| Class / Patent application number | Description | Number of patent applications / Date published |
|---|
| 380286000 | Key escrow or recovery | 33 |
| 20080219453 | MAINTAINING KEYS REMOVED FROM A KEYSTORE IN AN INACTIVE KEY REPOSITORY - Provided are a method, system, and article of manufacture for maintaining keys removed from a keystore in an inactive key repository. A keystore includes active keys, wherein at least one active key in the keystore is associated with at least one storage device and available for encrypting and decrypting data with respect to the associated storage device. A request is received for an operation with respect to a specified active key that causes the specified active key to be removed as an active key from the keystore. The specified active key is indicated as inactive, wherein keys indicated as inactive are not available for use to encrypt and decrypt data. A request is received to restore one of the inactive keys to make available to decrypt and encrypt data for the at least one associated storage device associated with the requested inactive key. The requested inactive key to restore is indicated as active in the keystore, wherein the restored key and any other active key in the keystore associated with the at least one storage device with which the restored key is associated are available to be provided to use to encrypt and decrypt data with respect to the at least one storage device with which they are associated. | 09-11-2008 |
| 20080317251 | METHODS AND SYSTEMS FOR STORING AND RETRIEVING ENCRYPTED DATA - A system for encrypting data comprising a computer configured to encrypt a plurality of data entries using at least one encryption algorithm and a system memory, wherein the computer is configured to use different keys with the encryption algorithm(s) for each data entry and the system is configured to store in the system memory or transmit for storage in an external memory the encrypted data corresponding to each entry along with an identifier corresponding to at least part of the key used to encrypt that entry, such that when decrypting a data entry in the system or external memory the associated identifier can be used to locate at least part of the correct key. | 12-25-2008 |
| 20090003609 | Method for Updating Encryption Keystores Within a Data Processing System - A method for updating encryption keystores within a computer network having multiple host computers is disclosed. A keystore is initially loaded into a key manager within one of the host computers. In response to a key request by a peripheral device within the computer network, a determination is made whether or not the keystore is currently being updated. In a determination that the keystore is not currently being updated, the loaded keystore is utilized to handle the key request. In a determination that the keystore is currently being updated, any incoming key request is redirected to a local queue associated with the key manager. Afterwards, the updated keystore is utilized to handle the key request and any other key request pending in the local queue associated with the key manager. | 01-01-2009 |
| 20090028343 | Method and Apparatus for Providing an Asymmetric Encrypted Cookie for Product Data Storage - A process may be utilized by a device to implement public key asymmetric encryption. The process encrypts a data set with a symmetric encryption key to form an encrypted data set. Further, the process encrypts the symmetric encryption key with a public key component of an asymmetric encryption key to form an asymmetric encrypted cookie. Finally, the process stores the encrypted data set and the asymmetric encrypted cookie in a non-secure area of a storage medium. | 01-29-2009 |
| 20090080662 | Key Recovery in Encrypting Storage Devices - A method for recovering a password includes: obtaining a request code from a data storage device, transmitting the request code to an external authority that produces a recovery code from the request code, and using the recovery code to recover a password and an encryption key from a hidden area of the data storage device. An apparatus that can be used to implement the method is also provided. | 03-26-2009 |
| 20090080663 | System and Method For Reducing Latency On Remotely-Booted Information Handling Systems - Systems and methods for reducing latency on a remotely-booted information handling system are disclosed. A method may include remotely booting an information handling system having a local storage resource. The method may also include establishing, at the start of a session, an encryption key for the local storage resource for use during the session. Additionally, the method may include using the encryption key to encrypt data written to the local storage resource during the session. The method may further include permanently disabling access to the encrypted data written to the local storage resource at the end of the session. | 03-26-2009 |
| 20090080664 | METHOD OF STORING BROADCAST CONTENTS IN MOBILE BROADCAST SERVICE TERMINAL - Disclosed is a method of recording and storing a broadcast content received for mobile broadcast services in a transmitting-end level. A broadcast receiving terminal includes a type of the key profile in the header of the recorded file for the particular broadcast content, the CIEK which is used in encrypting the broadcast content and encrypted with the second layer encryption key, and the acquisition information on the second layer encryption key. The acquisition information on the second layer encryption key is included in a corresponding field of the header according to the type of the used profile. As in the SRTP and IPSec, a recorded file format in the transmitting-end level recording is the PDCF. Information associated with the encryption of the encrypted broadcast content is stored in the OMA DRM common header box (ohdr box) of the PDCF recorded file. | 03-26-2009 |
| 20090097662 | PROCESSING ENCRYPTED ELECTRONIC DOCUMENTS - Electronic document processing logic coupled to a computer and to a quarantine is operable to identify an encrypted electronic document received at the computer; determine whether the key server stores particular decryption data, or credentials to access decryption data, that can decrypt the encrypted electronic document; in response to determining that the key server does not store particular decryption data that can decrypt the encrypted electronic document: store the electronic document in the quarantine; notify one of the users; receive from the one of the users the particular decryption data; decrypt the electronic document; scan the electronic document to identify specified content in the electronic document; and perform one or more responsive actions based on the specified content. As a result, encrypted content in documents or e-mail can be decrypted, scanned for viruses, malware, or prohibited content, and re-encrypted or delivered. | 04-16-2009 |
| 20090154710 | Method for the Secure Deposition of Digital Data, Associated Method for Recovering Digital Data, Associated Devices for Implementing Methods, and System Comprising Said Devices - The invention relates to a method for the secure deposition of data, according to which a depositor encrypts the data with a transfer key and encrypts the transfer key with a key of a third party, then deposits the encrypted data and the encrypted transfer key on a storage support. The invention also relates to a method for recovering data, during which an addressee of the data recovers the content of the storage support, authenticates him/herself to the third party, and transmits the encrypted transfer key thereto. After having authenticated the addressee, the third party returns the decrypted transfer key. The addressee can then recover the data. The invention further relates to devices for implementing the foregoing methods. | 06-18-2009 |
| 20090154711 | MULTI-PARTY KEY AGREEMENT METHOD USING BILINEAR MAP AND SYSTEM THEREFOR - The present invention provides an efficient method and system in which a plurality of participants share a secret key in a communication environment that is not ensured. According to an embodiment of the invention, each of the participants is assigned with a secret key from a key generation party, generates exchange information, and transmits its own exchange information to the other participant to exchange the exchange information with each other. Each of the participants generates a shared key on the basis of the exchange information and its own secret key. | 06-18-2009 |
| 20100142713 | NEARLY-STATELESS KEY ESCROW SERVICE - Some embodiments provide a system to generate a key pair. During operation, the system can receive a request to generate the key pair, wherein the key pair is generated by a key assigner, and wherein the key pair is associated with a user. Next, the system can determine a secret associated with the key assigner. Specifically, the system can determine the secret by determining an initial secret associated with the key assigner, and by applying a one-way hash function to the initial secret one or more times. The system can then determine a seed based on the secret. Specifically, the system can determine the seed by cryptographically combining the secret with information associated with the user. Next, the system can generate the key pair by using the seed as an input to a key generator. The system can then return the key pair to a requestor. | 06-10-2010 |
| 20100158255 | METHOD AND SYSTEM FOR PROTECTING BROADCASTING PROGRAM - Disclosed is a method and system for storing encryption key information and package key information for decrypting encrypted broadcasting programs to store broadcasting programs. The method for protecting broadcasting programs includes generating and storing information about a first encryption key for encrypting broadcasting programs, and generating package key information by encrypting the first encryption key using a second encryption key. | 06-24-2010 |
| 20100172504 | METHOD AND APPARATUS FOR CRYPTOGRAPHIC KEY STORAGE WHEREIN KEY SERVERS ARE AUTHENTICATED BY POSSESSION AND SECURE DISTRIBUTION OF STORED KEYS - A key management system includes secured data stored on a first system secured by a control key stored securely on a key server. The secured data is secured against attacks such as unauthorized use, modification or access, where authorization to access the secured data is determined by knowledge of an access private key of an access key pair. When an authorized user is to access the secured data, the first system generates a request to the key server, signed with the access private key, wherein the request is for a decryption control key and the request includes a one-time public key of a key pair generated by the first system for the request. The first system can decrypt the decryption control key from the response, using a one-time private key. The first system can then decrypt the secured data with the decryption control key remaining secured in transport. | 07-08-2010 |
| 20100266132 | SERVICE-BASED KEY ESCROW AND SECURITY FOR DEVICE DATA - Data protection services for portable, handheld, or mobile device are provided in part by one or more cooperating network or data service(s), such as a cloud service, that provide volatile encryption/decryption key information to the device(s). Decryption key(s) are retrieved on demand by a device or application of the device from a network service or other data service based on an analysis of device and user credential(s). Retrieval of keys can be triggered automatically by meeting a set of pre-conditions by the device or application, or explicitly or implicitly requested by input to the device or application. Thus, decryption keys are provided to the mobile device in real time, on-demand, explicitly or implicitly defining a volatile lifetime prior to expiration of the decryption keys. | 10-21-2010 |
| 20110013777 | ENCRYPTION/DECRYPTION OF DIGITAL DATA USING RELATED, BUT INDEPENDENT KEYS - Methods and apparatus involve two keys to decode data that are generated during original encoding of the data. The keys are stored on computing devices separate from one another, and the encrypted data, which maintains security until such time as the original data requires decoding. Because the keys can be relatively large, its stored form may have padding bits to align with the file form of the encoded data. Representative keys include a dictionary corresponding to symbols representing the data and a weighted path decoder that correlates the symbols of the dictionary to underlying original bits. A “fast approximation” of compression of current data involves using information obtained from an earlier compression of similar data. Creating the two keys for the original data can also include creating a master key for decoding a plurality of later-encoded files. A second key also works in conjunction with the master key during decoding. | 01-20-2011 |
| 20110116637 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR AUTOMATICALLY VERIFYING AND POPULATING DIGITAL CERTIFICATES IN AN ENCRYPTION KEYSTORE - Methods for automatically verifying and populating an encryption keystore are provided. Pursuant to these methods, the keystore may be automatically checked to determine if it is missing a required digital certificate; if so, the missing required digital certificate may be automatically inserted into the keystore. The methods may also include automatically obtaining the required digital certificates and a list of the required digital certificates, and automatically comparing the list of required digital certificates with the digital certificates in the keystore to determine if the keystore is missing a required digital certificate. The methods may further include sending an informational alert if a missing required digital certificate was automatically inserted into the keystore, and may include checking the keystore to determine if any required digital certificates have expired, will expire within a predetermined time period, or are inoperative. Related keystore verification and population systems and computer program products are also provided. | 05-19-2011 |
| 20110200194 | AMBULATORY REPEATER FOR USE IN AUTOMATED PATIENT CARE - An ambulatory repeater for use in automated patient care is presented. A local memory store includes a cryptographic key, sensitive information, and physiological measures. The cryptographic key is uniquely assigned to the implantable medical device prior to implant of the implantable medical device into a patient. The sensitive information is preencrypted under the cryptographic key and physiological measures are measured by the implantable medical device. An authentication module is in receipt of the cryptographic key. A permissions module confirms authorization of an external data processing device against the cryptographic key. A decryption module decrypts the sensitive information with the cryptographic key into decrypted information. A processor is operatively coupled to the local memory store. A communications module exchanges the decrypted information and the physiological measures with the external data processing device over a wireless interface contingent upon the authorization confirmation. An internal power supply supplies power to the foregoing components. | 08-18-2011 |
| 20110261964 | REDUNDANT KEY SERVER ENCRYPTION ENVIRONMENT - Provided are a computer program product, system and method for a redundant key server encryption environment. A key server transmits public keys associated with the key server and at least one device to at least one remote key server. The key server receives from the at least one remote key server public keys associated with the at least one remote key server. The key server receives a request for an encryption key from a requesting device comprising one of the at least one device and generates the encryption key for use by the requesting device to unlock a storage. The key server generates a first wrapped encryption key by encrypting the encryption key with a requesting device public key associated with the requesting device. The key server generates a second wrapped encryption key by encrypting the encryption key with a public key associated with the key server. At least one additional wrapped encryption key is generated for each of the at least one remote key server by encrypting the encryption key with the at least one public key provided by the at least one remote key server. The key server transmits the first, second and the at least one additional wrapped encryption key to the requesting device. | 10-27-2011 |
| 20110293098 | KEY RECOVERY MECHANISM - A method and system for key recovery for a private key of a digital certificate for a client. | 12-01-2011 |
| 20110305342 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND PROGRAM THEREFOR - Provided is an information processing apparatus including a content encryption section generates a content encrypted with a device key, a first storage section storing board determination information for determining whether the board is a board at the time of shipment or a replacement board, a second storage section capable of storing board specific information used to generate the device key, a third storage section storing apparatus specific information, a recording section associating the board and apparatus specific information each other and recording them through the connection section in the external storage apparatus, and an updating section reading from the external storage apparatus the board specific information associated with the apparatus specific information, and updating content of the second storage section and the board determination information of the first storage section, when the board is determined to be the replacement board on the basis of the board determination information. | 12-15-2011 |
| 20120027214 | KEY IMPLEMENTATION SYSTEM - An LSI includes a first decryptor which receives first encrypted key data, and decrypts the first encrypted key data using a first cryptographic key, thereby generating first decrypted key data, a second cryptographic key generator which generates a second cryptographic key based on a second ID, a second encryptor which encrypts the first decrypted key data using the second cryptographic key, thereby generating second encrypted key data, and a second decryptor which decrypts the second encrypted key data using the second cryptographic key, thereby generating second decrypted key data. At a time of key setting, the second encryptor stores the second encrypted key data in a storage unit. At a time of key usage, the second decryptor reads the second encrypted key data from the storage unit. | 02-02-2012 |
| 20120063602 | METHOD AND APPARATUS FOR MAINTAINING KEY INFORMATION AREA IN FILE SYSTEM - A method and an apparatus for maintaining a key information area in a file system are provided, which can provide effective maintenance to the key information area in the file system used by a storage device, and be applied to maintaining various file systems. The method for maintaining a key information area in a file system comprises the following steps: backing up the key information area confirmed by a user in the file system when the file system used by a storage device is hooked for the first time, and creating a device list as a backup index, wherein the device list is stored in an external storage device; and obtaining corresponding backup information to recover the key information area when the storage device is started exceptionally due to destroy of the key information area. | 03-15-2012 |
| 20120170753 | MANAGEMENT OF SSL CERTIFICATE ESCROW - Methods and systems for providing a secure SSL certificate escrow service comprise: providing a secure upload webpage for a private key holder to upload an encrypted copy of a private key; receiving the encrypted copy of the private key from the private key holder via the secure upload webpage; storing the encrypted copy of the private key in memory; providing a secure decryption webpage for the private key holder to enable the private key escrow service to decrypt the private key; receiving an instruction to decrypt the private key from the private key holder through the secure decryption webpage; and decrypting the private key in response to the instruction to decrypt the private key. | 07-05-2012 |
| 20120195432 | System And Method For Effectively Performing Data Restore/Migration Procedures - A system and method for effectively supporting data transfer procedures includes a source device that registers with an account server to participate in a data backup service. The source device then encrypts and stores user data onto a datacenter. The source device later may request a data transfer task from a vendor. The datacenter responsively transfers the encrypted user data to a vendor server, and an escrow server generates and sends a temporary key to the vendor server. A destination device may then utilize the temporary key to decrypt and securely store the user data onto the destination device. | 08-02-2012 |
| 20120224696 | Interoperable Digital Rights Management - The subject matter disclosed herein relates to a method and/or system for enabling access to media content using different digital rights management formats. | 09-06-2012 |
| 20120257759 | ONE-TIME RECOVERY CREDENTIALS FOR ENCRYPTED DATA ACCESS - A key recovery request for a device is received at a key recovery service and a particular one-time recovery credential in a sequence of multiple one-time recovery credentials is identified. In the sequence of multiple one-time recovery credentials, previous one-time recovery credentials in the sequence are indeterminable given subsequent one-time recovery credentials in the sequence. A recovery key associated with the device is also identified. The particular one-time recovery credential in the sequence is generated based on the recovery key, and is returned in response to the key recovery request. The particular one-time recovery credential can then be used by the device to decrypt encrypted data stored on a storage media of the device. | 10-11-2012 |
| 20130003978 | Approach For Managing Access To Messages Using Encryption Key Management Policies - Controlling access to disseminated messages includes implementing one or more key management policies that specify how various encryption keys are maintained and in particular, when encryption keys are made inaccessible. Deleting a particular key renders inaccessible all copies of messages, known or unknown, associated with the particular key, regardless of the location of the associated messages. A message may be directly or indirectly associated with a deleted key. Any number of levels of indirection are possible and either situation makes the message unrecoverable. The approach is applicable to any type of data in any format and the invention is not limited to any type of data or any type of data format. | 01-03-2013 |
| 20130343546 | ENCRYPTION PROCESSING DEVICE, ENCRYPTION PROCESSING METHOD, AND PROGRAMME - An encryption processing device including an encryption processing part configured to divide configuration bits of data to be data processed into plural lines, and to input, and to repeatedly execute data conversion processing applying a round function to each line of data as a round calculation; and a key scheduling part configured to output round keys to a round calculation executing unit in the encryption processing part. The key scheduling part is a replacement type key scheduling part configured to generate plural round keys or round key configuration data by dividing a secret key stored beforehand into plural parts. The plural round keys are output to a round calculation executing unit sequentially executing in the encryption processing part such that a constant sequence is not repeated. The encryption processing configuration has a high level of security and a high level of resistance to repeated key attacks or other attacks. | 12-26-2013 |
| 20140247944 | CRYPTOGRAPHIC DEVICE WITH RESISTANCE TO DIFFERENTIAL POWER ANALYSIS AND OTHER EXTERNAL MONITORING ATTACKS - Techniques usable by devices to encrypt and decrypt sensitive data to in a manner that provides security from external monitoring attacks. The encrypting device has access to a base secret cryptographic value (key) that is also known to the decrypting device. The sensitive data are decomposed into segments, and each segment is encrypted with a separate encryption key derived from the base key and a message identifier to create a set of encrypted segments. The encrypting device uses the base secret cryptographic value to create validators that prove that the encrypted segments for this message identifier were created by a device with access to the base key. The decrypting device, upon receiving an encrypted segments and validator(s), uses the validator to verify the message identifier and that the encrypted segment are unmodified, then uses a cryptographic key derived from the base key and message identifier to decrypt the segments. | 09-04-2014 |
| 20150365232 | METHODS, SYSTEMS AND COMPUTER PROGRAM PRODUCT FOR PROVIDING VERIFICATION CODE RECOVERY AND REMOTE AUTHENTICATION - The described embodiments relate to methods, systems, and products for providing verification code recovery and remote authentication for a plurality of devices configured for electronic communication with a server. Specifically, in the methods, systems, and products, the user entrusts information about the user's verification code to the service provider, and only with cooperation between the user and the service provider can a lost verification code be recovered. The service provider can further authenticate the user before cooperating in the recovery process by way of a time-sensitive authentication sequence that involves the user device. | 12-17-2015 |
| 20160065369 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND STORAGE MEDIUM - An information processing apparatus including a hardware security module includes a verification unit configured to verify whether an encryption key of the hardware security module is usable and a disabling unit configured to disable a user authentication function if the verification unit verifies that the encryption key is not usable. | 03-03-2016 |
| 20160105286 | METHOD AND SYSTEM FOR BACKING UP PRIVATE KEY OF ELECTRONIC SIGNATURE TOKEN - Provided are a method and system for backing up the private key of an electronic signature token, the method comprising: a first electronic signature token transmits a private key backup request data packet comprising a first signature; a second electronic signature token authenticates the first signature in the private key backup request data packet; if the first signature passes authentication, then determining whether the first electronic signature token has a backup relationship with the second electronic signature token; if yes, then encrypting the private key of the second electronic signature token, and transmitting a private key backup response data packet comprising a second signature and the encrypted private key; the first electronic signature token authenticates the second signature in the private key backup response data packet; if the second signature passes authentication, then determining whether the second electronic signature token has a primary-standby relationship with the first electronic signature token; and if yes, then decrypting the encrypted private key. | 04-14-2016 |
| 20220141014 | STORING SECRET DATA ON A BLOCKCHAIN - Systems, methods, and devices are provided that allow for high-availability, redundant, cryptographically secure storage of secret data and other data on a blockchain. In an embodiment, a plurality of shards of secret data are received from a user and encrypted with shard manager public keys. The encrypted shards are stored on an authoritative blockchain, allowing for secure storage and use of the secret data by the owner and/or the blockchain. | 05-05-2022 |
