Cryptographic protection of core data secrets
US6389535B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 13, 1998 |
| Grant date | May 14, 2002 |
| Priority date | — |
| Expiry date | Oct 13, 2018 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2149
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Described herein is a system for protecting data from unauthorized access. The system uses a central service provider with exposed complementary interfaces: a data protect function that accepts clear data and returns an encrypted representation of the data, and a data unprotect function that accepts encrypted data and returns corresponding clear or unencrypted data. In addition, a user-readable description is optionally packaged with the encrypted data. Different encryption providers can be registered to perform actual encryption and decryption. A default encryption provider performs encryption and decryption based on a user logon secret such as a password. The default encryption provider also accepts additional entropy from calling application programs. The default encryption provider utilizes a multi-level key encryption scheme to minimize the amount of encryption that has to be re-done when the user changes a password. In addition, data recovery information is escrowed so that keys can be recovered when a user's password is changed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.