Secure data storage and retrieval in a client-server environment

US 7,010,689 B1
Filed: 08/21/2000
Issued: 03/07/2006
Est. Priority Date: 08/21/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method of controlling access to digital data in a file comprising:

obtaining a passphrase from a user;

generating a personal key based on the obtained passphrase;

generating a file encryption key;

encrypting the digital data in the file with the file encryption key to provide an encrypted file;

encrypting the file encryption key with the personal key to provide an encrypted file encryption key;

creating a file header containing the encrypted file encryption key;

associating the file header with the encrypted file;

obtaining a user identification associated with an owner of the file;

obtaining a file identification associated with the file; and

wherein the step of generating a personal key based on the obtained passphrase comprises the step of hashing the user identification, the passphrase and the file identification to provide the personal key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and computer program products are provided for controlling access to digital data in a file by obtaining a passphrase from a user and generating a personal key based on the obtained passphrase. A file encryption key is generated and the digital data in the file encrypted with the file encryption key to provide an encrypted file. The file encryption key is encrypted with the personal key to provide an encrypted file encryption key. A file header containing the encrypted file encryption key and associated with the encrypted file. The encrypted file and the file header associated with the encrypted file may be stored at a file server.

286 Citations

9 Claims

1. A method of controlling access to digital data in a file comprising:
- obtaining a passphrase from a user;
  
  generating a personal key based on the obtained passphrase;
  
  generating a file encryption key;
  
  encrypting the digital data in the file with the file encryption key to provide an encrypted file;
  
  encrypting the file encryption key with the personal key to provide an encrypted file encryption key;
  
  creating a file header containing the encrypted file encryption key;
  
  associating the file header with the encrypted file;
  
  obtaining a user identification associated with an owner of the file;
  
  obtaining a file identification associated with the file; and
  
  wherein the step of generating a personal key based on the obtained passphrase comprises the step of hashing the user identification, the passphrase and the file identification to provide the personal key.
- View Dependent Claims (2, 3)
- - 2. A method according to claim 1, further comprising the step of storing the file and the associated file header at a file server.
  - 3. A method according to claim 2, wherein the step of storing the file and the associated file header at a file server comprises the step of selectively storing the file and the file header based on a type of store requested by the user and an evaluation of whether an existing file and file header having the user identification and file identification are stored at the file server.

4. A system for controlling access to digital data in a file comprising:
- means for obtaining a passphrase from a user;
  
  means for generating a personal key based on the obtained passphrase;
  
  means for generating a file encryption key;
  
  means for encrypting the digital data in the file with the file encryption key to provide an encrypted file;
  
  means for encrypting the file encryption key with the personal key to provide an encrypted file encryption key;
  
  means for creating a file header containing the encrypted file encryption key;
  
  means for associating the file header with the encrypted file;
  
  means for obtaining a user identification associated with an owner of the file;
  
  means for obtaining a file identification associated with the file; and
  
  wherein the means for generating a personal key based on the obtained passphrase comprises means for hashing the user identification, the passphrase and the file identification to provide the personal key.
- View Dependent Claims (5, 6)
- - 5. A system according to claim 4, further comprising means for storing the file and the associated file header at a file server.
  - 6. A system according to claim 5, wherein the means for storing the file and the associated file header at a file server comprises means for selectively storing the file and the file header based on a type of store requested by the user and an evaluation of whether an existing file and file header having the user identification and file identification are stored at the file server.

7. A computer program product for controlling access to digital data in a file comprising:
- a computer readable storage medium having computer readable program code embodied therein, the computer readable program code comprising;
  
  computer readable program code which obtains a passphrase from a user;
  
  computer readable program code which generates a personal key based on the obtained passphrase;
  
  computer readable program code which generates a file encryption key;
  
  computer readable program code which encrypts the digital data in the file with the file encryption key to provide an encrypted file;
  
  computer readable program code which encrypts the file encryption key with the personal key to provide an encrypted file encryption key;
  
  computer readable program code which creates a file header containing the encrypted file encryption key; and
  
  computer readable program code which associates the file header with the encrypted file;
  
  computer readable program code which obtains a user identification associated with an owner of the file;
  
  computer readable program code which obtains a file identification associated with the file; and
  
  wherein the computer readable program code which generates a personal key based on the obtained passphrase comprises computer readable program code which hashes the user identification, the passphrase and the file identification to provide the personal key.
- View Dependent Claims (8, 9)
- - 8. A computer program product according to claim 7, further comprising computer readable program code which stores the file and the associated file header at a file server.
  - 9. A computer program product according to claim 8, wherein the computer readable program code which stores the file and the associated file header at a file server comprises computer readable program code which selectively stores the file and the file header based on a type of store requested by the user and an evaluation of whether an existing file and file header having the user identification and file identification are stored at the file server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Peyravian, Mohammad, Zunic, Nevenko, Roginsky, Allen Leonid, Matyas, Stephen Michael Jr.
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
Brown, Christopher J

Application Number

US09/642,878
Time in Patent Office

2,024 Days
Field of Search

713/168
US Class Current

713/168
CPC Class Codes

H04L 9/08   Key distribution or managem...

H04L 9/0863   involving passwords or one-...

H04L 9/0866   involving user or device id...

H04L 9/0891   Revocation or update of sec...

H04L 9/3073   involving pairings, e.g. id...

Secure data storage and retrieval in a client-server environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

286 Citations

9 Claims

Specification

Use Cases

Quick Links

Others

Secure data storage and retrieval in a client-server environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

286 Citations

9 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others