Accessing protected data on network storage from multiple devices
First Claim
Patent Images
1. A method comprising:
- securely storing data on a remote network for access by devices that belong to an authorized domain by;
a domain member device of said authorized domain establishing an authenticated channel between said domain member device and a candidate device that is to be included in the domain, over which channel authentication data of the candidate device is sent;
said domain member device receiving an encryption key from said candidate device;
said domain member device encrypting a confidential domain key with said encryption key of said candidate device and storing the encrypted confidential domain key,thereby including said candidate device in the domain so that said candidate device included in said authorized domain is enabled to store encrypted data of a user of said candidate device on the remote network along with other encrypted data of other users encrypted at any storing domain member device and stored on the remote network and made accessible to said devices that belong to the authorized domain by means of the confidential domain key, wherein said including the candidate device in the domain is performed by a master device included in the domain,said master device storing, on the remote network, a domain list comprising a domain identifier, a encryption key of each domain member device, a message authentication code including each encryption key and a domain authentication key derived from the confidential domain key, and encrypted encryption key that corresponds to each domain member device;
said master device deleting, when a domain member device is removed from the domain, the encryption key corresponding to said domain member from the existing domain list;
said master device creating a new confidential domain key;
said master device encrypting the new confidential domain key with each remaining encryption key obtained from the existing domain list and producing a new message authentication code based on the new confidential domain key and the remaining encryption keys; and
said master device creating an updated domain list based on the new confidential domain key and storing the updated domain list on the remote network.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to a method and a system of securely storing data on a network (100) for access by an authorized domain (101, 102, 103), which authorized domain includes at least two devices that share a confidential domain key (K), and an authorized domain management system for securely storing data on a network for access by an authorized domain. The present invention enables any member device to store protected data on the network such that any other member device can access the data in plaintext without having to communicate with the device that actually stored the data.
34 Citations
44 Claims
-
1. A method comprising:
-
securely storing data on a remote network for access by devices that belong to an authorized domain by; a domain member device of said authorized domain establishing an authenticated channel between said domain member device and a candidate device that is to be included in the domain, over which channel authentication data of the candidate device is sent; said domain member device receiving an encryption key from said candidate device; said domain member device encrypting a confidential domain key with said encryption key of said candidate device and storing the encrypted confidential domain key, thereby including said candidate device in the domain so that said candidate device included in said authorized domain is enabled to store encrypted data of a user of said candidate device on the remote network along with other encrypted data of other users encrypted at any storing domain member device and stored on the remote network and made accessible to said devices that belong to the authorized domain by means of the confidential domain key, wherein said including the candidate device in the domain is performed by a master device included in the domain, said master device storing, on the remote network, a domain list comprising a domain identifier, a encryption key of each domain member device, a message authentication code including each encryption key and a domain authentication key derived from the confidential domain key, and encrypted encryption key that corresponds to each domain member device; said master device deleting, when a domain member device is removed from the domain, the encryption key corresponding to said domain member from the existing domain list; said master device creating a new confidential domain key; said master device encrypting the new confidential domain key with each remaining encryption key obtained from the existing domain list and producing a new message authentication code based on the new confidential domain key and the remaining encryption keys; and said master device creating an updated domain list based on the new confidential domain key and storing the updated domain list on the remote network. - View Dependent Claims (2, 6, 10, 11, 12, 13, 14, 39)
-
-
3. A method comprising:
-
securely storing data on a network for access by devices that belong to an authorized domain by; a candidate device exchanging authentication data over an authenticated channel established with a domain member device that is included in an authorized domain, wherein said authentication data includes an encryption key of the candidate device with which a confidential domain key is encrypted and provided to said candidate device, said candidate device encrypting data with the confidential domain key; and outputting the encrypted confidential domain key and the encrypted data for storage on a remote network, wherein a network server is configured to store, on the remote network, a domain list comprising a domain identifier, an encryption key of each domain member device, a message authentication code including each encryption key and a domain authentication key derived from the confidential domain key, and the encrypted encryption keys that correspond to each domain member device, wherein when a domain member device is removed from the domain;
the encryption key corresponding to said domain member is deleted from the existing domain list;a new confidential domain key is created; the new confidential domain key is encrypted with each remaining encryption key obtained from the existing domain list and wherein a new message authentication code is produced based on the new confidential domain key and the remaining encryption keys; and an updated domain list is created based on the new confidential domain key and wherein the updated domain list is stored on the network. - View Dependent Claims (4, 5, 7, 8, 9)
-
-
15. An apparatus comprising:
-
a processor configured, with software, to cause the apparatus to establish an authenticated channel between the apparatus, acting as a domain member device, and a candidate device that is to be included in an authorized domain, over which channel an encryption key of the candidate device is sent; encrypt a confidential domain key with the encryption key of said candidate device; and store the encrypted confidential domain key, so that said candidate device is included in the domain, wherein encrypted data is storable on a remote network for access by devices that belong to the authorized domain, which encrypted data includes data that is encrypted at any storing domain member device by means of the confidential domain key, wherein a network server is configured to store, on the network, a domain list comprising a domain identifier, the encryption key of each domain member device, a message authentication code including each encryption key and a domain authentication key derived from the confidential domain key, and the encrypted confidential domain key that corresponds to each domain member device, wherein when a domain member device is removed from the domain; the encryption key corresponding to said domain member device is deleted from an existing domain list; a new confidential domain key is created; wherein the new domain key is used to encrypt with each remaining encryption key obtained from the existing domain list and produce a new message authentication code based on the new confidential domain key and the remaining encryption keys; and
wherein an updated domain list is created based on the new domain key and wherein the updated domain list is stored on the network. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. An apparatus comprising:
-
a processor and software configured to cause said apparatus to; establish an authenticated channel with a candidate device that is to be included in an authorized domain, over which channel authentication data of the candidate device is sent; encrypt a confidential domain key with the encryption key of the candidate device; encrypt data with the confidential domain key; output the encrypted confidential domain key and the encrypted data; access the encrypted data stored on a remote network; and decrypt said data by means of the confidential domain key, wherein a network server is configured to store, on the remote network, a domain list comprising a domain identifier, the encryption key of each domain member device, a message authentication code including each encryption key and a domain authentication key derived from the confidential domain key, and the encrypted confidential domain key that corresponds to each domain member device, wherein when a domain member device is removed from the domain; a corresponding encryption key is deleted from an existing domain list; a new confidential domain key is created; wherein the new confidential domain key is encrypted with each remaining encryption key obtained from the existing domain list to produce a new message authentication code based on the new confidential domain key and the remaining encryption keys; and
whereinan updated domain list is created based on the new confidential domain key and wherein the updated domain list is stored on the network. - View Dependent Claims (28)
-
-
29. An apparatus comprising:
-
a processor and software together configured to cause the apparatus to; send authentication data over an authenticated channel established with a master device that is included in an authorized domain; encrypt a confidential domain key with an encryption key of the candidate device; encrypt data with the domain key; and output the encrypted confidential domain key and the encrypted data for storage of the encrypted data on a remote network, wherein a network server is configured to store, on the network, a domain list comprising a domain identifier, the encryption key of each domain member device, a message authentication code including each encryption key and a domain authentication key derived from the confidential domain key, and the encrypted encryption keys that corresponds to each domain member device, wherein when a domain member device is removed from the domain; a corresponding encryption key is deleted from an existing domain list; a confidential new domain key is created; wherein the new confidential domain key is used to encrypt with each remaining encryption key obtained from the existing domain list and produce a new message authentication code based on the new confidential domain key and the remaining encryption keys; and
wherein an updated domain list is created based on the new confidential domain key and wherein the updated domain list is stored on the network. - View Dependent Claims (30)
-
-
31. A method comprising:
-
deleting, at a domain master device that belongs to an authorized domain, when a domain member device that belongs to the authorized domain is removed from the authorized domain, an encryption key that corresponds to said domain member device from an existing domain list for the authorized domain, wherein the domain list comprises a domain identifier, an encryption key of each domain member device, a message authentication code including the encryption key of each domain member device and a corresponding domain authentication key derived from the domain key, and an encrypted domain key that corresponds to each domain member device, and which domain list is stored on the storage device; creating, at the master device, a new confidential domain key; encrypting, at the domain master device, the new confidential new domain key with each remaining encryption key, said each remaining encryption key being associated with a respective remaining domain member device obtained from the existing domain list and producing a new message authentication code based on the new domain key and the remaining encryption keys; and creating, at the domain master device, an updated domain list for the authorized domain based on the new confidential domain key and storing the updated domain list on the storage device to which the remaining domain member devices that belong to the authorized domain have access. - View Dependent Claims (32, 33, 34)
-
-
35. An apparatus comprising:
-
a processor and software together configured to delete, when a domain member device is removed from a domain, a corresponding encryption key that corresponds to said member device from an existing domain list wherein the processor and the software are further configured to cause the apparatus to store, on a storage device, the existing domain list comprising a domain identifier, an encryption key of each domain member device, a message authentication code including each encryption key and a domain authentication key derived from a confidential domain key, and encrypted domain key that corresponds to each domain member device; create a new confidential domain key; encrypts the new confidential domain key with each remaining encryption key, said each remaining encryption key being associated with a respective domain member device obtained from the existing domain list and producing a new message authentication code based on the new confidential domain key and the remaining encryption keys; and create an updated copy of the domain list based on the new confidential domain key and storing the updated domain list on a storage device. - View Dependent Claims (36, 37, 38)
-
-
40. A method comprising:
-
a network server of a remote network controlling access to remotely stored data by creating access authentication data that is known to said network server of the remote network and to member devices that are allowed to access the data stored on the remote network, checking the identity of the accessing member device and authenticating the accessing member device by means of a cryptographic operation involving the access authentication data, the network server further controlling access by the accessing member device to the data stored on the network by checking whether the accessing member device is in possession of said authentication data, wherein the identity of the accessing member device comprises an identity of a domain to which the member devices belong, and the device authentication is created by the network server receiving a hash value of the access authentication data, wherein a domain list comprising copies of the access authentication data is stored on the remote network, each copy being encrypted by a public key of each member device having access to said data stored on the remote network and creating, at the network server, new access authentication data when a member device is removed from the domain; and replacing the existing domain list with a new domain list that contains the new access authentication data. - View Dependent Claims (41)
-
-
42. Apparatus comprising:
-
a processor; and a storage device having a stored computer program configured to, with the processor, cause the apparatus at least to; store access authentication data that is in possession of devices that are allowed to access data stored in a domain list comprising copies of the access authentication data, each copy being encrypted by a public key of each device having access to said data on a remote network; check whether a device seeking access to the data stored on the remote network is in possession of said access authentication data by an identity check of said device seeking access to the data stored on the remote network and by an authentication check of the device seeking access to the data stored on the remote network by means of a cryptographic operation involving the access authentication data, wherein the identity of said device seeking access to the data stored on the remote network is checked for an associated identity of the domain to which the device belongs, and authentication of the device is performed with a hash value of the access authentication data, wherein the stored computer program is configured to, with the processor, cause the apparatus to; store new access authentication data when a member device is removed from the domain; and replace the domain list with a new domain list that contains the new access authentication data. - View Dependent Claims (43, 44)
-
Specification