US 12,395,329 B1
Record-level encryption scheme for data ownership platform
Elena Pasquali, Bolzano (IT); Daniele Grazioli, Bolzano (IT); Gabriele Sankalaite, Padua (IT); and Georgiana Bud, Bolzano (IT)
Assigned to Ecosteer Srl, (IT)
Filed by Ecosteer Srl, Bolzano (IT)
Filed on Jun. 28, 2024, as Appl. No. 18/759,426.
Int. Cl. H04L 9/08 (2006.01)
CPC H04L 9/088 (2013.01) 24 Claims
OG exemplary drawing
 
1. A method comprising:
generating, by a data owner device of a data owner, a first key identifier corresponding to a first public-private key pair of the data owner, wherein the first public-private key pair comprises a first public key of the data owner and a first private key of the data owner;
generating, by the data owner device, a second key identifier corresponding to a second public-private key pair of the data owner, wherein the second public-private key pair comprises a second public key of the data owner and a second private key of the data owner;
receiving, at the data owner device via a communications network, a record comprising data of the data owner, wherein the record is encrypted using the first public key of the data owner;
decrypting, by the data owner device, the record using the first private key of the data owner;
generating, by the data owner device, a record key;
encrypting, by the data owner device, the record using the record key;
encrypting, by the data owner device, the record key using the first private key of the data owner;
providing, by the data owner device via the communications network, the encrypted record key and the first key identifier to a storage device for storage, wherein the storage device is remote from the data owner device;
receiving, by the data owner device via the communications network, a transaction identification corresponding to the encrypted record key and the first key identifier, wherein the transaction identification is generated when the encrypted record key and the first key identifier are stored on the storage device;
providing, by the data owner device via the communications network, the record encrypted with the record key to a data intermediary for storage at the data intermediary, wherein the data intermediary is remote from the data owner device and the storage device;
receiving, by the data owner device via the communications network, a request from a data consumer to access the record, wherein the request comprises at least the transaction identification and the request is encrypted with the second public key of the data owner;
decrypting, by the data owner device, the request using the second private key of the data owner;
retrieving, by the data owner device from the storage device via the communications network, the encrypted record key corresponding to the transaction identification;
decrypting, by the data owner device, the encrypted record key using the first private key, wherein the data owner device identifies the first private key based on the first key identifier associated with the transaction identification;
encrypting, by the data owner device, the record key using a public key of the data consumer; and
transmitting, by the data owner device via the communications network, the record key encrypted using the public key of the data consumer to a data consumer device.