| 摘要 |
Systems, methods, and media may provide secure data storage. A request may be transmitted for a requested container to a database, the request comprising a requested container identifier of the requested container. The database may comprise containers, wherein each container is identified by a container identifier and comprises at least one record, a container session key table configured to store the container identifiers of the containers, a container session key share table configured to store encrypted user keys, and a container session key table configured to store session key shares, wherein each session key share corresponds to at least one encrypted user key. The requested container may be received from the database, and the database may provide the requested container by using the container session key table to identify the requested container. An encrypted user key corresponding to the requested container may be received from the database, and the requested container and the encrypted user key may be transmitted to an application framework. |
| 主权项 |
1. A method for storing data securely, the method comprising:
receiving, by an application framework implemented by a computing system, a payload from an application; receiving, by the application framework, a passphrase; decrypting at least one encrypted user key using the passphrase to produce at least one user key; encrypting the payload using the at least one user key to produce an encrypted payload, and storing or transmitting the encrypted payload. |
