System and method for protecting data files by periodically refreshing a decryption key
First Claim
Patent Images
1. A method for protecting a data file on a computer system, comprising the steps of:
- providing a grantee'"'"'s encryption key, a grantee'"'"'s decryption key, a grantor'"'"'s encryption key, and a grantor'"'"'s decryption key;
using asymmetric encryption, encrypting the data file using the grantor'"'"'s encryption key to create an encrypted data file;
generating a transformation key from the grantor'"'"'s decryption key, the grantee'"'"'s encryption key and other data which is data file independent;
transforming the encrypted data file with the transformation of the encrypted data file does not reveal the data file during the process of transforming;
providing the transformed encrypted data file to the grantee; and
decrypting the transformed encrypted file by the grantee with the grantee'"'"'s decryption key;
wherein the transformation key does not allow the grantee to determine the grantor'"'"'s decryption key.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods for transferring among key holders in encoding and cryptographic systems the right to decode and decrypt messages in a way that does not explicitly reveal decoding and decrypting keys used and the original messages. Such methods are more secure and more efficient than typical re-encoding and re-encryption schemes, and are useful in developing such applications as document distribution and long-term file protection.
-
Citations
12 Claims
-
1. A method for protecting a data file on a computer system, comprising the steps of:
-
providing a grantee'"'"'s encryption key, a grantee'"'"'s decryption key, a grantor'"'"'s encryption key, and a grantor'"'"'s decryption key;
using asymmetric encryption, encrypting the data file using the grantor'"'"'s encryption key to create an encrypted data file;
generating a transformation key from the grantor'"'"'s decryption key, the grantee'"'"'s encryption key and other data which is data file independent;
transforming the encrypted data file with the transformation of the encrypted data file does not reveal the data file during the process of transforming;
providing the transformed encrypted data file to the grantee; and
decrypting the transformed encrypted file by the grantee with the grantee'"'"'s decryption key;
wherein the transformation key does not allow the grantee to determine the grantor'"'"'s decryption key. - View Dependent Claims (2, 7, 8, 9)
-
-
3. A processor-driven system adapted to protect a data file, the system comprising:
-
a processor; and
a memory coupled to the processor for storing the data file;
wherein the processor is programmed to perform the steps of;
providing a grantee'"'"'s encryption key, a grantee'"'"'s decryption key, a grantor'"'"'s encryption key, and a grantor'"'"'s decryption key;
using asymmetric encryption, encrypting the data file using the grantor'"'"'s encryption key to create an encrypted data file;
generating a transformation key from the grantor'"'"'s decryption key, the grantee'"'"'s encryption key and other data which is data file independent;
transforming the encrypted data file with the transformation key to generate a transformed encrypted data file wherein the transforming does not reveal the data file during the process of transforming;
providing the transformed encrypted data file to the grantee; and
decrypting the transformed encrypted file by the grantee with the grantee'"'"'s decryption key;
wherein the transformation key does not allow the grantee to determine the grantor'"'"'s decryption key. - View Dependent Claims (4, 5, 6, 10, 11, 12)
-
Specification