Public key infrastructure utilizing master key encryption
First Claim
1. A method for encrypting data, the method comprising:
- providing a first data processing system for a first user and a second data processing system for a second user;
providing a session key randomly generated by the second system for use in encrypting original data;
encrypting the data by the second system using the session key and a symmetric encryption routine;
encrypting the session key by the second system, with a public key of the first user using an asymmetric encryption routine, for storage as a first user key blob;
encrypting the session key by the second system, with a master public key using the asymmetric encryption routine, for storage as a master key blob, wherein the session key is thereby twice encrypted;
storing by the first system a first user private key on any media;
decrypting the user key blob by the first system using the asymmetric encryption routine providing the first system with access to the session key;
the first system decrypting the data using the symmetric encryption routine; and
the second system securely transmitting the data to the first system.
14 Assignments
0 Petitions
Accused Products
Abstract
The disclosure encrypts and decrypts data using public key infrastructure with and allows an authorized third party to access and decrypt the encrypted data as required without requiring private key escrow. The disclosure utilizes a user private key, a user public key, a master private key, a master public key, and a session key generated by the system. The data is encrypted utilizing the session key. The session key is encrypted once utilizing the user public key and again utilizing the master public key. The encrypted data and the encrypted session keys are included in a data packet that is transmitted from one data processing system to another. The session key is decrypted utilizing the user private key. The data is decrypted utilizing the session key. When the authorized third party requires access to the data on the destination processing system, the session key is decrypted with the master private key and the data is decrypted with the session key.
85 Citations
13 Claims
-
1. A method for encrypting data, the method comprising:
-
providing a first data processing system for a first user and a second data processing system for a second user; providing a session key randomly generated by the second system for use in encrypting original data; encrypting the data by the second system using the session key and a symmetric encryption routine; encrypting the session key by the second system, with a public key of the first user using an asymmetric encryption routine, for storage as a first user key blob; encrypting the session key by the second system, with a master public key using the asymmetric encryption routine, for storage as a master key blob, wherein the session key is thereby twice encrypted; storing by the first system a first user private key on any media; decrypting the user key blob by the first system using the asymmetric encryption routine providing the first system with access to the session key; the first system decrypting the data using the symmetric encryption routine; and the second system securely transmitting the data to the first system. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for encrypting data comprising:
-
providing a first data processing system for a first user and a second data processing system for a second user; providing a session key randomly generated by the second system for use in encrypting original data; encrypting the data by the second system using the session key and a symmetric encryption routine; encrypting the session key by the second system, with a public key of the first user using an asymmetric encryption routine, for storage as a first user key blob; encrypting the session key by the second system, with a master public key using the asymmetric encryption routine, for storage as a master key blob, wherein the session key is thereby twice encrypted; storing by the first system a first user private key on any media; decrypting the user key blob by the first system using the asymmetric encryption routine providing the first system with access to the session key; the first system decrypting the data using the symmetric encryption routine; the second system securely transmitting the data to the first system; and a third party gaining access to the data using a master private key to decrypt the master key blob using the asymmetric encryption routine and gain access to the original data. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for encrypting data comprising:
-
providing a first data processing system for a first user and a second data processing system for a second user; the second user sending the first user a data file; the second system randomly generating a session key for use in encrypting original data in the data file; using the session key, the second system encrypting the data using a symmetric encryption routine; encrypting the session key by the second system, with a public key of the first user using an asymmetric encryption routine, for storage as a first user key blob within the encrypted data; encrypting the session key by the second system, with a master public key using the asymmetric encryption routine, for storage as a master key blob within the encrypted data, wherein the session key is thereby twice encrypted; the second system transmitting the encrypted data to the first system; storing by the first system a first user private key on any media; decrypting the user key blob by the first system using the asymmetric encryption routine providing the first system with access to the randomly generated session key; the first system decrypting the data using the symmetric encryption routine and the second system securely transmitting the data to the first system; and a third party gaining access to the data using a master private key to decrypt the master key blob using the asymmetric encryption routine and gain access to the original data.
-
Specification