Encoding and decoding information in synthetic dna with cryptographic keys generated based on polymorphic features of nucleic acids
US-2021194686-A1 · Jun 24, 2021 · US
Secrets management using key agreement
US11265156B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11265156-B2 |
| Application number | US-202016938715-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 24, 2020 |
| Priority date | Jul 24, 2020 |
| Publication date | Mar 1, 2022 |
| Grant date | Mar 1, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A client system may generate a new key pair for a secrets management process. The client may generate a shared secret using the private key of the new key pair and a public key of a secrets management server. Using the shared secret, the client may derive an encryption key and encrypt a data payload for subsequent decryption by the secrets management server. Upon encryption of the data payload, the client may erase the private key. Subsequently, the client or an associated client may call the secrets management server for decryption of the data payload. The secrets management server may derive the encryption key using the public key associated with the encrypted payload and the private key of the secrets management server and use the encryption key to decrypt the data payload for use by the client or an associated client.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for securing data, comprising: generating, at a client, a key pair including a public key and a private key for securing a data payload by a secrets management server; generating, at the client, a shared secret that is shared with the secrets management server using the private key and a public key associated with the secrets management server; deriving an encryption key using the shared secret; encrypting the data payload using the encryption key; causing the encrypted data payload to be decrypted by the secrets management server, wherein the secrets management server is configured to derive the encryption key for decrypting the data payload using the shared secret; and erasing the private key from memory of the client in response to encrypting the data payload using the encryption key. 2. The method of claim 1 , further comprising: generating a new key pair for each secret of a plurality of secrets; and erasing, in response to generating a new shared secret for each secret, each respective private key of the new key pair for each secret of the plurality of secrets, the erasing resulting in the respective private key being a one-time use key. 3. The method of claim 2 , further comprising: generating the new shared secret with each respective private key and the public key associated with the secrets management server before each respective private key is erased; and deriving a new encryption key for the new shared secret for each secret of the plurality of secrets, wherein a respective data payload for a respective secret is encrypted using the new encryption key. 4. The method of claim 1 , further comprising: receiving, at the client and from a user device, a request to perform secret management of the data payload, wherein the encrypted data payload is encrypted based at least in part on receiving the request. 5. The method of claim 1 , wherein generating the shared secret comprises: generating the shared secret using an Elliptic-Curve Diffie-Hellman (ECDH) protocol, wherein the ECDH protocol uses the public key associated with the secrets management server and the private key to derive the shared secret at the client and uses a private key associated with the public key of the secrets management server and the public key of the client to derive the shared secret at the secrets management server. 6. The method of claim 1 , wherein generating the key pair comprises: generating an elliptic curve key pair using elliptic curve key derivation techniques. 7. The method of claim 1 , wherein deriving the encryption key comprises: deriving the encryption key using a key derivation function that uses the shared secret as an input. 8. The method of claim 1 , wherein encrypting the data payload using the encryption key comprises: encrypting the data payload using an advanced encryption standard (AES), a Galois/Counter Mode (GCM) protocol, or a combination thereof. 9. An apparatus for securing data, comprising: a processor, memory coupled with the processor; and instructions stored in the memory and executable by the processor to cause the apparatus to: generate, at a client, a key pair including a public key and a private key for securing a data payload by a secrets management server; generate, at the client, a shared secret that is shared with the secrets management server using the private key and a public key associated with the secrets management server; derive an encryption key using the shared secret; encrypt the data payload using the encryption key; cause the encrypted data payload to be decrypted by the secrets management server, wherein the secrets management server is configured to derive the encryption key for decrypting the data payload using the shared secret; and erase the private key from memory of the client in response to encrypting the data payload using the encryption key. 10. The apparatus of claim 9 , wherein the instructions are further executable by the processor to cause the apparatus to: generate a new key pair for each secret of a plurality of secrets; and erase, in response to generating a new shared secret for each secret, each respective private key of the new key pair for each secret of the plurality of secrets, the erasing resulting in the each respective private key being a one-time use key. 11. The apparatus of claim 10 , wherein the instructions are further executable by the processor to cause the apparatus to: generate the new shared secret with each respective private key and the public key associated with the secrets management server before each respective private key is erased; and derive a new encryption key for the new shared secret for each secret of the plurality of secrets, wherein a respective data payload for a respective secret is encrypted using the new encryption key. 12. The apparatus of claim 9 , wherein the instructions are further executable by the processor to cause the apparatus to: receive, at the client and from a user device, a request to perform secret management of the data payload, wherein the encrypted data payload is encrypted based at least in part on receiving the request. 13. The apparatus of claim 9 , wherein the instructions to generate the shared secret are executable by the processor to cause the apparatus to: generate the shared secret using an Elliptic-Curve Diffie-Hellman (ECDH) protocol, wherein the ECDH protocol uses the public key associated with the secrets management server and the private key to derive the shared secret at the client and uses a private key associated with the public key of the secrets management server and the public key of the client to derive the shared secret at the secrets management server. 14. The apparatus of claim 9 , wherein the instructions to generate the key pair are executable by the processor to cause the apparatus to: generate an elliptic curve key pair using elliptic curve key derivation techniques. 15. A non-transitory computer-readable medium storing code for securing data, the code comprising instructions executable by a processor to: generate, at a client, a key pair including a public key and a private key for securing a data payload by a secrets management server; generate, at the client, a shared secret that is shared with the secrets management server using the private key and a public key associated with the secrets management server; derive an encryption key using the shared secret; encrypt the data payload using the encryption key; cause the encrypted data payload to be decrypted by the secrets management server, wherein the secrets management server is configured to derive the encryption key for decrypting the data payload using the shared secret; and erase the private key from memory of the client in response to encrypting the data payload using the encryption key. 16. The non-transitory computer-readable medium of claim 15 , wherein the instructions are further executable to: generate a new key pair for each secret of a plurality of secrets; and erase, in response to generating a new shared secret for each secret, each respective private key of the new key pair for each secret of the plurality of secrets, the erasing resulting in the respective private key being a one-time use key. 17. The non-transitory computer-readable medium of claim 16 , wherein the instructions are further executable to: generate the new shared secret with each respective private key and the public key associated with the secrets management server before each respective private key is erased;
Assignees
Inventors
Classifications
involving algebraic varieties, e.g. elliptic or hyper-elliptic curves · CPC title
Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM] · CPC title
Revocation or update of secret information, e.g. encryption key update or rekeying · CPC title
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
- H04L9/0841Primary
involving Diffie-Hellman or related key agreement protocols · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11265156B2 cover?
- A client system may generate a new key pair for a secrets management process. The client may generate a shared secret using the private key of the new key pair and a public key of a secrets management server. Using the shared secret, the client may derive an encryption key and encrypt a data payload for subsequent decryption by the secrets management server. Upon encryption of the data payload,…
- Who is the assignee on this patent?
- Salesforce Com Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0841. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 01 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).