Accessing protected data on network storage from multiple devices

US 8,059,818 B2
Filed: 02/11/2005
Issued: 11/15/2011
Est. Priority Date: 02/13/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

securely storing data on a remote network for access by devices that belong to an authorized domain by;

a domain member device of said authorized domain establishing an authenticated channel between said domain member device and a candidate device that is to be included in the domain, over which channel authentication data of the candidate device is sent;

said domain member device receiving an encryption key from said candidate device;

said domain member device encrypting a confidential domain key with said encryption key of said candidate device and storing the encrypted confidential domain key,thereby including said candidate device in the domain so that said candidate device included in said authorized domain is enabled to store encrypted data of a user of said candidate device on the remote network along with other encrypted data of other users encrypted at any storing domain member device and stored on the remote network and made accessible to said devices that belong to the authorized domain by means of the confidential domain key, wherein said including the candidate device in the domain is performed by a master device included in the domain,said master device storing, on the remote network, a domain list comprising a domain identifier, a encryption key of each domain member device, a message authentication code including each encryption key and a domain authentication key derived from the confidential domain key, and encrypted encryption key that corresponds to each domain member device;

said master device deleting, when a domain member device is removed from the domain, the encryption key corresponding to said domain member from the existing domain list;

said master device creating a new confidential domain key;

said master device encrypting the new confidential domain key with each remaining encryption key obtained from the existing domain list and producing a new message authentication code based on the new confidential domain key and the remaining encryption keys; and

said master device creating an updated domain list based on the new confidential domain key and storing the updated domain list on the remote network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method and a system of securely storing data on a network (100) for access by an authorized domain (101, 102, 103), which authorized domain includes at least two devices that share a confidential domain key (K), and an authorized domain management system for securely storing data on a network for access by an authorized domain. The present invention enables any member device to store protected data on the network such that any other member device can access the data in plaintext without having to communicate with the device that actually stored the data.

34 Citations

View as Search Results

44 Claims

1. A method comprising:
- securely storing data on a remote network for access by devices that belong to an authorized domain by;
  
  a domain member device of said authorized domain establishing an authenticated channel between said domain member device and a candidate device that is to be included in the domain, over which channel authentication data of the candidate device is sent;
  
  said domain member device receiving an encryption key from said candidate device;
  
  said domain member device encrypting a confidential domain key with said encryption key of said candidate device and storing the encrypted confidential domain key,thereby including said candidate device in the domain so that said candidate device included in said authorized domain is enabled to store encrypted data of a user of said candidate device on the remote network along with other encrypted data of other users encrypted at any storing domain member device and stored on the remote network and made accessible to said devices that belong to the authorized domain by means of the confidential domain key, wherein said including the candidate device in the domain is performed by a master device included in the domain,said master device storing, on the remote network, a domain list comprising a domain identifier, a encryption key of each domain member device, a message authentication code including each encryption key and a domain authentication key derived from the confidential domain key, and encrypted encryption key that corresponds to each domain member device;
  
  said master device deleting, when a domain member device is removed from the domain, the encryption key corresponding to said domain member from the existing domain list;
  
  said master device creating a new confidential domain key;
  
  said master device encrypting the new confidential domain key with each remaining encryption key obtained from the existing domain list and producing a new message authentication code based on the new confidential domain key and the remaining encryption keys; and
  
  said master device creating an updated domain list based on the new confidential domain key and storing the updated domain list on the remote network.
- View Dependent Claims (2, 6, 10, 11, 12, 13, 14, 39)
- - 2. The method according to claim 1, wherein storing the encrypted confidential domain key further comprises:
    - storing the encrypted confidential domain key locally at the domain member device or on the remote network.
  - 6. The method according to claim 1, further comprising:
    - establishing a confidential channel between the domain member device and the candidate device that is to be included in the domain, over which confidential channel the encryption key of the candidate device is received by the domain member device.
  - 10. The method according to claim 1, wherein said authenticated channel comprises a location-limited channel requiring physical closeness of said domain member device and said candidate device.
  - 11. The method according to claim 1, wherein said domain member device comprises a master device.
  - 12. The method according to claim 1, further comprising storing the updated domain list on the remote network by appending the updated domain list to the existing domain list.
  - 13. The method according to claim 12, further comprising:
    - initializing a usage counter when a new confidential domain key is created;
      
      incrementing the usage counter when a data file is encrypted by means of the new domain key; and
      
      decrementing the usage counter when a data file is decrypted by means of the new confidential domain key, wherein an existing domain list can be deleted if its domain key is no longer in use, which is indicated by the usage counter reaching an associated initialization value and a domain list being appended to the domain list to be deleted.
  - 14. The method according to claim 1, further comprising:
    - decrypting, at the master device, the encrypted data stored on the remote network by means of the confidential domain key;
      
      encrypting, at the master device, the data by means of the new confidential domain key and storing the encrypted data on the network; and
      
      deleting the existing domain list.
  - 39. A non-transitory computer computer storage device comprising computer program instructions, which when executed by a processor in an apparatus, causes said apparatus to perform the method of claim 1.

3. A method comprising:
- securely storing data on a network for access by devices that belong to an authorized domain by;
  
  a candidate device exchanging authentication data over an authenticated channel established with a domain member device that is included in an authorized domain, wherein said authentication data includes an encryption key of the candidate device with which a confidential domain key is encrypted and provided to said candidate device, said candidate device encrypting data with the confidential domain key; and
  
  outputting the encrypted confidential domain key and the encrypted data for storage on a remote network,wherein a network server is configured to store, on the remote network, a domain list comprising a domain identifier, an encryption key of each domain member device, a message authentication code including each encryption key and a domain authentication key derived from the confidential domain key, and the encrypted encryption keys that correspond to each domain member device,wherein when a domain member device is removed from the domain;
  
  the encryption key corresponding to said domain member is deleted from the existing domain list;
  
  a new confidential domain key is created;
  
  the new confidential domain key is encrypted with each remaining encryption key obtained from the existing domain list and wherein a new message authentication code is produced based on the new confidential domain key and the remaining encryption keys; and
  
  an updated domain list is created based on the new confidential domain key and wherein the updated domain list is stored on the network.
- View Dependent Claims (4, 5, 7, 8, 9)
- - 4. The method according to claim 3, further comprising:
    - said candidate device included in said authorized domain fetching the encrypted confidential domain key which is encrypted by the encryption key of said storing candidate member device included in said authorized domain, decrypting the encrypted confidential domain key with the decryption key of the storing candidate device, and accessing encrypted data stored on the remote network, which data is user data stored by any accessing domain member device.
  - 5. The method according to claim 4, further comprising:
    - sending said encryption key from the candidate device to the domain member device via the authenticated channel, wherein said encryption key is a public key and said decryption key is a private key of the candidate device, which private key corresponds to said public key.
  - 7. The method according to claim 4, wherein said encryption key is a public key and said decryption key is a private key of the candidate device, which private key corresponds to said public key.
  - 8. The method according to claim 4, wherein said encryption key is a confidential symmetric key of the candidate device and said decryption key is the same confidential symmetric key.
  - 9. The method according to claim 4, wherein encrypting data before storing the encrypted data on the network and decrypting said encrypted data is performed by a file encryption key generated by executing a pseudo random function based on a function input comprising the confidential domain key and a domain identifier.

15. An apparatus comprising:
- a processor configured, with software, to cause the apparatus toestablish an authenticated channel between the apparatus, acting as a domain member device, and a candidate device that is to be included in an authorized domain, over which channel an encryption key of the candidate device is sent;
  
  encrypt a confidential domain key with the encryption key of said candidate device; and
  
  store the encrypted confidential domain key, so that said candidate device is included in the domain, wherein encrypted data is storable on a remote network for access by devices that belong to the authorized domain, which encrypted data includes data that is encrypted at any storing domain member device by means of the confidential domain key, wherein a network server is configured to store, on the network,a domain list comprising a domain identifier, the encryption key of each domain member device, a message authentication code including each encryption key and a domain authentication key derived from the confidential domain key, and the encrypted confidential domain key that corresponds to each domain member device,wherein when a domain member device is removed from the domain;
  
  the encryption key corresponding to said domain member device is deleted from an existing domain list;
  
  a new confidential domain key is created;
  
  wherein the new domain key is used to encrypt with each remaining encryption key obtained from the existing domain list and produce a new message authentication code based on the new confidential domain key and the remaining encryption keys; and
  
  wherein an updated domain list is created based on the new domain key and wherein the updated domain list is stored on the network.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 16. The apparatus according to claim 15, wherein the encrypted confidential domain key is stored locally at any of the domain member device, or on the network.
  - 17. The apparatus according to claim 15, wherein the encrypted confidential domain key, which is encrypted by the encryption key of said any domain member device, is decryptable with a corresponding decryption key of said any domain member device.
  - 18. The apparatus according to claim 17, wherein remotely stored data is decryptable at any accessing domain member device by means of the confidential domain key, wherein the domain key is obtainable by fetching the encrypted confidential domain key encrypted by the encryption key of said any accessing domain member device, and wherein the encrypted confidential domain key is decryptable with the corresponding decryption key of said any accessing domain member device.
  - 19. The apparatus according to claim 17, wherein said encryption key sent from the candidate device to the apparatus acting as a domain member device via the authenticated channel is a public key and said decryption key is a private key of the candidate device, which private key corresponds to said public key.
  - 20. The apparatus according to claim 15, wherein said encryption key is a confidential symmetric key of the candidate device and said decryption key is the same confidential symmetric key.
  - 21. The apparatus according to claim 15, wherein a file encryption key generated by executing a pseudo random function based on a function input comprising the confidential domain key and a domain identifier is arranged to encrypt data before the encrypted data is stored on the network.
  - 22. The apparatus according to claim 15, wherein a master device included in the domain is configured to include a candidate device.
  - 23. The apparatus according to claim 15, wherein said authenticated channel comprises a location-limited channel requiring physical closeness of said domain member device and said candidate device.
  - 24. The apparatus according to claim 15, wherein the updated domain list is appended to the existing domain list.
  - 25. The apparatus according to claim 24, wherein each confidential domain key has an associated usage counter that is part of the specific domain list to which the domain key belongs, which counter is initialized when a new confidential domain key is created and which counter is incremented when a data file is encrypted by means of the new confidential domain key and decremented when a data file is decrypted by means of the new confidential domain key, wherein an existing domain list can be deleted if its confidential domain key is no longer in use, which is indicated by the usage counter reaching an associated initialization value and a domain list being appended to the domain list to be deleted.
  - 26. The apparatus according to claim 15 wherein the encrypted data stored on the network is decrypted by means of the confidential domain key;
    - wherein the data is encrypted by means of the new domain key and the encrypted data is stored on the network; and
      
      the existing domain list is deleted.

27. An apparatus comprising:
- a processor and software configured to cause said apparatus to;
  
  establish an authenticated channel with a candidate device that is to be included in an authorized domain, over which channel authentication data of the candidate device is sent;
  
  encrypt a confidential domain key with the encryption key of the candidate device;
  
  encrypt data with the confidential domain key;
  
  output the encrypted confidential domain key and the encrypted data;
  
  access the encrypted data stored on a remote network; and
  
  decrypt said data by means of the confidential domain key, wherein a network server is configured to store, on the remote network, a domain list comprising a domain identifier, the encryption key of each domain member device, a message authentication code including each encryption key and a domain authentication key derived from the confidential domain key, and the encrypted confidential domain key that corresponds to each domain member device, wherein when a domain member device is removed from the domain;
  
  a corresponding encryption key is deleted from an existing domain list;
  
  a new confidential domain key is created;
  
  wherein the new confidential domain key is encrypted with each remaining encryption key obtained from the existing domain list to produce a new message authentication code based on the new confidential domain key and the remaining encryption keys; and
  
  whereinan updated domain list is created based on the new confidential domain key and wherein the updated domain list is stored on the network.
- View Dependent Claims (28)
- - 28. The apparatus according to claim 27, wherein to establish an authenticated channel, a confidential channel is established with the candidate device that is to be included in the domain, over which confidential channel the encryption key of the candidate device is sent.

29. An apparatus comprising:
- a processor and software together configured to cause the apparatus to;
  
  send authentication data over an authenticated channel established with a master device that is included in an authorized domain;
  
  encrypt a confidential domain key with an encryption key of the candidate device;
  
  encrypt data with the domain key; and
  
  output the encrypted confidential domain key and the encrypted data for storage of the encrypted data on a remote network, wherein a network server is configured to store, on the network, a domain list comprising a domain identifier, the encryption key of each domain member device, a message authentication code including each encryption key and a domain authentication key derived from the confidential domain key, and the encrypted encryption keys that corresponds to each domain member device, wherein when a domain member device is removed from the domain;
  
  a corresponding encryption key is deleted from an existing domain list;
  
  a confidential new domain key is created;
  
  wherein the new confidential domain key is used to encrypt with each remaining encryption key obtained from the existing domain list and produce a new message authentication code based on the new confidential domain key and the remaining encryption keys; and
  
  wherein an updated domain list is created based on the new confidential domain key and wherein the updated domain list is stored on the network.
- View Dependent Claims (30)
- - 30. The apparatus according to claim 29, the processor and software together configured to:
    - access encrypted data of one or more other devices that belong to said authorized domain and that is stored on said remote network; and
      
      decrypt said encrypted data of said one or more other devices accessed on said remote network.

31. A method comprising:
- deleting, at a domain master device that belongs to an authorized domain, when a domain member device that belongs to the authorized domain is removed from the authorized domain, an encryption key that corresponds to said domain member device from an existing domain list for the authorized domain, wherein the domain list comprises a domain identifier, an encryption key of each domain member device, a message authentication code including the encryption key of each domain member device and a corresponding domain authentication key derived from the domain key, and an encrypted domain key that corresponds to each domain member device, and which domain list is stored on the storage device;
  
  creating, at the master device, a new confidential domain key;
  
  encrypting, at the domain master device, the new confidential new domain key with each remaining encryption key, said each remaining encryption key being associated with a respective remaining domain member device obtained from the existing domain list and producing a new message authentication code based on the new domain key and the remaining encryption keys; and
  
  creating, at the domain master device, an updated domain list for the authorized domain based on the new confidential domain key and storing the updated domain list on the storage device to which the remaining domain member devices that belong to the authorized domain have access.
- View Dependent Claims (32, 33, 34)
- - 32. The method according to claim 31, wherein storing the updated domain list on the storage device further comprises:
    - appending the updated domain list to the existing domain list.
  - 33. The method according to claim 32, further comprising:
    - initializing a usage counter when a new confidential domain key is created;
      
      incrementing the usage counter when a data file is encrypted by means of the new confidential domain key; and
      
      decrementing the usage counter when a data file is decrypted by means of the new confidential domain key, wherein an existing domain list is deleted if its confidential domain key is no longer in use, which is indicated by the usage counter reaching an initialization value and a domain list being appended to the domain deleted list.
  - 34. The method according to claim 31, further comprising:
    - decrypting, at the domain master device, the encrypted data stored on the storage device by means of the confidential domain key;
      
      encrypting, at the master device, the data by means of the new confidential domain key and storing the encrypted data on the storage device; and
      
      deleting the existing domain list.

35. An apparatus comprising:
- a processor and software together configured todelete, when a domain member device is removed from a domain, a corresponding encryption key that corresponds to said member device from an existing domain list wherein the processor and the software are further configured to cause the apparatus to store, on a storage device, the existing domain list comprising a domain identifier, an encryption key of each domain member device, a message authentication code including each encryption key and a domain authentication key derived from a confidential domain key, and encrypted domain key that corresponds to each domain member device;
  
  create a new confidential domain key;
  
  encrypts the new confidential domain key with each remaining encryption key, said each remaining encryption key being associated with a respective domain member device obtained from the existing domain list and producing a new message authentication code based on the new confidential domain key and the remaining encryption keys; and
  
  create an updated copy of the domain list based on the new confidential domain key and storing the updated domain list on a storage device.
- View Dependent Claims (36, 37, 38)
- - 36. The apparatus according to claim 35, wherein the processor and the software are further configured to cause the apparatus to append the updated domain list to the stored domain list.
  - 37. The apparatus according to claim 36, wherein each confidential domain key has an associated usage counter that is part of a specific domain list to which the confidential domain key belongs, which counter is initialized when a new confidential domain key is created and which counter is incremented when a data file is encrypted by means of the new confidential domain key and decremented when a data file is decrypted by means of the new confidential domain key, wherein an existing domain list can be deleted if its confidential domain key is no longer in use, which is indicated by the usage counter reaching an initialization value and a domain list being appended to the domain list to be deleted.
  - 38. The apparatus according to claim 35, wherein the processor and the software are further configured to cause the apparatus to:
    - decrypt the encrypted data stored on the storage device by means of the confidential domain key;
      
      encrypt the data with the new confidential domain key;
      
      store the encrypted data on the storage device; and
      
      delete the existing domain list.

40. A method comprising:
- a network server of a remote network controlling access to remotely stored data bycreating access authentication data that is known to said network server of the remote network and to member devices that are allowed to access the data stored on the remote network,checking the identity of the accessing member device and authenticating the accessing member device by means of a cryptographic operation involving the access authentication data,the network server further controlling access by the accessing member device to the data stored on the network bychecking whether the accessing member device is in possession of said authentication data, wherein the identity of the accessing member device comprises an identity of a domain to which the member devices belong, and the device authentication is created by the network server receiving a hash value of the access authentication data, wherein a domain list comprising copies of the access authentication data is stored on the remote network, each copy being encrypted by a public key of each member device having access to said data stored on the remote network andcreating, at the network server, new access authentication data when a member device is removed from the domain; and
  
  replacing the existing domain list with a new domain list that contains the new access authentication data.
- View Dependent Claims (41)
- - 41. The method according to claim 40, wherein said access authentication data is an access key.

42. Apparatus comprising:
- a processor; and
  
  a storage device having a stored computer program configured to, with the processor, cause the apparatus at least to;
  
  store access authentication data that is in possession of devices that are allowed to access data stored in a domain list comprising copies of the access authentication data, each copy being encrypted by a public key of each device having access to said data on a remote network;
  
  check whether a device seeking access to the data stored on the remote network is in possession of said access authentication data by an identity check of said device seeking access to the data stored on the remote network and by an authentication check of the device seeking access to the data stored on the remote network by means of a cryptographic operation involving the access authentication data,wherein the identity of said device seeking access to the data stored on the remote network is checked for an associated identity of the domain to which the device belongs, and authentication of the device is performed with a hash value of the access authentication data, wherein the stored computer program is configured to, with the processor, cause the apparatus to;
  
  store new access authentication data when a member device is removed from the domain; and
  
  replace the domain list with a new domain list that contains the new access authentication data.
- View Dependent Claims (43, 44)
- - 43. The apparatus according to claim 42, wherein the stored computer program is configured to, with the processor, cause the apparatus to decrypt the encrypted data stored on the remote network by means of a domain key;
    - encrypt the data by means of a new domain key and store the encrypted data on the network and then replace the domain list with a new domain list.
  - 44. The apparatus according to claim 42, wherein said access authentication data is an access key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Suihko, Tapio, Ginsboorg, Philip, Moloney, Seamus, Asokan, Nadarajah
Primary Examiner(s)
Flynn; Nathan
Assistant Examiner(s)
WRIGHT, BRYAN F

Application Number

US11/057,107
Publication Number

US 20050193199A1
Time in Patent Office

2,468 Days
Field of Search

726/4
US Class Current

380/277
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/062   for key distribution, e.g. ...

H04L 63/10   for controlling access to d...

H04L 9/0844   with user authentication or...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/30   Public key, i.e. encryption...

Accessing protected data on network storage from multiple devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Accessing protected data on network storage from multiple devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links