Information-centric security
First Claim
1. A system for encrypting a data encryption key, the system comprising:
- a key encryption key generator configured to receive a public key portion of a label, the label including an asymmetric key pair including of the public key portion and a private key portion, the key encryption key generator being further configured to process the public key portion of the label to obtain a key encryption key;
a data encryption key encoder configured to receive the key encryption key from the key encryption key generator and to receive a data encryption key from a random number generator, the encoder being further configured to encrypt the data encryption key using the key encryption key to produce an encrypted data encryption key and to provide the encrypted data encryption key to an encryption device for forwarding with data encrypted using the data encryption key;
and a combiner configured to receive and to combine at least two pieces of the label to provide the public key portion of the label to the key encryption key generator, wherein the at least two pieces of the label are the result of a parsing process applied to the label that produces pieces of the label, wherein each piece of the label is useless for indicating a key unless combined with at least one other piece of the label.
3 Assignments
0 Petitions
Accused Products
Abstract
A system for encrypting a data encryption key includes a key encryption key generator configured to receive a public portion of a label, the label including an asymmetric key pair of the public portion and a private portion, the key encryption key generator being further configured to process the public portion of the label to obtain a key encryption key, and a data encryption key encoder configured to receive the key encryption key from the key encryption key generator and to receive a data encryption key from a random number generator, the encoder being further configured to encrypt the data encryption key using the key encryption key to produce an encrypted data encryption key and to provide the encrypted data encryption key to an encryption device.
174 Citations
32 Claims
-
1. A system for encrypting a data encryption key, the system comprising:
- a key encryption key generator configured to receive a public key portion of a label, the label including an asymmetric key pair including of the public key portion and a private key portion, the key encryption key generator being further configured to process the public key portion of the label to obtain a key encryption key;
a data encryption key encoder configured to receive the key encryption key from the key encryption key generator and to receive a data encryption key from a random number generator, the encoder being further configured to encrypt the data encryption key using the key encryption key to produce an encrypted data encryption key and to provide the encrypted data encryption key to an encryption device for forwarding with data encrypted using the data encryption key; and a combiner configured to receive and to combine at least two pieces of the label to provide the public key portion of the label to the key encryption key generator, wherein the at least two pieces of the label are the result of a parsing process applied to the label that produces pieces of the label, wherein each piece of the label is useless for indicating a key unless combined with at least one other piece of the label. - View Dependent Claims (2, 3, 4, 5, 6, 7, 19, 26)
- a key encryption key generator configured to receive a public key portion of a label, the label including an asymmetric key pair including of the public key portion and a private key portion, the key encryption key generator being further configured to process the public key portion of the label to obtain a key encryption key;
-
8. A system for decrypting an encrypted data encryption key, the system comprising:
- a key encryption key generator configured to receive a private key portion of a label, the label including an asymmetric key pair including a public key portion and the private key portion, the key encryption key generator being further configured to process the private key portion of the label to obtain a key encryption key;
a data encryption key decoder configured to receive the key encryption key from the key encryption key generator and to receive an encrypted data encryption key associated with ciphertext, the decoder being further configured to decrypt the data encryption key using the key encryption key to produce an unencrypted data encryption key and to provide the unencrypted data encryption key to a decryption device; and a combiner configured to receive and to combine at least two pieces of the label to provide the public key portion of the label to the key encryption key generator, wherein the at least two pieces of the label are the result of a parsing process applied to the label that produces pieces of the label, wherein each piece of the label is useless for indicating a key unless combined with at least one other piece of the label. - View Dependent Claims (9, 10, 20, 27)
- a key encryption key generator configured to receive a private key portion of a label, the label including an asymmetric key pair including a public key portion and the private key portion, the key encryption key generator being further configured to process the private key portion of the label to obtain a key encryption key;
-
11. A cryptographic system for providing cryptographic key management, the system comprising:
-
a communications interface configured to communicate electronically with a plurality of clients; a memory configured to store at least one of a public key portion and a private portion of a cryptographic key pair associated with different levels of access; and a key management module configured and connected to communicate with the interface and the memory and configured to; split public and private key portions of encryption keys into pieces, wherein each piece is useless for indicating a key unless combined with at least one other piece; provide access by one or more clients through the communication interface to public and private key portions if the one or more clients satisfy at least one authentication mechanism associated with a first security level at least as high as a second security level associated with the key portions that the one or more clients desire to access, wherein the access is provided by providing to the one or more clients access to one or more pieces of the public and/or private key portions based on results of the at least one authentication mechanism; and to enable at least one of the clients to encrypt a data encryption key, based on the one or more pieces of the public and/or private key portions to which the at least one of the clients is provided with access, wherein the data encryption key is to be used in encrypting a plaintext message. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 22, 23, 24)
-
-
21. A computer program product for encrypting/decrypting information, the computer program-product residing on a computer-readable medium and comprising computer-readable instructions configured to cause a computer to:
-
receive a public key portion of a label for key encryption and to receive a private key portion of the label for key decryption, the label including an asymmetric key pair including the public and private key portions; cause the computer to produce the public and private key portions of the label by combining portions of the public and private key portions, wherein the portions of the public and private key portions of the label are the result of a parsing process applied to the label that produces portions of the label, wherein each portion of the label is useless for indicating a key unless combined with at least one other portion of the label; process the public key portion and an ephemeral private key to obtain a key encryption key for information encryption and to process the private key portion and an ephemeral public key to obtain the key encryption key for information decryption; for information encryption; receive a data encryption key from a random number generator; encrypt the data encryption key using the key encryption key to produce an encrypted data encryption key; and provide the encrypted data encryption key to an encryption device; and
for information decryption;receive the key encryption key and an encrypted data encryption key associated with ciphertext; decrypt the data encryption key using the key encryption key to produce an unencrypted data encryption key; and provide the unencrypted data encryption key to a decryption device. - View Dependent Claims (25, 28, 29, 30, 31, 32)
-
Specification