Method and apparatus for managing cryptographic keys

Assignee

• Oracle International Corporation · US

Inventors

• Paul Youn · Redwood City, US
• Daniel ManHung Wong · Sacramento, US
• Min-Hank Ho · Redwood Shores, US
• Chon Hei Lei · Alameda, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0807
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

One embodiment of the present invention provides a system for managing keys. During operation, the system authenticates a client at a key manager. Next, the system receives a token from the client at the key manager, wherein the token is associated with a customer key, and includes a token authenticator. This token authenticator comprises one-half of an authenticator pair which is used to determine if the client is the owner of the customer key. Next, the system decrypts the token using a master key. The system then verifies a client authenticator, which comprises the other half of the authenticator pair which is used to determine if the client is the owner of the customer key. If the client is the owner of the customer key, the system sends the customer key to the client, which enables the client to encrypt/decrypt data. Finally, the client deletes the customer key.