US 11,991,293 B2
Authorized secure data movement
John Stewart Best, San Jose, CA (US); Guerney D. H. Hunt, Yorktown Heights, NY (US); Wayne C. Hineman, San Jose, CA (US); and Steven Robert Hetzler, Los Altos, CA (US)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Aug. 17, 2021, as Appl. No. 17/404,899.
Prior Publication US 2023/0058965 A1, Feb. 23, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/32 (2006.01); H04L 9/08 (2006.01)
CPC H04L 9/3247 (2013.01) [H04L 9/088 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system, comprising:
an authenticated encryption layer comprising one or more hardware processors, and logic configured to cause the one or more hardware processors to:
encrypt data received at the authenticated encryption layer from an authorized application at a source node, the data being encrypted using a first key to obtain first encrypted data;
encrypt the first encrypted data using a second key to obtain double encrypted second encrypted data;
generate a watermark for the first encrypted data and/or a watermark for the second encrypted data, wherein each generated watermark is generated using the associated encrypted data and a respective watermark key that is different than the first key and different than the second key;
generate a watermark token for the first encrypted data and/or a watermark token for the second encrypted data; and
outputting the second encrypted data, the watermark(s), and the watermark token(s) to a second system.