Abstract: An encryption key management apparatus receives from an authorized compute device, a raw dataset that is encrypted with at least one asymmetric encryption key. The apparatus can determine, based on the raw dataset, an identifier of a first entity associated with the raw dataset and an identifier of a second entity associated with the raw dataset. The apparatus can retrieve based on the identifier of the first entity, an asymmetric decryption key associated with the first entity. Likewise, the apparatus can retrieve, based on the identifier of the second entity, an asymmetric decryption key associated with the second entity. The apparatus can generate a decrypted raw dataset using the asymmetric decryption keys associated with the first and second entities. The apparatus can additionally use a symmetric master key to generate a symmetrically encrypted raw dataset and send the symmetrically encrypted raw dataset to the authorized compute device.

Abstract: An encryption key management apparatus receives from an authorized compute device, a raw dataset that is encrypted with at least one asymmetric encryption key. The apparatus can determine, based on the raw dataset, an identifier of a first entity associated with the raw dataset and an identifier of a second entity associated with the raw dataset. The apparatus can retrieve based on the identifier of the first entity, an asymmetric decryption key associated with the first entity. Likewise, the apparatus can retrieve, based on the identifier of the second entity, an asymmetric decryption key associated with the second entity. The apparatus can generate a decrypted raw dataset using the asymmetric decryption keys associated with the first and second entities. The apparatus can additionally use a symmetric master key to generate a symmetrically encrypted raw dataset and send the symmetrically encrypted raw dataset to the authorized compute device.