Man-In-The-Middle Extender Defense In Data Communications
US-2024356933-A1 · Oct 24, 2024 · US
User-controlled data encryption with obfuscated policy
US9077525B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9077525-B2 |
| Application number | US-201113168610-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 24, 2011 |
| Priority date | Jun 24, 2011 |
| Publication date | Jul 7, 2015 |
| Grant date | Jul 7, 2015 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An obfuscated policy data encryption system and method for re-encrypting data to maintain the confidentiality and integrity of data about a user when the data is stored in a public cloud computing environment. The system and method allow a user to specify in a data-sharing policy who can obtain the data and how much of the data is available to them. This policy is obfuscated such that it is unintelligible to the cloud operator and others processing and storing the data. In some embodiments, a patient species with whom his health care data should be shared with and the encrypted health care data is stored in the cloud in an electronic medical records system. The obfuscated policy allows the electronic medial records system to dispense the health care data of the patient to those requesting the data without disclosing the details of the policy itself.
First claim
Opening claim text (preview).
What is claimed is: 1. A method implemented by one or more computing devices, the method comprising: receiving an obfuscated policy at a cloud data management system, the obfuscated policy being a private version of a data-sharing policy specified by a user, the data-sharing policy regarding access by one or more data consumers to data about the user; receiving an obfuscated re-encryption program at the cloud data management system, the obfuscated re-encryption program having been generated using a private key of the user, a data consumer public key of an individual data consumer, and the obfuscated policy, wherein the cloud data management system does not have access to the private key of the user; receiving encrypted data at the cloud data management system from a data provider, the encrypted data being raw data about the user that has been encrypted using a user public key of the user; re-encrypting the encrypted data using the obfuscated re-encryption program and the obfuscated policy to obtain re-encrypted data; storing the re-encrypted data in the cloud data management system; receiving a modified obfuscated policy at the cloud data management system; receiving a modified obfuscated re-encryption program at the cloud data management system, the modified obfuscated re-encryption program having been generated using the private key of the user, the data consumer public key of the individual data consumer, and the modified obfuscated policy; receiving additional encrypted data from the data provider; and re-encrypting the additional encrypted data using the modified obfuscated re-encryption program instead of the obfuscated re-encryption program. 2. The method of claim 1 , wherein the user public key of the user and the private key of the user are generated together. 3. The method of claim 1 , further comprising: receiving a request for a portion of the re-encrypted additional encrypted data from the individual data consumer; and sending the portion of the re-encrypted additional encrypted data to the individual data consumer. 4. The method of claim 3 , wherein the portion of the re-encrypted additional encrypted data is sent to the individual data consumer as a ciphertext that is readable only with another private key of the individual data consumer. 5. The method of claim 3 , wherein the ciphertext is only readable by the individual data consumer by decrypting the ciphertext using another private key of the individual data consumer to obtain decrypted data. 6. The method of claim 1 , wherein the data about the user includes medical record data, and the one or more data consumers are health care providers. 7. A computer readable memory device or storage device storing computer readable instructions that, when executed by one or more computing devices, cause the one or more computing devices to perform acts comprising: obtaining an obfuscated policy at a cloud data management system, the obfuscated policy being a private version of a data-sharing policy specified by a user, the data-sharing policy specifying access by data consumers to data about the user; obtaining an obfuscated re-encryption program at the cloud data management system, the obfuscated re-encryption program having been generated using a private key of the user, a public key of an individual data consumer, and the obfuscated policy, wherein the one or more computing devices do not have access to the private key of the user; receiving encrypted data at the cloud data management system from a data provider, the encrypted data being raw data about the user that has been encrypted using a user public key of the user; re-encrypting the encrypted data using the obfuscated re-encryption program and the obfuscated policy to obtain re-encrypted data; storing the re-encrypted data at the cloud data management system; obtaining a modified obfuscated policy at the cloud data management system; obtaining a modified obfuscated re-encryption program at the cloud data management system, the modified obfuscated re-encryption program having been generated using the private key of the user, the public key of the individual data consumer, and the modified obfuscated policy; and using the modified obfuscated re-encryption program for a subsequent re-encryption instead of the obfuscated re-encryption program. 8. The computer readable memory device or storage device of claim 7 , wherein the data provider is not the user. 9. The computer readable memory device or storage device of claim 7 , wherein the data provider is one of the data consumers. 10. The computer readable memory device or storage device of claim 7 , wherein the obfuscated re-encryption program is generated using multiple public keys of multiple data consumers. 11. The computer readable memory device or storage device of claim 7 , wherein the obfuscated policy specifies a portion of the encrypted data that is accessible to the individual data consumer. 12. The computer readable memory device or storage device of claim 7 , the acts further comprising: receiving additional encrypted data from the data provider, and performing the subsequent re-encryption on the additional encrypted data. 13. The computer readable memory device or storage device of claim 7 , the acts further comprising obtaining the obfuscated re-encryption program from another computing device that is associated with the user. 14. The computer readable memory device or storage device of claim 7 , wherein the re-encrypting is performed by the cloud data management system. 15. The computer readable memory device or storage device of claim 7 , the acts further comprising obtaining the obfuscated policy from another computing device that is associated with the user. 16. A cloud computing system, comprising: a computing device; and a storage device storing computer-executable instructions which, when executed by the computing device, cause the computing device to: obtain an obfuscated version of a data-sharing policy specified by a user, the data-sharing policy specifying an extent of access by data consumers to data about the user, obtain an obfuscated re-encryption program having been generated using a private key of the user, public keys of the data consumers, and the obfuscated version of the data-sharing policy specified by the user, wherein the cloud computing system does not have access to the private key of the user, receive encrypted data from a data provider, the encrypted data being some of the data about the user that has been encrypted using a user public key of the user, re-encrypt the encrypted data using the obfuscated re-encryption program and the obfuscated version of the data-sharing policy to obtain re-encrypted data, store the re-encrypted data, provide the re-encrypted data to the data consumers in accordance with the obfuscated version of the data-sharing policy, obtain a modified obfuscated policy, obtain a modified obfuscated re-encryption program having been generated using the private key of the user, another public key of another data consumer, and the modified obfuscated policy, and use the modified obfuscated re-encryption program for a subsequent re-encryption instead of the obfuscated re-encryption program. 17. The cloud computing system of claim 16 , wherein the obfuscated re-encryption program is generated by another computing device that is not part of the cloud computing system. 18. The cloud computing system of claim 16 , wherein the subsequent re-encryption is performed on the encrypted data.
Assignees
Inventors
Classifications
Medical equipments · CPC title
Proxy, i.e. using intermediary entity to perform cryptographic operations · CPC title
Obfuscation or hiding, e.g. involving white box · CPC title
involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing · CPC title
involving simulating, designing, planning or modelling of a network · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9077525B2 cover?
- An obfuscated policy data encryption system and method for re-encrypting data to maintain the confidentiality and integrity of data about a user when the data is stored in a public cloud computing environment. The system and method allow a user to specify in a data-sharing policy who can obtain the data and how much of the data is available to them. This policy is obfuscated such that it is uni…
- Who is the assignee on this patent?
- Chandran Nishanth, Chase Melissa E, Lauter Kristin Estella, and 2 more
- What technology area does this patent fall under?
- Primary CPC classification H04L9/088. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 07 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).