Method and system for securing electronic data

US 8,806,200 B2
Filed: 11/30/2012
Issued: 08/12/2014
Est. Priority Date: 11/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method for securing electronic data by encrypting the electronic data through symmetric key encryption, thereby creating a secured data file format for the encrypted electronic data, wherein the step of encrypting the electronic data through the symmetric key encryption comprises the following steps:

creating a data file signature;

adding a Gateway Header Block (GHB) which comprises information to communicate with a server and for computing a first key, wherein the information for computing the first key comprises at least one of IP address,name of the server, port numbers, protocols and other communication information;

encrypting the GHB using a fixed key and a standard encryption algorithm;

creating a file icon block and an open header block;

creating a first data record block with a file policy and information for computing a second key;

creating a second data record block with an adapter data and information for computing a third key;

computing a third key;

creating a first random data block and a file data block;

creating a first encrypted block by encrypting the file data block with the third key and a standard encryption algorithm;

creating a second random data block;

creating the second encrypted block by encrypting the second data record block, first random data block, first encrypted block and the second random data block, with the second key and the standard encryption algorithm; and

creating the third encrypted block by encrypting the first data record block and the second encrypted block with the first key and the standard encryption algorithm.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The various embodiments herein provide a method for securing electronic data using an automatic key management technique to manage cryptographic keys. The method for securing electronic data comprises providing a data to a writer module, embedding a data usage policy, encrypting the data through a symmetric key encryption, creating a secure data file format for the data, accessing the secure data file format through a reader module, checking for a data file usage policy, dynamically updating the data file usage policy, if there is a change in the file usage policy on an application server, authenticating a user as per the file usage policy, decrypting the secure data file format, invoking one or more adapters and enforcing the data file usage policy. The secure data file format herein comprises data encrypted with a layered structure, instructions for computation of keys along with randomized data and instructions for de-randomizing of data.

Citations

10 Claims

1. A method for securing electronic data by encrypting the electronic data through symmetric key encryption, thereby creating a secured data file format for the encrypted electronic data, wherein the step of encrypting the electronic data through the symmetric key encryption comprises the following steps:
- creating a data file signature;
  
  adding a Gateway Header Block (GHB) which comprises information to communicate with a server and for computing a first key, wherein the information for computing the first key comprises at least one of IP address,name of the server, port numbers, protocols and other communication information;
  
  encrypting the GHB using a fixed key and a standard encryption algorithm;
  
  creating a file icon block and an open header block;
  
  creating a first data record block with a file policy and information for computing a second key;
  
  creating a second data record block with an adapter data and information for computing a third key;
  
  computing a third key;
  
  creating a first random data block and a file data block;
  
  creating a first encrypted block by encrypting the file data block with the third key and a standard encryption algorithm;
  
  creating a second random data block;
  
  creating the second encrypted block by encrypting the second data record block, first random data block, first encrypted block and the second random data block, with the second key and the standard encryption algorithm; and
  
  creating the third encrypted block by encrypting the first data record block and the second encrypted block with the first key and the standard encryption algorithm.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as claimed in claim 1, wherein the method further includes the step of employing at least one of a standard algorithm for the symmetric key encryption.
  - 3. The method as claimed in claim 1, wherein the method further includes the step of using a symmetric key decryption for accessing the secure data file format using at least one of a standard algorithm.
  - 4. The method as claimed in claim 1, wherein the data is extracted from a digital data source, said digital data source being one of a dynamic data source comprising an application and a static data source.
  - 5. The method as claimed in claim 1, wherein the data is a MIME (Multipurpose Internet Mail Extensions) Media type.
  - 6. The method as claimed in claim 1, wherein the standard encryption algorithm is selected from the group consisting of AES 256, and NSA standard symmetric key encryption algorithms.
  - 7. The method as claimed in claim 1, wherein the method further includes the step of decrypting the encrypted data through symmetric key decryption, wherein the step of symmetric key decryption includes the following steps:
    - decrypting GHB using the fixed key;
      
      computing the first key using the information for computing the first key in GHB;
      
      decrypting the third encrypted block using the first key and extracting the file usage policy from the first data record block;
      
      computing the second key using information in the first data record block;
      
      decrypting the second encrypted block using the second key;
      
      discarding the second random data block;
      
      computing the third key using the information in the second data record block and extracting the adapter data;
      
      decrypting the first encrypted block using the third key;
      
      discarding the first random data block; and
      
      extracting the data from the secured data file.
  - 8. The method of securing electronic data by encrypting the electronic data through symmetric key encryption, thereby creating a secured data file format for the encrypted electronic data as claimed in claim 1 wherein, the step of creating a secure data file format includes the step of creating a secure data file format comprising:
    - the data signature block;
      
      the gateway header block encrypted with a fixed key and information to compute a first key;
      
      the file icon block;
      
      the open data block;
      
      the first data record block,the second data record block;
      
      the first random data block;
      
      the file data block; and
      
      the second random data block;
      
      wherein the file data block forms a first encrypted block, the second encrypted block is created by encrypting the second data record block, the first random data block, the first encrypted block and the second random data block, and wherein the third encrypted block is created by encrypting the first data record block and the second encrypted block.

9. A system for securing electronic data, said system comprising a writer module and a reader module, wherein said writer module is configured to encrypt the electronic data through a symmetric key encryption thereby generating a secured data file format for the encrypted electronic data, said writer module further configured to:
- create a data file signature;
  
  add a Gateway Header Block (GHB), said GHB configured to communicate with a server and compute a first key, wherein the information for computing the first key comprises at least one of IP address, name of the server, port numbers, and protocols;
  
  encrypt the GHB using a fixed key and a standard encryption algorithm;
  
  create a file icon block and an open header block;
  
  create a first data record block with a file policy and information for computing a second key;
  
  create a second data record block with an adapter data and information for computing a third key;
  
  compute a third key;
  
  create a first random data block and a file data block;
  
  create a first encrypted block by encrypting the file data block with the third key and a standard encryption algorithm;
  
  create a second random data block;
  
  create the second encrypted block by encrypting the second data record block, first random data block, first encrypted block and the second random data block, with the second key and the standard encryption algorithm; and
  
  create the third encrypted block by encrypting the first data record block and the second encrypted block with the first key and the standard encryption algorithm; and
  
  wherein the reader module is configured to receive the secured data file comprising the encrypted data, and decrypt the encrypted electronic data through symmetric key decryption, said reader module further configured to;
  
  decrypt GHB using the fixed key;
  
  compute the first key using the information for computing the first key in GHB;
  
  decrypt the third encrypted block using the first key and extract the file usage policy from the first data record block;
  
  compute the second key using information in the first data record block;
  
  decrypt the second encrypted block using the second key;
  
  discard the second random data block;
  
  compute the third key using the information in the second data record block and extract the adapter data;
  
  decrypt the first encrypted block using the third key;
  
  discard the first random data block; and
  
  extract the electronic data from the secured data file.
- View Dependent Claims (10)
- - 10. The system as claimed in claim 9, wherein the writer module is configured to generate a secured data file format for the encrypted electronic data, said writer module configured to create a secured data file format comprising:
    - the data signature block;
      
      the gateway header block encrypted with a fixed key and information to compute a first key;
      
      the file icon block;
      
      the open data block;
      
      the first data record block;
      
      the second data record block;
      
      the first random data block;
      
      the file data block; and
      
      the second random data block;
      
      wherein the file data block forms a first encrypted block, the second encrypted block is created by encrypting the second data record block, the first random data block, the first encrypted block and the second random data block, and wherein the third encrypted block is created by encrypting the first data record block and the second encrypted block.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Securelyshare Software Private Limited (Zscaler Incorporated)
Original Assignee
Prakash Baskaran
Inventors
Baskaran, Prakash
Primary Examiner(s)
Hailu, Teshome
Assistant Examiner(s)
LE, THANH H

Application Number

US13/689,847
Publication Number

US 20140156991A1
Time in Patent Office

620 Days
Field of Search

713/165
US Class Current

713/165
CPC Class Codes

G06F 21/6209   to a single file or object,...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/0838   using one-time-passwords

H04L 63/205   involving negotiation or de...

Method and system for securing electronic data

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for securing electronic data

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links