Encryption of data to be stored in an information processing system

US 20030188181A1
Filed: 11/22/2002
Published: 10/02/2003
Est. Priority Date: 05/24/2000
Status: Active Grant

First Claim

Patent Images

1. A method for allocating at least one encryption parameter to at least one user (4) for encryption of data to be stored in an information processing system, comprising the steps of:

requesting at least one encryption parameter by a data processing system (1);

determining at least one encryption parameter for a symmetric encryption parameter in response to the request;

transmitting the at least one determined encryption parameter to the data processing system (1);

generating an allocation information which associates the at least one symmetric encryption parameter with the data to be stored and/or with the user (4);

storing the generated allocation information, the allocation information being accessible to at least one authorized third party.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The aim of the invention is to provide a means of encrypting company-related data which also ensures that the data can be reproduced if the key is lost. To this end, the invention provides a method or an information processing system in which a key for a symmetrical encryption method is allocated to a user (4) for encrypting the data. Allocation information associating the key with the predetermined data to be encrypted and/or the user (4) is stored and can only be accessed by an authorised third party. If necessary, the key used for the particular data can be determined and the encrypted data reproduced, i.e. rendered readable, by this authorized third party. The allocation information, associating a particular key with an element identifying the predetermined data or a user identifier, can be stored in the information processing system in a predetermined manner or be created following a request for the allocation of a key.

70 Citations

View as Search Results

11 Claims

1. A method for allocating at least one encryption parameter to at least one user (4) for encryption of data to be stored in an information processing system, comprising the steps of:
- requesting at least one encryption parameter by a data processing system (1);
  
  determining at least one encryption parameter for a symmetric encryption parameter in response to the request;
  
  transmitting the at least one determined encryption parameter to the data processing system (1);
  
  generating an allocation information which associates the at least one symmetric encryption parameter with the data to be stored and/or with the user (4);
  
  storing the generated allocation information, the allocation information being accessible to at least one authorized third party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as recited in claim 1, wherein the allocation information is generated by linking at least one identifier of the data to be stored and/or at least one identifier of the user to the at least one encryption parameter.
  - 3. The method as recited in claim 1 or 2, wherein the at least one symmetric encryption parameter is encrypted using an asymmetric encryption method before it is transmitted to data processing system (1);
    - and the at least one asymmetrically encrypted symmetric encryption parameter is decrypted in the data processing system (1) using a private key which is allocated to the user (4).
  - 4. The method as recited in claim 1, 2 or 3, wherein the at least one encryption parameter is determined in response to information which is stored in the information processing system and which relates, in particular, to at least one identifier of the data to be stored and/or to at least one identifier of the user (4).
  - 5. The method as recited in claim 1, 2 or 3, wherein the at least one encryption parameter is determined independently of the data to be stored and/or of the user (4) and, subsequently, the allocation information is stored by which the at least one encryption parameter is allocated to the data to be stored and/or to the user.
  - 6. The method as recited in one of the claims 1 through 5, wherein the access rights of the user (4) to the information processing system are checked prior to determining the at least one encryption parameter;
    - and when the access rights exist, a certificate is retrieved, which is allocated to the user (4) and which can contain user-specific information, in particular, a public key of the user (4).
  - 7. The method as recited in one of the claims 1 through 6, wherein the processing of the respective request, the determination of the at least one encryption parameter and/or the storage of the allocation information which associates the at least one encryption parameter with the respective data to be stored and/or with the user (4), are carried out in separate devices of the information processing system, respectively.
  - 8. The method as recited in one of the claims 1 through 7, wherein the at least one encryption parameter is automatically requested by the data processing system (1) as a function of the type of the data to be stored.
  - 9. The method as recited in one of the claims 1 through 7, wherein the at least one encryption parameter is requested by the user (4) on the data processing system (1).
  - 10. An information processing system, in particular, for carrying out a method according to one of the claims 1 through 9, comprising at least one data processing system (1) for emitting a request for at least one symmetric encryption parameter;
    - a device (3) which is connected to the at least one data processing system (1) and used for processing requests for at least one symmetric encryption parameter, the at least one symmetric encryption parameter being determined by the device (3) in response to a request of the data processing system (1) and transmitted to the data processing system (1);
      
      a device for generating (3) an allocation information which associates the at least one symmetric encryption parameter with the data to be stored and/or with the user (4); and
      
      a device (6) for storing the generated allocation information, the allocation information being accessible to at least one authorized third party.
  - 11. The information processing system as recited in claim 10, characterized by a storage device (6) which is allocated to the at least one data processing system (1) and used for storing the type of the data to be stored, the data processing system (1) requesting the at least one symmetric encryption parameter as a function of the type of the data to be stored.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Deutsche Telekom AG
Original Assignee
Deutsche Telekom AG
Inventors
Kunitz, Hardy, Mettken, Werner

Granted Patent

US 8,024,582 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2131   Lost password, e.g. recover...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0833   involving conference or gro...

Encryption of data to be stored in an information processing system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

70 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption of data to be stored in an information processing system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links