Decentralized information protection for confidentiality and tamper-proofing on distributed database
First Claim
1. A computer-implemented data security method, comprising:
- at a first computing device, receiving security service data from a first digital data repository;
using the first computing device, generating hidden security service data by generating a plurality of shares of the security service data;
using the first computing device, encrypting each share of the plurality of shares using a separate public key from among a plurality of public keys corresponding to each of a plurality of second computing devices, to generate a plurality of encrypted shares;
electronically storing the plurality of encrypted shares as data in a second digital data repository;
using a requesting second computing device of the plurality of second computing devices, in response to receiving an authentication request from a third computing device to access one or more fourth computing devices, sending a request to reveal the hidden security service data to the plurality of second computing devices;
in response to receiving the request, checking an availability of the plurality of second computing devices to determine an available subset of the plurality of second computing devices;
decrypting a subset of the plurality of encrypted shares using a subset of separate private keys corresponding to each of the available subset of the plurality of second computing devices to generate a plurality of decrypted shares;
using the available subset, encrypting the plurality of decrypted shares using a public key corresponding to the requesting second computing device to generate a plurality of re-encrypted shares, and sending the plurality of re-encrypted shares to the requesting second computing device;
using the requesting second computing device, decrypting the re-encrypted shares using a private key corresponding to the requesting second computing device in order to form hidden security service data;
forming and storing a readable copy of the hidden security service data;
using the readable copy of the hidden security service data, performing authentication services for the third computing device to grant or deny access to the one or more fourth computing devices.
1 Assignment
0 Petitions
Accused Products
Abstract
In an embodiment, a computer-implemented data security method comprises: at a first computing device, receiving security service data from a first digital data repository; using the first computing device, generating hidden security service data by generating a plurality of shares of the security service data; using the first computing device, encrypting each share of the plurality of shares using a separate public key from among a plurality of public keys corresponding to each of a plurality of second computing devices, to generate a plurality of encrypted shares; electronically storing the plurality of encrypted shares as data in a second digital data repository; using a subset of the plurality of second computing devices, in response to receiving an authentication request from a third computing device to access one or more fourth computing devices, decrypting a subset of the plurality of encrypted shares using a subset of separate private keys corresponding to each of the subset of the plurality of second computing devices to generate a plurality of decrypted shares; forming and storing a readable copy of the hidden security service data using the plurality of decrypted shares; using the readable copy of the hidden security service data, performing authentication services for the third computing device to grant or deny access to the one or more fourth computing devices.
-
Citations
17 Claims
-
1. A computer-implemented data security method, comprising:
-
at a first computing device, receiving security service data from a first digital data repository; using the first computing device, generating hidden security service data by generating a plurality of shares of the security service data; using the first computing device, encrypting each share of the plurality of shares using a separate public key from among a plurality of public keys corresponding to each of a plurality of second computing devices, to generate a plurality of encrypted shares; electronically storing the plurality of encrypted shares as data in a second digital data repository; using a requesting second computing device of the plurality of second computing devices, in response to receiving an authentication request from a third computing device to access one or more fourth computing devices, sending a request to reveal the hidden security service data to the plurality of second computing devices; in response to receiving the request, checking an availability of the plurality of second computing devices to determine an available subset of the plurality of second computing devices; decrypting a subset of the plurality of encrypted shares using a subset of separate private keys corresponding to each of the available subset of the plurality of second computing devices to generate a plurality of decrypted shares; using the available subset, encrypting the plurality of decrypted shares using a public key corresponding to the requesting second computing device to generate a plurality of re-encrypted shares, and sending the plurality of re-encrypted shares to the requesting second computing device; using the requesting second computing device, decrypting the re-encrypted shares using a private key corresponding to the requesting second computing device in order to form hidden security service data; forming and storing a readable copy of the hidden security service data; using the readable copy of the hidden security service data, performing authentication services for the third computing device to grant or deny access to the one or more fourth computing devices. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more non-transitory computer-readable storage media storing one or more sequences of program instructions which, when executed by one or more computing devices, cause:
-
at a first computing device, receiving security service data from a first digital data repository; using the first computing device, generating hidden security service data by generating a plurality of shares of the security service data; using the first computing device, encrypting each share of the plurality of shares using a separate public key from among a plurality of public keys corresponding to each of a plurality of second computing devices, to generate a plurality of encrypted shares; electronically storing the plurality of encrypted shares as data in a second digital data repository; using a requesting second computing device of the plurality of second computing devices in response to receiving an authentication request from a third computing device to access one or more fourth computing devices, sending a request to reveal the hidden security service data to the plurality of second computing devices; in response to receiving the request, checking an availability of the plurality of second computing devices to determine an available subset of the plurality of second computing devices; decrypting a subset of the plurality of encrypted shares using a subset of separate private keys corresponding to each of the available subset of the plurality of second computing devices to generate a plurality of decrypted shares; using the available subset, encrypting the plurality of decrypted shares using a public key corresponding to the requesting second computing device to generate a plurality of re-encrypted shares, and sending the plurality of re-encrypted shares to the requesting second computing device; using the requesting second computing device, decrypting the re-encrypted shares using a private key corresponding to the requesting second computing device in order to form hidden security service data; forming and storing a readable copy of the hidden security service data; using the readable copy of the hidden security service data, performing authentication services for the third computing device to grant or deny access to the one or more fourth computing devices. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer system providing an improvement in data security, the system comprising:
-
a distributed blockchain data repository; a first computing device that is communicatively coupled to the distributed blockchain data repository and comprising a first non-transitory data storage medium storing instructions which, when executed by the first computing device, cause; receiving security service data from a first digital data repository; generating hidden security service data by generating a plurality of shares of the security service data; encrypting each share of the plurality of shares using a separate public key from among a plurality of public keys corresponding to each of a plurality of second computing devices, to generate a plurality of encrypted shares; electronically updating the distributed blockchain data repository with the plurality of encrypted shares; at least two second computing devices of the plurality of second computing devices that are communicatively coupled to the distributed blockchain data repository and each comprising a second non-transitory data storage medium, storing instructions which, when executed by the plurality of second computing devices, cause; in response to receiving an authentication request from a third computing device to access one or more fourth computing devices, using a requesting second computing device of the at least two second computing devices, sending a request to reveal the hidden security service data to the plurality of second computing devices; in response to receiving the request, checking an availability of the at least two second computing devices to determine an available second computing device of the at least two second computing devices; decrypting at least two of the plurality of encrypted shares using at least two separate private keys corresponding to each of at least two second computing devices of the plurality of second computing devices to generate at least two decrypted shares; encrypting one of the at least two decrypted shares generated by the available second computing device using a public key corresponding to the requesting second computing device to generate a re-encrypted share, and sending the re-encrypted share to the requesting second computing device; receiving, at the requesting second computing device, the re-encrypted share from the available second computing device; decrypting the re-encrypted share using a private key corresponding to the requesting second computing device in order to form hidden security service data; forming and storing a readable copy of the hidden security service data; using the readable copy of the hidden security service data, performing authentication services for the third computing device to grant access to the one or more fourth computing devices. - View Dependent Claims (14, 15, 16)
-
-
17. A computer-implemented data security method, comprising:
-
at a first computing device, receiving security service data for accessing one or more Internet of Things (IoT) computing devices from a first digital data repository; using the first computing device, generating, on behalf of an enterprise server and using the security service data, a stored digital representation of a polynomial function and calculating a plurality of x-y coordinate points from the polynomial function to generate a plurality of shares of the security service data, each share of the plurality of shares representing a point of the plurality of x-y coordinate points; using the first computing device, encrypting each share of the plurality of shares using a separate public key from among a plurality of public keys corresponding to each of a plurality of second computing devices, to generate a plurality of encrypted shares; using the first computing device, electronically updating a distributed blockchain data repository with the plurality of encrypted shares; using a requesting second computing device of the plurality of second computing devices, receiving an authentication request from a third computing device to access the one or more IoT computing devices and, in response to receiving the authentication request, requesting a first encrypted share of the plurality of encrypted shares, encrypted using a first public key corresponding to the requesting second computing device, from the distributed blockchain data repository, and requesting at least one second encrypted share of the plurality of encrypted shares from at least one available second computing devices of the plurality of second computing devices; using the at least one available second computing device, accessing and decrypting, from the distributed blockchain data repository, the at least one second encrypted share that correspond to the at least one available second computing devices using a corresponding private key of the at least one available second computing device to generate at least one decrypted share; using the at least one available second computing device, encrypting the at least one decrypted share using a public key of the requesting second computing device to generate at least one re-encrypted share, and sending the at least one re-encrypted share to the requesting second computing device; using the requesting second computing device, decrypting the first encrypted share and the at least one re-encrypted share using a private key of the requesting second computing device to form at least two points of the plurality of x-y coordinate points; using the requesting second computing device, reconstructing the stored digital representation of the polynomial function using the at least two points of the plurality of x-y coordinate points to form the security service data; using the requesting second computing device, in response to forming the security service data, performing authentication services using the readable copy of the hidden security service data for the third computing device to grant or deny access to the one or more IoT computing devices.
-
Specification