US 9,811,680 B2
Secure storage and sharing of data by hybrid encryption using predefined schema
Guru Balasubramanian, Charlotte, NC (US); ChenFei Wu, Shanghai (CN); Wenyuan Wang, Shanghai (CN); and Jingjing Zhao, Bothell, WA (US)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Jun. 4, 2015, as Appl. No. 14/731,262.
Prior Publication US 2016/0357980 A1, Dec. 8, 2016
Int. Cl. H04L 29/06 (2006.01); H04L 9/32 (2006.01); H04L 9/14 (2006.01); G06F 21/62 (2013.01); H04L 9/08 (2006.01)
CPC G06F 21/6218 (2013.01) [H04L 9/0822 (2013.01); H04L 9/0825 (2013.01); H04L 9/14 (2013.01); H04L 63/04 (2013.01); H04L 63/045 (2013.01)] 15 Claims
OG exemplary drawing
1. A system for storing files, comprising:
a client device, comprising:
a key generator to generate a secret key;
a symmetric encrypter to encrypt raw data by symmetric encryption using the secret key;
an asymmetric encrypter to encrypt the secret key and symmetric encryption information by asymmetric encryption using a public service key to produce a key block, wherein the symmetric encryption information comprises an encryption type and secret key size;
a schema generator to generate a ciphertext file with predefined schema comprising asymmetric encryption information, the key block, and the encrypted raw data, wherein the asymmetric encryption information comprises an encryption type, a thumbprint, and a key block size; and
a storage sender to send the ciphertext file comprising the encrypted raw data to a first server device for storage and, in response to a request for raw data comprising a security level above a threshold security level corresponding to the encrypted raw data, receive a modified ciphertext file comprising the encrypted raw data and digitally signed encryption information comprising the asymmetric encryption information as digitally signed by the first server device from the first server device, send the digitally signed encryption information to a second server device, and receive a reencrypted key block comprising the assymetric encryption information as reencrypted by the second server device, a secret key, and the symmetric encryption information to decrypt the encrypted raw data.