Approach for managing access to messages using encryption key management policies
First Claim
1. A method for managing access to messages, the method comprising the computer-implemented steps of:
- a first client,generating a message key,encrypting a message with the message key to generate an encrypted message;
a policy server generating and providing to the first client;
a user key that is generated based upon a user key descriptor that includes user identification data that uniquely identifies the user associated with the first client, anda user recovery key that is generated based upon both a server recovery key and user identification data that uniquely identifies a user associated with the first client;
the policy server generating and deleting the server recovery key in accordance with an encryption key management policy;
the first client,generating an encrypted message key by encrypting the message key with at least the user recovery key and the user key,deleting the message key,transmitting the encrypted message and the encrypted message key from the first client to the second client;
the second client transmitting the encrypted message key to the policy server;
the policy server receiving the encrypted message key from the second client;
the policy server decrypting the encrypted message key using both the user recovery key and the user key to recover the message key that was used to generate the encrypted message that was received by the second client from the first client; and
providing the message key to the second client to enable the second client to decrypt the encrypted message and recover the message.
8 Assignments
0 Petitions
Accused Products
Abstract
Controlling access to disseminated messages includes implementing one or more key management policies that specify how various encryption keys are maintained and in particular, when encryption keys are made inaccessible. Deleting a particular key renders inaccessible all copies of messages, known or unknown, associated with the particular key, regardless of the location of the associated messages. A message may be directly associated with a deleted key. For example, a message may be directly associated with a deleted key by having been encrypted using the deleted key. A message may also be indirectly associated with a deleted key. For example, a message may be indirectly associated with a deleted key by being encrypted with a key that in turn was encrypted using the deleted key. Any number of levels are indirection are possible and either situation makes the message unrecoverable. The approach is applicable to any type of data in any format and the invention is not limited to any type of data or any type of data format. Examples of data include, but are not limited to, text data, voice data, graphics data and email. Although embodiments of the invention are described hereinafter in the context of controlling access to email, the invention is not limited to the email context and is applicable to controlling access to any type of messages or data.
85 Citations
27 Claims
-
1. A method for managing access to messages, the method comprising the computer-implemented steps of:
-
a first client, generating a message key, encrypting a message with the message key to generate an encrypted message;
a policy server generating and providing to the first client;a user key that is generated based upon a user key descriptor that includes user identification data that uniquely identifies the user associated with the first client, and a user recovery key that is generated based upon both a server recovery key and user identification data that uniquely identifies a user associated with the first client; the policy server generating and deleting the server recovery key in accordance with an encryption key management policy; the first client, generating an encrypted message key by encrypting the message key with at least the user recovery key and the user key, deleting the message key, transmitting the encrypted message and the encrypted message key from the first client to the second client; the second client transmitting the encrypted message key to the policy server; the policy server receiving the encrypted message key from the second client; the policy server decrypting the encrypted message key using both the user recovery key and the user key to recover the message key that was used to generate the encrypted message that was received by the second client from the first client; and providing the message key to the second client to enable the second client to decrypt the encrypted message and recover the message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable storage medium for managing access to messages, the computer-readable storage medium storing one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
a first client, generating a message key, encrypting a message with the message key to generate an encrypted message;
a policy server generating and providing to the first client;a user key that is generated based upon a user key descriptor that includes user identification data that uniquely identifies the user associated with the first client, and a user recovery key that is generated based upon both a server recovery key and user identification data that uniquely identifies a user associated with the first client; the policy server generating and deleting the server recovery key in accordance with an encryption key management policy; the first client, generating an encrypted message key by encrypting the message key with at least the user recovery key and the user key, deleting the message key, transmitting the encrypted message and the encrypted message key from the first client to the second client; the second client transmitting the encrypted message key to the policy server; the policy server receiving the encrypted message key from the second client; the policy server decrypting the encrypted message key using both the user recovery key and the user key to recover the message key that was used to generate the encrypted message that was received by the second client from the first client; and providing the message key to the second client to enable the second client to decrypt the encrypted message and recover the message. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus for managing access to messages, the apparatus comprising a memory carrying one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
a first client, generating a message key, encrypting a message with the message key to generate an encrypted message; a policy server generating and providing to the first client; a user key that is generated based upon a user key descriptor that includes user identification data that uniquely identifies the user associated with the first client, and a user recovery key that is generated based upon both a server recovery key and user identification data that uniquely identifies a user associated with the first client; the policy server generating and deleting the server recovery key in accordance with an encryption key management policy; the first client, generating an encrypted message key by encrypting the message key with at least the user recovery key and the user key, deleting the message key, transmitting the encrypted message and the encrypted message key from the first client to the second client; the second client transmitting the encrypted message key to the policy server; the policy server receiving the encrypted message key from the second client; the policy server decrypting the encrypted message key using both the user recovery key and the user key to recover the message key that was used to generate the encrypted message that was received by the second client from the first client; and providing the message key to the second client to enable the second client to decrypt the encrypted message and recover the message. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification