Method, apparatus and computer program product for securely sharing a content item
First Claim
1. A computer-implemented method, comprising executing, on at least one processor, the steps of:
- storing an encrypted content item on behalf of a first user;
storing an identifier enabling identification of an encryption key used to encrypt the content item;
storing a list comprising one or more other users trusted to access the encrypted content item;
notifying a second user that the second user is trusted to access the encrypted content item;
receiving an authentication request comprising information identifying the second user;
in response to receiving the authentication request, performing an authentication operation in connection with the authentication request by authenticating the information identifying the second user;
upon successful authentication of the second user, issuing an access token to the second user that grants access to the content item encrypted by the first user;
receiving the access token from the second user;
in response to receiving the access token, validating the access token to confirm that the second user has access to the content item encrypted by the first user;
providing, by a content management server and to the second user, the encrypted content item and the identifier enabling identification of the encryption key used to encrypt the content item;
receiving, from the second user, a request requesting a decryption key suitable for decrypting the encrypted content item, the request comprising the identifier enabling identification of the encryption key used to encrypt the content item;
in response to receiving the request, utilizing the identifier to obtain the decryption key for decrypting the encrypted content item; and
providing, by a key management server and to the second user, the decryption key for enabling the second user to decrypt the encrypted content item;
wherein the content management server is separate to the key management server; and
further wherein the second user will not be provided with all of the encrypted content item, the identifier and the decryption key by the content management server and the key management server until the access token is validated.
11 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are techniques for securely sharing a content item. The techniques comprise receiving an authorization grant. The techniques also comprise utilizing the authorization grant to obtain an access token. The access token includes credentials for enabling access to a content item. The techniques further include requesting one of an encryption or decryption key from a key management system. The one of the encryption or decryption key facilitates encryption or decryption operations in connection with the content item. The techniques still further comprising performing an encryption or decryption operation in connection with the content item. The one of the encryption or decryption operation is performed using the corresponding one of the encryption or decryption key.
-
Citations
3 Claims
-
1. A computer-implemented method, comprising executing, on at least one processor, the steps of:
-
storing an encrypted content item on behalf of a first user; storing an identifier enabling identification of an encryption key used to encrypt the content item; storing a list comprising one or more other users trusted to access the encrypted content item; notifying a second user that the second user is trusted to access the encrypted content item; receiving an authentication request comprising information identifying the second user; in response to receiving the authentication request, performing an authentication operation in connection with the authentication request by authenticating the information identifying the second user; upon successful authentication of the second user, issuing an access token to the second user that grants access to the content item encrypted by the first user; receiving the access token from the second user; in response to receiving the access token, validating the access token to confirm that the second user has access to the content item encrypted by the first user; providing, by a content management server and to the second user, the encrypted content item and the identifier enabling identification of the encryption key used to encrypt the content item; receiving, from the second user, a request requesting a decryption key suitable for decrypting the encrypted content item, the request comprising the identifier enabling identification of the encryption key used to encrypt the content item; in response to receiving the request, utilizing the identifier to obtain the decryption key for decrypting the encrypted content item; and providing, by a key management server and to the second user, the decryption key for enabling the second user to decrypt the encrypted content item; wherein the content management server is separate to the key management server; and further wherein the second user will not be provided with all of the encrypted content item, the identifier and the decryption key by the content management server and the key management server until the access token is validated.
-
-
2. A computer program product having a non-transitory computer readable medium which stores a set of instructions, the set of instructions, when carried out by computerized processing circuitry, causing the computerized processing circuitry to perform a method of:
-
storing an encrypted content item on behalf of a first user; storing an identifier enabling identification of an encryption key used to encrypt the content item; storing a list comprising one or more other users trusted to access the encrypted content item; notifying a second user that the second user is trusted to access the encrypted content item; receiving an authentication request comprising information identifying the second user; in response to receiving the authentication request, performing an authentication operation in connection with the authentication request by authenticating the information identifying the second user; upon successful authentication of the second user, issuing an access token to the second user that grants access to the content item encrypted by the first user; receiving the access token from the second user; in response to receiving the access token, validating the access token to confirm that the second user has access to the content item encrypted by the first user; providing, by a content management server and to the second user, the encrypted content item and the identifier enabling identification of the encryption key used to encrypt the content item; receiving, from the second user, a request requesting a decryption key suitable for decrypting the encrypted content item, the request comprising the identifier enabling identification of the encryption key used to encrypt the content item; in response to receiving the request, utilizing the identifier to obtain the decryption key for decrypting the encrypted content item; and providing, by a key management server and to the second user, the decryption key for enabling the second user to decrypt the encrypted content item; wherein the content management server is separate to the key management server; and further wherein the second user will not be provided with all of the encrypted content item, the identifier and the decryption key by the content management server and the key management server until the access token is validated.
-
-
3. A device, comprising:
-
memory; and processing circuitry coupled to the memory, the memory storing program code which, when executed by the processing circuitry, cause the processing circuitry to; store an encrypted content item on behalf of a first user; store an identifier enabling identification of an encryption key used to encrypt the content item; store a list comprising one or more other users trusted to access the encrypted content item; notify a second user that the second user is trusted to access the encrypted content item; receive an authentication request comprising information identifying the second user; in response to receiving the authentication request, perform an authentication operation in connection with the authentication request by authenticating the information identifying the second user; upon successful authentication of the second user, issue an access token to the second user that grants access to the content item encrypted by the first user; receive the access token from the second user; in response to receiving the access token, validate the access token to confirm that the second user has access to the content item encrypted by the first user; provide, by a content management server and to the second user, the encrypted content item and the identifier enabling identification of the encryption key used to encrypt the content item; receive, from the second user, a request requesting a decryption key suitable for decrypting the encrypted content item, the request comprising the identifier enabling identification of the encryption key used to encrypt the content item; in response to receiving the request, utilize the identifier to obtain the decryption key for decrypting the encrypted content item; and provide, by a key management server and to the second user, the decryption key for enabling the second user to decrypt the encrypted content item; wherein the content management server is separate to the key management server; and further wherein the second user will not be provided with all of the encrypted content item, the identifier and the decryption key by the content management server and the key management server until the access token is validated.
-
Specification