×

Storing encrypted objects

  • US 8,601,600 B1
  • Filed: 05/18/2011
  • Issued: 12/03/2013
  • Est. Priority Date: 05/18/2010
  • Status: Active Grant
First Claim
Patent Images

1. A method performed by one or more processors, the method comprising:

  • receiving, from an application server system and at a key server system, authentication credentials and a wrapped key, the wrapped key including a resource identifier, a resource encryption key, and a user identifier that have been encrypted, wherein the resource identifier identifies a resource encrypted with the resource encryption key and the user identifier identifies a user that is permitted to use the resource encryption key to decrypt the resource;

    identifying a service associated with the wrapped key;

    accessing a master key based on the identified service, the master key being associated with the identified service;

    decrypting the wrapped key to generate an unwrapped key that includes the resource identifier, the resource encryption key, and the user identifier in unencrypted form, wherein decrypting the wrapped key includes decrypting the wrapped key using the accessed master key;

    accessing the user identifier from the unwrapped key;

    determining that the received authentication credentials correspond to the accessed user identifier; and

    in response to determining that the received authentication credentials correspond to the accessed user identifier, sending the resource encryption key in unecrypted form to the application server system such that the application server system can decrypt the resource using the resource encryption key in unencrypted form.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×