Method, apparatus, and program product for revealing redacted information
First Claim
1. A computer controlled method for revealing sensitive information in a selectively encrypted data unit comprising:
- accessing said selectively encrypted data unit, comprising an encrypted version of said sensitive information, an attribute vector associated with said encrypted version, and a plurality of auxiliary values computed directly using the attribute vector and a random number, said encrypted version capable of being decrypted into said sensitive information;
accessing a unique capability key, said unique capability key associated with a key descriptor which is determined based at least on part on the attribute vector, said unique capability key responsive to one or more cryptosystem parameters, one or more random numbers and one or more shares;
determining whether said attribute vector is filtered by said key descriptor;
acquiring, responsive to determining, a protection key responsive to said cryptosystem parameters, said plurality of auxiliary values, said key descriptor and said unique capability key;
decrypting the encrypted version with said protection key to generate said sensitive information; and
presenting said sensitive information.
2 Assignments
0 Petitions
Accused Products
Abstract
A selectively encrypted data unit includes an encrypted version of sensitive information (capable of being decrypted to reveal the sensitive information), a plurality of auxiliary values, and an attribute vector associated with the encrypted version of the sensitive information. The selectively encrypted data unit and a unique capability key are accessed. The unique capability key is associated with a key descriptor and is responsive to one or more cryptosystem parameters, one or more random numbers and one or more shares of a master secret. Next the technology determines whether the attribute vector is filtered or enabled by the key descriptor. If so, a protection key is acquired that is responsive to the one or more cryptosystem parameters, the plurality of auxiliary values, the key descriptor and the unique capability key. Once acquired, the protection key is used to decrypt the encrypted version to generate the sensitive information which is presented.
34 Citations
33 Claims
-
1. A computer controlled method for revealing sensitive information in a selectively encrypted data unit comprising:
-
accessing said selectively encrypted data unit, comprising an encrypted version of said sensitive information, an attribute vector associated with said encrypted version, and a plurality of auxiliary values computed directly using the attribute vector and a random number, said encrypted version capable of being decrypted into said sensitive information; accessing a unique capability key, said unique capability key associated with a key descriptor which is determined based at least on part on the attribute vector, said unique capability key responsive to one or more cryptosystem parameters, one or more random numbers and one or more shares; determining whether said attribute vector is filtered by said key descriptor; acquiring, responsive to determining, a protection key responsive to said cryptosystem parameters, said plurality of auxiliary values, said key descriptor and said unique capability key; decrypting the encrypted version with said protection key to generate said sensitive information; and presenting said sensitive information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 32, 33)
-
-
17. An apparatus comprising:
-
a central processing unit (CPU), a memory coupled to said CPU, a data access logic configured to access said selectively encrypted data unit, comprising an encrypted version of said sensitive information, an attribute vector associated with said encrypted version, and a plurality of auxiliary values computed directly using the attribute vector and a random number, said encrypted version capable of being decrypted into said sensitive information; a key access logic configured to access a unique capability key, said unique capability key associated with a key descriptor which is determined based at least on part on the attribute vector, said unique capability key responsive to one or more cryptosystem parameters, one or more random numbers and one or more shares; an attribute filter logic configured to determine whether said attribute vector is filtered by said key descriptor; a key acquisition logic configured to acquire, responsive to the attribute filter logic, a protection key, said protection key responsive to said cryptosystem parameters, said plurality of auxiliary values, said key descriptor and said unique capability key; a decryption logic configured to decrypt the encrypted version with said protection key to generate said sensitive information; and a presentation logic configured to present said sensitive information. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A computer program product comprising:
-
a non-transitory computer-usable data carder providing instructions that, when executed by a computer, cause said computer to perform a method to reveal sensitive information in a selectively encrypted data unit, said method comprising; accessing said selectively encrypted data unit, comprising an encrypted version of said sensitive information, an attribute vector associated with said encrypted version, and a plurality of auxiliary values computed directly using the attribute vector and a random number, said encrypted version capable of being decrypted into said sensitive information; accessing a unique capability key, said unique capability key associated with a key descriptor which is determined based at least on part on the attribute vector, said unique capability key responsive to one or more cryptosystem parameters, one or more random numbers and one or more shares; determining whether said attribute vector is filtered by said key descriptor; acquiring, responsive to determining, a protection key responsive to said cryptosystem parameters, said plurality of auxiliary values, said key descriptor and said unique capability key; decrypting the encrypted version with said protection key to generate said sensitive information; and presenting said sensitive information. - View Dependent Claims (31)
-
Specification