Three-Layer Encryption Method Awarded PatentMay 15, 2008 – 3:16 PM
Eruces Data Security has secured a patent for its three-step encryption and key management scheme, which is designed to lock down data through its lifecycle.
The security firm’s so-called Tricryption technology first encrypts the data itself with symmetric keys, and then encrypts the keys and stores them in a central key repository. It also encrypts the links between the data and the keys.
“It stores the keys separately from the data items and encrypts the links between them,” says Oggy Vasic, senior vice president of software development for Eruces.
Vasic says Tricryption is different in that it centralizes key management for different types of encrypted data, including file, database, and storage, and it applies individual access control lists for each key to determine how a key is used, who can use it, when they can use it, and how often, for example. So when a client requests a key, it’s then authenticated using LDAP, PKI, Active Directory, or other authentication methods, as well as authorized based on its access rights, he says.
The authentication and authorization part of the key process is aimed at protecting data from outside attacks as well as for preventing insider attacks, such as a malicious employee snooping into the database or siphoning information off of a storage device, he says.
Other encryption vendors offer key servers, of course, but Vasic says the main difference with Tricryption is that it’s based on symmetric cryptography, with a unique key for each data item. “Hence the Tricryption key server manages session keys — stored away from data,” he says. It runs on Windows, Linux, Solaris, AIX, and HPUX.