×

System and method for secure release of secret information over a network

  • US 9,819,491 B2
  • Filed: 05/09/2016
  • Issued: 11/14/2017
  • Est. Priority Date: 04/02/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method for a computer system to securely manage secret information over a network, the system having a server being communicatively coupled to one or more trustees, the method being performed by the server and comprising:

  • receiving a secret payload from a depositing client, wherein the secret payload is encrypted by a client public key and can only be decrypted with a client private key, which is not possessed by either the server or the trustees;

    receiving, from the depositing client, companion information associated with and specific to the secret payload, wherein the companion information is encrypted by a server public key and can only be decrypted with a server private key, which is possessed by the server, and wherein the companion information includes rules for accessing the secret payload, the rules identifying a list of trustees from the one or more trustees and a trustee policy that specifies a manner necessary for the list of trustees to approve access requests to the secret payload;

    storing the secret payload along with the companion information;

    receiving, from a requesting client, an access request to access the secret payload, the access request being encrypted by the server public key and including a seed, wherein the seed is randomly generated by the server and assigned to the requesting client in a preceding transaction;

    decrypting the access request using the server private key;

    verifying a validity of the access request based on the seed;

    after the access request is verified, sending an authorization request regarding the access request to each trustee in the list of trustees, wherein each authorization request sent to each trustee from the list of trustees is encrypted with a trustee public key that corresponds to a respective trustee;

    receiving responses to the authorization requests from the list of trustees;

    applying the trustee policy to the received responses to determine whether to disseminate the secret payload; and

    selectively disseminating the secret payload to the requesting client based on a result of applying the trustee policy and causing the requesting client to limit storage of the disseminated secret payload to a volatile memory.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×