Securing E-mail communications and encrypted file storage using yaksha split private key asymmetric cryptography
First Claim
1. A method for securing stored files in a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a security server, comprising the steps of:
- identifying data for storage;
encrypting a symmetric crypto-key with the second private key portion of a first user crypto-key associated with a first user to form an encrypted key message;
obtaining the symmetric crypto-key by applying the first private key portion of the first user crypto-key to decrypt the encrypted key message;
encrypting said data with the symmetric crypto-key to form an encrypted file; and
storing the encrypted file and said encrypted key message.
3 Assignments
0 Petitions
Accused Products
Abstract
A method is provided for securing stored files in a system having a plurality of system users with each system user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion. Each public key portion is accessible to the plurality of system users. Each private key portion has a first private key portion known only to the associated user and a corresponding second private key portion known only to a security server. Data to be stored is identified. A symmetric crypto-key is encrypted with only the second private key portion of a first user crypto-key to form an encrypted key message, thereby restricting access to the symmetric crypto-key to only the first user. The symmetric crypto-key is obtained by the first user by applying the first private key portion of the first user crypto-key to decrypt the encrypted key message. The first user encrypts the data with the symmetric crypto-key to form an encrypted file, and stores the encrypted file and the encrypted key message.
332 Citations
24 Claims
-
1. A method for securing stored files in a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a security server, comprising the steps of:
-
identifying data for storage; encrypting a symmetric crypto-key with the second private key portion of a first user crypto-key associated with a first user to form an encrypted key message; obtaining the symmetric crypto-key by applying the first private key portion of the first user crypto-key to decrypt the encrypted key message; encrypting said data with the symmetric crypto-key to form an encrypted file; and storing the encrypted file and said encrypted key message. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for securing stored files having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a security server, comprising:
-
a security server configured to encrypt a symmetric crypto-key to form an encrypted key message; a file server, having an associated file server crypto-key, configured to encrypt data with the symmetric crypto-key to form an encrypted file; and storage media configured to store the encrypted file and said encrypted key message; wherein, (i) the security server is operable to encrypt the symmetric crypto-key with the second private key portion of the file server crypto-key to form the encrypted key message, and (ii) the file server is operable to obtain the symmetric crypto-key by applying the first private key portion of the file server crypto-key to decrypt the encrypted key message. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. An article of manufacture for securing stored files in a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a security server, comprising:
-
computer readable storage medium; and computer programming stored on said storage medium; wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to; decrypt a symmetric crypto-key encrypted with the second private key portion of a user crypto-key associated with a user of said computer by applying the first private key portion of the user crypto-key, to thereby obtain the symmetric crypto-key; encrypt data with the symmetric crypto-key to form an encrypted file; and store the encrypted file and the encrypted symmetric crypto-key. - View Dependent Claims (15, 16)
-
-
17. A programmed computer for securing stored files in a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, each private key portion having a first private key portion known only to the associated user and a corresponding second private key portion known only to a security server, comprising:
-
a processor for decrypting a symmetric crypto-key encrypted with the second private key portion of a user crypto-key by applying the first private key portion of the user crypto-key, to thereby obtain the symmetric crypto-key, and encrypting data with the symmetric crypto-key to form an encrypted file; storage media for storing the encrypted file and the encrypted symmetric crypto-key. - View Dependent Claims (18)
-
-
19. A method for session key distribution in a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, the private key portion of a first user having a first private key portion known only to the first user and a corresponding second private key portion known only to a security server and the private key portion of a second user known only to the second user, comprising the steps of:
-
encrypting a symmetric session key request with the first private key portion of the first user crypto-key to form a first encrypted message; decrypting the first encrypted message by applying the second private key portion of the first user crypto-key to thereby obtain the session key request; encrypting a symmetric session crypto-key with the second private key portion of the first user crypto-key to form a first encrypted key message; encrypting the symmetric session crypto-key with the public key portion of the second user crypto-key to form a second encrypted key message; decrypting the first encrypted key message by applying the first private key portion of the first user crypto-key to obtain the symmetric session crypto-key for the first user; decrypting the second encrypted key message by applying the private key portion of the second user crypto-key to obtain the symmetric session crypto-key for the second user; encrypting and decrypting communications between said first user and said second user with the symmetric crypto-key. - View Dependent Claims (20)
-
-
21. A system for session key distribution having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, the private key portion of a first user having a first private key portion known only to the first user and a corresponding second private key portion known only to a security server and the private key portion of a second user known only to the second user, comprising:
-
a security server configured to encrypt a symmetric session crypto-key with the second private key portion of the first user crypto-key to form a first encrypted key message and to encrypt the symmetric session crypto-key with the public key portion of the second user crypto-key to form a second encrypted key message, and having an associated storage medium for storing the second private key portion of the first user crypto-key and the public key portion of the second user crypto-key; a first user processor configured to decrypt the first encrypted key message by applying the first private key portion of the first user crypto-key to obtain the symmetric crypto-key, and to encrypt communications to and decrypt communications from the second user with the symmetric crypto-key; a second user processor configured to decrypt the second encrypted key message by applying the private key portion of the second user crypto-key to obtain the symmetric crypto-key, and to encrypt communications to and decrypt communications from the first user with the symmetric crypto-key. - View Dependent Claims (22)
-
-
23. An article of manufacture for session key distribution in a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, the private key portion of a first user having a first private key portion known only to the first user and a corresponding second private key portion known only to a security server and the private key portion of a second user known only to the second user, comprising:
-
computer readable storage medium; and computer programming stored on said storage medium; wherein said stored computer programming is configured to be readable from said computer readable storage medium by a computer and thereby cause said computer to operate so as to; decrypt a first message encrypted with the first private key portion of the first user crypto-key by applying the second private key portion of the first user crypto-key to thereby obtain a session key request; encrypt a symmetric crypto-key with the second private key portion of the first user crypto-key to form a first encrypted key message; and encrypt the symmetric crypto-key with the public key portion of the second user crypto-key to form a second encrypted key message; wherein, the symmetric crypto-key is obtainable by the first user by applying the first private key portion of the first user crypto-key to the first encrypted key message and by the second user by applying the private key portion of the second user crypto-key to the second encrypted key message so that the symmetric crypto-key is available to encrypt and decrypt communications between said first and said second users.
-
-
24. A programmed computer for session key distribution in a system having a plurality of system users, each said user having an associated asymmetric crypto-key with a public key portion and a corresponding private key portion, each public key portion being accessible to the plurality of system users, the private key portion of a first user having a first private key portion known only to the first user and a corresponding second private key portion known only to a security server and the private key portion of a second user known only to the second user, comprising:
-
a processor for decrypting a first message encrypted with the first private key portion of the first user crypto-key by applying the second private key portion of the first user crypto-key to thereby obtain a session key request, for generating a symmetric crypto-key, for encrypting the symmetric crypto-key with the second private key portion of the first user crypto-key to form a first encrypted key message, and for encrypting the symmetric crypto-key with the public key portion of the second user crypto-key to form a second encrypted key message; and storage media for storing the second private key portion of the first user crypto-key and the public key portion of the second user crypto-key. wherein, the symmetric crypto-key is obtainable by the first user by applying the first private key portion of the first user crypto-key to the first encrypted key message and by the second user by applying the private key portion of the second user crypto-key to the second encrypted key message so that the symmetric crypto-key is available to encrypt and decrypt communications between said first and said second users.
-
Specification