Secure data storage and retrieval with key management and user authentication
First Claim
Patent Images
1. A system for controlling access to digital data of a file, the system comprising:
- a file server configured to store an encrypted file and a file header corresponding to the digital data of the file and containing an encryption key encrypted with both a personal key of an owner of the file and a control key;
a personal key server configured to receive a header associated with a file, the file header containing an encryption key encrypted with a personal key and encrypt the encrypted encryption key with a control key to provide the file header containing an encryption key encrypted with both a personal key and a control key; and
a personal key client configured to generate the encryption key, encrypt the digital data of the file with the encryption key, generate the personal key from a password associated with the file, encrypt the encryption key with the personal key, incorporate the encrypted encryption key in a file header associated with the file and provide the file header with the encryption key encrypted with the personal key to the personal key server, receive the file header from the personal key server and provide the file header received from the personal key server to the file server.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems and computer program products are provided which provide for controlling access to digital data in a file by encrypting the data with a first key, encrypting the first key with a second personal key generated from a password/passphrase associated with the file and further encrypting the encrypted first key with a control key which is managed by the system. In certain embodiments, user authentication may also be provided by issuing a ticket which is utilized to create, access and administer the files in the system.
-
Citations
66 Claims
-
1. A system for controlling access to digital data of a file, the system comprising:
-
a file server configured to store an encrypted file and a file header corresponding to the digital data of the file and containing an encryption key encrypted with both a personal key of an owner of the file and a control key; a personal key server configured to receive a header associated with a file, the file header containing an encryption key encrypted with a personal key and encrypt the encrypted encryption key with a control key to provide the file header containing an encryption key encrypted with both a personal key and a control key; and a personal key client configured to generate the encryption key, encrypt the digital data of the file with the encryption key, generate the personal key from a password associated with the file, encrypt the encryption key with the personal key, incorporate the encrypted encryption key in a file header associated with the file and provide the file header with the encryption key encrypted with the personal key to the personal key server, receive the file header from the personal key server and provide the file header received from the personal key server to the file server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for controlling access to digital data of a file utilizing a file system including a personal key client, wherein the personal key client carries out the steps of:
-
generating an encryption key; encrypting the digital data of the file with the encryption key; obtaining a password associated with the file; generating a personal key from the password associated with the file; encrypting the encryption key with the personal key; incorporating in a file header the encryption key encrypted with the personal key; requesting encryption of the file header with a control key; receiving the file header encrypted with the control key; associating the file header with the file; and storing the file header and the encrypted digital data of the file at a file server. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A method for controlling access to digital data of a file in a file system having a personal key server, the personal key server carrying out the steps of:
-
receiving a request from a requestor to create a file header associated with the file, the request containing an encryption key utilized to encrypt the digital data, the encryption key being encrypted with a personal key; encrypting the encrypted encryption key with a control key to provide the file header containing an encryption key encrypted with both a personal key and a control key; and returning the file header to the requester. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A personal key client for controlling access to digital data of a file utilizing a file system, comprising:
-
means for generating an encryption key; means for encrypting the digital data of the file with the encryption key; means for obtaining a password associated with the file; means for generating a personal key from the password associated with the file; means for encrypting the encryption key with the personal key; means for incorporating in a file header the encryption key encrypted with the personal key; means for requesting encryption of the file header with a control key; means for receiving the file header encrypted with the control key; means for associating the file header with the file; and means for storing the file header and the encrypted digital data of the file at a file server. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
-
-
53. A personal key server for controlling access to digital data of a file in a file system having a personal key server, comprising:
-
means for receiving a request from a requestor to create a file header associated with the file, the request containing an encryption key utilized to encrypt the digital data, the encryption key being encrypted with a personal key; means for encrypting the encrypted encryption key with a control key to provide the file header containing an encryption key encrypted with both a personal key and a control key; and means for returning the file header to the requestor. - View Dependent Claims (54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
-
-
65. A computer program product for controlling access to digital data of a file utilizing a file system including a personal key client, comprising:
-
a computer readable storage media having computer readable program code embodied therein, the computer readable program code comprising; computer readable program code that generates an encryption key; computer readable program code that encrypts the digital data of the file with the encryption key; computer readable program code that obtains a password associated with the file; computer readable program code that generates a personal key from the password associated with the file; computer readable program code that encrypts the encryption key with the personal key; computer readable program code that incorporates in a file header the encryption key encrypted with the personal key; computer readable program code that requests encryption of the file header with a control key; computer readable program code that receives the file header encrypted with the control key; computer readable program code that associates the file header with the file; and computer readable program code that stores the file header and the encrypted digital data of the file at a file server.
-
-
66. A computer program product for controlling access to digital data of a file in a file system having a personal key server, comprising:
-
computer readable program code that receives a request from a requestor to create a file header associated with the file, the request containing an encryption key utilized to encrypt the digital data, the encryption key being encrypted with a personal key; computer readable program code that encrypts the encrypted encryption key with a control key to provide the file header containing an encryption key encrypted with both a personal key and a control key; and computer readable program code that returns the file header to the requester.
-
Specification