US 12,395,336 B2
Content management systems and methods using proxy reencryption
Vanishree Rao, San Mateo, CA (US); Robert Tarjan, Princeton, NJ (US); and David P. Maher, Philadelphia, PA (US)
Assigned to Intertrust Technologies Corporation, Berkeley, CA (US)
Filed by Intertrust Technologies Corporation, Berkeley, CA (US)
Filed on May 14, 2024, as Appl. No. 18/664,196.
Application 18/664,196 is a continuation of application No. 17/829,241, filed on May 31, 2022, granted, now 12,021,984.
Application 17/829,241 is a continuation of application No. 16/421,002, filed on May 23, 2019, granted, now 11,362,824.
Claims priority of provisional application 62/676,429, filed on May 25, 2018.
Prior Publication US 2024/0313964 A1, Sep. 19, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/30 (2006.01); H04L 9/06 (2006.01)
CPC H04L 9/30 (2013.01) [H04L 9/0618 (2013.01); H04L 2209/16 (2013.01); H04L 2209/603 (2013.01); H04L 2209/76 (2013.01)] 15 Claims
OG exemplary drawing
 
1. A method for managing data performed by an electronic data access management system comprising a processor and a non-transitory computer-readable medium storing instructions that, when executed by the processor, cause the electronic data access management system to perform the method, the method comprising:
receiving, from an electronic data service system, a protected reencryption program, an encrypted data access key encrypted using a public encryption key of the electronic data service system, and an identifier of electronic data associated with the encrypted data access key, the protected reencryption program comprising a protected private decryption key of the electronic data service system;
receiving, from a user device, a data access request message, the data access request message comprising the identifier of the electronic data and a public encryption key of the user device;
generating a reencrypted data access key using the protected reencryption program based on the encrypted data access key and the public encryption key of the user device, wherein generating the reencrypted data access key comprises:
decrypting the encrypted data access key by the protected reencryption program to generate a data access key, and
encrypting the data access key using the public encryption key of the user device to generate the reencrypted data access key,
wherein decrypting the encrypted data access key to generate the data access key and encrypting the data access key to generate the reencrypted data access key are performed without exposing plaintext of the data access key to the electronic data access management system outside the protected reencryption program during execution of the protected reencryption program;
generating a data access response associated with the electronic data, the data access response comprising the reencrypted data access key; and
transmitting the data access response to the user device.