Cryptographic key

US 10,083,311 B2
Filed: 06/30/2014
Issued: 09/25/2018
Est. Priority Date: 06/30/2014
Status: Active Grant

First Claim

Patent Images

1. A method for limiting access to a file within a target location, comprising:

receiving, by a first computing device, a request to encrypt the file, the request identifying the target location;

determining, by the first computing device, a plurality of coordinates based on the target location;

generating, by the first computer device and by rounding the plurality of coordinates to a coarser granularity, a plurality of rounded coordinates corresponding to a geographical region comprising the target location;

generating, by the first computer device, a cryptographic key comprising the plurality of rounded coordinates;

generating, by the first computer device, an encrypted version of the file using the cryptographic key;

storing, by the first computer device, the encrypted version of the file in a storage device;

receiving, by a second computing device, a request to decrypt the encrypted version of the file;

determining, by the second computing device, a plurality of test coordinates based on an actual location of the second computing device;

generating, by the second computing device and by rounding the plurality of test coordinates, a plurality of rounded test coordinates corresponding to the geographical region;

generating, by the second computing device, a test cryptographic key comprising the plurality of rounded test coordinates; and

decrypting, by the second computing device and in response to the test cryptographic key equaling the cryptographic key, the encrypted version using the test cryptographic key to obtain the file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for managing a file, including receiving a request to encrypt the file, the request identifying a target location; determining a plurality of coordinates based on the target location; generating a cryptographic key based on the plurality of coordinates; generating an encrypted version of the file using the cryptographic key; and storing the encrypted version of the file.

Citations

12 Claims

1. A method for limiting access to a file within a target location, comprising:
- receiving, by a first computing device, a request to encrypt the file, the request identifying the target location;
  
  determining, by the first computing device, a plurality of coordinates based on the target location;
  
  generating, by the first computer device and by rounding the plurality of coordinates to a coarser granularity, a plurality of rounded coordinates corresponding to a geographical region comprising the target location;
  
  generating, by the first computer device, a cryptographic key comprising the plurality of rounded coordinates;
  
  generating, by the first computer device, an encrypted version of the file using the cryptographic key;
  
  storing, by the first computer device, the encrypted version of the file in a storage device;
  
  receiving, by a second computing device, a request to decrypt the encrypted version of the file;
  
  determining, by the second computing device, a plurality of test coordinates based on an actual location of the second computing device;
  
  generating, by the second computing device and by rounding the plurality of test coordinates, a plurality of rounded test coordinates corresponding to the geographical region;
  
  generating, by the second computing device, a test cryptographic key comprising the plurality of rounded test coordinates; and
  
  decrypting, by the second computing device and in response to the test cryptographic key equaling the cryptographic key, the encrypted version using the test cryptographic key to obtain the file.

2. A method for limiting access to a file based on an internet protocol (IP) address prefix, comprising:
- receiving a request to encrypt the file, the request identifying a plurality of computing devices having permission to decrypt an encrypted version of the file;
  
  generating a cryptographic key comprising the IP address prefix shared by the plurality of computing devices;
  
  generating the encrypted version of the file using the cryptographic key;
  
  storing the encrypted version of the file in a storage device;
  
  obtaining a plurality of coordinates specifying a geographic region comprising the plurality of computing devices using a first global positioning system (GPS) device, wherein the cryptographic key further comprises the plurality of coordinates;
  
  receiving, by a computing device of the plurality of computing devices, a request to decrypt the encrypted version of the file;
  
  determining, by the computing device, an IP address prefix of the computing device;
  
  generating, by the computing device, a test cryptographic key comprising the IP address prefix of the computing device;
  
  decrypting, by the computing device and in response to the test cryptographic key equaling the cryptographic key, the encrypted version using the test cryptographic key to obtain the file;
  
  determining, by the computing device, a location of the computing device using a second GPS device; and
  
  mapping, by the computing device, the location to the plurality of coordinates of the geographic region,wherein the test cryptographic key further comprises the plurality of coordinates.
- View Dependent Claims (3, 4, 5)
- - 3. The method of claim 2, wherein the request to encrypt identifies at least one selected from a group consisting of a campus within the geographic region and a building within the geographic region.
  - 4. The method of claim 2, further comprising:
    - determining, by the computing device, an email address of a user operating the computing device; and
      
      mapping, by the computing device, the email address to a group email address,wherein the request to encrypt specifies the group email address,wherein the cryptographic key further comprises the group email address, andwherein the test cryptographic key further comprises the group email address.
  - 5. The method of claim 4, wherein the group email address corresponds to at least one selected from a group consisting of a human resources (HR) department of a business, an engineering department, and a legal department.

6. A method for limiting access to a file based on an internet protocol (IP) address prefix, comprising:
- receiving, by a computing device of a plurality of computing devices, a request to decrypt an encrypted version of the file,wherein the encrypted version of the file is generated using a cryptographic key, andwherein the cryptographic key comprises the IP address prefix of the plurality of computing devices specified in a request to encrypt the file, the request identifying the plurality of computing devices having permission to decrypt an encrypted version of the file;
  
  determining, by the computing device, an IP address prefix of the computing device;
  
  generating, by the computing device, a test cryptographic key comprising the IP address prefix of the computing device;
  
  decrypting, in response to the test cryptographic key equaling the cryptographic key, the encrypted version using the test cryptographic key to obtain the file;
  
  determining, by the computing device, a location of the computing device using a global position system (GPS) device; and
  
  mapping, by the computing device, the location to a plurality of coordinates of the geographic region,wherein the cryptographic key further comprises the plurality of coordinates, andwherein the test cryptographic key further comprises the plurality of coordinates.
- View Dependent Claims (7)
- - 7. The method of claim 6, further comprising:
    - determining, by the computing device, an email address of a user operating the computing device; and
      
      mapping, by the computing device, the email address to a group email address,wherein the request to encrypt specifies the group email address,wherein the cryptographic key further comprises the group email address, andwherein the test cryptographic key further comprises the group email address.

8. A non-transitory computer readable medium (CRM) storing instructions for limiting access to a file based on an internet protocol (IP) address prefix, the instructions comprising functionality for:
- receiving, by a computing device of a plurality of computing devices, a request to decrypt an encrypted version of the file,wherein the encrypted version of the file is generated using a cryptographic key, andwherein the cryptographic key comprises the IP address prefix of the plurality of computing devices specified in a request to encrypt the file, the request identifying the plurality of computing devices having permission to decrypt an encrypted version of the file;
  
  determining, by the computing device, an IP address prefix of the computing device;
  
  generating, by the computing device, a test cryptographic key comprising the IP address prefix of the computing device;
  
  decrypting, in response to the test cryptographic key equaling the cryptographic key, the encrypted version using the test cryptographic key to obtain the file;
  
  determining, by the computing device, a location of the computing device using a global position system (GPS) device; and
  
  mapping, by the computing device, the location to a plurality of coordinates of the geographic region,wherein the test cryptographic key further comprises the plurality of coordinates, andwherein the cryptographic key further comprises the plurality of coordinates.
- View Dependent Claims (9)
- - 9. The non-transitory CRM of claim 8, the instructions further comprising functionality for:
    - determining, by the computing device, an email address of a user operating the computing device; and
      
      mapping, by the computing device, the email address to the group email address,wherein the request to encrypt specifies the group email address,wherein the cryptographic key further comprises the group email address, andwherein the test cryptographic key further comprises the group email address.

10. A system for limiting access to a file based on an internet protocol (IP) address prefix, comprising:
- a first computing device, comprising;
  
  a first graphical user interface (GUI) that collects a request to encrypt the file, the request identifying the IP address prefix of a plurality of computing devices having permission to decrypt an encrypted version of the file;
  
  a first key generation engine that generates a cryptographic key comprising the IP address prefix of the plurality of computing devices; and
  
  an encryption engine that generates the encrypted version of the file using the cryptographic key; and
  
  a second computing device, comprising;
  
  a second graphical user interface (GUI) that collects a request to decrypt the encrypted version of the file;
  
  a second key generation engine that;
  
  determines an IP address prefix of the second computing device;
  
  generates a test cryptographic key comprising the IP address prefix of the second computing device, wherein the plurality of computing devices includes the second computing device; and
  
  a decryption engine that decrypts, in response to the test cryptographic key equaling the cryptographic key, the encrypted version using the test cryptographic key to obtain the file, wherein;
  
  the first computing device further comprises;
  
  a first global positioning system (GPS) device that obtains a plurality of coordinates for a geographic region comprising the plurality of computing devices,wherein the cryptographic key further comprises the plurality of coordinates; and
  
  the second computing device further comprises;
  
  a second GPS device that obtains a location of the second computing device and maps the location to the plurality of coordinates of the geographic region,wherein the test cryptographic key further comprises the plurality of coordinates.
- View Dependent Claims (11, 12)
- - 11. The system of claim 10, wherein the request to encrypt identifies at least one selected from a group consisting of a campus within the geographic region and a building within the geographic region.
  - 12. The system of claim 10, wherein the second computing device:
    - determines an email address of a user operating the second computing device; and
      
      maps the email address to the group email address,wherein the request to encrypt specifies the group email address,wherein the cryptographic key further comprises the group email address, andwherein the test cryptographic key further comprises the group email address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Konica Minolta Laboratory U.S.A., Inc. (Konica Minolta Inc.)
Original Assignee
Konica Minolta Laboratory U.S.A., Inc. (Konica Minolta Inc.)
Inventors
Nordback, Kurt N.
Primary Examiner(s)
Rahman, Mahfuzur
Assistant Examiner(s)
VICTORIA, NARCISO F

Application Number

US14/320,359
Publication Number

US 20150379286A1
Time in Patent Office

1,548 Days
Field of Search

713165
US Class Current
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 9/0872   using geo-location informat...

Cryptographic key

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic key

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links