Database system, computer system, and computer-readable storage medium for decrypting a data record
First Claim
1. A database system comprising:
- a memory containing multiple data records, wherein each of the data records has a data record asymmetric key pair for cryptographic encryption and decryption, wherein each data record asymmetric key pair comprises a data record public key and a data record private key, wherein each of the multiple data records is at least partially encrypted by its data record public key, wherein the data record private key of each asymmetric key pair is encrypted, wherein the memory contains a representation of a directed acyclic graph, wherein paths along the directed acyclic graph each have a starting node and an ending node, forming a chain of nodes;
a set of user accounts, wherein each of the user accounts has a user asymmetric key pair for encryption and decryption, wherein each user asymmetric key pair has a user public key and a user private key, wherein the user public key is computed using the user private key;
wherein each starting node corresponds to one of the set of user accounts, wherein each ending node corresponds to one of the multiple data records;
wherein data is added to a data record by encrypting it with the data record public key, wherein access to the data record is granted to a user account by a cryptographic access key encrypted with the user public key, wherein a directed path formed by the chain of nodes starting at the starting node and ending at the ending node allows decryption of the data record using the cryptographic access key.
3 Assignments
0 Petitions
Accused Products
Abstract
A database system comprising: a memory containing multiple data records, wherein each of the data records has a data record asymmetric key pair for cryptographic encryption and decryption, wherein each data record asymmetric key pair comprises a data record public key and a data record private key, wherein the data contained in each of the multiple data records is encrypted by the data record public key, wherein the data record private key of each data record asymmetric key pair is encrypted with the public key of another asymmetric key pair; a set of user accounts, wherein each of the user accounts has a user asymmetric key pair for encryption and decryption, wherein each user asymmetric key pair has a user public key and a user private key; wherein data is added to a data record by encrypting it with the data record public key; wherein access to the data record is granted to a user account by encrypting the data record private key with the public key of an asymmetric cryptographic key pair whose encrypted private key is accessible from the user account via a sequence of successive decryptions of encrypted private keys; and wherein the data record private key allows decryption of the data record.
-
Citations
16 Claims
-
1. A database system comprising:
-
a memory containing multiple data records, wherein each of the data records has a data record asymmetric key pair for cryptographic encryption and decryption, wherein each data record asymmetric key pair comprises a data record public key and a data record private key, wherein each of the multiple data records is at least partially encrypted by its data record public key, wherein the data record private key of each asymmetric key pair is encrypted, wherein the memory contains a representation of a directed acyclic graph, wherein paths along the directed acyclic graph each have a starting node and an ending node, forming a chain of nodes; a set of user accounts, wherein each of the user accounts has a user asymmetric key pair for encryption and decryption, wherein each user asymmetric key pair has a user public key and a user private key, wherein the user public key is computed using the user private key;
wherein each starting node corresponds to one of the set of user accounts, wherein each ending node corresponds to one of the multiple data records;wherein data is added to a data record by encrypting it with the data record public key, wherein access to the data record is granted to a user account by a cryptographic access key encrypted with the user public key, wherein a directed path formed by the chain of nodes starting at the starting node and ending at the ending node allows decryption of the data record using the cryptographic access key. - View Dependent Claims (2, 3, 4)
-
-
5. A computer system for accessing a database of a database system, wherein the database system comprises:
-
a memory containing multiple data records, wherein each of the data records has a data record asymmetric key pair for cryptographic encryption and decryption, wherein each data record asymmetric key pair comprises a data record public key and a data record private key, wherein each of the multiple data records is encrypted by its data record public key, wherein the data record private key of each asymmetric key pair is encrypted, wherein the memory contains a representation of a directed acyclic graph, wherein paths along the directed acyclic graph each have a starting node and an ending node, forming a chain of nodes; a set of user accounts, wherein each of the user accounts has a user asymmetric key pair for encryption and decryption, wherein each user asymmetric key pair has a user public key and a user private key, wherein the user public key is computed using the user private key;
wherein each starting node corresponds to one of the set of user accounts, wherein each ending node corresponds to one of the multiple data records;wherein data is added to a data record by encrypting it with the data record public key;
wherein access to the data record is granted to a user account by a cryptographic access key encrypted with the user public key;
wherein a directed path formed by the chain of nodes starting at the starting node and ending at the ending node allows decryption of the data record using the cryptographic access key;wherein the computer system comprises; a processor; and a computer-readable storage medium containing machine-readable instructions for execution by the processor, wherein execution of the instructions cause the processor to perform the steps of; decrypting the cryptographic access key with the user private key, using the cryptographic access key for decrypting the data record. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium containing instructions for execution by a processor of a computer system for accessing a database of a database system, wherein the database system comprises:
-
a memory containing multiple data records, wherein each of the data records has a data record asymmetric key pair for cryptographic encryption and decryption, wherein each data record asymmetric key pair comprises a data record public key and a data record private key, wherein each of the multiple data records is at least partially encrypted by its data record public key, wherein the data record private key of each asymmetric key pair is encrypted, wherein the memory contains a representation of a directed acyclic graph, wherein paths along the directed acyclic graph each have a starting node and an ending node, forming a chain of nodes; a set of user accounts, wherein each of the user accounts has a user asymmetric key pair for encryption and decryption, wherein each user asymmetric key pair has a user public key and a user private key, wherein the user public key is computed using the user private key;
wherein each starting node corresponds to one of the set of user accounts, wherein each ending node corresponds to one of the multiple data records;wherein data is added to a data record by encrypting it with the data record public key;
wherein access to the data record is granted to a user account by a cryptographic access key encrypted with the user public key;
wherein a directed path formed by the chain of nodes starting at the starting node and ending at the ending node allows decryption of the data record using the cryptographic access; andwherein execution of the instructions cause the processor to perform the steps of; decrypting the cryptographic access key with the user private key, using the cryptographic access key for decrypting the data record.
-
Specification