Systems and methods for trading of text based data representation

US 9,436,849 B2
Filed: 11/21/2014
Issued: 09/06/2016
Est. Priority Date: 11/21/2014
Status: Active Grant

First Claim

Patent Images

1. A Trust-No-One system for sharing encrypted information among users securely and yet efficiently, wherein encryption keys are encrypted by using randomly generated keys when in storage, and users are kept out of possession of encryption keys in decrypted forms when in use, comprising:

a processor that generates a Record, a Recordset, and an Entity, wherein the Entity is coupled with the Record via the Recordset;

a first memory for storing an encrypted Entity Key in the Entity, storing an encrypted Record Key in the Record, and storing the RecordSet that couples the Entity and the Record;

a second memory for executing decryption, wherein a secret is used to decrypt the encrypted Entity Key, the decrypted Entity Key is further used to decrypt the encrypted RecordSet Key, the decrypted RecordSet Key is further used to decrypt the encrypted Record Key, and the decrypted Record Key is further used to decrypt data encrypted in the Record; and

a memory storing instructions configured to be executed by the processor to implement an encrypted record and encryption keys wrapping method, wherein the processor furtherreceives a request of access to the Record from the Entity,determines a permission to access the Record based on decrypting the Record Key associated with the Record using the RecordSet Key and the Entity Key associated with the Entity in the second memory, andallowing the permission to access the data when the decrypting of the Record Key is successful.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for sharing encrypted data and encryption keys through a system comprised of the following data types, but not limited to a; 1) Record and its encryption key, 2) RecordSet and its encryption key, and 3) Entity and its encryption key. A Record is encrypted using an encryption key, furthermore, the Record encryption key is encrypted using a RecordSet encryption key, and finally, both the encrypted Record and its encrypted encryption key are wrapped as a single unit, to avoid key the expensive operations of key lookup and general key operation overhead. Access control to the RecordSet encryption keys are provided by a combination of data types, but not limited to a; 1) Entity and its encryption key, 2) Ciphers, and 3) Trusted Entity Lists. For each Entity which is authorized access to access a RecordSet, an encrypted Cipher, made of both the Entity encryption key and RecordSet encryption key, is added to a Trusted Entity List. Tokens are protected by user defined secrets, comprised of Entity encryption keys.

Citations

9 Claims

1. A Trust-No-One system for sharing encrypted information among users securely and yet efficiently, wherein encryption keys are encrypted by using randomly generated keys when in storage, and users are kept out of possession of encryption keys in decrypted forms when in use, comprising:
- a processor that generates a Record, a Recordset, and an Entity, wherein the Entity is coupled with the Record via the Recordset;
  
  a first memory for storing an encrypted Entity Key in the Entity, storing an encrypted Record Key in the Record, and storing the RecordSet that couples the Entity and the Record;
  
  a second memory for executing decryption, wherein a secret is used to decrypt the encrypted Entity Key, the decrypted Entity Key is further used to decrypt the encrypted RecordSet Key, the decrypted RecordSet Key is further used to decrypt the encrypted Record Key, and the decrypted Record Key is further used to decrypt data encrypted in the Record; and
  
  a memory storing instructions configured to be executed by the processor to implement an encrypted record and encryption keys wrapping method, wherein the processor furtherreceives a request of access to the Record from the Entity,determines a permission to access the Record based on decrypting the Record Key associated with the Record using the RecordSet Key and the Entity Key associated with the Entity in the second memory, andallowing the permission to access the data when the decrypting of the Record Key is successful.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the system further comprises an access control method that enables sharing access without a centralized key store, the method comprising:
    - adding a token-type in each of said tokens, wherein said token-type is of type TOKEN-ACCESS, ENTITY-ACCESS, or ENTITY-ASSIGN;
      
      sharing tokens among user entities and user group entities, and by adding each of said user entities and user group entities to said Trusted Entity List;
      
      locating said Trusted Entity Lists by means of entity keys stored in each of said tokens; and
      
      decrypting said entity keys by means of said secrets in each of said tokens.
  - 3. The system of claim 1, wherein the system further comprises a rekey method to update said recordset key without decryption of said records.
  - 4. The system of claim 1, wherein the system further comprises a regrouping method to share said record to additional recordsets without decryption of said records.
  - 5. The system of claim 1, wherein the system further comprises a secure and efficient record export method, the method comprises:
    - adding said token'"'"'s secret to said Trusted Entity List in place of said entity key; and
      
      decrypt said recordset cipher by means of said token'"'"'s secret to retrieve said recordset key.
  - 6. The system of claim 1, wherein the system further comprises a Entity Key distribution method for creating a token by encryption of said Entity Key and said Record Key;
    - and protecting said token with a user defined secret.
  - 7. The system of claim 1, wherein the system further comprises an encryption keys creation method, the method comprises:
    - creating said record key with the use of a bitstream;
      
      creating said recordset key with the use of a bitstream;
      
      creating said Entity Key with the use of a bitstream; and
      
      creating said Cipher with the use of both Entity Key and RecordSet Key.
  - 8. The system of claim 1, wherein the system further comprises a decryption method, the method comprises:
    - obtaining an encrypted record;
      
      obtaining an RecordSet Key associated with said encrypted record;
      
      obtaining a RecordKey Cipher associated with said encrypted record;
      
      decrypting said RecordKey Cipher with said RecordSet key to obtain a Record Key; and
      
      decrypting said encrypted record with said Record Key to obtain a Record.
  - 9. The method of claim 8, wherein the method further comprises a Record modification method, the method comprises:
    - obtaining a modified Record;
      
      encrypting said modified Record with said Record Key to obtain an replacement Record;
      
      associating said replacement Record with said RecordKey Cipher; and
      
      associating said replacement Record with said RecordSet Key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wai Pong Leung, Wong, Sze Yuen
Original Assignee
Wai Pong Leung, Wong, Sze Yuen
Inventors
Wong, Sze Yuen, Leung, Wai Pong
Primary Examiner(s)
Mehedi, Morshed
Assistant Examiner(s)
Getachew, Abiy

Application Number

US14/549,838
Publication Number

US 20160148021A1
Time in Patent Office

655 Days
Field of Search

713/193, 380/284
US Class Current

1/1
CPC Class Codes

G06F 21/33   using certificates

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 21/78   to assure secure storage of...

Systems and methods for trading of text based data representation

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for trading of text based data representation

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links