Secure data storage and retrieval in a client-server environment
First Claim
Patent Images
1. A method of controlling access to digital data in a file comprising:
- obtaining a passphrase from a user;
generating a personal key based on the obtained passphrase;
generating a file encryption key;
encrypting the digital data in the file with the file encryption key to provide an encrypted file;
encrypting the file encryption key with the personal key to provide an encrypted file encryption key;
creating a file header containing the encrypted file encryption key;
associating the file header with the encrypted file;
obtaining a user identification associated with an owner of the file;
obtaining a file identification associated with the file; and
wherein the step of generating a personal key based on the obtained passphrase comprises the step of hashing the user identification, the passphrase and the file identification to provide the personal key.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems and computer program products are provided for controlling access to digital data in a file by obtaining a passphrase from a user and generating a personal key based on the obtained passphrase. A file encryption key is generated and the digital data in the file encrypted with the file encryption key to provide an encrypted file. The file encryption key is encrypted with the personal key to provide an encrypted file encryption key. A file header containing the encrypted file encryption key and associated with the encrypted file. The encrypted file and the file header associated with the encrypted file may be stored at a file server.
286 Citations
9 Claims
-
1. A method of controlling access to digital data in a file comprising:
-
obtaining a passphrase from a user; generating a personal key based on the obtained passphrase; generating a file encryption key; encrypting the digital data in the file with the file encryption key to provide an encrypted file; encrypting the file encryption key with the personal key to provide an encrypted file encryption key; creating a file header containing the encrypted file encryption key; associating the file header with the encrypted file; obtaining a user identification associated with an owner of the file; obtaining a file identification associated with the file; and wherein the step of generating a personal key based on the obtained passphrase comprises the step of hashing the user identification, the passphrase and the file identification to provide the personal key. - View Dependent Claims (2, 3)
-
-
4. A system for controlling access to digital data in a file comprising:
-
means for obtaining a passphrase from a user; means for generating a personal key based on the obtained passphrase; means for generating a file encryption key; means for encrypting the digital data in the file with the file encryption key to provide an encrypted file; means for encrypting the file encryption key with the personal key to provide an encrypted file encryption key; means for creating a file header containing the encrypted file encryption key; means for associating the file header with the encrypted file; means for obtaining a user identification associated with an owner of the file; means for obtaining a file identification associated with the file; and wherein the means for generating a personal key based on the obtained passphrase comprises means for hashing the user identification, the passphrase and the file identification to provide the personal key. - View Dependent Claims (5, 6)
-
-
7. A computer program product for controlling access to digital data in a file comprising:
-
a computer readable storage medium having computer readable program code embodied therein, the computer readable program code comprising; computer readable program code which obtains a passphrase from a user; computer readable program code which generates a personal key based on the obtained passphrase; computer readable program code which generates a file encryption key; computer readable program code which encrypts the digital data in the file with the file encryption key to provide an encrypted file; computer readable program code which encrypts the file encryption key with the personal key to provide an encrypted file encryption key; computer readable program code which creates a file header containing the encrypted file encryption key; and computer readable program code which associates the file header with the encrypted file; computer readable program code which obtains a user identification associated with an owner of the file; computer readable program code which obtains a file identification associated with the file; and wherein the computer readable program code which generates a personal key based on the obtained passphrase comprises computer readable program code which hashes the user identification, the passphrase and the file identification to provide the personal key. - View Dependent Claims (8, 9)
-
Specification