 Apparatus for unfolding and activating a portable telephone |
| It is an object of the present invention to provide a folding portable telephone which allows ... |
|
| Straddle inspection system |
| I claim: 1. An apparatus for radiographic inspection of vehicles and large containers comprising, a ... |
|
| Method and system for measuring usage of advanced intelligent network services |
| Accordingly, it is an object of the present invention to provide a method and system for measuring ... |
|
| Sound volume controlling apparatus |
| Therefore, the object of the present invention is to provide a sound volume controlling apparatus ... |
|
| Telecommunication system having a capability of changing the alerting tone |
| Accordingly, it is a general object of the present invention to provide a novel and useful ... |
|
| Method and apparatus for improving the accuracy of noninvasive hematocrit measurements |
| The objective of embodiments of the present invention is to provide a more reliable and accurate ... |
|
| Telephone call screening circuit |
| OF THE EXEMPLARY EMBODIMENT FIGS. 1A and 1B are together a detailed schematic diagram of a ... |
|
| Ring trip circuit having a simple trip detecting circuit of a high response speed |
| Accordingly, it is an object of the present invention to provide a ring trip circuit which has ... |
|
| Method and circuit for creating a modulated signal in a transceiver |
| OF THE INVENTION The structures in FIGS. 1-4 are discussed in the general part of the present ... |
|
| Mobile unit and a method for enabling a dial lock in the mobile unit |
| An object of the present invention is to make it possible to enable a dial lock, with great safety, ... |
|
|
Method and apparatus for controlling access to encrypted data files in a computer system
| Details |
Inventors: Eldridge, Alan D.; Kaufman, Charles W.;
Assignee: International Business Machines Corp. (Armonk, NY)
Primary Examiner: Cangialosi; Salvatore
Assistant Examiner:
Attorney, Agent or Firm: Kudirka & Jobse, LLP
In a system in which encrypted information can be protected and maintained by multiple users using passwords in concert, a file with secure data contains both an unencrypted header and an encrypted data portion. The data portion contains both the secured data and a list of hashed passwords and is encrypted with a single file key. The unencrypted file header contains two tables. The first table is a list passwords, where each password is cryptographically hashed using a second, different hashing technique than the hashed passwords in the data portion of the file. The second table is a list of cryptographically hashed combinations of cryptographically hashed passwords, where the combinations correspond to authorized user quorums and the passwords are hashed using the same technique as the passwords stored in the data portion of the file. Each hashed combination on the list is also used as a password key to encrypt the file key. During use of the system, an authorized user must enter a password which, when hashed, can be found in the first table. If the entered password is found in the first table, a check is made to determine if enough authorized users have entered passwords to form a quorum. If there is a quorum, then passwords of the users in the quorum are hashed with the first hashing technique, combined and hashed again to form a password key. The file key can be decrypted with the password key and used to decrypt the file. The hashed passwords in the protected portion of the file can then be used to maintain the password lists. |
|
DETAILED DESCRIPTION A secure system is achieved in accordance with the principles of the invention by utilizing both an unencrypted header file and an encrypted data file.
The data file contains a list of cryptographically hashed passwords in addition to the data to be secured.
The data file contents are encrypted with a single file key.
The unencrypted header file contains two tables.
The first table is a list of authorized user names and corresponding hashed passwords where the passwords are hashed using a second, different hashing technique than the hashed passwords in the data file.
The second table is a list of hashed combinations of hashed passwords, where the combinations correspond to authorized user quorums and the passwords are hashed using the same technique as the passwords stored in the data file.
Each hashed combination on the list is also used as a password key to encrypt the file key.
During use of the system, an authorized user must enter a password which, when hashed, can be found in the first table.
If the entered password is found in the first table, a check is made to determine if enough authorized users have entered passwords to form a quorum.
If there is a quorum, then passwords of the users in the quorum are hashed with the hashing technique used on passwords in the data file, combined and hashed again to form a password key.
The file key can then be decrypted with the password key and used to decrypt the file.
The hashed passwords in the protected portion of the file can then be used to maintain the password lists without requiring all users to reenter their passwords.
Anyone gaining access to the unencrypted file cannot obtain the passwords themselves.
Similarly, anyone gaining access to the encrypted file can obtain the hashed passwords, but again cannot directly obtain the passwords.
Since it is fairly common for users to utilize the same password for several files, the inventive arrangement prevents users from obtaining any password and possibly using it to improperly gain access to other files
|
|
Ring Tones 
