摘要 |
When data is to be stored for an extended period of time, possibly of the order of a hundred years, it is possible that the method used to encrypt the data will become outdated, or the encryption secret may be compromised. The present invention discloses a method and apparatus that allow such data to be renewed, i.e. stored with a new encryption secret. Original data 200 is encrypted to form encrypted data 211 which can be accessed using one or more encryption secrets 213 stored separately, and validated using context data 212. At renewal, the encrypted data 211, the context data 212 and the or each encryption secret 213 are combined to form a first encryption layer 210 and the first encryption layer 210 is itself encrypted to form the encrypted data 221 of an immediately succeeding encryption layer 220. The encrypted data 221 of this second encryption layer is accessed with a renewed encryption secret 223 and is validated by context data 222 such as a time stamp and trusted signature. The method may be repeated recursively, forming third 230 and subsequent encryption layers at each renewal.
|