Methods for providing secure access to shared information
First Claim
1. A method of controlling access to electronically-defined information among a plurality of users connected to a network having a server operable for assuring that the electronically-defined information is accessible by only at least a predetermined one of the plural users, each of said plural users having a unique first encryption key having a first portion and a second portion, said method comprising the steps of:
- making said first portion known to both the server and said predetermined user;
making said second portion known only to the server;
encrypting the electronically-defined information using a second encryption key known only to the server to define encrypted information;
storing the encrypted information in network-associated electronic storage accessible through the network to said plurality of users;
encrypting the second encryption key using the first encryption key of the predetermined user to which access to the electronically-defined information is to be provided so as to define an encrypted second key;
storing the encrypted second key in an electronic storage location accessible by said predetermine user; and
attaining access by the predetermined user to the unencrypted electronically-defined information by;
accessing the stored encrypted second key from a network-connected apparatus of the predetermined user;
decrypting the accessed encrypted second key using the first key of the predetermined user at the apparatus of the predetermined user to recover the second encryption key;
accessing the stored encrypted information from the network-connected apparatus of the predetermined user; and
decrypting the accessed encrypted information using the recovered second encryption key to recover the electrically-defined information for examination of the recovered information by the predetermined user.
6 Assignments
0 Petitions
Accused Products
Abstract
The inventive methods employ symmetric encryption with first and second keys to provide secure access to information accessible to be shared among a dynamically changing set of authorized users on a network having a server. A single copy of the information, encrypted with the first key of the server, is stored in a location accessible to all network users. The second key is a private key of an authorized user and is used by the server to encrypt the first key. The encrypted first key is then stored by the server at a storage location accessible by the authorized user. The user accesses the storage location, obtains the encrypted first key, and uses his private second key to decrypt and thereby recover the first key. The user then decrypts the stored information using the recovered first key.
156 Citations
17 Claims
-
1. A method of controlling access to electronically-defined information among a plurality of users connected to a network having a server operable for assuring that the electronically-defined information is accessible by only at least a predetermined one of the plural users, each of said plural users having a unique first encryption key having a first portion and a second portion, said method comprising the steps of:
-
making said first portion known to both the server and said predetermined user; making said second portion known only to the server; encrypting the electronically-defined information using a second encryption key known only to the server to define encrypted information; storing the encrypted information in network-associated electronic storage accessible through the network to said plurality of users; encrypting the second encryption key using the first encryption key of the predetermined user to which access to the electronically-defined information is to be provided so as to define an encrypted second key; storing the encrypted second key in an electronic storage location accessible by said predetermine user; and attaining access by the predetermined user to the unencrypted electronically-defined information by; accessing the stored encrypted second key from a network-connected apparatus of the predetermined user; decrypting the accessed encrypted second key using the first key of the predetermined user at the apparatus of the predetermined user to recover the second encryption key; accessing the stored encrypted information from the network-connected apparatus of the predetermined user; and decrypting the accessed encrypted information using the recovered second encryption key to recover the electrically-defined information for examination of the recovered information by the predetermined user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 14, 15)
-
-
11. A method of controlling access to electrically defined information among a plurality of users connected to a network having a server operable for assuring that the electronically defined information is accessible by only at least a predetermined one of the plural users, each of said plural users having a unique first encryption key having a first portion and a second portion, said method comprising the steps of:
-
making said first portion known to both the server and said predetermined user; making said second portion known only to the sever; storing electronically defined information, encrypted using a second encryption key known only to the server, in network-associated electronic storage accessible through the network to said plurality of users; and attaining access, by a predetermined one of the plural users, to the unencrypted electronically defined information by; accessing the network from a network-connected apparatus of the predetermined user to further access the second key encrypted using the first encryption key of the predetermined user; decrypting the accessed encrypted second key using the first key of the predetermined user at the apparatus of the predetermined user to recover the second encryption key; accessing the stored encrypted information from the network-connected apparatus of the predetermined user; and decrypting the accessed encrypted information using the recovered second encryption key to recover the electronically defined information for examination of the recovered information by the predetermined user. - View Dependent Claims (12, 13, 16, 17)
-
Specification