REVOCATION OF A SYSTEM ADMINISTRATOR IN AN ENCRYPTED FILE SYSTEM
First Claim
1. A method of storing electronic information, the method comprising:
- a) encrypting target electronically stored information (“
ESI”
) with a first encryption key to form a first encrypted ESI;
b) partitioning the first encrypted ESI into a first set of encrypted ESI partitions, the encrypted ESI partitions being such that a predetermined number of the encrypted ESI partitions are able to reconstruct the first encrypted ESI;
c) encrypting the first set of encrypted ESI partitions with a first set of user encryption keys to form a first set of user-associated encrypted ESI partitions, each encrypted ESI partition of the first set of user-associated encrypted ESI partitions having an associated user encryption key;
d) making available the first set of user-associated encrypted ESI partitions to a first set of users, wherein each user knows a decryption key for an encrypted ESI partition of the first set of user-associated encrypted ESI partitions;
e) accessing the target electronically stored information;
f) encrypting the target ESI with a second encryption key to form a second encrypted ESI;
g) partitioning the second encrypted ESI into a second set of encrypted ESI partitions, the second set of encrypted ESI partitions being such that a predetermined number of encrypted ESI partitions from the second set are able to reconstruct the second encrypted ESI;
h) encrypting the second set of encrypted ESI partitions with a second set of user encryption keys to form a second set of user-associated encrypted ESI partitions, each encrypted ESI partition of the second set of user-associated encrypted ESI partitions having an associated user encryption key, wherein the second set of user encryption keys is the same or different than the first set of encryption keys; and
i) making the second set of user-associated encrypted ESI partitions available to a second set of users, wherein each user of the second set of users knows a decryption key for an encrypted ESI partition of the second set of user-associated encrypted ESI partitions.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of securely storing electronic information includes a step in which target electronically stored information is encrypted with a first encryption key and then partitioned into a first set of encrypted ESI partitions a subset of which is able to reconstruct the unpartitioned encrypted ESI. This first set of encrypted ESI partitions is then encrypted with a first set of user encryption keys to form a first set of user-associated encrypted ESI partitions that are made available to a first set of users. When access to the target electronically stored information is changed, the target electronically stored information is accessed and then re-encrypted with a second encryption key to form a second encrypted ESI. This second encrypted ESI is then partitioned and distributed to a second set of users.
66 Citations
19 Claims
-
1. A method of storing electronic information, the method comprising:
-
a) encrypting target electronically stored information (“
ESI”
) with a first encryption key to form a first encrypted ESI;b) partitioning the first encrypted ESI into a first set of encrypted ESI partitions, the encrypted ESI partitions being such that a predetermined number of the encrypted ESI partitions are able to reconstruct the first encrypted ESI; c) encrypting the first set of encrypted ESI partitions with a first set of user encryption keys to form a first set of user-associated encrypted ESI partitions, each encrypted ESI partition of the first set of user-associated encrypted ESI partitions having an associated user encryption key; d) making available the first set of user-associated encrypted ESI partitions to a first set of users, wherein each user knows a decryption key for an encrypted ESI partition of the first set of user-associated encrypted ESI partitions; e) accessing the target electronically stored information; f) encrypting the target ESI with a second encryption key to form a second encrypted ESI; g) partitioning the second encrypted ESI into a second set of encrypted ESI partitions, the second set of encrypted ESI partitions being such that a predetermined number of encrypted ESI partitions from the second set are able to reconstruct the second encrypted ESI; h) encrypting the second set of encrypted ESI partitions with a second set of user encryption keys to form a second set of user-associated encrypted ESI partitions, each encrypted ESI partition of the second set of user-associated encrypted ESI partitions having an associated user encryption key, wherein the second set of user encryption keys is the same or different than the first set of encryption keys; and i) making the second set of user-associated encrypted ESI partitions available to a second set of users, wherein each user of the second set of users knows a decryption key for an encrypted ESI partition of the second set of user-associated encrypted ESI partitions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of storing electronic information, the method comprising:
-
a) partitioning electronically stored information (“
ESI”
) into a plurality of ESI partitions;b) encrypting each of the ESI partitions with a first set of public key pairs to form a plurality encrypted partitions; c) partitioning each of the encrypted partitions into a plurality of user shares wherein encrypted partitions are retrievable by a quorum of user utilizing their respective decryption keys and user shares; d) retrieving the electronically stored information; and e) repeating steps a) though c) with a second set of public key pairs. - View Dependent Claims (17, 18)
-
-
19. A computer processor operable to execute one or more of the following steps:
-
a) encrypting target electronically stored information (“
ESI”
) with a first encryption key to form a first encrypted ESI;b) partitioning the first encrypted ESI into a first set of encrypted ESI partitions, the encrypted ESI partitions being such that a predetermined number of the encrypted ESI partitions are able to reconstruct the first encrypted ESI; c) encrypting the first set of encrypted ESI partitions with a first set of user encryption keys to form a first set of user-associated encrypted ESI partitions, each encrypted ESI partition of the first set of user-associated encrypted ESI partitions having an associated user encryption key; d) making available the first set of user-associated encrypted ESI partitions to a first set of users, wherein each user knows a decryption key for an encrypted ESI partition of the first set of user-associated encrypted ESI partitions; e) accessing the target electronically stored information; f) encrypting the target ESI with a second encryption key to form a second encrypted ESI; g) partitioning the second encrypted ESI into a second set of encrypted ESI partitions, the second set of encrypted ESI partitions being such that a predetermined number of encrypted ESI partitions from the second set are able to reconstruct the second encrypted ESI; h) encrypting the second set of encrypted ESI partitions with a second set of user encryption keys to form a second set of user-associated encrypted ESI partitions, each encrypted ESI partition of the second set of user-associated encrypted ESI partitions having an associated user encryption key, wherein the second set of user encryption keys is the same or different than the first set of encryption keys; and i) making the second set of user-associated encrypted ESI partitions available to a second set of users, wherein each user of the second set of users knows a decryption key for an encrypted ESI partition of the second set of user-associated encrypted ESI partitions.
-
Specification