Systems and Methods for Trading of Text based Data Representation

摘要

A method for sharing encrypted data and encryption keys through a system comprised of the following data types, but not limited to a; 1) Record and its encryption key, 2) RecordSet and its encryption key, and 3) Entity and its encryption key. A Record is encrypted using an encryption key, furthermore, the Record encryption key is encrypted using a RecordSet encryption key, and finally, both the encrypted Record and its encrypted encryption key are wrapped as a single unit, to avoid key the expensive operations of key lookup and general key operation overhead. Access control to the RecordSet encryption keys are provided by a combination of data types, but not limited to a; 1) Entity and its encryption key, 2) Ciphers, and 3) Trusted Entity Lists. For each Entity which is authorized access to access a RecordSet, an encrypted Cipher, made of both the Entity encryption key and RecordSet encryption key, is added to a Trusted Entity List. Tokens are protected by user defined secrets, comprised of Entity encryption keys.

主权项

1. A Trust-No-One system for sharing encrypted information among users securely and yet efficiently, wherein encryption keys are encrypted by using randomly generated keys when in storage, and users are kept out of possession of encryption keys in decrypted forms when in use, comprising:
a processor that generates a Record, a Recordset, and an Entity, wherein the Entity is coupled with the Record via the Recordset; a first memory for storing an encrypted Entity Key in the Entity, storing an encrypted Record Key in the Record, and storing the RecordSet that couples the Entity and the Record; a second memory for executing decryption, wherein a secret is used to decrypt the encrypted Entity Key, the decrypted Entity Key is further used to decrypt the encrypted RecordSet Key, the decrypted RecordSet Key is further used to decrypt the encrypted Record Key, and the decrypted Record Key is further used to decrypt data encrypted in the Record; and a memory storing instructions configured to be executed by the processor to implement an encrypted record and encryption keys wrapping method, wherein the processor further receives a request of access to the Record from the Entity, determines a permission to access the Record based on decrypting the Record Key associated with the Record using the RecordSet Key and the Entity Key associated with the Entity in the second memory, and allowing the permission to access the data when the decrypting of the Record Key is successful.