System, processing device, computer program and method, to tranparently encrypt and store data objects such that owners of the data object and permitted viewers are able to view decrypted data objects after entering user selected passwords

摘要

A cryptographic system makes everyday data objects, such as a document or conversation, unreadable to anyone other than the owner or those currently having permission to access the data objects. The cryptographic system is transparent by requiring no additional effort on the part of any user in the encryption/decryption process other than entering a user identifier and password. Each document is encrypted with a unique encryption key. Changes to data object access permissions are immediately honored and enforced by enabling or disabling access to certain decryption keys. Decryption of data objects requires information known only to the owner of the data object or those permitted to access the data object. This decryption information is not stored anywhere in the system.

主权项

1. A method comprising:
associating, by the processing device, a master key and a private key with a data object owner; associating, by the processing device, a public key with a permitted user; wrapping, by the processing device, the master key of the data object owner with a derived key from a password from the data object owner; wrapping, by the processing device, the private key of the owner with the master key; receiving, by the processing device, a user identifier for the data object owner; receiving, by the processing device, the password from the data object owner; deriving, by the processing device, the derived key from the password; unwrapping, by the processing device, the master key of the data object owner using the derived key from the password; unwrapping, by the processing device, the private key with the master key; encrypting, by the processing device, a data object having a data object id to obtain an encrypted data object and data object key; creating, by the processing device, a duplicable key from the private key of the data object owner and the public key of the permitted user; wrapping, by the processing device, the data object key with the duplicable key to obtain a paired key; and storing, by the processing device, the encrypted data object and the paired key.