Certificate issuing system based on block chain
US-2021314313-A1 · Oct 7, 2021 · US
Derived unique key per raindrop (DUKPR)
US12519618B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12519618-B2 |
| Application number | US-202318141977-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 1, 2023 |
| Priority date | Mar 6, 2018 |
| Publication date | Jan 6, 2026 |
| Grant date | Jan 6, 2026 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for a key management server to manage encryption for data stored by a cloud provider server includes receiving, by the key management server from the cloud provider server, a request for a drop key. The request includes a hash drop identifier that uniquely identifies a cipher drop, and the cipher drop comprises a unit of data stored by the cloud provider server. The method further includes generating the drop key based on at least the hash drop and the drop identifier and encrypting the drop key. A response comprising the encrypted drop key is sent to the cloud provider server.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method for a cloud provider server to manage encryption, the method comprising: fetching, by a raindrop cryptography circuit, a first drop key that is uniquely associated with a cipher drop, wherein the cipher drop comprises a unit of data stored by the cloud provider server; decrypting, by the raindrop cryptography circuit, the cipher drop with the first drop key to obtain a first drop, wherein the first drop comprises unencrypted data associated with the cipher drop; processing, by the raindrop cryptography circuit, the first drop to obtain a second drop, wherein processing the first drop comprises one or more of copying or transporting the first drop; comparing, by the raindrop cryptography circuit, the first drop and the second drop to determine that the second drop is the same as the first drop following the processing of the first drop; and in response to determining that the first drop is same as the second drop, destroying, by the raindrop cryptography circuit, the first drop and the first drop key. 2 . The method of claim 1 , further comprising: requesting, by the raindrop cryptography circuit, a second drop key; and receiving, by the raindrop cryptography circuit, the second drop key. 3 . The method of claim 2 , further comprising: encrypting, by the raindrop cryptography circuit, the second drop with the second drop key; and destroying, by the raindrop cryptography circuit, the second drop and the second drop key. 4 . The method of claim 1 , wherein the first drop and the second drop comprise cleartext data. 5 . The method of claim 1 , further comprising decrypting, by the raindrop cryptography circuit, the first drop key prior to decrypting the cipher drop. 6 . The method of claim 1 , wherein the first drop is fetched based on a key agreement with ephemeral keys (KAE) scheme. 7 . The method of claim 1 , wherein fetching the first drop key comprises requesting, by the raindrop cryptography circuit, the first drop key from a key management server. 8 . The method of claim 7 , further comprising authenticating, by the raindrop cryptography circuit, the first drop key based on a digital signature provided by the key management server. 9 . A system to manage encryption, the system comprising: a cloud provider server comprising a raindrop cryptography circuit, the raindrop cryptography circuit configured to: fetch a first drop key that is uniquely associated with a cipher drop, wherein the cipher drop comprises a unit of data stored by the cloud provider server; decrypt the cipher drop with the first drop key to obtain a first drop, wherein the first drop comprises unencrypted data associated with the cipher drop; process the first drop to obtain a second drop, wherein processing the first drop comprises one or more of copying or transporting the first drop; compare the first drop and the second drop to determine that the second drop is the same as the first drop following the processing of the first drop; and in response to determining that the first drop is same as the second drop, destroy the first drop and the first drop key. 10 . The system of claim 9 , wherein the raindrop cryptography circuit is further configured to: request a second drop key; and receive the second drop key. 11 . The system of claim 10 , wherein the raindrop cryptography circuit is further configured to: encrypt the second drop with the second drop key; and destroy the second drop and the second drop key. 12 . The system of claim 9 , wherein the first drop and the second drop comprise cleartext data. 13 . The system of claim 9 , wherein the raindrop cryptography circuit is further configured to decrypt the first drop key. 14 . The system of claim 9 , wherein the first drop is fetched based on a key agreement with ephemeral keys (KAE) scheme. 15 . The system of claim 9 , wherein the raindrop cryptography circuit is further configured to fetch the first drop key by performing operations comprising requesting the first drop key from a key management server. 16 . The system of claim 15 , wherein the raindrop cryptography circuit is further configured to authenticate the first drop key based on a digital signature provided by the key management server. 17 . A non-transitory computer-readable medium with processor-executable instructions embodied thereon that, when executed by a raindrop cryptography circuit of a cloud provider server, cause the raindrop cryptography circuit to perform operations comprising: fetching a first drop key that is uniquely associated with a cipher drop, wherein the cipher drop comprises a unit of data stored by the cloud provider server; decrypting the cipher drop with the first drop key to obtain a first drop, wherein the first drop comprises unencrypted data associated with the cipher drop; processing the first drop to obtain a second drop, wherein processing the first drop comprises one or more of copying or transporting the first drop; comparing the first drop and the second drop to determine that the second drop is the same as the first drop following the processing of the first drop; and in response to determining that the first drop is same as the second drop, destroying the first drop and the first drop key. 18 . The non-transitory computer-readable medium of claim 17 , wherein the operations further comprise: requesting a second drop key; and receiving the second drop key.
Assignees
Inventors
Classifications
Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these (network architectures or network communication protocols for key exchange in a packet data network H04L63/061) · CPC title
involving digital signatures · CPC title
Generation of secret information including derivation or calculation of cryptographic keys or passwords · CPC title
Hash functions, e.g. MD5, SHA, HMAC or f9 MAC · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12519618B2 cover?
- A method for a key management server to manage encryption for data stored by a cloud provider server includes receiving, by the key management server from the cloud provider server, a request for a drop key. The request includes a hash drop identifier that uniquely identifies a cipher drop, and the cipher drop comprises a unit of data stored by the cloud provider server. The method further incl…
- Who is the assignee on this patent?
- Wells Fargo Bank Na
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0819. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 06 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).