SYSTEM AND METHOD FOR SECURELY STORING AND SHARING INFORMATION

摘要

The present application generally relates to systems, devices, and methods to conduct the secure exchange of encrypted data using a three-element-core mechanism consisting of the key masters, the registries and the cloud lockboxes with application programming, interfaces providing interaction with a wide variety of user-facing software applications. Together the mechanism provides full lifecycle encryption enabling cross-platform sharing of encrypted data within and between organizations, individuals, applications and devices. Control of the private key required for decryption is maintained by the information owner. More specifically, the mechanism establishes unique identities, verifies authenticity, generates and securely exchanges asymmetric encryption key pairs, encrypts, transmits, receives and decrypts data to/from cloud lockboxes; creates and appends metadata specific to the applications and retrieves and/or act upon metadata.

主权项

1. A system having a plurality of participants for conducting secure exchange of encrypted data within a community of interest using a tightly-coupled, distributed three-element-core mechanism consisting of:
one or more cloud lockboxes operating on one or more file systems, wherein a cloud lockbox is configured to receive, store and enable secure retrieval of encrypted data; one or more key masters, wherein a key master is configured to:
generate a public-private key pair for the key master;generate one or more public-private key pairs for each participant, of the plurality of participants in the community of interest, served by the key master;receive data from one or more participants;encrypt the received data with respective participants' public keys;transmit the encrypted data to one or more cloud lockboxes associated with the respective participants;maintain the participants' private keys required for decryption of the encrypted data; andretrieve and decrypt the encrypted data from the one or more cloud lockboxes; one or more registries, wherein a registry is configured to:
establish unique identities for each participant and key master;maintain a directory of the participants, the one or more cloud lockboxes the one or more key masters and, the one or more registries; andcreate and manage one or more granular access control lists for determining access to stored data in the one or more cloud lockboxes;wherein the registry is configured to update permissions for the plurality of participants to enable the plurality of participants to at least one of add and retrieve data from the one or more cloud lockboxes based on the one or more access control lists.