发明名称 |
Protocol for controlling access to encryption keys |
摘要 |
A secure remote-data-storage system stores encrypted data and both plaintext and encrypted keys at a server, where data at the server is inadequate to recover the plaintext of the encrypted data; and stores at least one encrypted key at a client system. To decrypt the data, the client must obtain a copy of the encrypted data from the server, and a key to decrypt its locally-stored encrypted key. Once decrypted, the locally-stored key can be used to decrypt the encrypted data, or to decrypt an encrypted key from the server, which may then be used decrypt the encrypted data. |
申请公布号 |
US9432346(B2) |
申请公布日期 |
2016.08.30 |
申请号 |
US201414512448 |
申请日期 |
2014.10.12 |
申请人 |
Madden David H. |
发明人 |
Madden David H. |
分类号 |
H04L29/06;H04L9/08;G06F21/62 |
主分类号 |
H04L29/06 |
代理机构 |
Mersenne Law |
代理人 |
Mersenne Law |
主权项 |
1. A method comprising:
obtaining plaintext data for a plurality of fields of a database record; selecting a plurality of random symmetric encryption keys; encrypting at least one of the plaintext data for the plurality of database fields using at least one of the plurality of random symmetric encryption keys to produce a database record for storage, at least one of the fields of the database record for storage thus being encrypted; arranging the plurality of random symmetric encryption keys into a key block; padding the key block with zero or more padding bits to produce a padded key block, a total number of bits of the padded key block similar to but not exceeding a number of bits of a public/private key pair; encrypting the padded key block with a public key of the public/private key pair to produce an encrypted key block; and transmitting the database record for storage and the encrypted key block to a server. |
地址 |
Portland OR US |