Multiply-encrypting data requiring multiple keys for decryption
First Claim
Patent Images
1. A method executed on a server, comprising:
- receiving a request to encrypt a piece of data;
encrypting the piece of data such that no single key can decrypt the encrypted piece of data and any unique combination of a first plurality of unique keys taken a first number at a time are capable of decrypting the encrypted piece of data, wherein the first number is greater than one, wherein each one of the first plurality of unique keys is tied to account credentials of a particular user of a plurality of users respectively, and wherein the first number is less than or equal to the first plurality;
returning the encrypted piece of data;
receiving, at the server, account credentials of at least a second number of the plurality of users equivalent to the first number;
receiving, at the server, a delegation submission from at least the second number of the plurality of users that allows use of the account credentials of the at least the second number of plurality of users respectively for a limited number of decryptions or a limited amount of time;
receiving a request to decrypt the encrypted piece of data;
decrypting, for each particular one of at least the second number of the plurality of users equivalent to the first number, the one of the first plurality of unique keys that correspond to that particular one of the at least the second number of the plurality of users;
decrypting the encrypted piece of data using the decrypted ones of the first plurality of unique keys; and
returning the decrypted piece of data.
0 Assignments
0 Petitions
Accused Products
Abstract
A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.
86 Citations
11 Claims
-
1. A method executed on a server, comprising:
-
receiving a request to encrypt a piece of data; encrypting the piece of data such that no single key can decrypt the encrypted piece of data and any unique combination of a first plurality of unique keys taken a first number at a time are capable of decrypting the encrypted piece of data, wherein the first number is greater than one, wherein each one of the first plurality of unique keys is tied to account credentials of a particular user of a plurality of users respectively, and wherein the first number is less than or equal to the first plurality; returning the encrypted piece of data; receiving, at the server, account credentials of at least a second number of the plurality of users equivalent to the first number; receiving, at the server, a delegation submission from at least the second number of the plurality of users that allows use of the account credentials of the at least the second number of plurality of users respectively for a limited number of decryptions or a limited amount of time; receiving a request to decrypt the encrypted piece of data; decrypting, for each particular one of at least the second number of the plurality of users equivalent to the first number, the one of the first plurality of unique keys that correspond to that particular one of the at least the second number of the plurality of users; decrypting the encrypted piece of data using the decrypted ones of the first plurality of unique keys; and returning the decrypted piece of data. - View Dependent Claims (2, 3, 4)
-
-
5. An apparatus for encrypting and decrypting data, comprising:
-
a set of one or more processors; a non-transitory machine-readable storage medium that stores instructions that, when executed by the set of processors, generate the following; an encryption module that is configured to encrypt a piece of data such that no single key can decrypt the encrypted piece of data and any unique combination of a first plurality of unique keys taken a first number at a time are capable of decrypting the encrypted piece of data, wherein the first number is greater than one, wherein each particular one of the first plurality of unique keys is tied to account credentials of a particular user of a plurality of users respectively, and wherein the first number is less than or equal to the first plurality; a decryption module that is configured to decrypt the piece of data when there is access to at least one combination of the first plurality of unique keys taken the second plurality at a time; and a delegation module that is configured to permit each of the different users to delegate use of their account credentials respectively for decrypting data for a limited number of decryptions or for a limited amount of time. - View Dependent Claims (6, 7)
-
-
8. A non-transitory machine-readable storage medium that stores instructions that, when executed by a set of one or more processors of a server, cause the server to perform operations, comprising:
-
receiving a request to encrypt a piece of data; encrypting the piece of data such that no single key can decrypt the encrypted piece of data and any unique combination of a first plurality of unique keys taken a first number at a time are capable of decrypting the encrypted piece of data, wherein the first number is greater than one, wherein each one of the first plurality of unique keys is tied to account credentials of a particular user of a plurality of users respectively, and wherein the first number is less than or equal to the first plurality; returning the encrypted piece of data; receiving, at the server, account credentials of at least a second number of the plurality of users equivalent to the first number; receiving, at the server, a delegation submission from at least the second number of the plurality of users that allows use of the account credentials of the at least the second number of plurality of users respectively for a limited number of decryptions or a limited amount of time; receiving a request to decrypt the encrypted piece of data; decrypting, for each particular one of at least the second number of the plurality of users equivalent to the first number, the one of the first plurality of unique keys that correspond to that particular one of the at least the second number of the plurality of users; decrypting the encrypted piece of data using the decrypted ones of the first plurality of unique keys; and returning the decrypted piece of data. - View Dependent Claims (9, 10, 11)
-
Specification