Who is the assignee on this patent?

Auradkar Rahul V, Dsouza Roy Peter, Cannon Darrell J, and 2 more

What technology area does this patent fall under?

Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jul 09 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Trustworthy extensible markup language for trustworthy computing and data services

US10348693B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10348693-B2
Application number	US-83243310-A
Country	US
Kind code	B2
Filing date	Jul 8, 2010
Priority date	Dec 15, 2009
Publication date	Jul 9, 2019
Grant date	Jul 9, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A digital escrow pattern for data services can include selective access for obscured data at a remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Based on the pattern, a “trustworthy envelope” for any kind of payload enables curtained access through a variety of decorations or seals placed on the envelope that allow for a gamut of trust ranging with guarantees such as, but not limited to, confidentiality, privacy, anonymity, tamper detection, integrity, etc. For instance, XML tags can be applied or augmented to create trust envelopes for structured XML data. Some examples of mathematical transformations or ‘decorations’ that can be applied to the XML data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof(s) of Application, blind fingerprints, Proof(s) of Retrievability, etc.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for hosting extensible markup language (XML) data, comprising: receiving, by at least one computing device in a first region of control from at least one computing device in a second region of control, at least partially encrypted XML data, the at least partially encrypted XML data including encrypted XML payload data and separately encrypted XML metadata, the at least partially encrypted XML data formed from at least partial encrypting a defined XML data set according to at least one searchable encryption algorithm based on access information, the forming of the at least partially encrypted XML data also includes a copying of the XML metadata from the defined XML data set before the at least partial encrypting of the defined XML data set; receiving a request for data defining at least one capability based on the access information defining at least one privilege for accessing at least some of the encrypted XML payload data, the encrypted XML metadata defining at least one of authentication information or authorization information for the at least partially encrypted XML data; in response to the request for the data defining the at least one capability, transmitting the data defining the at least one capability to a recipient computing device; and validating receipt of the data defining the at least one capability by the recipient computing device. 2. The method of claim 1 , wherein the access information includes cryptographic key information. 3. The method of claim 1 , wherein the receiving of the request for data includes: receiving a request for trapdoor data that includes at least one cryptographic trapdoor for selectively accessing at least one of the encrypted XML payload data or encrypted XML metadata. 4. The method of claim 1 , wherein the receiving of the request for data includes: receiving a request for at least one data item from the defined XML data set; receiving at least one trapdoor for extracting the at least one data item from the at least partially encrypted XML data; and if the at least one trapdoor is valid extracting and transmitting the at least one data item from the at least partially encrypted XML data. 5. The method of claim 1 , wherein the receiving of the at least partially encrypted XML data includes: receiving auxiliary metadata encrypted based on cryptographic key information, the auxiliary metadata formed from an analysis of at least one of the encrypted XML payload data or the encrypted XML metadata. 6. The method of claim 1 , wherein the XML metadata was encrypted in a manner that generated encrypted indices. 7. A computer readable medium having computer-executable instructions, which when executed perform actions, comprising: receiving, by at least one computing device in a first region of control from at least one computing device in a second region of control, at least partially encrypted XML data, the at least partially encrypted XML data including encrypted XML payload data and separately encrypted XML metadata, the at least partially encrypted XML data formed from at least partial encrypting a defined XML data set according to at least one searchable encryption algorithm based on access information, the forming of the at least partially encrypted XML data also includes a copying of the XML metadata from the defined XML data set before the at least partial encrypting of the defined XML data set; receiving a request for data defining at least one capability based on the access information defining at least one privilege for accessing at least some of the encrypted XML payload data, the encrypted XML metadata defining at least one of authentication information or authorization information for the at least partially encrypted XML data; in response to the request for the data defining the at least one capability, transmitting the data defining the at least one capability to a recipient computing device; and validating receipt of the data defining the at least one capability by the recipient computing device. 8. The computer readable medium of claim 7 , wherein the access information includes cryptographic key information. 9. The computer readable medium of claim 7 , wherein the receiving of the request for data includes: receiving a request for trapdoor data that includes at least one cryptographic trapdoor for selectively accessing at least one of the encrypted XML payload data or encrypted XML metadata. 10. The computer readable medium of claim 7 , wherein the receiving of the request for data includes: receiving a request for at least one data item from the defined XML data set; receiving at least one trapdoor for extracting the at least one data item from the at least partially encrypted XML data; and if the at least one trapdoor is valid extracting and transmitting the at least one data item from the at least partially encrypted XML data. 11. The computer readable medium of claim 7 , wherein the receiving of the at least partially encrypted XML data includes: receiving auxiliary metadata encrypted based on cryptographic key information, the auxiliary metadata formed from an analysis of at least one of the encrypted XML payload data or the encrypted XML metadata. 12. The computer readable medium of claim 7 , wherein the XML metadata was encrypted in a manner that generated encrypted indices. 13. A method for hosting data, comprising: receiving, by at least one computing device in a first region of control from at least one computing device in a second region of control, at least partially encrypted data, the at least partially encrypted data including encrypted payload data and separately encrypted metadata, the at least partially encrypted data formed from at least partial encrypting a defined data set according to at least one searchable encryption algorithm based on access information, the forming of the at least partially encrypted data also includes a copying of the metadata from the defined data set before the at least partial encrypting of the defined data set; receiving a request for data defining at least one capability based on the access information defining at least one privilege for accessing at least some of the encrypted payload data, the encrypted metadata defining at least one of authentication information or authorization information for the at least partially encrypted data; in response to the request for the data defining the at least one capability, transmitting the data defining the at least one capability to a recipient computing device; and validating receipt of the data defining the at least one capability by the recipient computing device. 14. The method of claim 13 , wherein the access information includes cryptographic key information. 15. The method of claim 13 , wherein the receiving of the request for data includes: receiving a request for trapdoor data that includes at least one cryptographic trapdoor for selectively accessing at least one of the encrypted payload data or encrypted metadata. 16. The method of claim 13 , wherein the receiving of the at least partially encrypted data includes: receiving auxiliary metadata encrypted based on cryptographic key information, the auxiliary metadata formed from an analysis of at least one of the encrypted payload data or the encrypted metadata. 17. The method of claim 13 , wherein the receiving of the request for data includes: receiving a request for at least one data item from the defined data set; receiving at least one trapdoor for extracting the at least one data item from the at least partially

Assignees

Inventors

Classifications

H04L67/1097
for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS] · CPC title
H04L63/061
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
H04L63/0428Primary
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title

Patent family

Related publications grouped by family.

View patent family 44144231

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10348693B2 cover?: A digital escrow pattern for data services can include selective access for obscured data at a remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Based on the pattern, a “trustworthy envelope” for any kind of payload enables curtained access through a variety of decorations or seals placed on the envelope that allow for a g…
Who is the assignee on this patent?: Auradkar Rahul V, Dsouza Roy Peter, Cannon Darrell J, and 2 more
What technology area does this patent fall under?: Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jul 09 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).