User-specified sharing of data via policy and/or inference from a hierarchical cryptographic store

US 8,837,718 B2
Filed: 03/27/2009
Issued: 09/16/2014
Est. Priority Date: 03/27/2009
Status: Active Grant

First Claim

Patent Images

1. A computer implemented system that creates a hierarchical set of decryption keys to facilitate privacy-centric data storage of health records with diverse accessibility, comprising:

an interface component that obtains from a user or an associated device information associated with a root key, in which the information includes a policy the user controls to maintain granular control over accessing the health records of the user by authorized accessing parties such that the policy specifies different keys to capture different preferences about sharing of the health records, wherein a first key is associated with sharing a set of the health records of the user with a first party and is further associated with a first user preference for data access, and a second key is associated with sharing a subset of the set of the health records of the user with a second party and is further associated with a second user preference for data access different than the first user preference for data access; and

a key generation component that employs the root key to derive a private set of cryptographic decryption keys that conforms to a hierarchy that describes partitioning of the encrypted data of the user based at least in part upon features or content of the encrypted data, wherein decryption capabilities of a decryption key from the private set of cryptographic decryption keys is defined based at least in part upon a location or an arrangement of the decryption key within the hierarchy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The claimed subject matter relates to architectures that can construct a hierarchical set of decryption keys for facilitating user-controlled encrypted data storage with diverse accessibility and hosting of that encrypted data. In particular, a root key can be employed to derive a hierarchical set of decryption keys and a corresponding hierarchical set of encryption keys. Each key derived can conform to a hierarchy associated with encrypted data of the user, and the decryption capabilities of the decryption keys can be configured based upon a location or assignment of the decryption key within the hierarchy. The cryptographic methods can be joined with a policy language that specifies sets of keys for capturing preferences about patterns of sharing. These policies about sharing can themselves require keys for access and the policies can provide additional keys for other aspects of policy and or base-level accesses.

Citations

20 Claims

1. A computer implemented system that creates a hierarchical set of decryption keys to facilitate privacy-centric data storage of health records with diverse accessibility, comprising:
- an interface component that obtains from a user or an associated device information associated with a root key, in which the information includes a policy the user controls to maintain granular control over accessing the health records of the user by authorized accessing parties such that the policy specifies different keys to capture different preferences about sharing of the health records, wherein a first key is associated with sharing a set of the health records of the user with a first party and is further associated with a first user preference for data access, and a second key is associated with sharing a subset of the set of the health records of the user with a second party and is further associated with a second user preference for data access different than the first user preference for data access; and
  
  a key generation component that employs the root key to derive a private set of cryptographic decryption keys that conforms to a hierarchy that describes partitioning of the encrypted data of the user based at least in part upon features or content of the encrypted data, wherein decryption capabilities of a decryption key from the private set of cryptographic decryption keys is defined based at least in part upon a location or an arrangement of the decryption key within the hierarchy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1, the information is at least one of a password or biometric data;
    - the policy specifies that data associated with the user is shareable unless the data indicates at least a specified rise in risk over an average amount of risk of a disorder for a cohort population associated with the user; and
      
      the key generation component constructs the root key based upon the information, or the information includes the root key.
  - 3. The system of claim 1, the policy that defines a pattern of access associated with the hierarchy or one or more decryption keys included in the private set;
    - and the key generation component further employs the policy to derive at least one decryption key included in the private set.
  - 4. The system of claim 3, the policy relates to at least one of a statement regarding the at least one decryption key or an associated encryption key;
    - or to an assertion of rules, constraints, or inferences in connection with the at least one decryption key or an associated encryption key; and
      
      the pattern of access relates to at least one of one-time access, access limited by a count, access limited by a time period, access limited based upon contextual situation, access limited based upon a type of data or a level of detail or precision for the data, access limited based upon identity, or unlimited access.
  - 5. The system of claim 3, the policy is encrypted and the information includes a policy decryption key and an encrypted layer of the hierarchy;
    - the key generation component employs the policy decryption key to decrypt the policy and further to reveal an additional layer of the hierarchy or an additional policy key.
  - 6. The system of claim 1, the key generation component employs the hierarchy to characterize or derive a first decryption key as a parent and a second decryption key as a child of the parent.
  - 7. The system of claim 6, the key generation component configures the parent to decrypt a first set of encrypted data associated with the user, and further configures the child to decrypt a second set of encrypted data associated with the user, wherein the second set of encrypted data is a subset of the first set of encrypted data;
    - and the interface component transmits the parent to a first disparate entity and transmits the child to a second disparate entity according to authorization or preferences associated with the user such that the second disparate entity is able to decrypt only a portion of the data decryptable by the first disparate entity.
  - 8. The system of claim 1, the key generation component further constructs an encryption key that is configured to encrypt data associated with the user in a manner that is decryptable by at least one decryption key included in the private set of cryptographic decryption keys.
  - 9. The system of claim 8, the encryption key is configured to encrypt data associated with the user according to the hierarchy such that only a corresponding decryption key or a parent thereof can decrypt associated encrypted data.
  - 10. The system of claim 8, the encryption key is one of a set of public cryptographic encryption keys, wherein each public encryption key included in the set of public cryptographic encryption keys corresponds to a respective decryption key included in the private set of cryptographic decryption keys.
  - 11. The system of claim 8, the encryption key is at least one of an identity-based encryption key that employs an identity parameter when encrypting data associated with the user, or a symmetric key that is related to one or more decryption keys included in the private set of cryptographic decryption keys.
  - 12. The system of claim 11, the identity parameter is a category, a classification, or a keyword included in or described by the hierarchy.
  - 13. The system of claim 11, the encryption key conforms to at least one of:
    - randomized encryption to facilitate a higher level of security in connection with storage of encrypted data or deterministic encryption to facilitate more efficient queries in connection with storage of encrypted data.
  - 14. The system of claim 6, the interface component transmits the encryption key to a remote server that stores data associated with the user that is encrypted by the encryption key, the interface component further does not provide the remote server with access to any decryption key included in the private set of cryptographic decryption keys.
  - 15. The system of claim 1, the interface component transmits a set of preferences to a server that hosts encrypted data associated with the user, the set of preferences define at least one of disparate entities that can obtain the encryption key, disparate entities that can search the encrypted data, policies that relate to how data is revealed to one or more disparate entities, or a ciphertext of data that is not to be revealed.
  - 16. The system of claim 1, the interface component transmits a package to a disparate entity based upon authorization from or preferences associated with the user in order to facilitate decryption or search capabilities in connection with encrypted user data by the disparate entity, the package includes at least one of (1) one or more decryption key from the private set of cryptographic decryption keys, (2) one or more encryption keys, or (3) a searching trapdoor for one or more keywords.

17. A computer implemented method for constructing a hierarchical set of decryption keys for facilitating privacy-centric data storage with diverse accessibility, comprising:
- receiving from a user information associated with a root key, in which the information includes a policy the user controls to maintain granular control over accessing encrypted data of the user by authorized accessing parties such that the policy specifies a set of keys to capture preferences about sharing of personal information of the user with the parties, wherein a first key is associated with sharing a set of the personal information of the user with a first party and is further associated with a first user preference for a first level of detail of data access, and a second key is associated with sharing a subset of the set of the personal information of the user with a second party and is further associated with a second user preference for a second level of detail of data access different than the first user preference for the first level of detail of data access;
  
  employing a processor to create a set of cryptographic decryption keys derived from the root key, in which a decryption key included in the set of cryptographic decryption keys conforms to a hierarchy describing or defining encrypted data associated with the user; and
  
  configuring decryption capabilities for the decryption key included in the set of cryptographic decryption keys based at least in part upon a location or assignment of the decryption key within the hierarchy.
- View Dependent Claims (18)
- - 18. The method of claim 17, further comprising at least one of the following acts:
    - configuring a child decryption key for decrypting only a subset of a portion of the encrypted data that is decryptable by a parent of the child decryption key;
      
      creating an encryption key for encrypting data associated with the user in a manner that is decryptable by the decryption key or a parent thereof;
      
      publishing for public access the encryption key to a remote server that hosts the encrypted data;
      
      employing a local policy for denying the remote server access to all or portions of the set of cryptographic decryption keystransmitting the decryption key to at least one disparate entity in a secure manner;
      
      ortransmitting to the remote server a set of preferences describing at least one of disparate entities that can obtain the encryption key, disparate entities that can search the encrypted data, policies that relate to how data is revealed to one or more disparate entities, or a ciphertext of data that is to be revealed or is not to be revealed.

19. A computer implemented method for securely hosting encrypted data associated with a user in a manner that facilitates user control and diverse accessibility, comprising:
- employing a server with a processor and a data store for hosting encrypted data associated with a user in the data store that is accessible by way of a network that is configured to be substantially publicly addressable, wherein the encrypted data conforms to a hierarchical scheme such that a portion of the encrypted data decryptable by a decryption key associated with the user is based at least in part upon a location or an assignment of the decryption key within a hierarchy of a set of decryption keys derived from a root key associated with the user;
  
  receiving a set of preferences from the user relating to at least entities authorized to obtain, access, or search the encrypted data or policies for how data is revealed to one or more entities, in which the set of preferences specifies a set of keys for the user to maintain granular control over sharing of personal information of the user with the one or more entities, wherein a first key of the set of keys is associated with sharing a set of the data associated with the user with a first entity and is further associated with a first preference of the set of preferences for sharing data, and a second key of the set of keys is associated with sharing a subset of the data associated with the user with a second entity and is further associated with a second preference of the set of preferences for sharing data different than the first preference of the set of preferences for sharing data;
  
  receiving a request from a user-authorized entity to access or search the encrypted data; and
  
  transmitting requested encrypted data to the user-authorized entity based at least in part upon the preferences.
- View Dependent Claims (20)
- - 20. The method of claim 19, further comprising at least one of the following acts:
    - receiving an update to the encrypted data associated with the user from a user-authorized entity;
      
      receiving a set of preferences relating to a ciphertext corresponding to encrypted data that is either authorized for sharing or ineligible for sharing with all or a subset of user-authorized entities;
      
      publishing for retrieval by user-authorized entities a set of hierarchical encryption keys relating to the set of decryption keys;
      
      maintaining on the server a policy forbidding access by the server to any decryption key included in the set of decryption keys;
      
      orlogging credentials associated with the user-authorized entity when encrypted data is accessed, searched, or updated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Lauter, Kristin Estella, Bellare, Mihir, Benaloh, Josh, Chase, Melissa E., Horvitz, Erik J., Karkanias, Chris Demetrios
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Ho, Thomas

Application Number

US12/413,445
Publication Number

US 20100246827A1
Time in Patent Office

1,999 Days
Field of Search

713/157, 713/177, 380/45, 380/44, 380/278, 726/1
US Class Current

380/45
CPC Class Codes

G06F 21/6209   to a single file or object,...

H04L 2209/88   Medical equipments

H04L 9/0836   using tree structure or hie...

H04L 9/3073   involving pairings, e.g. id...

User-specified sharing of data via policy and/or inference from a hierarchical cryptographic store

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

User-specified sharing of data via policy and/or inference from a hierarchical cryptographic store

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links