Systems and methods for providing information security using context-based keys
First Claim
1. A method for managing encryption of data associated with one or more application programs operating on one or more electronic computing devices, comprising the steps of:
- receiving at a centralized server module a request for encryption of an item of original data from a particular client module operating on a particular electronic computing device, wherein the request for encryption includes contextual information relating to creation of the item of original data;
extracting the contextual information from the request for encryption;
generating via the centralized server module a context-based key (CBK) and a context-based key identifier (CBK ID) based on the contextual information for use in encrypting the item of original data, wherein the CBK ID comprises at least a portion of the contextual information and the CBK is generated by processing the CBK ID through a cryptographic algorithm; and
transmitting the CBK and the CBK ID from the centralized server module to the particular client module operating on the particular electronic computing device for use in encryption of the item of original data.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for securing or encrypting data or other information arising from a user'"'"'s interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or accessed. The ciphertext can be stored in a user'"'"'s storage device or in an enterprise database (e.g., at-rest encryption), or shared with other users (e.g., cryptographic communication). Use of context-based encryption keys enables key association with individual data elements, as opposed to public-private key pairs, or use of conventional user-based or system-based keys. In scenarios wherein data is shared by a sender with other users, the system manages the rights of users who are able to send and/or access the sender'"'"'s data according to pre-defined policies/roles.
35 Citations
10 Claims
-
1. A method for managing encryption of data associated with one or more application programs operating on one or more electronic computing devices, comprising the steps of:
-
receiving at a centralized server module a request for encryption of an item of original data from a particular client module operating on a particular electronic computing device, wherein the request for encryption includes contextual information relating to creation of the item of original data; extracting the contextual information from the request for encryption; generating via the centralized server module a context-based key (CBK) and a context-based key identifier (CBK ID) based on the contextual information for use in encrypting the item of original data, wherein the CBK ID comprises at least a portion of the contextual information and the CBK is generated by processing the CBK ID through a cryptographic algorithm; and transmitting the CBK and the CBK ID from the centralized server module to the particular client module operating on the particular electronic computing device for use in encryption of the item of original data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification