Method, apparatus and computer program product for securely sharing a content item

US 10,225,084 B1
Filed: 12/29/2015
Issued: 03/05/2019
Est. Priority Date: 12/29/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising executing, on at least one processor, the steps of:

storing an encrypted content item on behalf of a first user;

storing an identifier enabling identification of an encryption key used to encrypt the content item;

storing a list comprising one or more other users trusted to access the encrypted content item;

notifying a second user that the second user is trusted to access the encrypted content item;

receiving an authentication request comprising information identifying the second user;

in response to receiving the authentication request, performing an authentication operation in connection with the authentication request by authenticating the information identifying the second user;

upon successful authentication of the second user, issuing an access token to the second user that grants access to the content item encrypted by the first user;

receiving the access token from the second user;

in response to receiving the access token, validating the access token to confirm that the second user has access to the content item encrypted by the first user;

providing, by a content management server and to the second user, the encrypted content item and the identifier enabling identification of the encryption key used to encrypt the content item;

receiving, from the second user, a request requesting a decryption key suitable for decrypting the encrypted content item, the request comprising the identifier enabling identification of the encryption key used to encrypt the content item;

in response to receiving the request, utilizing the identifier to obtain the decryption key for decrypting the encrypted content item; and

providing, by a key management server and to the second user, the decryption key for enabling the second user to decrypt the encrypted content item;

wherein the content management server is separate to the key management server; and

further wherein the second user will not be provided with all of the encrypted content item, the identifier and the decryption key by the content management server and the key management server until the access token is validated.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are techniques for securely sharing a content item. The techniques comprise receiving an authorization grant. The techniques also comprise utilizing the authorization grant to obtain an access token. The access token includes credentials for enabling access to a content item. The techniques further include requesting one of an encryption or decryption key from a key management system. The one of the encryption or decryption key facilitates encryption or decryption operations in connection with the content item. The techniques still further comprising performing an encryption or decryption operation in connection with the content item. The one of the encryption or decryption operation is performed using the corresponding one of the encryption or decryption key.

Citations

3 Claims

1. A computer-implemented method, comprising executing, on at least one processor, the steps of:
- storing an encrypted content item on behalf of a first user;
  
  storing an identifier enabling identification of an encryption key used to encrypt the content item;
  
  storing a list comprising one or more other users trusted to access the encrypted content item;
  
  notifying a second user that the second user is trusted to access the encrypted content item;
  
  receiving an authentication request comprising information identifying the second user;
  
  in response to receiving the authentication request, performing an authentication operation in connection with the authentication request by authenticating the information identifying the second user;
  
  upon successful authentication of the second user, issuing an access token to the second user that grants access to the content item encrypted by the first user;
  
  receiving the access token from the second user;
  
  in response to receiving the access token, validating the access token to confirm that the second user has access to the content item encrypted by the first user;
  
  providing, by a content management server and to the second user, the encrypted content item and the identifier enabling identification of the encryption key used to encrypt the content item;
  
  receiving, from the second user, a request requesting a decryption key suitable for decrypting the encrypted content item, the request comprising the identifier enabling identification of the encryption key used to encrypt the content item;
  
  in response to receiving the request, utilizing the identifier to obtain the decryption key for decrypting the encrypted content item; and
  
  providing, by a key management server and to the second user, the decryption key for enabling the second user to decrypt the encrypted content item;
  
  wherein the content management server is separate to the key management server; and
  
  further wherein the second user will not be provided with all of the encrypted content item, the identifier and the decryption key by the content management server and the key management server until the access token is validated.

2. A computer program product having a non-transitory computer readable medium which stores a set of instructions, the set of instructions, when carried out by computerized processing circuitry, causing the computerized processing circuitry to perform a method of:
- storing an encrypted content item on behalf of a first user;
  
  storing an identifier enabling identification of an encryption key used to encrypt the content item;
  
  storing a list comprising one or more other users trusted to access the encrypted content item;
  
  notifying a second user that the second user is trusted to access the encrypted content item;
  
  receiving an authentication request comprising information identifying the second user;
  
  in response to receiving the authentication request, performing an authentication operation in connection with the authentication request by authenticating the information identifying the second user;
  
  upon successful authentication of the second user, issuing an access token to the second user that grants access to the content item encrypted by the first user;
  
  receiving the access token from the second user;
  
  in response to receiving the access token, validating the access token to confirm that the second user has access to the content item encrypted by the first user;
  
  providing, by a content management server and to the second user, the encrypted content item and the identifier enabling identification of the encryption key used to encrypt the content item;
  
  receiving, from the second user, a request requesting a decryption key suitable for decrypting the encrypted content item, the request comprising the identifier enabling identification of the encryption key used to encrypt the content item;
  
  in response to receiving the request, utilizing the identifier to obtain the decryption key for decrypting the encrypted content item; and
  
  providing, by a key management server and to the second user, the decryption key for enabling the second user to decrypt the encrypted content item;
  
  wherein the content management server is separate to the key management server; and
  
  further wherein the second user will not be provided with all of the encrypted content item, the identifier and the decryption key by the content management server and the key management server until the access token is validated.

3. A device, comprising:
- memory; and
  
  processing circuitry coupled to the memory, the memory storing program code which, when executed by the processing circuitry, cause the processing circuitry to;
  
  store an encrypted content item on behalf of a first user;
  
  store an identifier enabling identification of an encryption key used to encrypt the content item;
  
  store a list comprising one or more other users trusted to access the encrypted content item;
  
  notify a second user that the second user is trusted to access the encrypted content item;
  
  receive an authentication request comprising information identifying the second user;
  
  in response to receiving the authentication request, perform an authentication operation in connection with the authentication request by authenticating the information identifying the second user;
  
  upon successful authentication of the second user, issue an access token to the second user that grants access to the content item encrypted by the first user;
  
  receive the access token from the second user;
  
  in response to receiving the access token, validate the access token to confirm that the second user has access to the content item encrypted by the first user;
  
  provide, by a content management server and to the second user, the encrypted content item and the identifier enabling identification of the encryption key used to encrypt the content item;
  
  receive, from the second user, a request requesting a decryption key suitable for decrypting the encrypted content item, the request comprising the identifier enabling identification of the encryption key used to encrypt the content item;
  
  in response to receiving the request, utilize the identifier to obtain the decryption key for decrypting the encrypted content item; and
  
  provide, by a key management server and to the second user, the decryption key for enabling the second user to decrypt the encrypted content item;
  
  wherein the content management server is separate to the key management server; and
  
  further wherein the second user will not be provided with all of the encrypted content item, the identifier and the decryption key by the content management server and the key management server until the access token is validated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Inventors
Machani, Salah E.
Primary Examiner(s)
Pham, Luu T
Assistant Examiner(s)
Baum, Ronald

Application Number

US14/982,798
Time in Patent Office

1,162 Days
Field of Search

713164
US Class Current
CPC Class Codes

G06F 21/6209   to a single file or object,...

H04L 2209/60   Digital content management,...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/083   using passwords cryptograph...

H04L 9/083   involving central third par...

H04L 9/3213   using tickets or tokens, e....

Method, apparatus and computer program product for securely sharing a content item

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

3 Claims

Specification

Solutions

Use Cases

Quick Links

Method, apparatus and computer program product for securely sharing a content item

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

3 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links