What technology area does this patent fall under?

Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Dec 27 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Encryption key management for international data residency

US11539675B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11539675-B2
Application number	US-202016918284-A
Country	US
Kind code	B2
Filing date	Jul 1, 2020
Priority date	Jun 6, 2018
Publication date	Dec 27, 2022
Grant date	Dec 27, 2022

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Media, method, and system for providing encryption key management for international data residency. Organizations using a group-based communication system can designate a particular geopolitical area where that organization's data can be stored and another geopolitical area (which may be the same or different) where encryption keys used to encrypt and decrypt that data should be stored. Users of that organization can post message or access messages previously posted on the group-based communication system from any geopolitical area, causing the system to automatically store and retrieve messages and encryption keys from the appropriate regions to allow the users to transparently access the group-based communication system while maintaining security and data residency requirements.

First claim

Opening claim text (preview).

The invention claimed is: 1. One or more non-transitory computer-readable media storing computer-executable instructions that, when executed by a processor, perform a method for providing encryption key management for international data residency, the method comprising the steps of: receiving, from a user, a message to be posted in a group-based communication system associated with an organization, the user being located in a first geopolitical area; responsive to determining, based on the organization, a second geopolitical area for residency of data associated with the organization, sending a request for an encryption key to a key server located in the second geopolitical area, wherein the second geopolitical area is different from the first geopolitical area; receiving, from the key server located in the second geopolitical area, an organization-specific encryption key; encrypting the message using the organization-specific encryption key; storing, in a second data store in the second geopolitical area, the encrypted message; and storing, in a first data store in the first geopolitical area, information identifying a storage location of the encrypted message without storing the encrypted message in the first geopolitical area. 2. The one or more non-transitory computer-readable media of claim 1 , wherein the step of receiving, from the key server, the organization-specific encryption key is responsive to determining that the organization-specific encryption key is not present in a key cache in the first geopolitical area. 3. The one or more non-transitory computer-readable media of claim 1 , wherein the organization-specific encryption key is a sub-key in a key hierarchy associated with the organization. 4. The one or more non-transitory computer-readable media of claim 3 , wherein the key hierarchy for the organization includes a master organization key, a workspace key, a channel key, and a session key, and wherein the organization-specific encryption key used to encrypt the message is the session key. 5. The one or more non-transitory computer-readable media of claim 1 , wherein the second data store in the second geopolitical area stores a search index associated with the organization. 6. The one or more non-transitory computer-readable media of claim 1 , wherein the second data store in the second geopolitical area stores logging data for the organization. 7. The one or more non-transitory computer-readable media of claim 1 , wherein the method further comprises the step of caching the encrypted message in the first data store in the first geopolitical area for a predetermined caching period. 8. A method for providing encryption key management for international data residency, the method comprising the steps of: receiving, from a client device, an indication of a user attempt to access an encrypted message posted in a group-based communication system associated with an organization; retrieving, from a first data store in a first geopolitical area, information identifying a storage location of the encrypted message, wherein the information identifying the storage location of the encrypted message indicates that the encrypted message is stored in a second data store in a second geopolitical area, wherein the second geopolitical area is distinct from the first geopolitical area; retrieving, from the second data store in the second geopolitical area, the encrypted message; responsive to determining that a decryption key associated with the encrypted message is not stored in a key cache in the first geopolitical area, retrieving the decryption key from a key server located in a third geopolitical area, wherein the third geopolitical area is distinct from the first geopolitical area; decrypting the encrypted message using the decryption key to obtain a plaintext message; and transmitting, to the client device, the plaintext message for display to the user. 9. The method of claim 8 , wherein the indication of the user attempt to access the encrypted message comprises a selection, by the user of a group, to view the group in the group-based communication system. 10. The method of claim 8 , wherein the third geopolitical area is distinct from the second geopolitical area. 11. The method of claim 8 , where the step of transmitting, to the client device, the plaintext message comprises transmitting to the client device, the plaintext message using transport-layer encryption. 12. The method of claim 8 , wherein the client device is in the first geopolitical area. 13. The method of claim 8 , wherein the decryption key is a sub-key in a key hierarchy associated with the organization, and wherein the key hierarchy for the organization includes a master organization key, a workspace key, a channel key, and a session key, and wherein the decryption key used to encrypt the message is the session key. 14. The method of claim 8 , wherein the second data store in the second geopolitical area stores a search index associated with the organization. 15. One or more non-transitory computer-readable media storing computer-executable instructions that, when executed by a processor, perform a method for providing encryption key management for international data residency, the method comprising the steps of: receiving, from a client device in a second geopolitical area, an indication of an attempt to access an encrypted message posted in a group-based communication system associated with an organization; retrieving, from a first data store in a first geopolitical area, information associated with the encrypted message, based on the information associated with the encrypted message, identifying a storage location of the encrypted message as a second data store in the second geopolitical area, wherein the second geopolitical area is distinct from the first geopolitical area; retrieving, from the second data store in the second geopolitical area, the encrypted message; retrieving an organization-specific decryption key associated with the encrypted message from a key server located in a third geopolitical area, wherein the third geopolitical area is distinct from the first geopolitical area; decrypting the encrypted message using the organization-specific decryption key to obtain a plaintext message; and transmitting, to the client device, the plaintext message for display to the client device. 16. The one or more non-transitory computer-readable media of claim 15 , wherein the first geopolitical area is the same as the third geopolitical area. 17. The one or more non-transitory computer-readable media of claim 15 , wherein the second geopolitical area is the same as the third geopolitical area. 18. The one or more non-transitory computer-readable media of claim 15 , wherein the organization-specific decryption key is a sub-key in a key hierarchy associated with the organization. 19. The one or more non-transitory computer-readable media of claim 18 , wherein the key hierarchy for the organization includes a master organization key, a workspace key, a channel key, and a session key, and wherein the organization-specific decryption key used to decrypt the message is the session key. 20. The one or more non-transitory computer-readable media of claim 15 , wherein the indication of the attempt to access the encrypted message comprises performing a search in the group-based communication system for which the plaintext message is a search result.

Assignees

Inventors

Classifications

H04L63/0428Primary
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
H04L9/0822
using key encryption key · CPC title
H04L9/14
using a plurality of keys or algorithms · CPC title
H04L63/062
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
H04L9/0836Primary
using tree structure or hierarchical structure · CPC title

Patent family

Related publications grouped by family.

View patent family 72832182

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11539675B2 cover?: Media, method, and system for providing encryption key management for international data residency. Organizations using a group-based communication system can designate a particular geopolitical area where that organization's data can be stored and another geopolitical area (which may be the same or different) where encryption keys used to encrypt and decrypt that data should be stored. Users o…
Who is the assignee on this patent?: Slack Tech Inc, Slack Tech Llc
What technology area does this patent fall under?: Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Dec 27 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).