Systems and methods for providing information security using context-based keys
First Claim
1. A method for contextually-encrypting data, comprising the steps of:
- detecting an item of original data that is to be encrypted;
identifying contextual information relating to creation of the item of original data, wherein the contextual information comprises at least data uniquely representing an application program with which the item of original data was created;
generating unique cryptographic information for use in encrypting the item of original data, wherein the unique cryptographic information is stored in a database in association with data identifying the contextual information comprising at least the data uniquely representing the application program; and
generating an encrypted output of the item of original data as a function of the item of original data and the unique cryptographic information.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for securing or encrypting data or other information arising from a user'"'"'s interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or accessed. The ciphertext can be stored in a user'"'"'s storage device or in an enterprise database (e.g., at-rest encryption), or shared with other users (e.g., cryptographic communication). Use of context-based encryption keys enables key association with individual data elements, as opposed to public-private key pairs, or use of conventional user-based or system-based keys. In scenarios wherein data is shared by a sender with other users, the system manages the rights of users who are able to send and/or access the sender'"'"'s data according to pre-defined policies/roles.
35 Citations
28 Claims
-
1. A method for contextually-encrypting data, comprising the steps of:
-
detecting an item of original data that is to be encrypted; identifying contextual information relating to creation of the item of original data, wherein the contextual information comprises at least data uniquely representing an application program with which the item of original data was created; generating unique cryptographic information for use in encrypting the item of original data, wherein the unique cryptographic information is stored in a database in association with data identifying the contextual information comprising at least the data uniquely representing the application program; and generating an encrypted output of the item of original data as a function of the item of original data and the unique cryptographic information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 27, 28)
-
-
16. A method for decrypting contextually-encrypted data, comprising the steps of:
-
detecting a particular encrypted output corresponding to an item of original data that is to be decrypted, wherein the particular encrypted output comprises at least a first type of cryptographic information associated with one or more items of contextual information, wherein at least one of the one or more items of contextual information comprises data uniquely representing an application program with which the item of original data was created; retrieving from a database one or more access control policies corresponding to the one or more items of contextual information, wherein the one or more access control policies define access to the item of original data based in part on the one or more items of contextual information; determining, based on satisfaction of at least one of the one or more access policies, that a particular user is authorized to access the item of original data associated with the first type of cryptographic information; upon determination that the particular user is authorized to access the item of original data, retrieving from the database a second type of cryptographic information associated with the first type of cryptographic information in the database; and decrypting the item of original data from the particular encrypted output by processing the second type of cryptographic information via an encryption algorithm. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification