Methods And Apparatus For Sharing Encrypted Data

US 20160350544A1
Filed: 10/22/2014
Published: 12/01/2016
Est. Priority Date: 10/22/2014
Status: Abandoned Application

First Claim

Patent Images

1. A system for sharing encrypted information among users securely and yet efficiently, wherein the users can share access to information, comprising:

a processor;

Records;

Recordsets;

Trusted Entity Lists;

Entities;

Tokens;

a memory storing instructions configured to be executed by the processor to implement an encrypted record and encryption keys wrapping method, the method comprising;

obtaining a record, a record key, a recordset, a recordset key;

associating said recordset key with said recordset;

encrypting said record by using said record key;

encrypting said record key by using said recordset key;

associating said encrypted record key with said record;

associating said record with said recordset; and

a memory storing instructions configured to be executed by the processor to implement an encrypted record and encryption keys access control method, the method comprising;

obtaining an Entity, a Trusted Entity List;

obtaining a Cipher from said Entity; and

associating said Cipher with said Trusted Entity List.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for sharing encrypted data and encryption keys through a system comprised of the following data types, but not limited to a; 1) Record and its encryption key, 2) RecordSet and its encryption key, and 3) Entity and its encryption key. A Record is encrypted using an encryption key, furthermore, the Record encryption key is encrypted using a RecordSet encryption key, and finally, both the encrypted Record and its encrypted encryption key are wrapped as a single unit, to avoid key the expensive operations of key lookup and general key operation overhead. Access control to the RecordSet encryption keys are provided by a combination of data types, but not limited to a; 1) Entity and its encryption key, 2) Ciphers, and 3) Trusted Entity Lists. For each Entity which is authorized access to access a RecordSet, an encrypted Cipher, made of both the Entity encryption key and RecordSet encryption key, is added to a Trusted Entity List. Tokens are protected by user defined secrets, comprised of Entity encryption keys.

17 Citations

View as Search Results

12 Claims

1. A system for sharing encrypted information among users securely and yet efficiently, wherein the users can share access to information, comprising:
- a processor;
  
  Records;
  
  Recordsets;
  
  Trusted Entity Lists;
  
  Entities;
  
  Tokens;
  
  a memory storing instructions configured to be executed by the processor to implement an encrypted record and encryption keys wrapping method, the method comprising;
  
  obtaining a record, a record key, a recordset, a recordset key;
  
  associating said recordset key with said recordset;
  
  encrypting said record by using said record key;
  
  encrypting said record key by using said recordset key;
  
  associating said encrypted record key with said record;
  
  associating said record with said recordset; and
  
  a memory storing instructions configured to be executed by the processor to implement an encrypted record and encryption keys access control method, the method comprising;
  
  obtaining an Entity, a Trusted Entity List;
  
  obtaining a Cipher from said Entity; and
  
  associating said Cipher with said Trusted Entity List.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the system further comprises an access control method that enables sharing access without a centralized key store, the method comprising:
    - adding a token-type in each of said tokens, wherein said token-type is of type TOKEN-ACCESS, ENTITY-ACCESS, or ENTITY-ASSIGN;
      
      sharing tokens among user entities and user group entities, and by adding each of said user entities and user group entities to said Trusted Entity List;
      
      locating said Trusted Entity Lists by means of entity keys stored in each of said tokens; and
      
      decrypting said entity keys by means of said secrets in each of said tokens.
  - 3. The system of claim 1, wherein the system further comprises a rekey method to update said recordset key without decryption of said records.
  - 4. The system of claim 1, wherein the system further comprises a regrouping method to share said record to additional recordsets without decryption of said records.
  - 5. The system of claim 1, wherein the system further comprises a secure and efficient record export method, the method comprises:
    - adding said token'"'"'s secret to said Trusted Entity List in place of said entity key; and
      
      decrypt said recordset cipher by means of said token'"'"'s secret to retrieve said recordset key.
  - 6. The system of claim 1, wherein the system further comprises a Entity Key distribution method for creating a token by encryption of said Entity Key and said Record Key;
    - and protecting said token with a user defined secret.
  - 7. The system of claim 1, wherein the system further comprises an encryption keys creation method, the method comprises:
    - creating said record key with the use of a bitstream;
      
      creating said recordset key with the use of a bitstream;
      
      creating said Entity Key with the use of a bitstream; and
      
      creating said Cipher with the use of both Entity Key and RecordSet Key.
  - 8. The system of claim 1, wherein the system further comprises a decryption method, the method comprises:
    - obtaining an encrypted record;
      
      obtaining an RecordSet Key associated with said encrypted record;
      
      obtaining a RecordKey Cipher associated with said encrypted record;
      
      decrypting said RecordKey Cipher with said RecordSet key to obtain a Record Key; and
      
      decrypting said encrypted record with said Record Key to obtain a Record.
  - 9. The method of claim 8, wherein the method further comprises a Record modification method, the method comprises:
    - obtaining a modified Record;
      
      encrypting said modified Record with said Record Key to obtain an replacement Record;
      
      associating said replacement Record with said RecordKey Cipher; and
      
      associating said replacement Record with said RecordSet Key.

10. An one-touch access revocation method, wherein a password is compromised, a new password is generated to efficiently update access to all recordsets and records without decrypting or updating any records, the method comprising:
- deleting a password, deleting an entity key cipher, and deleting a record set key cipher; and
  
  creating a new password, creating a new entity key cipher, and creating a new record set key cipher, wherein the new record set key cipher is added to the record set.

11. A time-limited access token method for accessing data in a TNO storage, wherein access is set to expired after a configurable period of time, the method comprising:
- generating a token by providing a password; and
  
  recording the token and an expiration timestamp. (what about changing password with an active token?)

12. An entity key storage method, wherein entity keys are encrypted to store in one encrypted storage location, and record sets are encrypted to store in a separate location, the method comprising:
- retrieving an entity key cipher by providing a password;
  
  decrypting the entity key cipher with the password to obtain an entity key; and
  
  decrypting a record set key cipher with the entity key to obtain a record set key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sze Yuen Wong
Original Assignee
Sze Yuen Wong
Inventors
Wong, Sze Yuen

Application Number

US14/520,932
Publication Number

US 20160350544A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

H04L 9/0863   involving passwords or one-...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3234   involving additional secure...

Methods And Apparatus For Sharing Encrypted Data

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Methods And Apparatus For Sharing Encrypted Data

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links