US 12,438,699 B2
Encrypt shared data with an aggregate key derived from multiple crypto keychains
Sunil Jain, Portland, OR (US)
Assigned to SAP SE, Walldorf (DE)
Filed by SAP SE, Walldorf (DE)
Filed on Mar. 23, 2023, as Appl. No. 18/188,768.
Prior Publication US 2024/0322998 A1, Sep. 26, 2024
Int. Cl. H04L 9/08 (2006.01); H04L 9/32 (2006.01)
CPC H04L 9/0822 (2013.01) [H04L 9/3226 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method, comprising:
concatenating, as a concatenated key, all individual data owner key encryption keys (KEKs) to form a single longer key;
applying, to the concatenated key, a key derivative function (KDF) to derive an aggregateKey of a certain target property; and
applying policy-as-code to verify a current validity/authority of the aggregateKey on data of an individual data owner to allow any operations on the data of an individual data owner, wherein, as long as an individual data owner's KEK remains valid, the aggregateKey is usable to encrypt/decrypt each individual data owner's data using each individual data owner's data encryption key (DEK) while another individual data owner's invalid KEK renders the aggregateKey unusable to encrypt/decrypt the another individual data owner's data using the another individual data owner's DEK.