Label-based double key encryption

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Benjamin Sean Levin · Swampscott, US
• Kartik Tirunelveli Kanakasabesan · Sammamish, US
• Laurie Lee Litwack · North Bend, US
• Kurt Matthew Brendon · Redmond, US
• Ajay Kumar Karanam · Redmond, US
• Kiran Doreswamy · Sammamish, US
• Ryan Best · Wellington, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0428
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Double key encryption encrypts sensitive data using a content key, obtains a user public key from a key management service, encrypts the content key using the user public key, and encrypts the result using a cloud service provider key. Data confidentiality is protected efficiently through multilevel encryption and also by utilizing keys that are managed by different entities. Sensitivity labeling allows analytics to track sensitive data without compromising confidentiality. Compliance mechanisms may use attribute-based access control to support storage of sensitive data in a cloud, but only inside a permitted region, and without giving the cloud service provider access to the sensitive data.