| 发明名称 | Systems and methods for enforcing third party oversight of data anonymization | ||
| 摘要 | A modifiable server is utilized to reliably seal and unseal data according to a measurement of the server, by structuring the server to have a modifiable sandbox component for sealing, unsealing the data, and a non-modifiable checker component for enabling or disabling said sandbox component. The checker component determines whether the sandbox component complies with pre-determined standards. If the sandbox component is compliant, the checker component enables the sandbox component to seal and unseal the data using a measurement of the checker component. Otherwise, the checker component disables the sandbox component. | ||
| 申请公布号 | US9542568(B2) | 申请公布日期 | 2017.01.10 |
| 申请号 | US201414283383 | 申请日期 | 2014.05.21 |
| 申请人 | MAX PLANCK GESELLSCHAFT ZUR FOERDERUNG DER WISSENSCHAFTEN E.V. | 发明人 | Francis Paul;Bauer Felix;Probst Eide Sebastian;Kretschmer Matthias;Berneanu Cristian Daniel |
| 分类号 | G06F21/62;G06F21/51;H04L9/32;G06F21/57 | 主分类号 | G06F21/62 |
| 代理机构 | Grogan, Tuccillo & Vanderleeden, LLP | 代理人 | Grogan, Tuccillo & Vanderleeden, LLP |
| 主权项 | 1. A server for sealing and unsealing user data, said server comprising: a processor; and a memory device, which stores: an encryption key, user data encrypted by the encryption key, a plurality of authenticated manifests each comprising authenticated measurements of the server, the authenticated measurements configured to be stored as hashes, and a server application comprising a manifest checker component and a sandbox component, the encryption key being sealed in the first memory device using a measurement of the manifest checker component; the processor being adapted by the server application to: implement the manifest checker component to obtain current measurements of the server corresponding to the authenticated measurements of the server, and to compare the current measurements to the authenticated measurements, wherein the measurements of the server do not include any measurement of the manifest checker component;implement the sandbox component to unseal the encryption key using a current measurement of the manifest checker component, and to access the user data using the encryption key, if the current measurements of the server sufficiently match the authenticated measurements of the server, orprevent implementation of the sandbox component, if the current measurements of the server do not sufficiently match the authenticated measurements of the server; and wherein at least two of the plurality of authenticated manifests have been authenticated by different certificates. | ||
| 地址 | Munich DE | ||