Method and system for secure information handling
First Claim
1. A method for the secure handling of information encrypted to a data set, the information requested by a requesting consumer client, the data set stored on at least one storage device, the method comprising decrypting a value required to decrypt the information, the value decrypted by correctly solving an access formula describing a function of groups, each group comprising a list of at least one client, wherein the requesting consumer client is granted access to the information if the requesting consumer client is a member of at least one group which correctly solves the access formula.
3 Assignments
0 Petitions
Accused Products
Abstract
Information that must remain secure is often stored on untrusted storage devices. To increase security, this information is encrypted by an encryption value prior to storing on the untrusted storage device. The encryption value itself is then encrypted. The encryption value is decrypted by correctly solving an access formula describing a function of groups. Each group includes a list of at least one consumer client. A requesting consumer client is granted access to the information if the requesting consumer client is a member of at least one group which correctly solves the access formula.
228 Citations
17 Claims
- 1. A method for the secure handling of information encrypted to a data set, the information requested by a requesting consumer client, the data set stored on at least one storage device, the method comprising decrypting a value required to decrypt the information, the value decrypted by correctly solving an access formula describing a function of groups, each group comprising a list of at least one client, wherein the requesting consumer client is granted access to the information if the requesting consumer client is a member of at least one group which correctly solves the access formula.
-
3. A method for the secure handling of information by at least one client using at least one untrusted storage device, each client connected to the at least one untrusted storage device using a network, the network further having a key manager for issuing private key and public key matched pairs for use with an asymmetric encryption and decryption scheme, the scheme allowing a file encrypted with a public key to be decrypted only with a matched private key, the method comprising:
-
creating at least one group, each group comprising a list of at least one consumer client; acquiring a public key and a matched private key for each of the at least one group; encrypting an information set to produce a data set, the encryption based on a randomly generated number; determining an access formula expressing logical combination of the at least one group for which access to the information set will be granted, solution of the access formula by at least one solution group indicating that a consumer client belonging to the at least one solution group may access the encrypted information set; asymmetrically encrypting the randomly generated number using the determined access formula and the public key for each of the at least one group granted access to the information set; adding the encrypted randomly generated number to the data set; and storing the data set on at least one untrusted storage device. - View Dependent Claims (4, 5, 6, 7, 8)
-
-
9. A system for the secure handling of information stored on at least one untrusted storage device connected to a network comprising:
-
a key manager connected to the network, the key manager operable to generate private key and public key matched pairs for use with an asymmetric encryption and decryption scheme, the scheme allowing a file encrypted with a public key to be decrypted only with a matched private key; at least one group server connected to the network, each group server operable to (a) maintain at least one group, each group comprising a list of client members allowed access to information produced by any client member of the group, and (b) obtain a private key and matched public key for each group; and at least one producer client connected to the network, the producer client operative to (a) encrypt an information set to produce a data set, the encryption based on an encryption value, (b) determine an access formula expressing logical combination of the at least one group for which access to the information set will be granted, solution of the access formula by at least one solution group indicating that a client belonging to the at least one solution group may access the encrypted information set, (c) asymmetrically encrypt the encryption value using the determined access formula and the public key for each of the at least one group for which access to the information set may be granted, (d) add the encrypted encryption value and the access formula to the data set, and (e) store the data set on at least one untrusted storage device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
Specification