SYSTEM AND METHOD FOR SECURE RELEASE OF SECRET INFORMATION OVER A NETWORK
First Claim
Patent Images
1. A method for a computer system to securely manage secret information over a network, the system having a server being communicatively coupled to one or more trustees, the method being performed by the server and comprising:
- receiving a secret payload from a depositing client, wherein the secret payload is encrypted by a client public key and can only be decrypted with a client private key, which is not possessed by either the server or the trustees;
receiving, from the depositing client, companion information associated with and specific to the secret payload, wherein the companion information is encrypted by a server public key and can only be decrypted with a server private key, which is possessed by the server, and wherein the companion information includes rules for accessing the secret payload, the rules identifying a list of trustees and a trustee policy that specifies a manner necessary for the list of trustees to approve access requests to the secret payload;
storing the secret payload along with the companion information;
receiving, from a requesting client, an access request to access the secret payload, the access request being encrypted by the server public key and including a seed that was randomly generated by the server and assigned to the requesting client in a preceding transaction;
decrypting the access request using the server private key;
verifying a validity of the access request based on the seed;
after the access request is verified, sending an authorization request regarding the access request to each trustee in the list of trustees;
receiving responses to the authorization requests from the list of trustees;
applying the trustee policy to the received responses to determine whether to disseminate the secret payload; and
selectively disseminating the secret payload to the requesting client based on a result of applying the trustee policy.
5 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure include systems and methods for secure release of secret information over a network. The server can be configured to receive a request from a client to access the deposit of secret information, send an authorization request to at least one designated trustee in the set of designated trustees for the deposit of secret information, receive responses over the network from one or more of the designated trustees in the set of designated trustees and apply a trustee policy to the responses from the one or more designated trustees in the set of trustees to determine if the request is authorized. If the request is authorized, the server can send the secret information to the client. If the request is not authorized, the server denies access by the client to the secret information.
43 Citations
20 Claims
-
1. A method for a computer system to securely manage secret information over a network, the system having a server being communicatively coupled to one or more trustees, the method being performed by the server and comprising:
-
receiving a secret payload from a depositing client, wherein the secret payload is encrypted by a client public key and can only be decrypted with a client private key, which is not possessed by either the server or the trustees; receiving, from the depositing client, companion information associated with and specific to the secret payload, wherein the companion information is encrypted by a server public key and can only be decrypted with a server private key, which is possessed by the server, and wherein the companion information includes rules for accessing the secret payload, the rules identifying a list of trustees and a trustee policy that specifies a manner necessary for the list of trustees to approve access requests to the secret payload; storing the secret payload along with the companion information; receiving, from a requesting client, an access request to access the secret payload, the access request being encrypted by the server public key and including a seed that was randomly generated by the server and assigned to the requesting client in a preceding transaction; decrypting the access request using the server private key; verifying a validity of the access request based on the seed; after the access request is verified, sending an authorization request regarding the access request to each trustee in the list of trustees; receiving responses to the authorization requests from the list of trustees; applying the trustee policy to the received responses to determine whether to disseminate the secret payload; and selectively disseminating the secret payload to the requesting client based on a result of applying the trustee policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer system to securely manage secret information over a network, the system having a server being communicatively coupled to one or more trustees, wherein the server is configured to perform a method comprising:
-
receiving a secret payload from a depositing client, wherein the secret payload is encrypted by a client public key and can only be decrypted with a client private key, which is not possessed by either the server or the trustees; receiving, from the depositing client, companion information associated with and specific to the secret payload, wherein the companion information is encrypted by a server public key and can only be decrypted with a server private key, which is possessed by the server, and wherein the companion information includes rules for accessing the secret payload, the rules identifying a list of trustees and a trustee policy that specifies a manner necessary for the list of trustees to approve access requests to the secret payload; storing the secret payload along with the companion information; receiving, from a requesting client, an access request to access the secret payload, the access request being encrypted by the server public key and including a seed that was randomly generated by the server and assigned to the requesting client in a preceding transaction; decrypting the access request using the server private key; verifying a validity of the access request based on the seed; after the access request is verified, sending an authorization request regarding the access request to each trustee in the list of trustees; receiving responses to the authorization requests from the list of trustees; applying the trustee policy to the received responses to determine whether to disseminate the secret payload; and selectively disseminating the secret payload to the requesting client based on a result of applying the trustee policy. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCloudera Incorporated
-
Original AssigneeCloudera Incorporated
-
InventorsKirkland, Dustin C., Garcia, Eduardo
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current1/1
-
CPC Class CodesH04L 63/0442 wherein the sending and rec...H04L 63/10 for controlling access to d...H04L 9/0825 using asymmetric-key encryp...H04L 9/083 involving central third par...H04L 9/321 involving a third party or ...
