Cryptographic key management
First Claim
1. A cryptographic coalition administrator for managing information access across multiple organizations, the administrator comprising:
- a communications interface configured to communicate electronically transmit and receive information;
a memory configured to store a plurality of pairs of public and private cryptographic keys associated with different levels of access; and
a key manager connected to and configured to communicate with the interface and the memory and further configured to;
distribute cryptographic key sets, of public keys and private keys, to first and second organizations of members;
determine a first group of members in the first organization to have authorization to exchange information with a second group of members in the second organization, the first and second groups sharing cryptographic parameters, and public and private keys; and
distribute a first cryptographic key set, from the cryptographic key sets, to the first group, the first group having a first sensitivity level at least as high as a second sensitivity level associated with the first cryptographic key set.
3 Assignments
0 Petitions
Accused Products
Abstract
A cryptographic coalition administrator for managing information access across multiple organizations includes a communications interface configured to communicate electronically transmit and receive information, a memory configured to store pairs of public and private cryptographic keys associated with different levels of access, and a key manager configured and connected to communicate with the interface and the memory and configured to: distribute cryptographic key sets, of public cryptographic keys and private cryptographic keys, to first and second organizations of members; determine a first group of members in the first organization to have authorization to exchange information with a second group of members in the second organization, the first and second groups sharing cryptographic parameters, and public and private cryptographic keys; and distribute a first cryptographic key set, from the cryptographic key sets, to the first group, the first group having a first sensitivity level at least as high as a second sensitivity level associated with the first cryptographic key set.
-
Citations
13 Claims
-
1. A cryptographic coalition administrator for managing information access across multiple organizations, the administrator comprising:
-
a communications interface configured to communicate electronically transmit and receive information; a memory configured to store a plurality of pairs of public and private cryptographic keys associated with different levels of access; and a key manager connected to and configured to communicate with the interface and the memory and further configured to; distribute cryptographic key sets, of public keys and private keys, to first and second organizations of members; determine a first group of members in the first organization to have authorization to exchange information with a second group of members in the second organization, the first and second groups sharing cryptographic parameters, and public and private keys; and distribute a first cryptographic key set, from the cryptographic key sets, to the first group, the first group having a first sensitivity level at least as high as a second sensitivity level associated with the first cryptographic key set. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for use in transferring encrypted information between multiple organizations, the system comprising:
-
a communications interface configured to communicate electronically transmit and receive information; a memory configured to store a plurality of pairs of public and private cryptographic keys; and a key manager connected and configured to communicate with the interface and the memory and further configured to; receive a first public cryptographic key, associated with a first organization, that has been encrypted using a second public cryptographic key associated with a second organization; decrypt the first public key using a first private key; encrypt a plaintext message using a data encryption key to produce a ciphertext; encrypt the data encryption key using the first public key to produce a first encrypted key; send the ciphertext and the first encrypted key toward the first organization; encrypt the data encryption key using the a third public cryptographic key, associated with the second organization, to produce a second encrypted key; and send the ciphertext and the second encrypted key toward a member of the second organization; wherein the system is associated with the second organization.
-
-
10. A method of exchanging information, the method comprising:
-
transmitting a first public key from a device at a first entity to a second entity; receiving, by the device, from the second entity, a second public key encrypted by the second entity using the first public key; decrypting the second public key by the device using a first private key associated with the first public key; encrypting information by the device using a data encryption key to produce ciphertext; encrypting the data encryption key by the device using the second public key to produce a first encrypted key; transmitting, by the device, the ciphertext and the first encrypted key from the first entity to the second entity; encrypting the data encryption key by the device using a third public cryptographic key to produce a second encrypted key; and transmitting, by the device, the ciphertext and the second encrypted key from the first entity to a third entity. - View Dependent Claims (11, 12, 13)
-
Specification