METHODS FOR CRYPTOGRAPHIC DELEGATION AND ENFORCEMENT OF DYNAMIC ACCESS TO STORED DATA
First Claim
1. A computer implemented method for modifying a protected data object or a portion thereof stored in a memory of a computer, wherein the protected data object comprises a plurality of data blocks and one or more regions of data block metadata, each associated with one or more of the data blocks, comprising:
- generating for a first modified data block, a new per-block hash value using as a hash function input data contained in the first modified data block or a new per-block hash message authentication code (HMAC) using as hash function inputs a new per-block hash key and data contained in the first modified data block;
writing the new per-block hash value or the new per-block HMAC to data block metadata associated with the modified data block in the protected data object; and
writing the first modified data block to one of the data blocks of the protected data object.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods for cryptographic delegation and enforcement of dynamic access to stored data are disclosed. An example method includes generating for a first modified data block, a new per-block hash value using as a hash function input data contained in the first modified data block or a new per-block hash message authentication code (HMAC) using as hash function inputs a new per-block hash key and data contained in the first modified data block, writing the new per-block hash value or the new per-block HMAC to data block metadata associated with the modified data block in the protected data object, and writing the first modified data block to one of the data blocks of the protected data object.
15 Citations
20 Claims
-
1. A computer implemented method for modifying a protected data object or a portion thereof stored in a memory of a computer, wherein the protected data object comprises a plurality of data blocks and one or more regions of data block metadata, each associated with one or more of the data blocks, comprising:
-
generating for a first modified data block, a new per-block hash value using as a hash function input data contained in the first modified data block or a new per-block hash message authentication code (HMAC) using as hash function inputs a new per-block hash key and data contained in the first modified data block; writing the new per-block hash value or the new per-block HMAC to data block metadata associated with the modified data block in the protected data object; and writing the first modified data block to one of the data blocks of the protected data object. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A tangible computer readable storage device comprising instructions that, when executed modify a protected data object or a portion thereof stored in a memory of a computer, wherein the protected data object comprises a plurality of data blocks and one or more regions of data block metadata, each associated with one or more of the data blocks, the instructions, when executed, cause a machine to:
-
generate for a first modified data block, a new per-block hash value using as a hash function input data contained in the first modified data block or a new per-block hash message authentication code (HMAC) using as hash function inputs a new per-block hash key and data contained in the first modified data block; write the new per-block hash value or the new per-block HMAC to data block metadata associated with the modified data block in the protected data object; and write the first modified data block to one of the data blocks of the protected data object. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer implemented method for enforcing access rights changes for a protected data object or a portion thereof stored in a memory of a computer, wherein the protected data object comprises a plurality of data blocks and one or more regions of data block metadata, each associated with one or more of the data blocks, comprising:
-
generating a new data object hash key associated with the data object; reading, from the memory, data object metadata associated with the data object containing one or more data values from the group consisting of a data object hash value, per-block hash values associated with the data blocks, per-block hash message authentication code (HMAC) values associated with the data blocks, a data object identifier, access right information, a data object version number, time information relating to the data object, data object encoding information, and data object cryptographic key information; generating a new data object hash message authentication code (HMAC) for the data object using, as inputs to a hash function, the new data object hash key and one or more data values selected from the group of data values; and writing the new data object HMAC to the data object metadata. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A tangible computer readable storage device comprising instructions that, when executed enforce access rights changes for a protected data object or a portion thereof stored in a memory of a computer, wherein the protected data object comprises a plurality of data blocks and one or more regions of data block metadata, each associated with one or more of the data blocks, the instructions, when executed, cause a machine to:
-
generate a new data object hash key associated with the data object; reading, from the memory, data object metadata associated with the data object containing one or more data values from the group consisting of a data object hash value, per-block hash values associated with the data blocks, per-block hash message authentication code (HMAC) values associated with the data blocks, a data object identifier, access right information, a data object version number, time information relating to the data object, data object encoding information, and data object cryptographic key information; generate a new data object hash message authentication code (HMAC) for the data object using, as inputs to a hash function, the new data object hash key and one or more data values selected from the group of data values; and write the new data object HMAC to the data object metadata.
-
Specification