Family of encryption keys
First Claim
1. A method comprising:
- generating an original symmetric encryption key useable to encrypt and decrypt information;
generating from the original symmetric encryption key a family of symmetric encryption keys useable to encrypt and decrypt information, the symmetric encryption keys of the family having a relationship such that a descendent key of the family is derivable from each key that is an ancestor of the descendent key in the family; and
rolling over a key used in securing information, said rolling over comprising providing a next symmetric encryption key of the family in an order opposite that of an order of key generation;
wherein said rolling over is performed using a hardware processor; and
wherein the family of symmetric encryption keys is used in a document control system to secure documents, the method further comprising synchronizing offline access information with a client, the offline access information comprising a key from the family of symmetric encryption keys.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and techniques relating to cryptographic keys include, in one implementation, a technique involving: generating a symmetric encryption key; and generating from the symmetric encryption key a family of symmetric encryption keys having a relationship such that a descendent key of the family is derivable from each key that is an ancestor of the descendent key in the family. Generating the family of symmetric encryption keys can involve cryptographically hashing the original symmetric encryption key and resulting hashed encryption keys. The technique can further include rolling over a key used in securing information by providing a next symmetric encryption key of the family in an order opposite that of an order of key generation; and a client can cryptographically hash a first symmetric encryption key to produce a second symmetric encryption key of the family and decrypt information associated with an electronic document with the key thus produced.
-
Citations
22 Claims
-
1. A method comprising:
-
generating an original symmetric encryption key useable to encrypt and decrypt information; generating from the original symmetric encryption key a family of symmetric encryption keys useable to encrypt and decrypt information, the symmetric encryption keys of the family having a relationship such that a descendent key of the family is derivable from each key that is an ancestor of the descendent key in the family; and rolling over a key used in securing information, said rolling over comprising providing a next symmetric encryption key of the family in an order opposite that of an order of key generation; wherein said rolling over is performed using a hardware processor; and wherein the family of symmetric encryption keys is used in a document control system to secure documents, the method further comprising synchronizing offline access information with a client, the offline access information comprising a key from the family of symmetric encryption keys. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory machine-readable medium embodying a software product comprising instructions operable to cause one or more data processing apparatus to perform operations comprising:
-
rolling over a symmetric encryption key useable to encrypt and decrypt information, said rolling over comprising providing a new symmetric encryption key from which an old symmetric encryption key is derivable; wherein the old symmetric encryption key is derivable from the new symmetric encryption key by cryptographically hashing the new symmetric encryption key; wherein the new and old symmetric encryption keys are part of a first family of encryption keys of size N, and said rolling over further comprises providing an encryption key from a second family of encryption keys once keys from the first family have been used; and wherein said first and second families of encryption keys are used in a document control system to secure documents, the operations further comprising synchronizing offline access information with a client, the offline access information comprising a key from each of the first family and the second family. - View Dependent Claims (14)
-
-
15. A non-transitory machine-readable medium embodying a software product comprising instructions operable to cause one or more data processing apparatus to perform operations comprising:
- cryptographically hashing a first symmetric encryption key one or more times to produce a second symmetric encryption key; and
decrypting information associated with an electronic document with the first symmetric encryption key in addition to the second symmetric encryption key wherein said first and second symmetric encryption keys are used in a document control system to secure one or more documents, the operations further comprising synchronizing offline access information with the document control system, the offline access information comprising the first symmetric encryption key. - View Dependent Claims (16, 17, 18)
- cryptographically hashing a first symmetric encryption key one or more times to produce a second symmetric encryption key; and
-
19. A system comprising:
-
a document control server system including hardware, where the server system synchronizes offline access information with clients, including; sending an encryption key obtained in reverse order from a family of encryption keys generated by cryptographically hashing a first key of the family multiple times to form a total of N keys in the family of encryption keys, along with an indication of the reverse order of the family of encryption keys such that the total of N keys in the family are usable in the reverse order of key generation; and a client system including hardware, where the client system receives the offline access information from the document control server system and allows access to an electronic document, when offline, using the encryption key, including cryptographically hashing the encryption key as needed to access historical documents. - View Dependent Claims (20, 21, 22)
-
Specification