Cryptographic file labeling system for supporting secured access by multiple users
First Claim
1. A machine system for maintaining confidential information generally in encrypted form while allowing for intelligible access to such confidential information by multiple users, said machine system comprising:
- (a) a first data conveyance means for conveying digitized first data representing said encrypted form of the confidential information and for further conveying digitized second data representing an associated label,(a.1) wherein said encrypted form of the confidential information is producible by a first encrypting process using a first encryption key,(a.2) wherein said second data contains two or more encrypted versions of a first decryption key, said first decryption key being a signal that is applicable to a first decrypting process for decrypting the encrypted form of the confidential information and for thereby producing a plaintext form of the confidential information,(a.2a) wherein a first of said two or more encrypted versions of the first decryption key is decipherable by a first user key, the first user key being associated with a first user among said multiple users;
(a.2b) wherein a second of said two or more encrypted versions of the first decryption key is decipherable by a second user key, the second user key being associated with a second user among said multiple users;
(b) a first decrypting mechanism, operatively coupled to the first data conveyance means, for receiving the first data and for, upon a supplying of said first decryption key to said first decrypting mechanism, decrypting the first data into digitized third data representing the plaintext form of the confidential information; and
(c) a second decrypting mechanism, operatively coupled to the first data conveyance means, for receiving at least one portion of said second data and for, upon a supplying of a corresponding one of said first and second user keys to the second decrypting mechanism, decrypting the at least one portion of said second data into digitized fourth data in accordance with a second decryption process so that said fourth data includes the first decryption key,(c.1) wherein the second decrypting mechanism is operatively coupled to supply the first decryption key to the first decrypting mechanism;
(c.2) wherein said second decrypting mechanism defines part of an asymmetric encryption/decryption system;
(a.2c) wherein said first user key defines a private part of a first public-private key pair associated with said first user; and
(a.2d) wherein said second user key defines a private part of a second public-private key pair associated with said second user.
2 Assignments
0 Petitions
Accused Products
Abstract
A system is disclosed for automatically distributing secured versions (*Sys-- D-- key*) of a file decryption key (Sys-- D-- key) to a plurality of file users by way of the file'"'"'s security label. The label is defined to contain a plurality of Access-Control-Entries Records (ACER'"'"'s) where each ACER includes a respective secured version (*Sys-- D-- key*) of the file decryption key. Each such secured version (*Sys-- D-- key*) is decipherable by a respective ACER private key. Each ACER may include respective other data such as:
(a) ACER-unique identifying data for uniquely identifying the ACER or an associated user;
(b) decryption algorithm identifying data for identifying the decryption process to be used to decrypt the encrypted *DATA* portion of the file; and
(c) special handling code for specifying special handling for the code-containing ACER. The label is preferably covered by a digital signature but includes an extension buffer that is not covered by the digital signature. Users who wish to have an ACER of their own added to the label may submit add-on requests by writing to the extension buffer.
253 Citations
53 Claims
-
1. A machine system for maintaining confidential information generally in encrypted form while allowing for intelligible access to such confidential information by multiple users, said machine system comprising:
-
(a) a first data conveyance means for conveying digitized first data representing said encrypted form of the confidential information and for further conveying digitized second data representing an associated label, (a.1) wherein said encrypted form of the confidential information is producible by a first encrypting process using a first encryption key, (a.2) wherein said second data contains two or more encrypted versions of a first decryption key, said first decryption key being a signal that is applicable to a first decrypting process for decrypting the encrypted form of the confidential information and for thereby producing a plaintext form of the confidential information, (a.2a) wherein a first of said two or more encrypted versions of the first decryption key is decipherable by a first user key, the first user key being associated with a first user among said multiple users; (a.2b) wherein a second of said two or more encrypted versions of the first decryption key is decipherable by a second user key, the second user key being associated with a second user among said multiple users; (b) a first decrypting mechanism, operatively coupled to the first data conveyance means, for receiving the first data and for, upon a supplying of said first decryption key to said first decrypting mechanism, decrypting the first data into digitized third data representing the plaintext form of the confidential information; and (c) a second decrypting mechanism, operatively coupled to the first data conveyance means, for receiving at least one portion of said second data and for, upon a supplying of a corresponding one of said first and second user keys to the second decrypting mechanism, decrypting the at least one portion of said second data into digitized fourth data in accordance with a second decryption process so that said fourth data includes the first decryption key, (c.1) wherein the second decrypting mechanism is operatively coupled to supply the first decryption key to the first decrypting mechanism; (c.2) wherein said second decrypting mechanism defines part of an asymmetric encryption/decryption system; (a.2c) wherein said first user key defines a private part of a first public-private key pair associated with said first user; and (a.2d) wherein said second user key defines a private part of a second public-private key pair associated with said second user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A machine-implemented method for distributing confidential information in encrypted form to multiple users, said method comprising the steps of:
-
(a) conveying to at least one user machine, first data representing said encrypted form of the confidential information, where said encrypted form of the confidential information is producible by a first encrypting process using a first encryption key; (b) conveying to said at least one user machine, second data representing an associated label of the first data; and (c) including within said second data two or more Access-Control-Entries Records (ACER'"'"'s) each containing a respective, encrypted version of a first decryption key, said first decryption key being a signal that is applicable to a first decrypting process for decrypting the encrypted form of the confidential information and for thereby producing a plaintext form of the confidential information, (c.1) wherein a first of said encrypted versions of the first decryption key, which is contained in a respective first of said ACER'"'"'s, is decipherable by a first ACER key, the first ACER key being associated with said first ACER, and (c.2) wherein a second of said encrypted versions of the first decryption key, which is contained in a respective second of said ACER'"'"'s, is decipherable by a second ACER key, the second ACER key being associated with the second ACER, and the second ACER key being different from the first ACER key. - View Dependent Claims (27, 28, 29, 30)
-
-
31. A machine-usable memory storing a multi-user data structure comprising:
-
(a) a secured file data portion (*FILE DATA* portion) that is encrypted by a first encrypting process using a first encryption key; and (b) a file label portion associated with the secured file data portion, said file label portion including; (b.1) a plurality of Access-Control-Entries Records (ACER'"'"'s) each containing a respective, encrypted version of a first decryption key, said first decryption key being a signal that is applicable to a first decrypting process for decrypting said *FILE DATA* portion, wherein each ACER-contained encrypted version is decipherable by an ACER-specific key. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A machine-implemented file-decrypting method for decrypting a multi-user data structure in response to an access request associated with one user among a plurality of users,
wherein the multi-user data structure has: -
(1) a secured file data portion (*FILE DATA* portion) that is encrypted by a first encrypting process using a first encryption key; and (2) a file label portion associated with the secured file data portion, where the file label portion includes; (2.1) a plurality of Access-Control-Entries Records (ACER'"'"'s) each containing a respective, encrypted version of a first decryption key, said first decryption key being a signal that is applicable to a first decrypting process for decrypting said *FILE DATA* portion, wherein each ACER-contained encrypted version is decipherable by an ACER-specific key, said file-decrypting method comprising the steps of; (a) locating among said Access-Control-Entries Records (ACER'"'"'s), an ACER associated with said one user; (b) obtaining a private key of the one user; and (c) using the obtained key to decrypt the respective, encrypted version in the located ACER to thereby produce a plaintext version of the first decryption key; and (d) using the produced plaintext version of the first decryption key to decrypt the secured file data portion. - View Dependent Claims (42, 43)
-
-
44. A method for distributing encrypted *FILE DATA* signals to a plurality of users and for providing respective authorized users among said plurality of users each with intelligible access to information represented by a plaintext version of the encrypted *FILE DATA* signals,
wherein said *FILE DATA* signals are producible by using a first encrypting algorithm in combination with a first encryption key to encrypt the plaintext version of said *FILE DATA* signals, said method comprising the steps of: -
(a) conveying the encrypted *FILE DATA* signals to a first data conveyance means; (b) defining a companion first decryption algorithm and a companion first decryption key that are usable for decrypting the conveyed *FILE DATA* signals; (c) for each respective authorized user, encrypting the companion first decryption key by using a respective second encryption algorithm in combination with a respective second encryption key to thereby produce a respective encrypted version of the companion first decryption key, wherein said second encryption key is a public key of the respective authorized user, and said respective second encryption algorithm is an asymmetric algorithm based on paired public and private keys; (d) for each respective authorized user, conveying the respective encrypted version to the first conveyance means; and (e) for each respective authorized user, associating at least partially by means of the first conveyance means, the respective encrypted version of the companion first decryption key with the conveyed *FILE DATA* signals. - View Dependent Claims (45)
-
-
46. A method for reducing possible data leakage due to an allegedly compromised user key where the allegedly compromised user key is initially usable for gaining intelligible access to a file access key, the file access key providing intelligible access to an encrypted file, said method comprising the steps of:
-
(a) providing a file security label having a plurality of access control entries records (ACER'"'"'s), wherein each ACER includes a respective encrypted version of the file access key, each respective encrypted version of the file access key of each ACER being decipherable with a respective user key associated with said ACER; (b) locating among said plurality of access control entries records (ACER'"'"'s), an ACER if any, that is associated with said allegedly compromised user key; (c) canceling out the intelligible-access gaining usability of the located ACER from the file label without affecting such same usability of others of the ACER'"'"'s that are not associated with said allegedly compromised user key.
-
-
47. A key-distribution method for use with an asymmetric first encryption/decryption system where the first encryption/decryption system uses a first encryption key during encryption and the first encryption/decryption system uses a different first decryption key during decryption, said method comprising the steps of:
-
(a) encrypting supplied plaintext data using the first encryption key to produce resulting encrypted data; (b) supplying the resulting encrypted data to a data conveying means; (c) producing plural encrypted versions of the first decryption key using a respective plurality of different second encryption keys and conveying said plural encrypted versions of the first decryption key to the data conveying means; (d) producing plural encrypted versions of the first encryption key using a respective plurality of different encrypting keys and further conveying said encrypted versions of the first encryption key to said data conveyance means, wherein said plurality of different encrypting keys are each respectively part of a respective asymmetric second encryption/decryption system; and (e) associating by means of an associating media, respective ones of the encrypted versions of the first encryption key and respective ones of the encrypted versions of the first decryption key with one another and with said encrypted data. - View Dependent Claims (48)
-
-
49. A method for selectively enabling multiple users to access encrypted replicas of a given file where respective first and second ones of the encrypted replicas are stored in different first and second locations, said method comprising the steps of:
-
(a) providing a file label at the first location that permits a given user (User-- #J) to intelligibly access the first encrypted replica which is located at the first location; and (b) providing a second file label at the second location that blocks the same user (User-- #J) from intelligibly accessing the second encrypted replica which is located at said second location.
-
-
50. A method for changing the number of authorized users that are authorized to intelligibly access an encrypted *FILE DATA* portion of a file wherein the file further includes a file label portion containing one or more active access control entries records (ACER'"'"'s), said file label portion including a number-of-ACER'"'"'s indicator for defining the number of active ACER'"'"'s, and each ACER including a respective encrypted version a file access key, the file access key providing intelligible accessibility to said encrypted *FILE DATA* portion, said method comprising the step of:
(a) altering the number-of-ACER'"'"'s indicator in the label portion to thereby redefine the number of active ACER'"'"'s.
-
51. A method for locating related versions of a secured file where the secured file and the related versions each includes a *FILE DATA* portion and an associated label portion, the label portion having an ordered collection of access control entries records (ACER'"'"'s) including a first ACER, each ACER being logically associated with a unique user identification, said method comprising the steps of:
-
(a) obtaining the user identification associated with the first ACER in said collection; and (b) using the obtained user identification to locate secured other files wherein the first ACER in each secured other file is logically associated to the same user identification.
-
-
52. A method for authorizing new users to intelligibly access a secured file having an *FILE DATA* portion and an associated file label portion where the file label portion includes activated ACER'"'"'s and the file label portion further includes an extension buffer zone for receiving ACER add-on requests, said method comprising the steps of:
-
(a) including the public key of a requesting user in a respective ACER add-on request; (b) using the included public key to encrypt a plaintext version of a file access key, where the plaintext version of a file access key is usable for decrypting the *FILE DATA* portion.
-
-
53. A method of hiding from general viewing the presence of one or more ACER'"'"'s (Access-Control-Entries Records) in a file label portion containing a plurality of ACER'"'"'s, said method comprising the step of:
(a) including a special handling code in the respective one or more ACER'"'"'s whose presence is to be hidden, the included special handling code being for instructing one or more label-using programs to not display each of said one or more specially-handled ACER'"'"'s.
Specification