Two-party storage of encrypted sensitive information
First Claim
1. A computer-readable storage device containing instructions for controlling a computing device to store information securely, by a method comprising:
- securing the information by encrypting with a first key the information to generate first-key encrypted data and encrypting with a second key the first key to generate a second-key encrypted first key;
directing storage of a first portion of the first-key encrypted data and the second-key encrypted first key at a first location and a second portion of the first-key encrypted data at a second location, the first location and the second location being separate storage devices; and
when the secured information is to be used,receiving the first portion of the first-key encrypted data and the second-key encrypted first key from the first location and the second portion of the first-key encrypted data from the second location;
unsecuring the secured information by decrypting with the second key the second-key encrypted first key to extract the first key and decrypting with the extracted first key the received first portion and the received second portion to extract the information,wherein after the information is secured and until the secured information needs to be unsecured, the first location and the second location each store only a portion of the first-key encrypted data and neither the first location nor the second location stores a complete copy of both the first key and the second key.
2 Assignments
0 Petitions
Accused Products
Abstract
A secure storage system secures information of a client by first encrypting the information with a first key to generate first-key encrypted data. The secure storage system then encrypts with a second key the first-key encrypted data and the first key to generate second-key encrypted data. The system provides the client with a first portion of the second-key encrypted data. The system stores a second portion of the second-key encrypted data and the second key. When the confidential information is needed, the client provides the first portion. The system retrieves the second portion. The system then decrypts with the second key the first portion and the second portion to generate the first-key encrypted data and the first key. The system then decrypts with the first key the first-key encrypted data to generate the unsecure confidential information.
65 Citations
20 Claims
-
1. A computer-readable storage device containing instructions for controlling a computing device to store information securely, by a method comprising:
-
securing the information by encrypting with a first key the information to generate first-key encrypted data and encrypting with a second key the first key to generate a second-key encrypted first key; directing storage of a first portion of the first-key encrypted data and the second-key encrypted first key at a first location and a second portion of the first-key encrypted data at a second location, the first location and the second location being separate storage devices; and when the secured information is to be used, receiving the first portion of the first-key encrypted data and the second-key encrypted first key from the first location and the second portion of the first-key encrypted data from the second location; unsecuring the secured information by decrypting with the second key the second-key encrypted first key to extract the first key and decrypting with the extracted first key the received first portion and the received second portion to extract the information, wherein after the information is secured and until the secured information needs to be unsecured, the first location and the second location each store only a portion of the first-key encrypted data and neither the first location nor the second location stores a complete copy of both the first key and the second key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system with a processor and memory for securing information, comprising:
-
a component that encrypts with a first key the information to generate first-key encrypted data; a component that encrypts with a second key the first key to generate second-key encrypted first key; and a component that directs storage of a first portion of the first-key encrypted data and the second-key encrypted first key at a first location and a second portion of the first-key encrypted data at a second location, the first location and the second location being separate storage devices, wherein the components are implemented as computer-readable instructions stored in memory for execution by the processor. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A computer system with a processor and memory for unsecuring information, comprising:
-
a component that receives a first portion of first-key encrypted data and a second-key encrypted first key from a first location and a second portion of the first-key encrypted data from a second location, the first location and the second location being separate storage devices; a component that decrypts with a second key the received second-key encrypted first key to extract the first key; and a component that decrypts with the first key the first-key encrypted data to extract the information, wherein the components are implemented as computer-readable instructions stored in memory for execution by the processor. - View Dependent Claims (19, 20)
-
Specification