Method and system for initializing a key management system

US 7,225,161 B2
Filed: 12/21/2001
Issued: 05/29/2007
Est. Priority Date: 12/21/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for securing encryption keys in a key management system (KMS) comprising:

receiving data into the KMS, wherein the data comprises a key, a key name, and a key type, and wherein the data is received from a client over a network;

receiving at least one key encryption key (KEK) into the KMS, wherein the KEK is received from the client using a smart card interfacing over the network with the KMS, wherein the smart card stores the KEK;

encrypting the key, the key name, and the key type using the KEK to generate a secret token, wherein the encryption is performed by the KMS;

hashing the KEK to generate a hashed KEK;

generating a vector comprising the secret token and the hashed KEK, wherein the secret token comprises the encrypted key;

serializing the vector to generate a serialized file; and

storing the serialized file in KMS memory.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network system for key management including a server, a key management system providing process logic for key management system initialization located on the server, a key management system storage providing a secure data storage for the key management system, and an interface providing a means for inputting data into the key management system.

Citations

23 Claims

1. A method for securing encryption keys in a key management system (KMS) comprising:
- receiving data into the KMS, wherein the data comprises a key, a key name, and a key type, and wherein the data is received from a client over a network;
  
  receiving at least one key encryption key (KEK) into the KMS, wherein the KEK is received from the client using a smart card interfacing over the network with the KMS, wherein the smart card stores the KEK;
  
  encrypting the key, the key name, and the key type using the KEK to generate a secret token, wherein the encryption is performed by the KMS;
  
  hashing the KEK to generate a hashed KEK;
  
  generating a vector comprising the secret token and the hashed KEK, wherein the secret token comprises the encrypted key;
  
  serializing the vector to generate a serialized file; and
  
  storing the serialized file in KMS memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - storing the key, the key name, and the key type in a 3-tuple prior to encrypting the key, the key name, and the key type.
  - 3. The method of claim 2, further comprising:
    - encoding the key after storing the key in the 3-tuple.
  - 4. The method of claim 1, further comprising:
    - tagging the secret token to associate it with an application.
  - 5. The method of claim 1, wherein encrypting the key, the key name, and the key type comprises:
    - using a symmetric algorithm.
  - 6. The method of claim 1, wherein encrypting the key, the key name, and the key type comprises:
    - using an asymmetric algorithm.
  - 7. The method of claim 1, wherein receiving data into the KMS comprises:
    - using a graphical user interface.
  - 8. The method of claim 7, wherein the graphical user interface is integrated into a web browser.
  - 9. The method of claim 1, wherein the serialized file persists beyond the time the KMS is active and provides secure storage of the key and the KEK.

10. A system for securing encryption keys comprising:
- a key management system storage; and
  
  a key management system (KMS) configured to;
  
  receive data into the KMS, wherein the data comprises a key, a key name, and a key type, and wherein the data is received from a client over a network;
  
  receive at least one key encryption key (KEK) into the KMS, wherein the KEK is received from the client using a smart card interfacing over the network with the KMS, wherein the smart card provides the KEK;
  
  encrypt the key, the key name, and the key type using the KEK to generate a secret token, wherein the encryption is performed by the KMS;
  
  hash the KEK to generate a hashed KEK;
  
  generate a vector comprising the secret token and the hashed KEK, wherein the secret token comprises the encrypted key;
  
  serialize the vector to generate a serialized file; and
  
  store the serialized file in KMS memory.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The system of claim 10, wherein the KMS is further configured to store the key, the key name, and the key type in an 3-tuple prior to encrypting the key, the key name, and the key type.
  - 12. The system of claim 11, wherein the KMS is further configure to:
    - encode the key after storing the key in the 3-tuple.
  - 13. The system of claim 10, wherein the KMS is further configured to:
    - tag the secret token to associate it with an application.
  - 14. The system of claim 10, further comprising:
    - a graphical user interface.
  - 15. The system of claim 14, wherein the graphical user interface is integrated into a web browser.
  - 16. The system of claim 10, wherein the serialized file persists beyond the time the KMS is active and provides secure storage of the key and the KEK.

17. A computer readable medium storing instructions for execution on a key management system (KMS) processor, which when executed by the KMS processor cause the KMS processor to perform the steps of:
- receiving data into the KMS, wherein the data comprises a key, a key name, and a key type, and wherein the data is received from a client over a network;
  
  receiving at least one key encryption key (KEK) into the KMS, wherein the KEK is received from the client using a smart card interfacing over the network with the KMS, wherein the smart card stores the KEK;
  
  encrypting the key, the key name, and the key type using the KEK to generate a secret token, wherein the encryption is performed by the KMS;
  
  hashing the KEK to generate a hashed KEK;
  
  generating a vector comprising the secret token and the hashed KEK, wherein the secret token comprises the encrypted key;
  
  serializing the vector to generate a serialized file; and
  
  storing the serialized file in KMS memory.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The computer readable medium of claim 17, wherein the instructions further comprise instructions for:
    - storing the key, the key name, and the key type in a 3-tuple prior to encrypting the key, the key name, and the key type.
  - 19. The computer readable medium of claim 18, wherein the instructions further comprise instructions for encoding the key after storing the key in the 3-tuple.
  - 20. The computer readable medium of claim 17, wherein the instructions further comprise instructions for tagging the secret token to associate it with an application.
  - 21. The computer readable medium of claim 17, wherein the instructions further comprise instructions for using a symmetric algorithm.
  - 22. The computer readable medium of claim 17, wherein the instructions further comprise instructions for encrypting the key, the key name, and the key type using an asymmetric algorithm.
  - 23. The computer readable medium of claim 17, wherein the serialized file persists beyond the time the KMS is active and provides secure storage of the key and the KEK.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DEXA Systems Incorporated
Original Assignee
Schlumberger Omnes, Inc. (SLB)
Inventors
Syed, Jameel ur Rahman, Lam, Chui-Shan Teresa
Primary Examiner(s)
HEWITT II, CALVIN L

Application Number

US10/037,153
Publication Number

US 20030120598A1
Time in Patent Office

1,985 Days
Field of Search

705/50, 705/51, 705/57, 705/1, 705/64, 705/65
US Class Current

705/51
CPC Class Codes

G06Q 20/367   involving electronic purses...

G06Q 20/382   insuring higher security of...

H04L 2209/60   Digital content management,...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 9/0822   using key encryption key

H04L 9/083   involving central third par...

H04L 9/0894   Escrow, recovery or storing...

Method and system for initializing a key management system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for initializing a key management system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links