System and method for securely storing and sharing information

US 9,378,380 B1
Filed: 10/31/2012
Issued: 06/28/2016
Est. Priority Date: 10/31/2011
Status: Active Grant

First Claim

Patent Images

1. A method for securely storing and sharing information within and between organizations using a three-part distributed interlocking system, the method comprising:

assigning, by a first registry-cloud interface, registration information to an information owner, the registration information comprising a unique public/private key pair;

populating, by the first registry-cloud interface, a registry with the registration information of the information owner, including the information owners public key;

transmitting, by the registry-cloud interface, access control permissions to a cloud storage system to authorize the registry-cloud interface to store and to retrieve files to the cloud storage system for the information owner;

receiving, by the first registry-cloud interface, information to be securely stored;

generating, by the first registry-cloud interface, encrypted information based on the information and the unique public/private key pair; and

storing, by the first registry-cloud interface, the encrypted information on the cloud storage system of a cloud storage provider;

whereby the private key is maintained by the first registry-cloud interface and is not shared with the registry or the cloud storage provider.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure information storage system is disclosed. In an example embodiment, the secure information storage system comprises a first proxy system, a cloud storage system, an exchange registry, an access portal and a cloud-registry interface.

Citations

21 Claims

1. A method for securely storing and sharing information within and between organizations using a three-part distributed interlocking system, the method comprising:
- assigning, by a first registry-cloud interface, registration information to an information owner, the registration information comprising a unique public/private key pair;
  
  populating, by the first registry-cloud interface, a registry with the registration information of the information owner, including the information owners public key;
  
  transmitting, by the registry-cloud interface, access control permissions to a cloud storage system to authorize the registry-cloud interface to store and to retrieve files to the cloud storage system for the information owner;
  
  receiving, by the first registry-cloud interface, information to be securely stored;
  
  generating, by the first registry-cloud interface, encrypted information based on the information and the unique public/private key pair; and
  
  storing, by the first registry-cloud interface, the encrypted information on the cloud storage system of a cloud storage provider;
  
  whereby the private key is maintained by the first registry-cloud interface and is not shared with the registry or the cloud storage provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein the receiving further comprises receiving the information from the information through a portal application.
  - 3. The method of claim 1 further comprising:
    - authorizing, by the first registry-cloud interface by updating permissions at the registry, a second registry-cloud interface to access at least a portion of the encrypted information and to store additional encrypted information;
      
      updating, by the registry, the access control permissions at the cloud storage system and authorizing the second registry-cloud interface to retrieve and store encrypted information of the specified information owner; and
      
      transmitting, from the first registry-cloud interface to the second registry-cloud interface, the private key of the information owner'"'"'s unique public/private key pair, the transmitting bypassing the registry and the cloud storage system.
  - 4. The method of claim 3 further comprising providing store-only access to the second registry-cloud interface by granting permission to the second registry-cloud interface to store but not retrieve encrypted files on the cloud storage system of the cloud storage provider based on the public key for the information owner.
  - 5. The method of claim 3, comprising retrieving and decrypting, by the second registry-cloud interface, information of the information owner stored on the cloud storage system responsive to receiving a request for the information.
  - 6. The method of claim 3, further comprising encrypting and storing, by the second registry-cloud interface, information of the information owner on the cloud storage system responsive to receiving a request to store the information.
  - 7. The method of claim 3, further comprising retrieving and decrypting, by the first registry-cloud interface, information of the information owner, stored on the cloud storage system by the second registry-cloud interface, responsive to receiving a request for the information.
  - 8. The method of claim 1 wherein the information comprises healthcare information.
  - 9. The method of claim 1 further comprising storing, by the first registry-cloud interface, unencrypted file metadata on the cloud storage system created at the cloud storage provider.
  - 10. The method of claim 1 further comprising determining, by the registry, at least one unique identity of an entity authorized to use the registry.
  - 11. The method of claim 1 further comprising verifying an identity and role of an entity requesting use of the registry.
  - 12. The method of claim 1 wherein the cloud storage system comprises access control permission for authorizing access to the cloud storage system to store and retrieve information based on owner-specific permissions received from the registry.
  - 13. The method of claim 1, further comprising retrieving and decrypting, by the first registry-cloud interface, information of the information owner stored on the cloud storage system responsive to receiving a request for the information.

14. A system for securely storing and sharing information within and between organizations using a three-part distributed interlocking system, the system comprising:
- an information owner system of an information owner for providing information to be securely stored and retrieved;
  
  a cloud storage system of a cloud storage provider;
  
  a registry maintained and controlled a registry controller;
  
  a first proxy system registry-cloud interface, the first registry-cloud interface processing instructions to;
  
  assign to registration information to the information owner, the registration information comprising a unique public/private key pair;
  
  populate a registry with the registration information comprising the information owner'"'"'s unique public key;
  
  receive the information to be securely stored;
  
  generate encrypted information based on the information to be securely stored and the information owner'"'"'s unique public/private key pair; and
  
  store the encrypted information on a cloud storage system of a cloud storage provider as authorized by the registry;
  
  wherein the cloud storage system is configured to use access control permissions received from the registry to control access to an information owner'"'"'s information;
  
  wherein the registry is configured to verify and manage identities, catalog permissions, and transmit permission changes to the cloud storage system; and
  
  wherein the private key is retained by the first registry-cloud interface and not shared with the registry or the cloud storage provider.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The system of claim 14 further comprising a portal application for the first registry-cloud interface to receive the information from the information owner.
  - 16. The system of claim 14 further comprising:
    - a second registry-cloud interface;
      
      wherein the first registry-cloud interface further processing instructions to;
      
      authorize the second registry-cloud interface, by updating permissions at the registry, to access at least a portion of the encrypted information and to store encrypted information; and
      
      transmit to the second registry-cloud interface a private key of the information owner'"'"'s unique public/private key pair,wherein the transmitting bypasses the registry and the cloud storage system.
  - 17. The system of claim 16, the second registry-cloud interface further processing instructions to retrieve and decrypt the information owner'"'"'s information on the cloud storage system.
  - 18. The system of claim 16, the second registry-cloud interface further processing instructions to encrypt and store the information owner'"'"'s information on the cloud storage system.
  - 19. The system of claim 16, the first registry-cloud interface further processing instructions to retrieve and decrypt the information on the cloud storage system stored by the second registry-cloud interface.
  - 20. The method of claim 14 wherein the information comprises healthcare information.
  - 21. The system of claim 14, the first registry-cloud interface further processing instructions to retrieve and decrypt the information owner'"'"'s information on the cloud storage system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Crowdstrike, Inc. (CrowdStrike Holdings Incorporated)
Original Assignee
Reid Consulting Group, Inc.
Inventors
Reid, Thomas Alan, Moffitt, Mark Edmonson
Primary Examiner(s)
Hailu, Teshome

Application Number

US13/665,861
Time in Patent Office

1,336 Days
Field of Search

713/153
US Class Current

1/1
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/88   Medical equipments

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 67/1097   for distributed storage of ...

H04L 9/006   involving public key infras...

H04L 9/3268   using certificate validatio...

System and method for securely storing and sharing information

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securely storing and sharing information

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links