Method and apparatus for correcting improper encryption and/or for reducing memory storage
First Claim
1. A method for facilitating an encryption process comprising the steps of:
- receiving data containing header data wherein the header data includes a plurality of cryptographic key packages associated with multiple recipients;
parsing the header data to determine whether at least one of the plurality of cryptographic key packages corresponds to key identification data for a predetermined recipient; and
removing at least some cryptographic key packages not corresponding to the key identification data for the predetermined recipient.
7 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and methods for facilitating an encryption process for use in systems employing cryptography based security, removes unnecessary data relating to encryption keys prior to storing the data after receipt of the encrypted information from a sender. Encrypted data, such as message data for multiple recipients, is analyzed to determine whether encryption related data for other recipients may be removed and/or whether a preferred encrypting process was used. In one embodiment, the apparatus and method also determines whether a non-preferred encryption process was used to encrypt encrypted data and re-encrypts the encrypted data with a different encryption process in response to detected non-preferred encryption key usage.
280 Citations
38 Claims
-
1. A method for facilitating an encryption process comprising the steps of:
-
receiving data containing header data wherein the header data includes a plurality of cryptographic key packages associated with multiple recipients;
parsing the header data to determine whether at least one of the plurality of cryptographic key packages corresponds to key identification data for a predetermined recipient; and
removing at least some cryptographic key packages not corresponding to the key identification data for the predetermined recipient. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
retrieving a digital signing key based on identification data corresponding to digital signing data in the key identification data;
decrypting the header data to recover a message encryption key;
re-encrypting the message encryption key using a different asymmetric encryption key;
replacing key identification data with new key identification data corresponding to a new asymmetric encryption key; and
re-storing the new key identification data and the corresponding message encryption key as part of a new cryptographic key package to replace a current cryptographic key package, for subsequent use.
-
-
10. The method of claim 1 including the step of decrypting, compressing, and re-encrypting the message data prior to restoring the encrypted message.
-
11. A method for facilitating an encryption process comprising the steps of:
-
receiving data containing header data wherein the header data includes a plurality of cryptographic key packages associated with multiple recipients;
parsing the header data to determine whether at least one of the plurality of cryptographic key packages corresponds to key identification data for a predetermined recipient; and
removing at least some cryptographic key packages not corresponding to the predetermined recipient to obtain a first remaining cryptographic key package corresponding to the predetermined recipient;
decrypting an encryption symmetric key from the first remaining cryptographic key package to obtain a recipient encryption key;
re-encrypting the recipient encryption key to generate a second cryptographic key package; and
storing the second cryptographic key package for later use by the recipient. - View Dependent Claims (12, 13)
-
-
14. A method for facilitating an encryption process comprising the steps of:
-
receiving data containing header data wherein the header data includes a plurality of cryptographic key packages associated with multiple recipients;
re-encrypting the header data leaving only header data corresponding to the predetermined recipient; and
storing the re-encrypted header data for later use by the recipient. - View Dependent Claims (15, 16, 17)
parsing the header data and extracting a specific recipient cryptographic key package;
using a symmetric encryption key recovered from the cryptographic key package to decrypt message data;
selecting a different symmetric encryption key;
compressing the decrypted message data;
re-encrypting the message data with the different symmetric encryption process; and
re-wrapping the different symmetric encryption key with a public encryption key.
-
-
18. A method for facilitating an encryption process comprising the steps of:
-
receiving encrypted data;
determining an encryption key used to encrypt the encrypted data to determine whether an improper encryption key was used to encrypt the encrypted data;
re-wrapping the encrypted data with a different encryption process in response to a detected improper encryption key usage. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
parsing the header data to determine whether at least one of a plurality of cryptographic key packages corresponds to key identification data for a predetermined recipient; and
removing at least some cryptographic key packages not corresponding to the key identification data.
-
-
25. The method of claim 18 where the encrypted data includes header data and message data, including the step of re-encrypting message data with a different symmetric key.
-
26. The method of claim 25 wherein the step of re-encrypting the message data includes:
-
parsing the header data and extracting a specific recipient'"'"'s cryptographic key package;
using a symmetric encryption key recovered from the cryptographic key package to decrypt message data;
selecting a different symmetric encryption key;
compressing the decrypted message data;
re-encrypting the message data with the different symmetric encryption key; and
re-wrapping the different symmetric encryption key with a public encryption key.
-
-
27. An apparatus for facilitating an encryption process comprising:
-
means for receiving data containing header data wherein the header data includes a plurality of cryptographic key packages associated with multiple recipients;
means, operatively coupled to the receiving means, for parsing the header data to determine whether at least one of the plurality of cryptographic key packages corresponds to key identification data for a predetermined recipient; and
means, operatively coupled to the parsing means, for removing at least some cryptographic key packages not corresponding to the key identification data. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34)
-
-
35. An apparatus for facilitating an encryption process comprising:
-
means for receiving data containing header data wherein the header data includes a plurality of cryptographic key packages associated with multiple recipients;
a re-encryptor, operatively responsive to the received data, that re-encrypts the header data with only header data corresponding to the predetermined recipient; and
means for storing the re-encrypted header data for later use by the recipient. - View Dependent Claims (36, 37, 38)
parsing the header data and extracting a specific recipient'"'"'s cryptographic key package;
using a symmetric encryption key recovered from the cryptographic key package to decrypt message data;
selecting a different symmetric encryption key;
compressing the decrypted message data;
re-encrypting the message data with the different symmetric encryption key; and
re-wrapping the different symmetric encryption key with a public encryption key.
-
-
38. The apparatus of claim 35 including means for determining an encryption key used to encrypt the encrypted data to determine whether a non-preferred encryption key was used to encrypt the encrypted data and for re-wrapping the encrypted data with a different encryption process in response to a detected non-preferred encryption key usage.
Specification