Encryption of data to be stored in an information processing system
First Claim
1. A method for allocating at least one encryption parameter to at least one user for encryption of data to be stored in an information processing system, the method comprising:
- requesting the at least one encryption parameter by a data processing system which encrypts the data to be stored, wherein the data to be stored is generated by the at least one user using the data processing system;
determining, by a key server device, the at least one encryption parameter in response to the request;
the at least one encryption parameter being a symmetric encryption parameter;
transmitting the at least one encryption parameter to the data processing system;
generating, by a database server device, an allocation information configured to associate the at least one encryption parameter with an identifier of the data processing system;
associating the identifier with the data to be stored or the user; and
storing, by at least one of a backup key server device and a policy server device, the allocation information so as to be accessible to at least one authorized third party.
1 Assignment
0 Petitions
Accused Products
Abstract
The aim of the invention is to provide a means of encrypting company-related data which also ensures that the data can be reproduced if the key is lost. To this end, the invention provides a method or an information processing system in which a key for a symmetrical encryption method is allocated to a user (4) for encrypting the data. Allocation information associating the key with the predetermined data to be encrypted and/or the user (4) is stored and can only be accessed by an authorised third party. If necessary, the key used for the particular data can be determined and the encrypted data reproduced, i.e. rendered readable, by this authorized third party. The allocation information, associating a particular key with an element identifying the predetermined data or a user identifier, can be stored in the information processing system in a predetermined manner or be created following a request for the allocation of a key.
69 Citations
15 Claims
-
1. A method for allocating at least one encryption parameter to at least one user for encryption of data to be stored in an information processing system, the method comprising:
-
requesting the at least one encryption parameter by a data processing system which encrypts the data to be stored, wherein the data to be stored is generated by the at least one user using the data processing system; determining, by a key server device, the at least one encryption parameter in response to the request;
the at least one encryption parameter being a symmetric encryption parameter;transmitting the at least one encryption parameter to the data processing system; generating, by a database server device, an allocation information configured to associate the at least one encryption parameter with an identifier of the data processing system; associating the identifier with the data to be stored or the user; and storing, by at least one of a backup key server device and a policy server device, the allocation information so as to be accessible to at least one authorized third party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An information processing system comprising:
-
at least one data processing system responsible for encrypting a data to be stored, the data processing system being configured to request at least one symmetric encryption parameter, wherein the data is generated by a user using the data processing system; a key server device connected to the at least one data processing system and configured to process the request for the at least one symmetric encryption parameter, to determine the at least one symmetric encryption parameter in response to the request, and to transmit the at least one symmetric encryption parameter to the data processing system; a database server device configured to generate an allocation information associating the at least one symmetric encryption parameter with an identifier of the data processing system, wherein the identifier is associated with the data to be stored or the user; and at least one of a backup key server device and a policy server device configured to store the generated allocation information so as to be accessible to at least one authorized third party. - View Dependent Claims (14)
-
-
15. A method for allocating at least one encryption parameter to at least one user for encryption of data to be stored in an information processing system, the method comprising:
-
requesting the at least one encryption parameter by a data processing system which encrypts the data to be stored, wherein the data to be stored is generated by the at least one user using the data processing system; determining, by a key server device, the at least one encryption parameter in response to the request, the at least one encryption parameter being a symmetric encryption parameter; transmitting the at least one encryption parameter to the data processing system; generating, by a database server device, an allocation information configured to associate the at least one encryption parameter with an identifier of the data processing system; storing, by at least one of a backup key server device and a policy server device, the allocation information so as to be accessible to at least one authorized third party; encrypting the at least one encryption parameter using an asymmetric encryption method so as to provide an asymmetrically encrypted symmetric encryption parameter before the transmitting; and decrypting the asymmetrically encrypted symmetric encryption parameter in the data processing system using a private key allocated to the user.
-
Specification