| CPC H04L 9/14 (2013.01) | 14 Claims |
|
1. A method of sharing data between a data source and one or more selected data recipients, the method, performed by a gateway router having a public key and a private key, comprising:
encrypting data provided by the data source using a data encryption key;
storing the encrypted data;
for each of the selected data recipients:
i) generating a dedicated key encryption key dedicated to sharing data between the data source and the selected data recipient;
ii) encrypting the data encryption key using the dedicated key encryption key to generate a dedicated wrapped encryption key dedicated to sharing data between the data source and the selected data recipient; and
iii) storing a data access authorisation authorising access to the provided data by the selected data recipient, the data access authorisation comprising the dedicated wrapped encryption key and an identifier of the selected data recipient;
wherein the data encryption key is later recovered for a selected data recipient by a data access controller having associated public and private keys and being operable to control access to decrypted data by requestors, using the same dedicated key encryption key to decrypt the dedicated wrapped encryption key found in the data access authorisation; and
the dedicated key encryption key is generated by applying a one-way hash function to a concatenation of an edge gateway ID of the gateway router, a client ID of the selected data recipient and a number computable by each of the gateway router and the data access controller using their private key and the public key of the other.
|