PERFORMING AN OPERATION ON A DATA STORAGE

摘要

A method of performing an operation on a data storage for storing data being encrypted with a key KD associated with an owner of the data is provided. The method includes deriving, for each authorized client Cj, a first key KCj and a second key KTj, providing the client Cj with the first key KCj, and providing a Trusted Third Party (TTP) with the second key KTj. The method further includes, at a Policy Enforcement Point, receiving a request for performing the operation on the data storage from a client Ck of the authorized clients, acquiring a first key KCk from the client Ck, acquiring a second key KTk from the TTP, deriving the key KD from the first key KCk and the second key KTk, and performing the operation on the data storage using the derived key KD. The disclosed trust model uses two-part secret sharing.

主权项

1. A method of performing an operation on a data storage for storing data being encrypted with a key KD associated with an owner of the data, the method comprising:
for each client Cj of one or more clients which are authorized to perform operations on the data storage:
deriving a first key KCj and a second key KTj such that the key KD can be derived from the first key KCj and the second key KTj,providing the client Cj with the first key KCj, andproviding a Trusted Third Party, TTP, with the second key KTj, and at a Policy Enforcement Point, PEP:
receiving a request for performing the operation on the data storage from a client Ck of the one or more clients,acquiring a first key KCk from the client Ck,acquiring a second key KTk from the TTP,deriving the key KD from the first key KCk and the second key KTk, andperforming the operation on the data storage using the derived key KD.