| 发明名称 |
SHARED ENCRYPTED STORAGE |
| 摘要 |
An improved key encryption system is provided for encrypting sensitive data on a shared data store. Various embodiments contemplate a system where a plurality of data clients are connected to one or more shared data stores. A secure data storage facility is provided on one or more of the shared data stores by using an encryption scheme. Encryption keys for decrypting the sensitive data are stored on the same data store as sensitive data which may be decrypted using the encryption keys in question. To provide another layer of protection, the data encryption keys are themselves encrypted using a key encryption key (KEK), which is generated by, and stored in a local persistent data store associated with the data clients. |
| 申请公布号 |
US2015106626(A1) |
申请公布日期 |
2015.04.16 |
| 申请号 |
US201314051776 |
申请日期 |
2013.10.11 |
| 申请人 |
Kremp Juergen;Kiefer Klaus;Bauer Uwe |
发明人 |
Kremp Juergen;Kiefer Klaus;Bauer Uwe |
| 分类号 |
G06F21/60 |
主分类号 |
G06F21/60 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
receiving, on a computing device, a registration password, the registration password provided to a plurality of client instances for registering the client instances to participate in a secure storage facility on a shared data store, the secure storage facility implemented using a key encryption scheme; generating or receiving, on the computing device, a first encryption key to be used in the key encryption scheme; calculating a key encryption key to be used to encrypt the first encryption key, the key encryption key calculated based at least in part on the registration password; encrypting the first encryption key with the key encryption key; creating a key element comprising the encrypted first encryption key; storing the key element on the shared data store; storing the key encryption key on a local persistent data store of the computing device. |
| 地址 |
Walldorf DE |
