System and method for secure release of secret information over a network
First Claim
1. A system comprising:
- a data repository storing a deposit of secret information, wherein a piece of the secret information in the deposit is associated with individual designated trustees and an individual trustee policy;
a server coupled to the repository, the server having a processor and a memory storing a plurality of instructions which, when executed by the processor, configure the server to;
receive an access request, encrypted with a seed that is rotated and randomly generated by the server, from a client to access the piece of secret information in the deposit;
in response to the access request, send an authorization request to the individual designated trustees associated with the piece of secret information;
receive responses regarding the authorization request from the one or more of the designated trustees;
determine whether to grant the access request based on applying the trustee policy to the received responses, wherein the trustee policy requires approval of the authorization request associated with secret information by at least three or more of the designated trustees; and
when the access request is granted, send the piece of secret information to the client, wherein the piece of secret information is not accessible by the one or more of the designated trustees,wherein the server is further configured to encrypt the authorization request sent to the one or more of the designated trustees with respective public keys of the designated trustees, andwherein the server the data repository, and the client are all separate entities from one another.
6 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure include systems and methods for secure release of secret information over a network. The server can be configured to receive a request from a client to access the deposit of secret information, send an authorization request to at least one designated trustee in the set of designated trustees for the deposit of secret information, receive responses over the network from one or more of the designated trustees in the set of designated trustees and apply a trustee policy to the responses from the one or more designated trustees in the set of trustees to determine if the request is authorized. If the request is authorized, the server can send the secret information to the client. If the request is not authorized, the server denies access by the client to the secret information.
174 Citations
22 Claims
-
1. A system comprising:
-
a data repository storing a deposit of secret information, wherein a piece of the secret information in the deposit is associated with individual designated trustees and an individual trustee policy; a server coupled to the repository, the server having a processor and a memory storing a plurality of instructions which, when executed by the processor, configure the server to; receive an access request, encrypted with a seed that is rotated and randomly generated by the server, from a client to access the piece of secret information in the deposit; in response to the access request, send an authorization request to the individual designated trustees associated with the piece of secret information; receive responses regarding the authorization request from the one or more of the designated trustees; determine whether to grant the access request based on applying the trustee policy to the received responses, wherein the trustee policy requires approval of the authorization request associated with secret information by at least three or more of the designated trustees; and when the access request is granted, send the piece of secret information to the client, wherein the piece of secret information is not accessible by the one or more of the designated trustees, wherein the server is further configured to encrypt the authorization request sent to the one or more of the designated trustees with respective public keys of the designated trustees, and wherein the server the data repository, and the client are all separate entities from one another. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer readable medium storing a set of computer executable instructions, the set of computer executable instructions executable by a processor to:
-
receive an access request, encrypted with a seed that is rotated and randomly generated by a server, from a client to access a piece of secret information in a deposit of secret information stored in a data repository, wherein the piece of secret information in the deposit is associated with individual designated trustees and an individual trustee policy; in response to the access request, send an authorization request to the designated trustees associated with the piece of secret information; receive responses regarding the authorization request from the one or more of the designated trustees; determine whether to grant the access request based on applying the trustee policy to the received responses, wherein the trustee policy requires approval of the authorization request associated with secret information by at least three or more of the designated trustees; and when the access request is granted, send the piece of secret information to the client, wherein the piece of secret information is not accessible by the one or more of the designated trustees; wherein the server is further configured to encrypt the authorization request sent to the one or more of the designated trustees with respective public keys of the designated trustees, wherein the server, the data repository, and the client are all separate entities from one another. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method for secure release of secret information comprising:
-
maintaining a deposit of secret information in a data repository, wherein a piece of the secret information in the deposit is associated with individual designated trustees and an individual trustee policy; receiving an access request encrypted with a seed that is rotated and randomly generated by a server, from a client to access the piece of secret information in the deposit; in response to the access request, sending an authorization request to one or more of the designated trustees associated with the piece of secret information; receiving responses regarding the authorization request from the one or more of the designated trustees; determining whether to grant the access request based on applying the trustee policy to the received responses, wherein the trustee policy requires approval of the authorization request associated with secret information by at least three or more of the designated trustees; and when the access request is granted, sending the piece of secret information to the client, wherein the piece of secret information is not accessible by the one or more of the designated trustees, wherein the server is further configured to encrypt the authorization request sent to the one or more of the designated trustees with respective public keys of the designated trustees, and wherein the server, the data repository, and the client are all separate entities from one another. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification