Multiply-Encrypting Data Requiring Multiple Keys for Decryption
US-2017063531-A1 · Mar 2, 2017 · US
Network bound decryption with offline encryption
US9985782B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9985782-B2 |
| Application number | US-201514950681-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 24, 2015 |
| Priority date | Nov 24, 2015 |
| Publication date | May 29, 2018 |
| Grant date | May 29, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method relates to receiving, by a processing device, a first request to decrypt encrypted data stored on an encrypted portion of a drive, transmitting, to a decryption server, a second request comprising an encrypted first encryption key, wherein the encrypted first encryption key is produced by encrypting a first encryption key using a public key of an asymmetric key pair, receiving the first encryption key from the decryption server, decrypting an encrypted second encryption key using the first encryption key to produce a second encryption key, and decrypting the encrypted data using the second encryption key to produce data.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving, by a processing device, a first request to decrypt encrypted data stored on an encrypted portion of a drive; transmitting, to a decryption server, a second request comprising an encrypted first encryption key, wherein the encrypted first encryption key is produced by encrypting a first encryption key using a public key of an asymmetric key pair; receiving the first encryption key from the decryption server; decrypting an encrypted second encryption key using the first encryption key to produce a second encryption key; and decrypting the encrypted data using the second encryption key to produce data. 2. The method of claim 1 , further comprising: storing the data in a memory associated with the processing device; and mounting the drive to a mounting point to provide the data to the processing device. 3. The method of claim 1 , further comprising: prior to receiving the first request, encrypting the data using the second encryption key to produce the encrypted data; encrypting the second encryption key using the first encryption key to produce the encrypted second encryption key; and encrypting the first encryption key using the public key of the asymmetric key pair to produce the encrypted first encryption key. 4. The method of claim 3 , further comprising: responsive to producing the encrypted first encryption key, deleting the first encryption key and the second encryption key. 5. The method of claim 3 , further comprising: storing the encrypted first encryption key, the encrypted second encryption key, and the encrypted data on the encrypted portion of the drive. 6. The method of claim 1 , wherein the private key of the asymmetric key pair is stored, by another processing device associated with the decryption server, in a storage device. 7. The method of claim 6 , wherein the second request comprises an identifier to associate a user account to the private key stored in the storage device. 8. The method of claim 7 , wherein the decryption server is to: retrieve, in view of the identifier, the private key from the storage device; and decrypt the encrypted first encryption key using the private key of the asymmetric key pair to produce the first encryption key. 9. A non-transitory machine-readable storage medium storing instructions which, when executed, cause a processing device to: receive, by the processing device, a first request to decrypt encrypted data stored on an encrypted portion of a drive; transmit, to a decryption server, a second request comprising an encrypted first encryption key, wherein the encrypted first encryption key is produced by encrypting a first encryption key using a public key of an asymmetric key pair; receive the first encryption key from the decryption server; decrypt an encrypted second encryption key using the first encryption key to produce a second encryption key; and decrypt the encrypted data using the second encryption key to produce data. 10. The non-transitory machine-readable storage medium of claim 9 , wherein the processing device is further to: store the data in a memory associated with the processing device; and mount the drive to a mounting point to provide the data to the processing device. 11. The non-transitory machine-readable storage medium of claim 9 , wherein the processing device is further to: prior to receiving the first request, encrypt the data using the second encryption key to produce the encrypted data; encrypt the second encryption key using the first encryption key to produce the encrypted second encryption key; and encrypt the first encryption key using the public key of the asymmetric key pair to produce the encrypted first encryption key. 12. The non-transitory machine-readable storage medium of claim 11 , wherein the processing device is further to: responsive to producing the encrypted first encryption key, delete the first encryption key and the second encryption key. 13. The non-transitory machine-readable storage medium of claim 9 , wherein the processing device is further to: store the encrypted first encryption key, the encrypted second encryption key, and the encrypted data on the encrypted portion of the drive. 14. The non-transitory machine-readable storage medium of claim 9 , wherein the private key of the asymmetric key pair is stored, by another processing device associated with the decryption server, in a storage device. 15. The non-transitory machine-readable storage medium of claim 14 , wherein the second request comprises an identifier to associate a user account to the private key stored in the storage device, and wherein the decryption server is to retrieve, in view of the identifier, the private key from the storage device and decrypt the encrypted first encryption key using the private key of the asymmetric key pair to produce the first encryption key. 16. A system comprising: a memory; and a processing device, operatively coupled to the memory, the processing device to: receive a first request to decrypt encrypted data stored on an encrypted portion of a drive; transmit, to a decryption server, a second request comprising an encrypted first encryption key, wherein the encrypted first encryption key is produced by encrypting a first encryption key using a public key of an asymmetric key pair; receive the first encryption key from the decryption server; decrypt an encrypted second encryption key using the first encryption key to produce a second encryption key; and decrypt the encrypted data using the second encryption key to produce data. 17. The system of claim 16 , wherein the processing device is further to: store the data in the memory associated with the processing device; and mount the drive to a mounting point to provide the data to the processing device. 18. The system of claim 16 , wherein the processing device is further to: prior to receiving the first request, encrypt the data using the second encryption key to produce the encrypted data; encrypt the second encryption key using the first encryption key to produce the encrypted second encryption key; and encrypt the first encryption key using the public key of the asymmetric key pair to produce the encrypted first encryption key. 19. The system of claim 18 , wherein the processing device is further to: responsive to producing the encrypted first encryption key, delete the first encryption key and the second encryption key. 20. The system of claim 16 , wherein the processing device is further to: store the encrypted first encryption key, the encrypted second encryption key, and the encrypted data on the encrypted portion of the drive.
Assignees
Inventors
Classifications
to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself · CPC title
using key encryption key · CPC title
- H04L9/0894Primary
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9985782B2 cover?
- A method relates to receiving, by a processing device, a first request to decrypt encrypted data stored on an encrypted portion of a drive, transmitting, to a decryption server, a second request comprising an encrypted first encryption key, wherein the encrypted first encryption key is produced by encrypting a first encryption key using a public key of an asymmetric key pair, receiving the firs…
- Who is the assignee on this patent?
- Red Hat Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0894. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 29 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).