Security system for generating keys from access rules in a decentralized manner and methods therefor
First Claim
Patent Images
1. A method for encrypting a file, comprising:
- producing, using a processing device, an access rules string having embedded therein access rules to be imposed for restricting access to the file;
generating, using the processing device, a public key derived from the access rules string; and
encrypting, using the processing device, at least a portion of the file using the public key, such that the public key, in a form used to encrypt the portion of the file, contains the access rules string embedded therein and extractable therefrom when decrypting the portion of the file.
5 Assignments
0 Petitions
Accused Products
Abstract
Improved system and approaches for decentralized key generation are disclosed. The keys that can be generated include both public keys and private keys. The public keys are arbitrary strings that embed or encode access restrictions. The access restrictions are used to enforce access control policies. The public keys are used to encrypt some or all portions of files. The private keys can be generated to decrypt the portions of the files that have been encrypted with the public keys. By generating keys in a decentralized manner, not only are key distribution burdens substantially eliminated but also off-line access to encrypted files is facilitated.
-
Citations
33 Claims
-
1. A method for encrypting a file, comprising:
-
producing, using a processing device, an access rules string having embedded therein access rules to be imposed for restricting access to the file; generating, using the processing device, a public key derived from the access rules string; and encrypting, using the processing device, at least a portion of the file using the public key, such that the public key, in a form used to encrypt the portion of the file, contains the access rules string embedded therein and extractable therefrom when decrypting the portion of the file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 31, 32, 33)
-
-
12. A method for encrypting a file including a key block portion and a data block portion, comprising:
-
producing, using a processing device, an access rules string having embedded therein access rules to be imposed for restricting access to the file; generating, using the processing device, a public key for the key block portion derived from the access rules string; and encrypting, using the processing device, the key block portion of the file using the public key, such that the public key, in a form used to encrypt the key block portion of the file, contains the access rules string embedded therein and extractable therefrom when decrypting the key block portion of the file. - View Dependent Claims (13)
-
-
14. A method of decrypting a secured file that has been previously encrypted, comprising:
-
identifying, using a processing device, access rules, for restricting access of a user to the secured file, that are embedded in a public key associated with the secured file to be decrypted by reading the access rules from the public key, wherein the public key was previously used to encrypt the secured file; denying, using the processing device, access to the secured file if the access rules do not permit the user to access the secured file; generating, using the processing device, a private key if the access rules permit the user to access the secured file, wherein the private key is generated based on the access rules and a master key; and decrypting, using the processing device and following said generating, at least a portion of the secured file for access thereto by the user with the private key. - View Dependent Claims (15, 16, 29, 30)
-
-
17. A method of decrypting a secured file that has been previously encrypted, comprising:
-
identifying, using a processing device, access rules for restricting access of a user to the secured file that are embedded in a public key associated with the secured file to be decrypted by reading the access rules from the public key, wherein the public key was previously used to encrypt the secured file; denying, using the processing device, access to the secured file if the access rules do not permit the user to access the secured file; generating, using the processing device, a private key if the access rules permit the user to access the secured file, wherein the private key is generated based on the access rules and a master key; decrypting, using the processing device and following said generating, an encrypted key block of the secured file to obtain a file key; and decrypting, using the processing device, at least a portion of the secured file for access thereto by the user through use of the file key. - View Dependent Claims (18, 19)
-
-
20. A system for restricting access to a file, said system comprising:
-
a memory comprising; a key store configured to store at least one segment of gathered information about a master key, a rules engine configured to read an access rules string from a public key associated with a secured file, said access rules string having embedded therein access rules for restricting access to the file and embedded in said public key, and a key generator configured to generate the master key based on said gathered information, if the access rules identified by the access rules string are satisfied, and to generate a private key derived from the access rules and the master key, wherein said private key is used to decrypt at least a portion of said secured file; and one or more processing devices configured to process the key store, the rules engine, and the key generator. - View Dependent Claims (21, 22, 23, 24)
-
-
25. An article of manufacture including a data storage device having computer-executable instructions stored thereon, execution of which, by a computing device, causes the computing device to perform operations for encrypting a file, the operations comprising:
-
producing an access rules string having embedded therein access rules for restricting access to the file to be imposed; generating a public key derived from the access rules string; and encrypting at least a portion of the file using the public key, such that the public key, in a form used to encrypt the portion of the file, contains the access rules string embedded therein and extractable therefrom when decrypting the portion of the file. - View Dependent Claims (26)
-
-
27. An article of manufacture including a data storage device having computer-executable instructions stored thereon, execution of which, by a computing device, causes the computing device to perform operations for decrypting a secured file that has been previously encrypted, the operations comprising:
-
computer program code that enables a processor to identify access rules for restricting access of a user to the secured file that are embedded in a public key associated with the secured file to be decrypted by reading the access rules from the public key, wherein the public key was previously used to encrypt the secured file; computer program code that enables the processor to deny access to the secured file if the access rules do not permit the user to access the secured file; computer program code that enables the processor to generate a private key if the access rules permit the user to access the secured file, wherein the private key is generated based on the access rules and a master key; and computer program code that enables the processor to decrypt at least a portion of the secured file for access thereto by the user with the private key.
-
-
28. A method for encrypting a file, comprising:
-
accessing, using a processing device, access rules to be imposed for restricting access to the file; producing, using the processing device, an access rules string having embedded therein the access rules, wherein the access rules are embedded in the rules string according to a predetermined format; generating, using the processing device, a public key derived from the access rules string; and encrypting, using the processing device, at least a portion of the file using the public key, such that the public key, in a form used to encrypt the portion of the file, contains the access rules string embedded therein and extractable therefrom when the decrypting the portion of the file.
-
Specification