USER-CONTROLLED DATA ENCRYPTION WITH OBFUSCATED POLICY
First Claim
1. A method for re-encrypting data, comprising:
- specifying a data-sharing policy that determines who the data will be shared with and how much of the data will be shared;
generating an obfuscated re-encryption program that is a private version of the data-sharing policy;
sending the obfuscated re-encryption program to a cloud data management system in a cloud computing environment;
storing encrypted data on a cloud data management system; and
re-encrypting the encrypted data on the cloud data management system using the obfuscated re-encryption program to obtain the re-encrypted data.
2 Assignments
0 Petitions
Accused Products
Abstract
An obfuscated policy data encryption system and method for re-encrypting data to maintain the confidentiality and integrity of data about a user when the data is stored in a public cloud computing environment. The system and method allow a user to specify in a data-sharing policy who can obtain the data and how much of the data is available to them. This policy is obfuscated such that it is unintelligible to the cloud operator and others processing and storing the data. In some embodiments, a patient species with whom his health care data should be shared with and the encrypted health care data is stored in the cloud in an electronic medical records system. The obfuscated policy allows the electronic medial records system to dispense the health care data of the patient to those requesting the data without disclosing the details of the policy itself.
-
Citations
20 Claims
-
1. A method for re-encrypting data, comprising:
-
specifying a data-sharing policy that determines who the data will be shared with and how much of the data will be shared; generating an obfuscated re-encryption program that is a private version of the data-sharing policy; sending the obfuscated re-encryption program to a cloud data management system in a cloud computing environment; storing encrypted data on a cloud data management system; and re-encrypting the encrypted data on the cloud data management system using the obfuscated re-encryption program to obtain the re-encrypted data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for maintaining a confidentiality of a user'"'"'s data when the data is stored in a cloud data management system on a public cloud computing environment, comprising:
-
having the user specify a data-sharing policy that sets forth if and how much of the data is shared with a data consumer that desires the data; hiding the data-sharing procedure from the cloud data management system by generating an obfuscated re-encryption program that is a private version of the data-sharing policy; generating an obfuscated re-encryption program using a private key of the user, a public key of the data consumer, and the data-sharing policy; receiving encrypted data on the cloud data management system sent from a data provider, where the encrypted data is an encrypted version of the data; re-encrypting the encrypted data using the obfuscated re-encryption program to obtain re-encrypted data; and storing the re-encrypted data in the cloud data management system. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method for providing health care data about a patient in accordance with a data-sharing policy set by the patient, comprising:
-
having the patient set the data-sharing policy that sets forth how much access to the health care data may be given to health care providers and other data consumers; generating an obfuscated re-encryption program that is a private version of the data-sharing policy; sending the obfuscated re-encryption program to an electronic medical records system in a cloud computing environment; storing encrypted health care data about the patient in the electronic medical records system; and providing upon request the health care data about the patient to a health care provider that will be readable in accordance with the data-sharing policy set by the patient. - View Dependent Claims (17, 18, 19, 20)
-
Specification