WO2012053886A1 - A method and system for file encryption and decryption in a server - Google Patents

A method and system for file encryption and decryption in a server Download PDF

Info

Publication number
WO2012053886A1
WO2012053886A1 PCT/MY2010/000305 MY2010000305W WO2012053886A1 WO 2012053886 A1 WO2012053886 A1 WO 2012053886A1 MY 2010000305 W MY2010000305 W MY 2010000305W WO 2012053886 A1 WO2012053886 A1 WO 2012053886A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
file
encryption
encrypted file
key
Prior art date
Application number
PCT/MY2010/000305
Other languages
French (fr)
Inventor
Fui Bee Tan
Rashidah Haron Galoh
Chong Seak Sea
Kang Siong Ng
Soo Sian Tan
Izyani Daud Nor
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2012053886A1 publication Critical patent/WO2012053886A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB

Definitions

  • the present invention relates to a method and system for encrypting and decrypting files in a server environment.
  • Encryption is the process of encoding information/data based on a specific algorithm to make it unreadable to unauthorized people unless the user is in possession of a specific key.
  • the result of the process is encrypted information.
  • Decryption relates to the process of decoding information/data that has been encrypted into a secret format. Decryption requires a secret key to decode the said information/data.
  • the currently existing encryption and decryption process is performed as a non web-based application as private key is being stored in the hardware based on the user/client side.
  • the type and length of the keys utilized depends upon the encryption algorithm and the amount of security needed.
  • a single key is used. With this key, the sender can encrypt a message and a recipient can decrypt the message but the security of the key becomes problematic.
  • pair keys are used; public and private key.
  • Public key is a shared key and anyone can get access to the key.
  • Private key is a secret key that must be kept securely and no one can get access to the key except the owner of the key.
  • Sender can encrypt a message with recipient's public key and recipient can only successfully decrypt the message with recipient's private key.
  • the problem encounters during the decryption process where the secured message is on the server side while the user's private key is stored in the hardware token on the user/client side.
  • the present invention provides the methodology and system for encrypting and decrypting file in a server environment with the private key being stored at the user/client side in a token format.
  • the user will not have a copy of the decrypted document as the decrypted document will not be stored in the user's computer as the said document will be stored at the server side upon decryption of the said data.
  • One aspect of the present invention is a method for file encryption in a server.
  • the method comprising the steps of accessing a server by logging in to a server via a predetermined programming language (202), selecting at least one file for encryption upon successful login to a server (204), initializing encryption process to generate an encryption key, SK (206), encrypting at least one file using the encryption key, SK to obtain X (208), storing X in a database of the server (210), encrypting the encryption key, SK using a user public key to obtain Y (212) and storing Y in the database of the server (214).
  • Another aspect of the present invention is a method (300) for file decryption in a server.
  • the method comprising the steps of accessing a server by logging in to a server via a predetermined programming language (302), selecting the encrypted file, X from a database of the server for decryption (304), accessing the encrypted file, Y from the database of the server (306), forwarding the encrypted file, Y from the database of the server for decryption (308), decrypting the encrypted file, Y using user private key tb obtain an encryption key, SK (310), encrypting the encryption key, SK using server public key extracted from a server certification to obtain an encrypted file, Z (312), forwarding the encrypted file, Z to the server (314), decrypting the encrypted file, Z using server private key to obtain encryption key, SK (316) and decrypting encrypted file, X using encryption key, SK to obtain an original document (318).
  • the user private key is maintained at the user/client side wherein the present methodology of encryption and de
  • FIG. 400 Another aspect of the present invention is a system (400) for file encryption and decryption in a server.
  • the system (400) comprising a plurality of tokens (402), a client system (404), a server system (406) and a database (408).
  • the system for file encryption in a server comprising a plurality of tokens (402) which provides cryptographic capabilities to a user in a server environment while the client system (404) provide means for accessing a server by logging in to a server via a predetermined programming language, selecting at least one file for encryption upon successful login to a server,
  • the server system (406) provide means for initializing encryption process to generate an encryption key, SK, encrypting at least one file using the encryption key, SK to obtain X, encrypting the encryption key, SK using a user public key to obtain Y and accessing the encrypted file, Y which is related to X from the database of the server.
  • the database (408) stores the encrypted files, X and Y.
  • the system for file decryption in a server comprising a plurality of tokens (402) which provides cryptographic capabilities to a user in a server environment while the client system (404) provide means for accessing a server by logging in to a server via a predetermined programming language, selecting the encrypted file, X from a database of the server for decryption, decrypting the encrypted file , Y using user private key to obtain an encryption key, SK, encrypting the encryption key, SK using server public key extracted from a server certification to obtain an encrypted file, Z and forwarding the encrypted file, Z to the server.
  • the server system (406) provides means for forwarding the encrypted file, Y from the database of the server for decryption, decrypting the encrypted file, Z using server private key to obtain encryption key, SK and decrypting encrypted file, X using encryption key, SK to obtain an original document.
  • FIG. 1 illustrates a sequence diagram for encryption and decryption of files in a server environment.
  • FIG. 2 is a flowchart illustrating a method for file encryption in a server.
  • FIG. 3 is a flowchart illustrating a method for file decryption in a server.
  • FIG.4 illustrates a system for encryption and decryption of files in a server environment.
  • FIG. 1 illustrates a sequence diagram for encryption and decryption of files in a server environment
  • FIG. 2 is a flowchart illustrating a method for file encryption in a server.
  • FIG. 1 illustrates the interaction between the client side and the server side (client-server system) of the entire process of encryption and decryption of files in a server environment.
  • the methodology and system of file encryption and decryption in a server environment relates to a web-based application wherein every computer is connected to a website which acts as a client while the website's computer acts as a server.
  • the user first logs in to a server via a predetermined language wherein the predetermined language includes Server Side Programming Language (SSL) (202).
  • the predetermined language includes Server Side Programming Language (SSL) (202).
  • SSL Server Side Programming Language
  • the server initializes the encryption process to generate an encryption key, SK (206) wherein encryption key is a sequence of numbers used to encrypt data.
  • the encrypted key, SK is used to encrypt at least one file in the server to obtain X (208).
  • the encrypted file, X is encrypted using the encryption key, SK generated by the server.
  • the encrypted file, X is stored in a database of the server (210).
  • the user public key is used to encrypt the encryption key, SK to obtain Y (212) wherein Y is an encrypted file which is encrypted using the user public key.
  • Public key relates to a value which is provided by a designated authority used to effectively encrypt messages and/or data.
  • the process for using public keys is known as a public key infrastructure (PKI) wherein a PKI (public key infrastructure) enables the encryption and decryption of files to be conducted in a server environment.
  • the encrypted file, Y is stored in the database of the server (214). Reference is now being made to FIG. 3.
  • FIG. 3 is a flowchart illustrating a method for file decryption in a server. As illustrated in FIG.
  • the user first logs in to a server via a predetermined language wherein the predetermined language includes Server Side Programming Language (SSL) (302).
  • the encrypted file, X which is encrypted using the encrypted key, SK is selected from a database of the server for decryption (304).
  • the encrypted file, Y which is encrypted using a user public key is retrieved from the database of the server (306).
  • the encrypted file, Y is decrypted using user private key to obtain the encryption key, SK (310).
  • the private key member is kept private and secure. As the user public key is used to encrypt the files, the private key is used to decrypt the files.
  • the user private key is an authentication token (402) wherein the authentication token is a small hardware device which provides authorization to a network.
  • the device may be in the form of a smart card or may be embedded in a commonly used object such as a USB token.
  • the encryption key, SK is encrypted using server public key which is extracted from a server certification to obtain an encrypted file, Z (312).
  • the encrypted file, Z is forwarded to the server (314) and further decrypted using server private key to obtain encryption key, SK (316).
  • the encrypted key, SK is used to decrypt the encrypted file, X to obtain an original document (318).
  • the methodology of the present invention which decrypts the encrypted file, X using the encryption key, SK stores the original document at the server side.
  • FIG. 4 illustrates a system of file encryption and decryption in a server environment.
  • the system (400) for file encryption in a server comprising a plurality of tokens (402) for providing cryptographic capabilities to a user in a server environment.
  • the client system (404) allows the user to access the server by logging in to the server via a predetermined programming language and to select at least one file for encryption upon successful login to a server.
  • the server system (406) provides means for initializing encryption process to generate an encryption key, SK, encrypting at least one file using the encryption key, SK to obtain X, encrypting the encryption key, SK using a user public key to obtain Y and accessing the encrypted file, Y from the database of the server.
  • the database (408) stores the encrypted files X and Y.
  • the system as illustrated in FIG. 4 also provides for file decryption in a server wherein the plurality of tokens (402) provides cryptographic capabilities to a user in a server environment.
  • the client system (404) selects the encrypted file, X from a database of the server for decryption and decrypts the encrypted file, Y using user private key to obtain an encryption key, SK.
  • the client system (404) encrypts the encryption key, SK using server public key which is extracted from a server certification to obtain an encrypted file, Z and forwards the encrypted file, 2 to the server.
  • the server system (406) forwards the encrypted file, Y from the database of the server for decryption and decrypts the encrypted file, Z using server private key to obtain encryption key, SK.
  • the server system decrypts the encrypted file, X using encryption key, SK to obtain an original document.
  • the methodology and system of the present invention which provides for file encryption and decryption in a server operates as a web-based application.
  • the said approach provides for the decrypted document to be stored at the server side to ensure protection of data in the decrypted document.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

One embodiment of the present invention is a method for file encryption in a server, the method (200) comprising the steps of accessing a server by logging in to a server via a predetermined programming language (202), selecting at least one file for encryption upon successful login to a server (204), initializing encryption process to generate an encryption key, SK (206), encrypting at least one file using the encryption key, SK to obtain X (208), storing X in a database of the server (210), encrypting the encryption key, SK using a user public key to obtain Y (212) and storing Y in the database of the server (214). Another embodiment of the present invention is a method for file decryption in a server, the method (300) comprising the steps of accessing a server by logging in to a server via a predetermined programming language (302), selecting the encrypted file, X from a database of the server for decryption (304), accessing the encrypted file, Y from the database of the server (306), forwarding the encrypted file, Y from the database of the server for decryption (308), decrypting the encrypted file, Y using user private key to obtain an encryption key, SK (310), encrypting the encryption key, SK using server public key extracted from a server certification to obtain an encrypted file, Z (312), forwarding the encrypted file, Z to the server (314), decrypting the encrypted file, Z using server private key to obtain encryption key, SK (316) and decrypting encrypted file, X using encryption key, SK to obtain an original document (318). Another embodiment of the present invention is a system for file encryption and decryption in a server, the system (400) comprising a plurality of tokens (402), a client system (404), a server system (406) and a database (408).

Description

A METHOD AND SYSTEM FOR FILE ENCRYPTION AND DECRYPTION IN A
SERVER
FIELD OF INVENTION
The present invention relates to a method and system for encrypting and decrypting files in a server environment.
BACKGROUND ART
Encryption is the process of encoding information/data based on a specific algorithm to make it unreadable to unauthorized people unless the user is in possession of a specific key. The result of the process is encrypted information. Decryption relates to the process of decoding information/data that has been encrypted into a secret format. Decryption requires a secret key to decode the said information/data.
At present, the currently existing encryption and decryption process is performed as a non web-based application as private key is being stored in the hardware based on the user/client side. The type and length of the keys utilized depends upon the encryption algorithm and the amount of security needed. In conventional symmetric encryption a single key is used. With this key, the sender can encrypt a message and a recipient can decrypt the message but the security of the key becomes problematic. In asymmetric encryption, pair keys are used; public and private key. Public key is a shared key and anyone can get access to the key. Private key is a secret key that must be kept securely and no one can get access to the key except the owner of the key. Sender can encrypt a message with recipient's public key and recipient can only successfully decrypt the message with recipient's private key. For web-based application, the problem encounters during the decryption process where the secured message is on the server side while the user's private key is stored in the hardware token on the user/client side.
The present invention provides the methodology and system for encrypting and decrypting file in a server environment with the private key being stored at the user/client side in a token format. The user will not have a copy of the decrypted document as the decrypted document will not be stored in the user's computer as the said document will be stored at the server side upon decryption of the said data.
The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one exemplary technology area where some embodiments described herein may be practice.
SUMMARY OF INVENTION
One aspect of the present invention is a method for file encryption in a server. The method comprising the steps of accessing a server by logging in to a server via a predetermined programming language (202), selecting at least one file for encryption upon successful login to a server (204), initializing encryption process to generate an encryption key, SK (206), encrypting at least one file using the encryption key, SK to obtain X (208), storing X in a database of the server (210), encrypting the encryption key, SK using a user public key to obtain Y (212) and storing Y in the database of the server (214).
Another aspect of the present invention is a method (300) for file decryption in a server. The method comprising the steps of accessing a server by logging in to a server via a predetermined programming language (302), selecting the encrypted file, X from a database of the server for decryption (304), accessing the encrypted file, Y from the database of the server (306), forwarding the encrypted file, Y from the database of the server for decryption (308), decrypting the encrypted file, Y using user private key tb obtain an encryption key, SK (310), encrypting the encryption key, SK using server public key extracted from a server certification to obtain an encrypted file, Z (312), forwarding the encrypted file, Z to the server (314), decrypting the encrypted file, Z using server private key to obtain encryption key, SK (316) and decrypting encrypted file, X using encryption key, SK to obtain an original document (318).The user private key is maintained at the user/client side wherein the present methodology of encryption and decryption is conducted at the server side.
Another aspect of the present invention is a system (400) for file encryption and decryption in a server. The system (400) comprising a plurality of tokens (402), a client system (404), a server system (406) and a database (408). The system for file encryption in a server comprising a plurality of tokens (402) which provides cryptographic capabilities to a user in a server environment while the client system (404) provide means for accessing a server by logging in to a server via a predetermined programming language, selecting at least one file for encryption upon successful login to a server, The server system (406) provide means for initializing encryption process to generate an encryption key, SK, encrypting at least one file using the encryption key, SK to obtain X, encrypting the encryption key, SK using a user public key to obtain Y and accessing the encrypted file, Y which is related to X from the database of the server. The database (408) stores the encrypted files, X and Y.
The system for file decryption in a server comprising a plurality of tokens (402) which provides cryptographic capabilities to a user in a server environment while the client system (404) provide means for accessing a server by logging in to a server via a predetermined programming language, selecting the encrypted file, X from a database of the server for decryption, decrypting the encrypted file , Y using user private key to obtain an encryption key, SK, encrypting the encryption key, SK using server public key extracted from a server certification to obtain an encrypted file, Z and forwarding the encrypted file, Z to the server. The server system (406) provides means for forwarding the encrypted file, Y from the database of the server for decryption, decrypting the encrypted file, Z using server private key to obtain encryption key, SK and decrypting encrypted file, X using encryption key, SK to obtain an original document. The present invention consists of features and a combination of parts hereinafter fully described and illustrated in the accompanying drawings, it being understood that various changes in the details may be made without departing from the scope of the invention or sacrificing any of the advantages of the present invention.
BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS
To further clarify various aspects of some embodiments of the present invention, a more particular description of the invention will be rendered by references to specific embodiments thereof, which are illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail through the accompanying drawings in which: FIG. 1 illustrates a sequence diagram for encryption and decryption of files in a server environment.
FIG. 2 is a flowchart illustrating a method for file encryption in a server. FIG. 3 is a flowchart illustrating a method for file decryption in a server.
FIG.4 illustrates a system for encryption and decryption of files in a server environment.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
The invention relates to a method and system for encrypting and decrypting file in a server environment. Hereinafter, this specification will describe the present invention according to the preferred embodiments. It is to be understood that limiting the description to the preferred embodiments of the invention is merely to facilitate discussion of the present invention and it is envisioned without departing from the scope of the appended claims. Reference is first being made to FIG. 1 and FIG. 2 respectively. FIG. 1 illustrates a sequence diagram for encryption and decryption of files in a server environment while FIG. 2 is a flowchart illustrating a method for file encryption in a server. FIG. 1 illustrates the interaction between the client side and the server side (client-server system) of the entire process of encryption and decryption of files in a server environment. The methodology and system of file encryption and decryption in a server environment relates to a web-based application wherein every computer is connected to a website which acts as a client while the website's computer acts as a server.
The user first logs in to a server via a predetermined language wherein the predetermined language includes Server Side Programming Language (SSL) (202). Upon successful log-in to the server, the user first selects at least one file for encryption (204). Thereafter, the server initializes the encryption process to generate an encryption key, SK (206) wherein encryption key is a sequence of numbers used to encrypt data. The encrypted key, SK is used to encrypt at least one file in the server to obtain X (208). The encrypted file, X is encrypted using the encryption key, SK generated by the server. Subsequently, the encrypted file, X is stored in a database of the server (210). The user public key is used to encrypt the encryption key, SK to obtain Y (212) wherein Y is an encrypted file which is encrypted using the user public key. Public key relates to a value which is provided by a designated authority used to effectively encrypt messages and/or data. The process for using public keys is known as a public key infrastructure (PKI) wherein a PKI (public key infrastructure) enables the encryption and decryption of files to be conducted in a server environment. The encrypted file, Y is stored in the database of the server (214). Reference is now being made to FIG. 3. FIG. 3 is a flowchart illustrating a method for file decryption in a server. As illustrated in FIG. 3, the user first logs in to a server via a predetermined language wherein the predetermined language includes Server Side Programming Language (SSL) (302). The encrypted file, X which is encrypted using the encrypted key, SK is selected from a database of the server for decryption (304). Subsequently, the encrypted file, Y which is encrypted using a user public key is retrieved from the database of the server (306). Thereafter, the encrypted file, Y is decrypted using user private key to obtain the encryption key, SK (310). The private key member is kept private and secure. As the user public key is used to encrypt the files, the private key is used to decrypt the files. The user private key is an authentication token (402) wherein the authentication token is a small hardware device which provides authorization to a network. The device may be in the form of a smart card or may be embedded in a commonly used object such as a USB token. The encryption key, SK is encrypted using server public key which is extracted from a server certification to obtain an encrypted file, Z (312). The encrypted file, Z is forwarded to the server (314) and further decrypted using server private key to obtain encryption key, SK (316). The encrypted key, SK is used to decrypt the encrypted file, X to obtain an original document (318). The methodology of the present invention which decrypts the encrypted file, X using the encryption key, SK stores the original document at the server side.
Reference is now being made to FIG. 4. FIG. 4 illustrates a system of file encryption and decryption in a server environment. As illustrated in FIG. 4, the system (400) for file encryption in a server comprising a plurality of tokens (402) for providing cryptographic capabilities to a user in a server environment. The client system (404) allows the user to access the server by logging in to the server via a predetermined programming language and to select at least one file for encryption upon successful login to a server. The server system (406) provides means for initializing encryption process to generate an encryption key, SK, encrypting at least one file using the encryption key, SK to obtain X, encrypting the encryption key, SK using a user public key to obtain Y and accessing the encrypted file, Y from the database of the server. The database (408) stores the encrypted files X and Y. The system as illustrated in FIG. 4 also provides for file decryption in a server wherein the plurality of tokens (402) provides cryptographic capabilities to a user in a server environment. The client system (404) selects the encrypted file, X from a database of the server for decryption and decrypts the encrypted file, Y using user private key to obtain an encryption key, SK. Subsequently, the client system (404) encrypts the encryption key, SK using server public key which is extracted from a server certification to obtain an encrypted file, Z and forwards the encrypted file, 2 to the server. The server system (406) forwards the encrypted file, Y from the database of the server for decryption and decrypts the encrypted file, Z using server private key to obtain encryption key, SK. Thereafter, the server system decrypts the encrypted file, X using encryption key, SK to obtain an original document.
The methodology and system of the present invention which provides for file encryption and decryption in a server operates as a web-based application. The said approach provides for the decrypted document to be stored at the server side to ensure protection of data in the decrypted document.
The present invention may be embodied in other specific forms without departing from its essential characteristics. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore indicated by the appended claims rather than by the foregoing description. All changes, which come within the meaning and range of equivalency of the claims, are to be embraced within their scope.

Claims

1. A method (200) for file encryption in a server, the method comprising the steps of: accessing a server by logging in to a server via a predetermined programming language (202);
selecting at least one file for encryption upon successful login to a server (204);
initializing encryption process to generate an encryption key, SK (206); encrypting at least one file using the encryption key, SK to obtain X (208); storing X in a database of the server (210);
encrypting the encryption key, SK using a user public key to obtain Y (212); and
storing Y in the database of the server (214).
2. The method according to Claim 1, wherein the predetermined programming language includes Server Side Programming Language (SSL).
3. The method according to Claim 1, wherein X is an encrypted file which is encrypted using the encryption key, SK generated by the server.
4. The method according to Claim 1, wherein Y is an encrypted file which is encrypted using a user public key.
5. A method (300) for file decryption in a server, the method comprising the steps of. accessing a server by logging in to a server via a predetermined programming language (302);
selecting the encrypted file, X from a database of the server for decryption (304);
accessing the encrypted file, Y from the database of the server (306); forwarding the encrypted file, Y from the database of the server for decryption (308);
decrypting the encrypted file, Y using user private key to obtain an encryption key, SK (310);
encrypting the encryption key, SK using server public key extracted from a server certification to obtain an encrypted file, Z (312);
forwarding the encrypted file, Z to the server (314);
decrypting the encrypted file, Z using server private key to obtain encryption key, SK (316);
decrypting encrypted file, X using encryption key, SK to obtain an original document (318).
The method according to Claim 5, wherein the predetermined programming language includes Server Side Programming Language (SSL).
The method according to Claim 5, wherein the user private key is an authentication token.
The method according to Claim 7, wherein the authentication token includes smart card and USB token.
The method according to Claim 5, wherein the user private key maintains at the user and/or client side.
10. The method according to Claim 5, wherein decrypting encrypted file, X using encryption key, SK to obtain an original document further comprises storing the original document at the server side.
11. A system (400) for file encryption in a server, the system comprising: a plurality of tokens (402) for providing cryptographic capabilities to a user in a server environment; a client system (404), accessing a server by logging in to a server via a predetermined programming language;
selecting at least one file for encryption upon successful login to a server,
a server system (406);
initializing encryption process to generate an encryption key, SK; encrypting at least one file using the encryption key, SK to obtain X;
encrypting the encryption key, SK using a user public key to obtain Y;
accessing the encrypted file, Y from the database of the server. a database (408);
storing the encrypted files X and Y.
12. A system (400) for file decryption in a server, the system comprising: a plurality of tokens (402) for providing cryptographic capabilities to a user in a server environment; a client system (404), accessing a server by logging in to a server via a predetermined programming language;
selecting the encrypted file, X from a database of the server for decryption; decrypting the encrypted file, Y using user private key to obtain an encryption key, SK; encrypting the encryption key, SK using server public key extracted from a server certification to obtain an encrypted file, Z; and
forwarding the encrypted file, Z to the server; a server system (406),
forwarding the encrypted file, Y from the database of the server for decryption;
decrypting the encrypted file, Z using server private key to obtain encryption key, SK; and
decrypting encrypted file, X using encryption key, SK to obtain an original document.
PCT/MY2010/000305 2010-10-20 2010-11-29 A method and system for file encryption and decryption in a server WO2012053886A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2010004934A MY151312A (en) 2010-10-20 2010-10-20 A method and system for file encryption and decryption in a server
MYPI2010004934 2010-10-20

Publications (1)

Publication Number Publication Date
WO2012053886A1 true WO2012053886A1 (en) 2012-04-26

Family

ID=45975432

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2010/000305 WO2012053886A1 (en) 2010-10-20 2010-11-29 A method and system for file encryption and decryption in a server

Country Status (2)

Country Link
MY (1) MY151312A (en)
WO (1) WO2012053886A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103425938A (en) * 2013-08-01 2013-12-04 亚太宝龙科技(湖南)有限公司 Folder encryption method and device for Unix-like operating system
CN103559453A (en) * 2013-05-23 2014-02-05 深圳市中易通网络技术有限公司 Hardware encryption protection method and system for cellphone data
CN103577769A (en) * 2013-11-05 2014-02-12 曙光云计算技术有限公司 File content safety management method and management system
CN103632107A (en) * 2012-08-23 2014-03-12 苏州慧盾信息安全科技有限公司 Mobile terminal information safety protection system and method
CN105243338A (en) * 2015-11-18 2016-01-13 哈尔滨工业大学 USB flash disk file encryption and decryption system and USB flash disk file encryption and decryption method based on combination of high-performance DSP and ARM
CN107038390A (en) * 2017-04-10 2017-08-11 谭宁敏 File encryption decryption system
CN110661748A (en) * 2018-06-28 2020-01-07 武汉斗鱼网络科技有限公司 Log encryption method, log decryption method and log encryption device

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106254324B (en) * 2016-07-26 2019-05-17 杭州文签网络技术有限公司 A kind of encryption method and device of storage file

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008250369A (en) * 2007-03-29 2008-10-16 Sorun Corp Management method of secrete data file, management system and proxy server therefor
US20100138656A1 (en) * 2008-11-28 2010-06-03 International Business Machines Corporation Shielding a Sensitive File
US20100185852A1 (en) * 2007-07-05 2010-07-22 Hitachi Software Engineering Co., Ltd. Encryption and decryption method for shared encrypted file

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008250369A (en) * 2007-03-29 2008-10-16 Sorun Corp Management method of secrete data file, management system and proxy server therefor
US20100185852A1 (en) * 2007-07-05 2010-07-22 Hitachi Software Engineering Co., Ltd. Encryption and decryption method for shared encrypted file
US20100138656A1 (en) * 2008-11-28 2010-06-03 International Business Machines Corporation Shielding a Sensitive File

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103632107A (en) * 2012-08-23 2014-03-12 苏州慧盾信息安全科技有限公司 Mobile terminal information safety protection system and method
CN103559453A (en) * 2013-05-23 2014-02-05 深圳市中易通网络技术有限公司 Hardware encryption protection method and system for cellphone data
CN103425938A (en) * 2013-08-01 2013-12-04 亚太宝龙科技(湖南)有限公司 Folder encryption method and device for Unix-like operating system
CN103577769A (en) * 2013-11-05 2014-02-12 曙光云计算技术有限公司 File content safety management method and management system
CN105243338A (en) * 2015-11-18 2016-01-13 哈尔滨工业大学 USB flash disk file encryption and decryption system and USB flash disk file encryption and decryption method based on combination of high-performance DSP and ARM
CN107038390A (en) * 2017-04-10 2017-08-11 谭宁敏 File encryption decryption system
CN110661748A (en) * 2018-06-28 2020-01-07 武汉斗鱼网络科技有限公司 Log encryption method, log decryption method and log encryption device
CN110661748B (en) * 2018-06-28 2022-01-04 武汉斗鱼网络科技有限公司 Log encryption method, log decryption method and log encryption device

Also Published As

Publication number Publication date
MY151312A (en) 2014-05-15

Similar Documents

Publication Publication Date Title
US9544135B2 (en) Methods of and systems for facilitating decryption of encrypted electronic information
US6266420B1 (en) Method and apparatus for secure group communications
JP6290932B2 (en) Data security service
EP1676281B1 (en) Efficient management of cryptographic key generations
US20170195119A1 (en) Key rotation techniques
CN112313683A (en) Offline storage system and using method
KR101874721B1 (en) Identity authentication system, apparatus, and method, and identity authentication request apparatus
KR20210061426A (en) Double-encrypted secret portion allowing assembly of the secret using a subset of the double-encrypted secret portion
US20110145576A1 (en) Secure method of data transmission and encryption and decryption system allowing such transmission
WO2012053886A1 (en) A method and system for file encryption and decryption in a server
JP6678457B2 (en) Data security services
EP3476078B1 (en) Systems and methods for authenticating communications using a single message exchange and symmetric key
US20100232604A1 (en) Controlling access to content using multiple encryptions
CN110868291B (en) Data encryption transmission method, device, system and storage medium
US20080098214A1 (en) Encryption/decryption method, method for safe data transfer across a network, computer program products and computer readable media
US20220014354A1 (en) Systems, methods and devices for provision of a secret
US8732481B2 (en) Object with identity based encryption
US9558362B2 (en) Data encryption using an external arguments encryption algorithm
JP2001244925A (en) System and method for managing enciphered data and storage medium
Chidambaram et al. Enhancing the security of customer data in cloud environments using a novel digital fingerprinting technique
Sujithra et al. ID based adaptive-key signcryption for data security in cloud environment
CN112528309A (en) Data storage encryption and decryption method and device
WO2023154418A1 (en) Method and apparatus for provisioning node-locking confidential data
KR101240247B1 (en) Proxy re-encryption Method using two secret key, Method for decrypting of Proxy re-encryption message
JPH11143359A (en) Enciphering device, decoding device, information sharing device, enciphering method, decoding method, information processing method, and recording medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10858714

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10858714

Country of ref document: EP

Kind code of ref document: A1