Methods And Apparatus For Sharing Encrypted Data
First Claim
1. A system for sharing encrypted information among users securely and yet efficiently, wherein the users can share access to information, comprising:
- a processor;
Records;
Recordsets;
Trusted Entity Lists;
Entities;
Tokens;
a memory storing instructions configured to be executed by the processor to implement an encrypted record and encryption keys wrapping method, the method comprising;
obtaining a record, a record key, a recordset, a recordset key;
associating said recordset key with said recordset;
encrypting said record by using said record key;
encrypting said record key by using said recordset key;
associating said encrypted record key with said record;
associating said record with said recordset; and
a memory storing instructions configured to be executed by the processor to implement an encrypted record and encryption keys access control method, the method comprising;
obtaining an Entity, a Trusted Entity List;
obtaining a Cipher from said Entity; and
associating said Cipher with said Trusted Entity List.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for sharing encrypted data and encryption keys through a system comprised of the following data types, but not limited to a; 1) Record and its encryption key, 2) RecordSet and its encryption key, and 3) Entity and its encryption key. A Record is encrypted using an encryption key, furthermore, the Record encryption key is encrypted using a RecordSet encryption key, and finally, both the encrypted Record and its encrypted encryption key are wrapped as a single unit, to avoid key the expensive operations of key lookup and general key operation overhead. Access control to the RecordSet encryption keys are provided by a combination of data types, but not limited to a; 1) Entity and its encryption key, 2) Ciphers, and 3) Trusted Entity Lists. For each Entity which is authorized access to access a RecordSet, an encrypted Cipher, made of both the Entity encryption key and RecordSet encryption key, is added to a Trusted Entity List. Tokens are protected by user defined secrets, comprised of Entity encryption keys.
-
Citations
12 Claims
-
1. A system for sharing encrypted information among users securely and yet efficiently, wherein the users can share access to information, comprising:
-
a processor; Records; Recordsets; Trusted Entity Lists; Entities; Tokens; a memory storing instructions configured to be executed by the processor to implement an encrypted record and encryption keys wrapping method, the method comprising; obtaining a record, a record key, a recordset, a recordset key; associating said recordset key with said recordset; encrypting said record by using said record key; encrypting said record key by using said recordset key; associating said encrypted record key with said record; associating said record with said recordset; and a memory storing instructions configured to be executed by the processor to implement an encrypted record and encryption keys access control method, the method comprising; obtaining an Entity, a Trusted Entity List; obtaining a Cipher from said Entity; and associating said Cipher with said Trusted Entity List. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An one-touch access revocation method, wherein a password is compromised, a new password is generated to efficiently update access to all recordsets and records without decrypting or updating any records, the method comprising:
-
deleting a password, deleting an entity key cipher, and deleting a record set key cipher; and creating a new password, creating a new entity key cipher, and creating a new record set key cipher, wherein the new record set key cipher is added to the record set.
-
-
11. A time-limited access token method for accessing data in a TNO storage, wherein access is set to expired after a configurable period of time, the method comprising:
-
generating a token by providing a password; and recording the token and an expiration timestamp. (what about changing password with an active token?)
-
-
12. An entity key storage method, wherein entity keys are encrypted to store in one encrypted storage location, and record sets are encrypted to store in a separate location, the method comprising:
-
retrieving an entity key cipher by providing a password; decrypting the entity key cipher with the password to obtain an entity key; and decrypting a record set key cipher with the entity key to obtain a record set key.
-
Specification