrypt the original data using the second encryption key, and modify the metadata linked with the encrypted data element with a second key index referencing the second encryption key. The encryption service engine is further configured to receive a data request for the encrypted data element, to send the encrypted data element, and to limit the bandwidth of a data channel used to send the encrypted data element.
2 Citations
20 Claims
-
1. An apparatus comprising:
-
a memory configured to store; a plurality of encryption keys, wherein each encryption key is linked with an encryption key index; and an encrypted data entry, wherein the encrypted data entry comprises an encrypted data element and metadata linked with the encrypted data element, wherein the metadata identifies; a first encryption key index referencing a first encryption key from the plurality of encryption keys, and an encryption wait time period; and an encryption service engine configured to; periodically re-encrypt the encrypted data element, wherein re-encrypting the encrypted data element comprises; determining that the encryption wait time period has lapsed; obtaining the first encryption key from the plurality of encryption keys using the first encryption key index; decrypting the encrypted data element using the first encryption key to recover the original data element; obtaining a second encryption key; encrypting the original data element using the second encryption key; and modifying the metadata linked with the encrypted data element with a second encryption key index referencing the second encryption key; receive a data request for the encrypted data element; send the encrypted data element in response to receiving the data request; and limit the bandwidth of a data channel used to send the encrypted data element. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a mix router configured to; receive an encryption key request identifying a first encryption key index for an encrypted data element from a network node; identify an encryption service device linked with the encrypted data element in response to receiving the encryption key request; send the encryption key request to the encryption service device; and send an encryption key for the encrypted data element to the network node in response to receiving the encrypted key; and the encryption service device in signal communication with the mixer router, comprising; a memory configured to store; a plurality of encryption keys, wherein each encryption key is linked with an encryption key index; an encrypted data entry, wherein the encrypted data entry comprises the encrypted data element and metadata linked with the encrypted data element, wherein the metadata identifies; the first encryption key index referencing a first encryption key from the plurality of encryption keys, and an encryption wait time period; and an encryption service engine configured to; periodically re-encrypt the encrypted data element; receive the encryption key request; obtain the first encryption key from the memory using the first encryption key index in response to receiving the encryption key request; send the first encryption key to the mix router in response to obtaining the first encryption key from the memory; and limit the bandwidth of a data channel used to send the first encryption key. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
periodically re-encrypting, by an encryption service engine, an encrypted data element comprising; accessing an encrypted data entry in a memory, wherein the encrypted data entry comprises an encrypted data element and metadata linked with the encrypted data element, wherein the metadata identifies; a first encryption key index referencing a first encryption key from the plurality of encryption keys, and an encryption wait time period; determining the encryption wait time period has lapsed; obtaining the first encryption key from the memory using the first encryption key index; decrypting the encrypted data element using the first encryption key to recover an original data element; obtaining a second encryption key; encrypting the original data element using the second encryption key; and modifying the metadata linked with the encrypted data element with a second encryption key index referencing the second encryption key; receiving, at the encryption service engine, a data request for the encrypted data element; sending, by the encryption service engine, the encrypted data element in response to receiving the data request; and limiting, by the encryption service engine, the bandwidth of a data channel used to send the encrypted data element. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification