Intuit Inc.
System and method for security breach response using hierarchical cryptographic key management

Abstract:

A cryptographic service system rekeys encrypted information that was encrypted at a granular level using hierarchical cryptographic key management. Encrypted information is retrieved from a cloud data store. The encrypted information includes an encrypted data key and an encrypted key-encrypting key. The plain version of the key-encrypting key is received from a key provider. The plain version of the key-encrypting key is used to decrypt the original data key. A new key-encrypting key is retrieved from a local key pool. The new key-encrypting key is used to encrypt the original data key. The original encrypted information is stored with the new encrypted version of the original data key and the encrypted version of the new key-encrypting key.