Asymmetric crypto-graphy with rolling key security
First Claim
1. A system for securing information on a communications network comprising:
- a storage device configured to store information encrypted with a first type-one rolling key, wherein the first type-one rolling key and a first type-two rolling key are associated with a first asymmetric rolling crypto-key; and
a processor configured with logic to (i) direct transmission from a sending entity to an external computer system, via a network, of a request for the first type-two rolling key, (ii) receive from the external computer system, via the network, the first type-two rolling key responsive to the directed transmission, wherein the external computer system sends the first type-two rolling key after authentication of the sending entity based on a transmission of a proof of knowledge of the first type-one rolling key from the sending entity to the external computer (iii) decrypt the stored encrypted information with the first type-two rolling key, (iv) after so decrypting the information, generate a second asymmetric rolling crypto-key having a second type-one rolling key and a second type-two rolling key, (v) encrypt the information with the second type-one rolling keywherein at least one of the first type-one rolling key and the second type-one rolling key are generated based on a factor, which is generated based at least on the information or a password associated with a user.
5 Assignments
0 Petitions
Accused Products
Abstract
A system for securing information, includes a processor and storage device. The storage device stores information encrypted with one of a first private rolling key and a first public rolling key of an a first asymmetric rolling crypto-key, along with the one first rolling key. The processor has the logic to direct transmission, via a network, of proof of knowledge of the stored one first rolling key to authenticate a user, and of a request for the other of the first private rolling key and the first public rolling key. The processor receives the other first rolling key via the network, responsive to the directed transmission. The processor then decrypts the stored encrypted information with the received other first rolling key, and generates a second asymmetric rolling crypto-key having a second private rolling key and a second public rolling key. The processor encrypts the information with one of the second private rolling key and the second public rolling key. The processor also directs transmission of the other of the second private rolling key and the second public rolling key via the network. The storage device stores the information encrypted with the one second rolling key and the one second rolling key itself.
-
Citations
15 Claims
-
1. A system for securing information on a communications network comprising:
-
a storage device configured to store information encrypted with a first type-one rolling key, wherein the first type-one rolling key and a first type-two rolling key are associated with a first asymmetric rolling crypto-key; and a processor configured with logic to (i) direct transmission from a sending entity to an external computer system, via a network, of a request for the first type-two rolling key, (ii) receive from the external computer system, via the network, the first type-two rolling key responsive to the directed transmission, wherein the external computer system sends the first type-two rolling key after authentication of the sending entity based on a transmission of a proof of knowledge of the first type-one rolling key from the sending entity to the external computer (iii) decrypt the stored encrypted information with the first type-two rolling key, (iv) after so decrypting the information, generate a second asymmetric rolling crypto-key having a second type-one rolling key and a second type-two rolling key, (v) encrypt the information with the second type-one rolling key wherein at least one of the first type-one rolling key and the second type-one rolling key are generated based on a factor, which is generated based at least on the information or a password associated with a user. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for securing information on a communications network, comprising:
-
a storage device configured to store information encrypted with a first type-one rolling key, wherein the first type-one rolling key and a first type-two rolling key are associated with a first asymmetric rolling crypto-key; and a processor configured with logic to (i) direct transmission from a sending entity to an external computer system, via a network, of a request for the first type-two rolling key, (ii) receive from the external computer system, via the network, the first type-two rolling key responsive to the directed transmission, wherein the external computer system sends the first type-two rolling key after authentication of the sending entity based on a transmission of a proof of knowledge of the first type-one rolling key from the sending entity to the external computer (iii) decrypt the stored encrypted information with the first type-two rolling key, (iv) after so decrypting the information, generate a second asymmetric rolling crypto-key having a second type-one rolling key and a second type-two rolling key, and (v) encrypt the information with the second type-one rolling key; wherein the storage device is further configured to store the information encrypted with the second type-one rolling key; wherein at least one of the first type-one rolling key and the second type-one rolling key is generated based on a factor, which is generated based at least on the information or a password associated with a user; wherein at least one of the first type-one rolling key and the second type-one rolling key is a split private key having a first private key portion and a second private key portion; and wherein the processor is further configured with logic to generate the first private key portion of at least one of the first type-one rolling key and the second type-one rolling key associated with the user based on the factor.
-
-
7. A method for securing information on a communications network, comprising:
-
storing information encrypted with a first type-one rolling key, wherein the first type-one rolling key and a first type-two rolling key are associated with a first asymmetric rolling crypto-key, wherein the stored information is accessible to a first network entity; transmitting, via a network by the first network entity to a second network entity, a request for the first type-two rolling key; transmitting, via the network by the first network entity to the second network entity, proof of knowledge of the first type-one rolling key, to authenticate the first network entity to the second network entity prior to receipt of the first type-two rolling key; receiving, via the network by the first network entity from the second network entity, the requested first type-two rolling key; decrypting, by the first network entity, the stored information encrypted with the first type-one rolling key, by application of the received first type-two rolling key; generating, by the first network entity, a second asymmetric rolling crypto-key having a second type-one rolling key and a second type-two rolling key; encrypting, by the first network entity, the information with the second type-one rolling key; and storing the information encrypted with the second type-one rolling key, wherein at least one of the first type-one rolling key and the second type-one rolling key are generated based on a factor, which is generated based at least on the information or a password associated with a user. - View Dependent Claims (8, 9, 10)
-
-
11. A method for securing information on a communications network, comprising:
-
storing information encrypted with one of a first type-one rolling key of a first asymmetric rolling crypto-key, wherein the first type-one rolling key and a first type-two rolling key are associated with the first asymmetric rolling crypto-key associated with a first network entity, wherein the stored information is accessible to the first network entity, wherein at least one of the first type-one rolling key and the first type-two rolling key is generated based on a factor, which is generated based at least on the information or a password associated with a user and the at least one of the first type-one rolling key and the first type-two rolling key is a split private key having a first private key portion and a second private key portion; generating the factor based on at least the information or a password associated with a user, and encrypting the factor with the first type-one rolling key; transmitting, via a network by the first network entity to a second network entity, a request for the first type-two rolling key; receiving, via the network by the first network entity from the second network entity, the requested first type-two rolling key; decrypting, by the first network entity, the factor encrypted with the first type-one rolling key, by application of the received the first type-two rolling key; generating, by the first network entity, a second asymmetric rolling crypto-key having a second type-one rolling key and a second type-two rolling key; encrypting, by the first network entity, the factor with the second type-one rolling key; storing the factor encrypted with the second type-one rolling key; generating, by the first network entity, the first private key portion based on the factor and another factor corresponding to a password associated with the first network entity; and transmitting, via the network from the first network entity to the second network entity, proof of knowledge of the first private key portion to authenticate the first network entity to the second network entity.
-
-
12. An article of manufacture for securing information on a communications network, comprising:
-
computer readable storage media; and logic stored on the storage media, wherein the stored logic is configured to be readable by a computer and thereby cause the computer to operate so as to; store information encrypted with one of a first type-one rolling key, wherein the first type-one rolling key and a first type-two rolling key are associated with a first asymmetric rolling crypto-key, and the stored information is accessible to a first network entity; transmit, via a network to a second network entity, a request for the first type-two rolling key; transmit, via the network to the second network entity, proof of knowledge of the first type-one rolling key, to authenticate the first network entity to the second network entity, wherein the second network entity sends the first type-two rolling key to the first network entry only after the authentication is successful; receive, via the network from the second network entity, the requested first type-two rolling key; decrypt the stored information encrypted with the first type-one rolling key, by application of the received the first type-two rolling key; generate a second asymmetric rolling crypto-key having a second type-one rolling key and a second type-two rolling key; encrypt the information with the second type-one rolling key; and store the information encrypted with the second type-one rolling key, wherein at least one of the first type-one rolling key and the second type-one rolling key are generated based on a factor, which is generated based at least on the information or a password associated with a user. - View Dependent Claims (13, 14)
-
-
15. An article of manufacture for securing information on a communications network, comprising:
-
computer readable storage media; and logic stored on the storage media, wherein the stored logic is configured to be readable by a computer and thereby cause the computer to operate so as to; store information encrypted with a first type-one rolling key, wherein the first type-one rolling key and a first type-two rolling key are associated with a first asymmetric rolling crypto-key, and the stored information is accessible to a first network entity; transmit, via a network to a second network entity, a request for the first type-two rolling key; receive, via the network from the second network entity, the requested the first type-two rolling key; decrypt the stored information encrypted with the first type-one rolling key, by application of the received the first type-two rolling key; generate a second asymmetric rolling crypto-key having a second type-one rolling key and a second type-two rolling key; encrypt the information with the second type-one rolling key; and store the information encrypted with the second type-one rolling key; wherein at least one of the first type-one rolling key and the second type-one rolling key are generated based on a factor, which is generated based at least on the information or a password associated with a user; wherein at least one of the first type-one rolling key and the first type-two rolling key is a type of a private key, wherein the private key is a split private key having a first private key portion and a second private key portion; and wherein the stored logic is further configured to cause the computer to operate so as to (i) generate the first private key portion based at least on the factor and another factor corresponding to a password associated with the first network entity, and (ii) transmit, via the network to the second network entity, proof of knowledge of the first private key portion to authenticate the first network entity to the second network entity.
-
Specification