Cloud key escrow system
First Claim
1. A computer implemented method for securely storing encrypted data and providing access to the stored encrypted data according to a predefined policy, the method comprising:
- receiving a request to access stored, encrypted data, the encrypted data being stored in a data storage system according to a predefined policy, the encryption preventing the storage system from accessing unencrypted data decrypted from the encrypted data, the policy allowing the encrypted data to be provided to an authorized entity only upon receiving a threshold number of requests from verified third parties;
in response to receiving the request to access the stored, encrypted data, sending a query to a plurality of the verified third parties, the query requesting permission from the verified third parties to access the stored, encrypted data according to the predefined policy;
receiving a response to the query from at least a threshold number of the verified third parties, each received response including permission to access the stored, encrypted data; and
in response to receiving permission to access the stored, encrypted data from at least a threshold number of the verified third parties, allowing the requesting party to access the user'"'"'s stored, encrypted data according to the predefined policy.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to storing encrypted data in a data store and to securely providing access to the encrypted data according to a predefined policy. A data storage system receives encrypted data. The data is encrypted using a private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption and the policy prevents the storage system from unencrypting the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system decrypting the encrypted data. The data storage system can acknowledge that the received encrypted data has been verified and successfully stored.
50 Citations
20 Claims
-
1. A computer implemented method for securely storing encrypted data and providing access to the stored encrypted data according to a predefined policy, the method comprising:
-
receiving a request to access stored, encrypted data, the encrypted data being stored in a data storage system according to a predefined policy, the encryption preventing the storage system from accessing unencrypted data decrypted from the encrypted data, the policy allowing the encrypted data to be provided to an authorized entity only upon receiving a threshold number of requests from verified third parties; in response to receiving the request to access the stored, encrypted data, sending a query to a plurality of the verified third parties, the query requesting permission from the verified third parties to access the stored, encrypted data according to the predefined policy; receiving a response to the query from at least a threshold number of the verified third parties, each received response including permission to access the stored, encrypted data; and in response to receiving permission to access the stored, encrypted data from at least a threshold number of the verified third parties, allowing the requesting party to access the user'"'"'s stored, encrypted data according to the predefined policy. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product for implementing a method for securely storing encrypted data and providing access to the stored encrypted data according to a predefined policy, the computer program product comprising one or more computer readable storage devices having encoded therein computer executable instructions which, when executed upon one or more computer processors, cause the processors to perform the method comprising:
-
receiving a request to access stored, encrypted data, the encrypted data being stored in a data storage system according to a predefined policy, the encryption preventing the storage system from accessing unencrypted data decrypted from the encrypted data, the policy allowing the encrypted data to be provided to an authorized entity only upon receiving a threshold number of requests from verified third parties; in response to receiving the request to access the stored, encrypted data, sending a query to a plurality of the verified third parties, requesting permission from the verified third parties to access the stored, encrypted data according to the predefined policy; receiving a response to the query from at least a threshold number of the verified third parties, each received response including permission to access the stored, encrypted data; and in response to receiving permission to access the stored, encrypted data from at least a threshold number of the verified third parties, allowing the requesting party to access the user'"'"'s stored, encrypted data according to the predefined policy. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer system for implementing a method for securely storing encrypted data and providing access to the stored encrypted data according to a predefined policy, the system comprising one or more computer processors and computer readable media having encoded therein computer executable instructions which, when executed upon the one or more processors, cause the system to perform the method comprising:
-
receiving a request to access stored, encrypted data, the encrypted data being stored in a data storage system according to a predefined policy, the encryption preventing the storage system from accessing unencrypted data decrypted from the encrypted data, the policy allowing the encrypted data to be provided to an authorized entity only upon receiving a threshold number of requests from verified third parties; in response to receiving the request to access the stored, encrypted data, sending a query to a plurality of the verified third parties, requesting permission from the verified third parties to access the stored, encrypted data according to the predefined policy; receiving a response to the query from at least a threshold number of the verified third parties, each received response including permission to access the stored, encrypted data; and in response to receiving permission to access the stored, encrypted data from at least a threshold number of the verified third parties, allowing the requesting party to access the user'"'"'s stored, encrypted data according to the predefined policy. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification