System, processing device, computer program and method, to transparently encrypt and store data objects such that owners of the data object and permitted viewers are able to view decrypted data objects after entering user selected passwords
First Claim
1. A method comprising:
- receiving a data object from a first user;
receiving a private key of the first user;
retrieving a public key of a user specifically permitted to view the data object;
encrypting the data object using an object key;
wrapping the object key with a paired key generated using the private key of the first user and the public key of the user specifically permitted to view the data object;
storing the encrypted data object with the wrapped object key;
receiving a request to access the encrypted data object from a second user;
obtaining a private key of the second user;
unwrapping the object key using a duplicate key computed from the private key of the second user and a public key of the first user;
decrypting the encrypted data object using the object key; and
providing the decrypted data object to the second user;
wherein the private key of the first user contains the dataset (a, g, p), wherein a is a randomly generated number, g is the generator, and p is a safe prime.
0 Assignments
0 Petitions
Accused Products
Abstract
A cryptographic system makes everyday data objects, such as a document or conversation, unreadable to anyone other than the owner or those currently having permission to access the data objects. The cryptographic system is transparent by requiring no additional effort on the part of any user in the encryption/decryption process other than entering a user identifier and password. Each document is encrypted with a unique encryption key. Changes to data object access permissions are immediately honored and enforced by enabling or disabling access to certain decryption keys. Decryption of data objects requires information known only to the owner of the data object or those permitted to access the data object. This decryption information is not stored anywhere in the system.
-
Citations
22 Claims
-
1. A method comprising:
-
receiving a data object from a first user; receiving a private key of the first user; retrieving a public key of a user specifically permitted to view the data object; encrypting the data object using an object key; wrapping the object key with a paired key generated using the private key of the first user and the public key of the user specifically permitted to view the data object; storing the encrypted data object with the wrapped object key; receiving a request to access the encrypted data object from a second user; obtaining a private key of the second user; unwrapping the object key using a duplicate key computed from the private key of the second user and a public key of the first user; decrypting the encrypted data object using the object key; and providing the decrypted data object to the second user; wherein the private key of the first user contains the dataset (a, g, p), wherein a is a randomly generated number, g is the generator, and p is a safe prime. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system to decrypt a data object, the system comprising:
-
at least one storage device to store one or more keys; at least one processor, coupled to the storage device; the at least one storage device to store executable machine readable instructions for controlling the processor; and the at least one processor is operative with the executable machine readable instructions to; receive a data object from a first user; receive a private key of the first user; retrieve a public key of a user specifically permitted to view the data object; encrypt the data object using an object key; wrap the object key with a paired key generated using the private key of the first user and the public key of the user specifically permitted to view the data object; store the encrypted data object with the wrapped object key; receive a request to access the encrypted data object from a second user; obtain a private key of the second user; unwrap the object key using a duplicate key computed from the private key of the second user and a public key of the first user a key providing a decryption key to decrypt the encrypted data object using key information from the first user and key information from the second user; decrypt the encrypted data object using the object key; and provide the decrypted data object to the second user wherein the private key of the first user contains the dataset (a, g, p), wherein a is a randomly generated number, g is the generator, and p is a safe prime. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium comprising instructions that, when executed by at least one processor of a machine, cause the machine to perform operations comprising:
-
receiving a data object from a first user; receiving a private key of the first user; retrieving a public key of a user specifically permitted to view the data object; encrypting the data object using an object key; wrapping the object key with a paired key generated using the private key of the first user and the public key of the user specifically permitted to view the data object; storing the encrypted data object with the wrapped object key; receiving a request to access the encrypted data object from a second user; obtaining a private key of the second user; unwrapping the object key using a duplicate key computed from the private key of the second user and a public key of the first user a key providing a decryption key to decrypt the encrypted data object using key information from the first user and key information from the second user; decrypting the encrypted data object using the object key; and providing the decrypted data object to the second user wherein the private key of the first user contains the dataset (a, g, p), wherein a is a randomly generated number, g is the generator, and p is a safe prime. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
receiving a data object from a first user; receiving a private key of the first user; retrieving a public key of a user specifically permitted to view the data object; encrypting the data object using an object key; wrapping the object key with a paired key generated using the private key of the first user and the public key of the user specifically permitted to view the data object; storing the encrypted data object with the wrapped object key; receiving a request to access the encrypted data object from a second user; obtaining a private key of the second user; unwrapping the object key using a duplicate key computed from the private key of the second user and a public key of the first user; decrypting the encrypted data object using the object key; and providing the decrypted data object to the second user; wherein the public key of the first user includes the dataset (A, g, p), where A=ga (mod p).
-
-
21. A system to decrypt a data object, the system comprising:
-
at least one storage device to store one or more keys; at least one processor, coupled to the storage device; the at least one storage device to store executable machine readable instructions for controlling the processor; and the at least one processor is operative with the executable machine readable instructions to; receive a data object from a first user; receive a private key of the first user; retrieve a public key of a user specifically permitted to view the data object; encrypt the data object using an object key; wrap the object key with a paired key generated using the private key of the first user and the public key of the user specifically permitted to view the data object; store the encrypted data object with the wrapped object key; receive a request to access the encrypted data object from a second user; obtain a private key of the second user; unwrap the object key using a duplicate key computed from the private key of the second user and a public key of the first user a key providing a decryption key to decrypt the encrypted data object using key information from the first user and key information from the second user; decrypt the encrypted data object using the object key; and provide the decrypted data object to the second user; wherein the public key of the first user includes the dataset (A, g, p), where A=ga (mod p).
-
-
22. A non-transitory computer-readable storage medium comprising instructions that, when executed by at least one processor of a machine, cause the machine to perform operations comprising:
-
receiving a data object from a first user; receiving a private key of the first user; retrieving a public key of a user specifically permitted to view the data object; encrypting the data object using an object key; wrapping the object key with a paired key generated using the private key of the first user and the public key of the user specifically permitted to view the data object; storing the encrypted data object with the wrapped object key; receiving a request to access the encrypted data object from a second user; obtaining a private key of the second user; unwrapping the object key using a duplicate key computed from the private key of the second user and a public key of the first user a key providing a decryption key to decrypt the encrypted data object using key information from the first user and key information from the second user; decrypting the encrypted data object using the object key; and providing the decrypted data object to the second user; wherein the public key of the first user includes the dataset (A, g, p), where A=ga (mod p).
-
Specification