| 发明名称 | Protocol for controlling access to encryption keys | ||
| 摘要 | A secure remote-data-storage system stores encrypted data and both plaintext and encrypted keys at a server, where data at the server is inadequate to recover the plaintext of the encrypted data; and stores at least one encrypted key at a client system. To decrypt the data, the client must obtain a copy of the encrypted data from the server, and a key to decrypt its locally-stored encrypted key. Once decrypted, the locally-stored key can be used to decrypt the encrypted data, or to decrypt an encrypted key from the server, which may then be used decrypt the encrypted data. | ||
| 申请公布号 | US9432346(B2) | 申请公布日期 | 2016.08.30 |
| 申请号 | US201414512448 | 申请日期 | 2014.10.12 |
| 申请人 | Madden David H. | 发明人 | Madden David H. |
| 分类号 | H04L29/06;H04L9/08;G06F21/62 | 主分类号 | H04L29/06 |
| 代理机构 | Mersenne Law | 代理人 | Mersenne Law |
| 主权项 | 1. A method comprising: obtaining plaintext data for a plurality of fields of a database record; selecting a plurality of random symmetric encryption keys; encrypting at least one of the plaintext data for the plurality of database fields using at least one of the plurality of random symmetric encryption keys to produce a database record for storage, at least one of the fields of the database record for storage thus being encrypted; arranging the plurality of random symmetric encryption keys into a key block; padding the key block with zero or more padding bits to produce a padded key block, a total number of bits of the padded key block similar to but not exceeding a number of bits of a public/private key pair; encrypting the padded key block with a public key of the public/private key pair to produce an encrypted key block; and transmitting the database record for storage and the encrypted key block to a server. | ||
| 地址 | Portland OR US | ||