Encrypting data for access by multiple users
US7596222B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 21, 2007 |
| Grant date | Sep 29, 2009 |
| Priority date | — |
| Expiry date | Aug 26, 2027 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L9/0863
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method for protecting data for access by a plurality of users. A server encrypts data using a master key and a symmetric encryption algorithm. For each authorized user, a key encryption key (KEK) is derived from a passphrase, and the master key is encrypted using the KEK. The server posts the encrypted data and an ancillary file that includes, for each user, a user identifier and the master key encrypted according to the user's KEK. To access the data, a user enters the passphrase into a client, which re-derives the user's KEK, and finds, in the ancillary file, the master key encrypted using the user's KEK. The client decrypts the master key and then decrypts the data. A KEK may be derived from a natural language passphrase by hashing the passphrase, concatenating the result and a predetermined text, hashing the concatenation, and truncating.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.