Public key infrastructure utilizing master key encryption

US 7,499,551 B1
Filed: 05/14/1999
Issued: 03/03/2009
Est. Priority Date: 05/14/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for encrypting data, the method comprising:

providing a first data processing system for a first user and a second data processing system for a second user;

providing a session key randomly generated by the second system for use in encrypting original data;

encrypting the data by the second system using the session key and a symmetric encryption routine;

encrypting the session key by the second system, with a public key of the first user using an asymmetric encryption routine, for storage as a first user key blob;

encrypting the session key by the second system, with a master public key using the asymmetric encryption routine, for storage as a master key blob, wherein the session key is thereby twice encrypted;

storing by the first system a first user private key on any media;

decrypting the user key blob by the first system using the asymmetric encryption routine providing the first system with access to the session key;

the first system decrypting the data using the symmetric encryption routine; and

the second system securely transmitting the data to the first system.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosure encrypts and decrypts data using public key infrastructure with and allows an authorized third party to access and decrypt the encrypted data as required without requiring private key escrow. The disclosure utilizes a user private key, a user public key, a master private key, a master public key, and a session key generated by the system. The data is encrypted utilizing the session key. The session key is encrypted once utilizing the user public key and again utilizing the master public key. The encrypted data and the encrypted session keys are included in a data packet that is transmitted from one data processing system to another. The session key is decrypted utilizing the user private key. The data is decrypted utilizing the session key. When the authorized third party requires access to the data on the destination processing system, the session key is decrypted with the master private key and the data is decrypted with the session key.

85 Citations

View as Search Results

13 Claims

1. A method for encrypting data, the method comprising:
- providing a first data processing system for a first user and a second data processing system for a second user;
  
  providing a session key randomly generated by the second system for use in encrypting original data;
  
  encrypting the data by the second system using the session key and a symmetric encryption routine;
  
  encrypting the session key by the second system, with a public key of the first user using an asymmetric encryption routine, for storage as a first user key blob;
  
  encrypting the session key by the second system, with a master public key using the asymmetric encryption routine, for storage as a master key blob, wherein the session key is thereby twice encrypted;
  
  storing by the first system a first user private key on any media;
  
  decrypting the user key blob by the first system using the asymmetric encryption routine providing the first system with access to the session key;
  
  the first system decrypting the data using the symmetric encryption routine; and
  
  the second system securely transmitting the data to the first system.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method, as set forth in claim 1, further comprising storing the first user'"'"'s private key on a data storage medium coupled to a destination data processing system.
  - 3. The method, as set forth in claim 2, further comprising retrieving the first user'"'"'s private key from a smart card utilizing a smart card reader coupled to the destination data processing system.
  - 4. The method, as set forth in claim 2, further comprising retrieving a master private key from a smart card utilizing a smart card reader coupled to the destination data processing system.
  - 5. The method, as set forth in claim 1, further comprising storing a master private key on a data storage medium coupled to the destination data processing system.
  - 6. The method, as set forth in claim 1, further comprising utilizing a plurality of public keys and a plurality of private keys.

7. A method for encrypting data comprising:
- providing a first data processing system for a first user and a second data processing system for a second user;
  
  providing a session key randomly generated by the second system for use in encrypting original data;
  
  encrypting the data by the second system using the session key and a symmetric encryption routine;
  
  encrypting the session key by the second system, with a public key of the first user using an asymmetric encryption routine, for storage as a first user key blob;
  
  encrypting the session key by the second system, with a master public key using the asymmetric encryption routine, for storage as a master key blob, wherein the session key is thereby twice encrypted;
  
  storing by the first system a first user private key on any media;
  
  decrypting the user key blob by the first system using the asymmetric encryption routine providing the first system with access to the session key;
  
  the first system decrypting the data using the symmetric encryption routine;
  
  the second system securely transmitting the data to the first system; and
  
  a third party gaining access to the data using a master private key to decrypt the master key blob using the asymmetric encryption routine and gain access to the original data.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method as set forth in claim 7, wherein the first user'"'"'s private key is stored on a data storage medium coupled to the second data processing system.
  - 9. The method as set forth in claim 7, wherein a master private key is stored on a data storage medium coupled to the second data processing system.
  - 10. The method as set forth in claim 7, further comprising a smart card reader coupled to the second data processing system and operable to retrieve the first user'"'"'s private key from a smart card.
  - 11. The method as set forth in claim 7, further comprising a smart card reader coupled to the second data processing system and operable to retrieve a master private key from a smart card.
  - 12. The method as set forth in claim 7, further comprising:
    - a plurality of private keys; and
      
      a plurality of public keys.

13. A method for encrypting data comprising:
- providing a first data processing system for a first user and a second data processing system for a second user;
  
  the second user sending the first user a data file;
  
  the second system randomly generating a session key for use in encrypting original data in the data file;
  
  using the session key, the second system encrypting the data using a symmetric encryption routine;
  
  encrypting the session key by the second system, with a public key of the first user using an asymmetric encryption routine, for storage as a first user key blob within the encrypted data;
  
  encrypting the session key by the second system, with a master public key using the asymmetric encryption routine, for storage as a master key blob within the encrypted data, wherein the session key is thereby twice encrypted;
  
  the second system transmitting the encrypted data to the first system;
  
  storing by the first system a first user private key on any media;
  
  decrypting the user key blob by the first system using the asymmetric encryption routine providing the first system with access to the randomly generated session key;
  
  the first system decrypting the data using the symmetric encryption routine and the second system securely transmitting the data to the first system; and
  
  a third party gaining access to the data using a master private key to decrypt the master key blob using the asymmetric encryption routine and gain access to the original data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Computer Corporation (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Mire, Philip Jason
Primary Examiner(s)
Revak; Christopher A
Assistant Examiner(s)
Moorthy; Aravind K

Application Number

US09/312,150
Time in Patent Office

3,581 Days
Field of Search

380277-279, 380/201, 380/44, 380281-285, 713/156, 713/168, 713/171, 713/172, 713/182, 713/185, 713/189, 713/193, 726/9, 726/20
US Class Current

380/279
CPC Class Codes

H04L 9/006   involving public key infras...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0897   involving additional device...

Public key infrastructure utilizing master key encryption

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Public key infrastructure utilizing master key encryption

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links