Abstract: A performance-optimized secure hierarchical referencing system, for example to implement a cryptographic file system (CFS) in which files or other data are stored in a cryptographic tree structure on a untrusted environment. The system operates by using adaptive cryptographic access control (ACAC) whereby the data on the client (user) side is encrypted using keys. All said keys (with the exception of an entry key) are not stored but are calculated, and a dedicated symmetric key is used for each element in the referencing system (e.g. files, records, comments) to ensure that read/write permissions can be distributed to selected third parties at element level and actively revoked where required (sharing/revocation).
Abstract: A performance-optimized secure hierarchical referencing system, for example to implement a cryptographic file system (CFS) in which files or other data are stored in a cryptographic tree structure on a untrusted environment. The system operates by using adaptive cryptographic access control (ACAC) whereby the data on the client (user) side is encrypted using keys. All said keys (with the exception of an entry key) are not stored but are calculated, and a dedicated symmetric key is used for each element in the referencing system (e.g. files, records, comments) to ensure that read/write permissions can be distributed to selected third parties at element level and actively revoked where required (sharing/revocation).
Abstract: The invention relates to methods for storing and finding data of clients which are identifiable by unique client identifiers on a memory device, wherein these data include at least client data identification values which the client assigns arbitrarily to the data, and these data of the client are found on the memory device exclusively by means of these client data identification values. An access control entity is provided which has an adaptable positive list as a listing of the client identifiers of the selected client which, exclusively in a session setup step, beginning with a session start enquiry, obtain a temporary supplementary information item from this access control entity and with this information item can store and find data on the memory device, each temporary supplementary information item losing its validity after a specific time period.
Abstract: The invention relates to methods for storing and finding data of clients which are identifiable by unique client identifiers on a memory device, wherein these data include at least client data identification values which the client assigns arbitrarily to the data, and these data of the client are found on the memory device exclusively by means of these client data identification values. An access control entity is provided which has an adaptable positive list as a listing of the client identifiers of the selected client which, exclusively in a session setup step, beginning with a session start enquiry, obtain a temporary supplementary information item from this access control entity and with this information item can store and find data on the memory device, each temporary supplementary information item losing its validity after a specific time period.