Method and System for Securing Data
First Claim
Patent Images
1. A method for securing user data, or data, possessed by a data owner, comprising:
- a. devising a concealing mechanism;
b. concealing, according to said concealing mechanism, and encrypting, using a data encryption key, said data to generate secure data and metadata, such that said data can be reconstructed by using said secure data, said metadata and said data encryption key in accordance with said concealing mechanism;
c. encrypting said metadata with another encryption key to generate encrypted metadata;
d. saving said secure data and said encrypted metadata to a data store, and associating a unique data identifier with said secure data and said encrypted metadata in said data store, such that said secure data and said encrypted metadata are uniquely identifiable in said data store.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for securing user data, or data, possessed by a data owner, are disclosed. In one aspect data is concealed and encrypted to ensure data confidentiality, and may also be signed to ensure data integrity and authenticity. In another aspect accesses to data are controlled by the data owner through a distributed access control system. In another aspect the public keys of users are distributed automatically in a distributed manner, and are controlled by the users owning the corresponding public and private key pairs.
-
Citations
20 Claims
-
1. A method for securing user data, or data, possessed by a data owner, comprising:
-
a. devising a concealing mechanism; b. concealing, according to said concealing mechanism, and encrypting, using a data encryption key, said data to generate secure data and metadata, such that said data can be reconstructed by using said secure data, said metadata and said data encryption key in accordance with said concealing mechanism; c. encrypting said metadata with another encryption key to generate encrypted metadata; d. saving said secure data and said encrypted metadata to a data store, and associating a unique data identifier with said secure data and said encrypted metadata in said data store, such that said secure data and said encrypted metadata are uniquely identifiable in said data store. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for securing user data or data, possessed by a data owner, comprising:
- a data store configured to allow said data owner to store data;
a client computer having at least one processor, a network interface, and a machine-readable medium storing instructions that, when executed by said at least one processor, cause said at least one processor to perform operations, on behalf of said data owner, comprising;a. generating a data encryption key; b. concealing, according to a concealing mechanism, and encrypting, using said data encryption key, said data to generate secure data and metadata, such that said data can be reconstructed by using said secure data, said metadata and said data encryption key in accordance with said concealing mechanism; c. encrypting said metadata with said data encryption key to generate encrypted metadata; d. generating a unique data identifier; e. saving said secure data and said encrypted metadata to said data store, and associating said unique data identifier with said secure data and said encrypted metadata in said data store, such that said secure data and said encrypted metadata are uniquely identifiable in said data store. - View Dependent Claims (16, 17, 18, 19)
- a data store configured to allow said data owner to store data;
-
20. A system for distributing public keys to enable secure data sharing in a distributed manner, comprising:
-
a client computer having at least one processor, a network interface, a user interface, and a machine-readable medium; a server, configured to allow users of said server to store data, share data with other users and grant said other users read-only access to data in said server, having; a. at least one processor; b. a network interface configured to receive requests from said network interface on said client computer; and c. a machine-readable medium storing instructions that, when requested by said client computer, are executed by said at least one processor on said server, and cause said at least one processor on said server to perform the operations requested by said client computer; wherein said machine-readable medium on said client computer storing instructions that, when executed by said at least one processor on said client computer, cause said at least one processor on said client computer to perform operations, including sending requests to said server when necessary, on behalf of a user, comprising; a. uploading the public key of a public and private key pair owned by said user to said server; b. selecting one or more users by said user using said user interface on said client computer; c. sharing said public key, stored on said server, with said one or more users, and granting said one or more users read-only access to said public key; thereby said public key is made accessible to said one or more users; and
said user controls who are allowed to access said public key, thus controls who are allowed to share data securely with said user.
-
Specification