US2023300119A1PendingUtilityA1

Method, computer program product and apparatus for encrypting and decrypting data using multiple authority keys

Assignee: AUTH9 INCPriority: Dec 16, 2018Filed: Mar 20, 2023Published: Sep 21, 2023
Est. expiryDec 16, 2038(~12.4 yrs left)· nominal 20-yr term from priority
H04L 9/0822H04L 63/0435H04L 9/083H04L 9/0863H04L 9/088H04L 63/108H04L 9/3226H04L 9/0836
64
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method, apparatus and computer program product are provided for encrypting and decrypting data using multiple authority keys including receiving, from a first computing device, a data decrypt request to decrypt encrypted data, the data decrypt request comprising a user key, determining that the user key is associated with a key hierarchy that comprises a server key, decrypting the server key using the user key, decrypting the encrypted data using the decrypted server key and permitting access to the decrypted data by the first computing device.

Claims

exact text as granted — not AI-modified
That which is claimed: 
     
         1 . An apparatus for providing decrypted data, the apparatus comprising:
 at least one processor; and   at least one non-transitory memory storing instructions that, when executed by the processor, configure the apparatus to:   receive, from a first computing device, a data decrypt request to decrypt encrypted data, the data decrypt request comprising a user key;   determine that the user key is associated with a key hierarchy that comprises a server key;   decrypt the server key using the user key;   decrypt the encrypted data using the decrypted server key; and   permit access to the decrypted data by the first computing device.   
     
     
         2 . The apparatus of  claim 1 , wherein the at least one non-transitory memory stores instructions that, when executed by the processor, further configure the apparatus to:
 determine that the user key is associated with the key hierarchy that comprises the server key and a plurality of other user keys; and   decrypt the server key using the user key or a key of at least one of the other user keys.   
     
     
         3 . The apparatus of  claim 1 , wherein the at least one non-transitory memory stores instructions that, when executed by the processor, further configure the apparatus to:
 determine that the user key is associated with the key hierarchy that comprises the server key and a plurality of other user keys;   decrypt at least one of the plurality of other user keys using the user key;   receive, from a second computing device associated with the at least one of the plurality of other user keys, a second data decrypt request to decrypt the encrypted data;   receive from the second computing device, a second user key; and   decrypt the server key using the second user key.   
     
     
         4 . The apparatus of  claim 1 , wherein the at least one non-transitory memory stores instructions that, when executed by the processor, further configure the apparatus to:
 receive, from the first computing device, a password associated with the first computing device;   derive a user key from the password;   determine that the password derived user key is associated with the key hierarchy that comprises the server key; and   decrypt the server key using the password derived user key.   
     
     
         5 . The apparatus of  claim 1 , wherein the at least one non-transitory memory stores instructions that, when executed by the processor, further configure the apparatus to:
 responsive to receiving, from the first computing device, the data decrypt request to decrypt encrypted data, transmit an authentication question to the first computing device;   receive a reply to the authentication question:   compare the reply to a corresponding answer; and   responsive to the reply matching the corresponding answer, derive a user key from the answer;   determine that the answer derived user key is associated with the key hierarchy that comprises the server key; and   decrypt the server key using the answer derived user key.   
     
     
         6 . The apparatus of  claim 1 , wherein the at least one non-transitory memory stores instructions that, when executed by the processor, further configure the apparatus to:
 permit access to the decrypted data based upon a time period falling within an allowed time period of an access rule.   
     
     
         7 . The apparatus of  claim 1 , wherein the at least one non-transitory memory stores instructions that, when executed by the processor, further configure the apparatus to:
 permit access to the decrypted data based upon one or more access rules, wherein the one or more access rules indicate a maximum number of access requests permitted within a predetermined period of time.   
     
     
         8 . A computer implemented method for providing decrypted data, the computer implemented method comprising:
 receiving, from a first computing device, a data decrypt request to decrypt encrypted data, the data decrypt request comprising a user key;   determining that the user key is associated with a key hierarchy that comprises a server key;   decrypting the server key using the user key;   decrypting the encrypted data using the decrypted server key; and   permitting access to the decrypted data by the first computing device.   
     
     
         9 . The computer implemented method of  claim 8 , further comprising:
 determining that the user key is associated with the key hierarchy that comprises the server key and a plurality of other user keys; and   decrypting the server key using the user key or a key of at least one of the other user keys.   
     
     
         10 . The computer implemented method of  claim 8 , further comprising:
 determining that the user key is associated with the key hierarchy that comprises the server key and a plurality of other user keys;   decrypting at least one of the plurality of other user keys using the user key;   receiving, from a second computing device associated with the at least one of the plurality of other user encryption keys, a second data decrypt request to decrypt the encrypted data;   receiving from the second computing device, a second user key; and   decrypting the server key using the second user key.   
     
     
         11 . The computer implemented method of  claim 8 , further comprising;
 deriving a user key from a password;   determining that the password derived user key is associated with the key hierarchy that comprises the server key; and   decrypting the server key using the password derived user key.   
     
     
         12 . The computer implemented method of  claim 8 , further comprising;
 receiving a reply to an authentication question;   comparing the reply to a corresponding answer; and   responsive to the reply matching the corresponding answer, deriving a user key from the answer;   determining that the answer derived user key is associated with the key hierarchy that comprises the server key; and   decrypting the server key using the answer derived user key.   
     
     
         13 . The computer implemented method of  claim 8 , further comprising:
 permitting access to the decrypted data based upon a time period falling within an allowed time period of an access rule.   
     
     
         14 . The computer implemented method of  claim 8 , further comprising:
 permitting access to the decrypted data based upon one or more access rules, wherein the one or more access rules indicate a maximum number of access requests permitted within a predetermined period of time.   
     
     
         15 . A computer program product for providing decrypted data, the computer program product comprising at least one non-transitory computer-readable storage medium having computer-executable program code instructions stored therein, the computer-executable program code instructions, in execution with a processor, configured to:
 receive, from a first computing device, a data decrypt request to decrypt encrypted data, the data decrypt request comprising a user key;   determine that the user key is associated with a key hierarchy that comprises an server key;   decrypt the server key using the user key;   decrypt the encrypted data using the decrypted server key; and   permit access to the decrypted data by the first computing device.   
     
     
         16 . The computer program product of  claim 15 , wherein the computer-executable program code instructions, in execution with a processor, are further configured to:
 determine that the user key is associated with the key hierarchy that comprises the server key and a plurality of other user keys; and   decrypt the server key using the user key or a key of at least one of the other user keys.   
     
     
         17 . The computer program product of  claim 15 , wherein the computer-executable program code instructions, in execution with a processor, are further configured to:
 determine that the user key is associated with the key hierarchy that comprises the server key and a plurality of other user keys;   decrypt at least one of the plurality of other user keys using the user key;   receive, from a second computing device associated with the at least one of the plurality of other user keys, a second data decrypt request to decrypt the encrypted data;   receive from the second computing device, a second user key; and   decrypt the server key using the second user key.   
     
     
         18 . The computer program product of  claim 15 , wherein the computer-executable program code instructions, in execution with a processor, are further configured to:
 receive, from the first computing device, a password associated with the first computing device;   derive a user key from the password;   determine that the password derived user key is associated with the key hierarchy that comprises the server key; and   decrypt the server key using the password derived user key.   
     
     
         19 . The computer program product of  claim 15 , wherein the computer-executable program code instructions, in execution with a processor, are further configured to:
 responsive to receiving, from the first computing device, the data decrypt request to decrypt encrypted data, transmit an authentication question to the first computing device;   receive a reply to the authentication question;   compare the reply to a corresponding answer; and   responsive to the reply matching the corresponding answer, derive a user key from the answer;   determine that the answer derived user key is associated with the key hierarchy that comprises the server key; and   decrypt the server key using the answer derived user key.   
     
     
         20 . The computer program product of  claim 15 , wherein the computer-executable program code instructions, in execution with a processor, are further configured to:
 permit access to the decrypted data based upon a time period falling within an allowed time period of an access rule.

Join the waitlist — get patent alerts

Track US2023300119A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.