US2023025052A1PendingUtilityA1
Method and system for securing data
Est. expiryJul 31, 2034(~8 yrs left)· nominal 20-yr term from priority
Inventors:Larry Hamid
G06F 21/602H04L 9/0819H04L 9/0894G06F 21/6218H04L 9/083H04L 9/088G06F 21/604
71
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A first access key, which is provided by a key server for decrypting a file and the encrypted file is published on a public network by a first user. Every time the secured file is accessed by a second user, the first access key is provided by the key server to decipher the file. The first user can control access to the file by deleting the first access key on the key server, thus denying the second user access to the access key preventing de-encryption of the secured file.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A system comprising:
a first creation key for use in encrypting data for decryption with a first access key; a key server comprising an access key store, a key identification engine, a key deletion engine, and a key distribution engine for secure key identification, storage, deletion and distribution of the first access key, the key server for preventing key distribution and duplication outside a secure perimeter; a first secured plaintext file, secured with the first creation key, the first secured plaintext file including an indication of the first access key for retrieval from the key server; a file access module operating within the secure perimeter for accessing the key server and for retrieving therefrom the first access key in a secure fashion for accessing the first secured plaintext file, the file access module for securing the first access key before and during use and for deleting the first access key immediately after use, the file access module also for securing any plaintext data derived from the first secured plaintext file using the first access key, the file access module for one of preventing storage before and deleting after any plaintext data derived from the first secured plaintext file using the first access key to prevent further access to the plaintext data derived from the first secured plaintext file using the first access key after a current session without accessing the key server to access the first access key.
2 . A system according to claim 1 wherein the first secured plaintext file including an indication of the first access key, provides sufficient information to identify uniquely and access the first access key within the key server.
3 . A system according to claim 1 wherein the first secured plaintext file including an indication of the first access key, provides sufficient information to identify uniquely and provide access to the first access key within the key server without recourse to any of user IDs, login processes, and user entered authentication data.
4 . A system according to claim 1 comprising a hash process for hashing the first secured plaintext file wherein the indication is formed by hashing the first secured plaintext file to determine a hash and wherein the hash forms part of a unique identifier for identifying uniquely and providing access to the first access key within the key server.
5 . A system according to claim 1 comprising a hash process for hashing the first secured plaintext file wherein the indication is formed by hashing the first secured plaintext file to determine a hash and wherein the hash forms a unique identifier for identifying uniquely and providing access to the first access key within the key server.
6 . A system according to claim 1 wherein absent providing user identification, providing a hash of a secured plaintext file by the file access module to the key server results in a response including the first access key for accessing the first secured plaintext file in plaintext.
7 . A system according to claim 1 wherein absent at least one of providing user identification and being logged into a user account at least one of known to the key server or communicated to the key server, providing a hash of a secured plaintext file by the file access module to the key server results in a response including the first access key for accessing the first secured plaintext file in plaintext.
8 . A system according to claim 1 comprising a key management module, the key management module for authenticating a first user associated with at least the first access key stored within the key server and for providing the first user access to the key server for deleting the first access key therefrom.
9 . A system according to claim 1 comprising a key management module, the key management module for authenticating a first user associated with a plurality of access keys stored within the key server and for providing the first user access to the key server for deleting at least an access key therefrom.
10 . A method comprising:
providing a first plaintext data file; providing a first creation key and a first access key using the first creation key for encrypting the first plaintext datafile to form a first secured plaintext file for decryption with the first access key; providing a key server comprising an access key store for storing the first access key, a key identification engine, a key deletion engine, and a key distribution engine for secure key identification, storage, deletion and distribution of the first access key, the key server for preventing key distribution and duplication outside a secure perimeter; accessing the key server by a file access module operating within the secure perimeter; based on the first secured plaintext file, retrieving by a file access module from the key server the first access key in a secure fashion; accessing the first secured plaintext file using the first access key, the file access module for securing the first access key and any plaintext data derived from the first secured plaintext file using the first access key, one of preventing storage of any plaintext data derived from the first secured plaintext file using the first access key and deleting any plaintext data derived from the first secured plaintext file using the first access key immediately after to prevent further access to the plaintext data derived from the first secured plaintext file using the first access key after a current secure session absent again accessing the key server to access the first access key.
11 . A method according to claim 10 wherein the first secured plaintext file including an indication of the first access key, provides sufficient information to identify uniquely and access the first access key within the key server.
12 . A method according to claim 10 wherein the first secured plaintext file including an indication of the first access key, provides sufficient information to identify uniquely and provide access to the first access key within the key server without recourse to any of user IDs, login processes, and user entered authentication data.
13 . A method according to claim 10 comprising hashing the first secured plaintext file to form the indication for identifying uniquely and providing access to the first access key within the key server.
14 . A method according to claim 10 wherein absent providing user identification, providing a hash of a secured plaintext file by the file access module to the key server results in a response including the first access key for accessing the first secured plaintext file in plaintext.
15 . A method according to claim 10 wherein absent at least one of providing user identification and being logged into a user account at least one of known to the key server or communicated to the key server, providing a hash of a secured plaintext file by the file access module to the key server results in a response including the first access key for accessing the first secured plaintext file in plaintext.
16 . A method according to claim 10 wherein a user modifies with the file access module a plaintext file derived from the first secured plaintext file to form a modified file, the modified file is secured with the first creation key and stored as a second secured plaintext file for being accessed with the first access key.
17 . A method according to claim 16 wherein the user modifies the version with at least one of markups and highlighting.
18 . A method according to claim 10 wherein a user modifies with the file access module a plaintext file derived from the first secured plaintext file to form a modified file, the modified file is secured with a second other creation key and stored as a second secured plaintext file for being accessed with a second other access key, the second other access key associated with the first access key and with a first user associated with the first access key.
19 . A method according to claim 18 wherein the user modifies the version with at least one of markups and highlighting.
20 . A method according to claim 10 wherein the first access key stored within the key server has an expiration associated therewith and wherein the key server automatically one of prevents access to the first access key and deletes the first access key upon expiration thereof.Join the waitlist — get patent alerts
Track US2023025052A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.