Secure self managed data (SSMD)
First Claim
1. A method for securing data, the method comprising:
- assigning a classification level to the data;
assigning a unique identification (ID) to the data;
assigning an expiration period to the data;
obtaining a master application key for encryption from a key site, wherein the master application key is specific to a user application;
the master application key is encrypted using a master key seal key; and
the encrypted master application key is broken into multiple parts that are stored separately;
generating a main secure self-managed data (SSMD) key using the unique ID and the master application key, wherein the generated main SSMD key is never stored anywhere and is not shared; and
encoding the data, unique ID, expiration period, and data classification level using the generated main SSMD key that is never stored anywhere and is not shared, wherein the encoded data and encoded unique ID, expiration period, and data classification level form an SSMD encoded data, wherein;
the generated SSMD key that is not stored anywhere and is not shared is used to decode the SSMD encoded data, including decoding the data classification level of the SSMD encoded data included in the SSMD encoded data.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, according to one embodiment, includes a master key for encryption of data; an encryption key site accessible by computer and storing a first piece of the master key; a configuration file resident in a computer file system, the configuration file storing a second piece of the master key; a computer database storing a third piece of the master key; a master-key seal key used to encrypt the master key, wherein a secure self managed data (SSMD) key is obtained by assembling and decrypting the first piece, the second piece and the third piece using the master-key seal key; a unique ID for the data; a classification level for the data; and an expiration time for the data, wherein the data, the unique ID, the classification level, and the expiration time are encrypted together using the SSMD key to form an SSMD encoded data.
-
Citations
20 Claims
-
1. A method for securing data, the method comprising:
-
assigning a classification level to the data; assigning a unique identification (ID) to the data; assigning an expiration period to the data; obtaining a master application key for encryption from a key site, wherein the master application key is specific to a user application; the master application key is encrypted using a master key seal key; and the encrypted master application key is broken into multiple parts that are stored separately; generating a main secure self-managed data (SSMD) key using the unique ID and the master application key, wherein the generated main SSMD key is never stored anywhere and is not shared; and encoding the data, unique ID, expiration period, and data classification level using the generated main SSMD key that is never stored anywhere and is not shared, wherein the encoded data and encoded unique ID, expiration period, and data classification level form an SSMD encoded data, wherein; the generated SSMD key that is not stored anywhere and is not shared is used to decode the SSMD encoded data, including decoding the data classification level of the SSMD encoded data included in the SSMD encoded data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for accessing secure data by an application, the method comprising:
-
obtaining a classification level of an identity associated with the application; obtaining a secure self-managed data (SSMD) encoded data and a unique ID associated with the SSMD encoded data; obtaining a master application key for encryption from a key site, wherein; the master application key is specific to the application; the master application key is encrypted using a master key seal key; and the encrypted master application key is broken into multiple parts that are stored separately; generating an SSMD key using the unique ID and the master application key, wherein the generated SSMD key is not stored anywhere and is not shared; using the generated SSMD key that is not stored anywhere and is not shared to decode the SSMD encoded data, including decoding a classification level of the SSMD encoded data included in the SSMD encoded data, wherein; the data unique ID, expiration period, and data classification level were encoded using the generated main SSMD key that is never stored anywhere and is not shared, and returning the decoded SSMD encoded data to the application if the data has not expired and the classification level of the identity associated with the application subsumes the classification level of the SSMD encoded data. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
a memory for storing computer readable and executable instructions for execution by one or more processors; and one or more processors configured for assigning a classification level to the data; assigning a unique identification (ID) to the data; assigning an expiration period to the data; obtaining a master application key for encryption from a key site, wherein; the master application key is specific to a user application; the master application key is encrypted using a master key seal key; the encrypted master application key is broken into multiple parts that are stored separately; generating a main secure self-managed data (SSMD) key using the unique ID and the master application key, wherein the generated main SSMD key is never stored anywhere and is not shared; and encoding the data, unique ID, expiration period, and data classification level using the generated main SSMD key that is never stored anywhere and is not shared, wherein the encoded data and encoded unique ID, expiration period, and data classification level form an SSMD encoded data; and decoding the SSMD encoded data using the generated SSMD key that is stored anywhere and is not shared, including decoding a classification level of the SSMD encoded data included in the SSMD encoded data. - View Dependent Claims (18, 19, 20)
-
Specification