Cloud key escrow system
First Claim
Patent Images
1. A computer program product for implementing a method for providing third party data access to a user'"'"'s encrypted data according to a predefined policy, the computer program product comprising one or more computer-readable storage devices having stored thereon computer-executable instructions that, when executed by one or more processors of the computing system, cause the computing system to perform the method, the method comprising:
- an act of receiving a request from a third party to access a user'"'"'s stored, encrypted data, the data being stored in a data storage system according to a predefined policy, the encryption preventing the storage system from gaining access to the encrypted data, the policy allowing the encrypted data to be released upon receiving a threshold number of requests from verified third parties;
an act of sending a query to a plurality of the verified third parties, requesting permission from the verified third parties to access the user'"'"'s stored, encrypted data according to the predefined policy;
an act of receiving permission from at least a threshold number of the verified third parties; and
an act of allowing the requesting third party to access the user'"'"'s stored, encrypted data according to the predefined policy;
wherein each verified third party publishes its own public key and encrypts its share of the encrypted data using its published public key.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to allowing a user to store encrypted, third-party-accessible data in a data store and to providing third party data access to a user'"'"'s encrypted data according to a predefined policy. A data storage system receives encrypted data from a user at a data storage system. The data is encrypted using the user'"'"'s private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption prevents the storage system from gaining access to the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system accessing the encrypted data. The data storage system synchronously acknowledges that the received encrypted data has been verified and successfully stored.
44 Citations
12 Claims
-
1. A computer program product for implementing a method for providing third party data access to a user'"'"'s encrypted data according to a predefined policy, the computer program product comprising one or more computer-readable storage devices having stored thereon computer-executable instructions that, when executed by one or more processors of the computing system, cause the computing system to perform the method, the method comprising:
-
an act of receiving a request from a third party to access a user'"'"'s stored, encrypted data, the data being stored in a data storage system according to a predefined policy, the encryption preventing the storage system from gaining access to the encrypted data, the policy allowing the encrypted data to be released upon receiving a threshold number of requests from verified third parties; an act of sending a query to a plurality of the verified third parties, requesting permission from the verified third parties to access the user'"'"'s stored, encrypted data according to the predefined policy; an act of receiving permission from at least a threshold number of the verified third parties; and an act of allowing the requesting third party to access the user'"'"'s stored, encrypted data according to the predefined policy; wherein each verified third party publishes its own public key and encrypts its share of the encrypted data using its published public key. - View Dependent Claims (2, 3, 4)
-
-
5. A computer implemented method for providing third party data access to a user'"'"'s encrypted data according to a predefined policy, the method performed by executing computer-executable instructions which, when executed upon one or more processors of a computing system, cause the computing system to perform a method comprising:
-
receiving a request from a third party to access a user'"'"'s stored, encrypted data, the data being stored in a data storage system according to a predefined policy, the encryption preventing the storage system from gaining access to the encrypted data, the policy allowing the encrypted data to be released upon receiving a threshold number of requests from verified third parties; sending a query to a plurality of the verified third parties, requesting permission from the verified third parties to access the user'"'"'s stored, encrypted data according to the predefined policy; receiving permission from at least a threshold number of the verified third parties; and allowing the requesting third party to access the user'"'"'s stored, encrypted data according to the predefined policy; wherein each verified third party publishes its own public key and encrypts its share of the encrypted data using its published public key. - View Dependent Claims (6, 7, 8)
-
-
9. A system for providing third party data access to a user'"'"'s encrypted data according to a predefined policy, the system comprising one or more computer processors and one or more computer readable storage devices having encoded thereon computer executable instructions which, when executed upon one or more processors, cause the system to perform a method comprising:
-
receiving a request from a third party to access a user'"'"'s stored, encrypted data, the data being stored in a data storage system according to a predefined policy, the encryption preventing the storage system from gaining access to the encrypted data, the policy allowing the encrypted data to be released upon receiving a threshold number of requests from verified third parties; sending a query to a plurality of the verified third parties, requesting permission from the verified third parties to access the user'"'"'s stored, encrypted data according to the predefined policy; receiving permission from at least a threshold number of the verified third parties; and allowing the requesting third party to access the user'"'"'s stored, encrypted data according to the predefined policy; wherein each verified third party publishes its own public key and encrypts its share of the encrypted data using its published public key. - View Dependent Claims (10, 11, 12)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
InventorsPandey, Omkant, D'Souza, Roy Peter
-
Primary Examiner(s)SCOTT, RANDY A
-
Application NumberUS14/542,904Publication NumberTime in Patent Office925 DaysField of Search713168, 713183, 713189, 713188, 726 1, 726 5, 726 27US Class CurrentCPC Class CodesG06F 21/602 Providing cryptographic fac...G06F 2221/2107 File encryptionG06F 2221/2115 Third partyH04L 63/0428 wherein the data content is...H04L 63/0442 wherein the sending and rec...H04L 63/061 for key exchange, e.g. in p...H04L 9/0825 using asymmetric-key encryp...H04L 9/085 Secret sharing or secret sp...H04L 9/0894 Escrow, recovery or storing...
