Methods and systems for providing access control to secured data

US 10,229,279 B2
Filed: 01/10/2017
Issued: 03/12/2019
Est. Priority Date: 12/12/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method, comprising:

determining, by a server device, whether an old key associated with a user should be updated;

generating, by the server device, based on determining that the old key should be updated, a new key using a cipher to replace the old key;

encrypting the new key using credential information of the user;

receiving a request from the user to access a secured document that is secured using the old key;

decrypting, by the server device, at least a portion of the secured document using the old key in response to receiving the request;

encrypting, by the server device, the at least a portion of the secured document using the new key in response to receiving the request; and

upon authorizing the user to access the new key at the server, transmitting, by the server device, the new key to a client device of the user, wherein the new key enables the user to access the requested secured document.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a system for providing access control management to electronic data, techniques to secure the electronic data and keep the electronic data secured at all times are disclosed. According to one embodiment, a secured file or secured document includes two parts: an attachment, referred to as a header, and an encrypted document or data portion. The header includes security information that points to or includes the access rules and a file key. The access rules facilitate restrictive access to the secured document and essentially determine who/when/how/where the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion. Only those who have the proper access privileges are permitted to retrieve the file key to encrypt/decrypt the encrypted data portion.

Citations

20 Claims

1. A method, comprising:
- determining, by a server device, whether an old key associated with a user should be updated;
  
  generating, by the server device, based on determining that the old key should be updated, a new key using a cipher to replace the old key;
  
  encrypting the new key using credential information of the user;
  
  receiving a request from the user to access a secured document that is secured using the old key;
  
  decrypting, by the server device, at least a portion of the secured document using the old key in response to receiving the request;
  
  encrypting, by the server device, the at least a portion of the secured document using the new key in response to receiving the request; and
  
  upon authorizing the user to access the new key at the server, transmitting, by the server device, the new key to a client device of the user, wherein the new key enables the user to access the requested secured document.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the user is a human, a group of human users, an application, a process, a server, a client, a software agent, a group of software agents, a software application, a database query, devices, or executing computer processes that submit or spawn requests for electronic data and can be associated with a user key.
  - 3. The method of claim 1, wherein the determining further comprises:
    - automatically determining whether the old key should be updated based on predetermined criteria.
  - 4. The method of claim 1, wherein the determining further comprises:
    - determining whether the old key should be updated based on a second request by the user.
  - 5. The method of claim 1, wherein the determining further comprises:
    - determining whether the old key should be updated based on a key update schedule.
  - 6. The method of claim 1, wherein the determining further comprises:
    - determining that the old key should be updated when the old key has expired or been in use for a predetermined period of time.
  - 7. The method of claim 1, wherein the transmitting further comprises:
    - releasing the new key for download by the user to the client device of the user.
  - 8. The method of claim 1, wherein the transmitting further comprises:
    - storing the new key at a server; and
      
      authorizing the user to access the new key at the server.
  - 9. The method of claim 1, wherein old key and the new key are group keys.
  - 10. The method of claim 1, wherein the user is a group of users.

11. A non-transitory computer-readable medium having stored thereon executable program instructions, execution of which by a computing device causes the computing device to perform operations comprising:
- determining, by a server device, whether an old key associated with a user should be updated;
  
  generating, by the server device, based on determining that the old should be updated, a new key using a cipher to replace the old key;
  
  encrypting the new key using credential information of the user;
  
  subsequently receiving a request from the user to access a secured document that is secured using the old key;
  
  decrypting, by the server device, at least a portion of the secured document using the old key in response to receiving the request;
  
  encrypting, by the server device, the at least a portion of the secured document using the new key in response to receiving the request; and
  
  upon authorizing the user to access the new key at the server, transmitting, by the server device, the new key to a client device of the user, wherein the new key enables the user to access the requested secured document.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The non-transitory computer-readable medium of claim 11, wherein the user is a human, a group of human users, an application, a process, a server, a client, a software agent, a group of software agents, a software application, a database query, devices, or executing computer processes that submit or spawn requests for electronic data and can be associated with a user key.
  - 13. The non-transitory computer-readable medium of claim 11, wherein to determine whether an old key associated with a user should be updated the operations further comprise:
    - automatically determining whether the old key should be updated based on predetermined criteria.
  - 14. The non-transitory computer-readable medium of claim 11 wherein to determine whether an old key associated with a user should be updated the operations further comprise:
    - determining whether the old key should be updated based on a second request by the user.
  - 15. The non-transitory computer-readable medium of claim 11, wherein to determine whether an old key associated with a user should be updated the operations further comprise:
    - determining whether the old key should be updated based on a key update schedule.
  - 16. The non-transitory computer-readable medium of claim 11, wherein to determine whether an old key associated with a user should be updated the operations further comprise:
    - determining that the old key should be updated when the old key has expired or been in use for a predetermined period of time.
  - 17. The non-transitory computer-readable medium of claim 11, wherein to transmit the operations further comprise:
    - releasing the new key for download by the user to the client device of the user.
  - 18. The non-transitory computer-readable medium of claim 11, wherein to transmit the operations further comprise:
    - storing the new key at a server; and
      
      authorizing the user to access the new key at the server.
  - 19. The non-transitory computer-readable medium of claim 11, wherein old key and the new key are group keys.

20. A system, comprising:
- a server device;
  
  a key manager, implemented on the server device, configured to;
  
  determine whether an old key associated with a user should be updated;
  
  generate, based on determining that the old key should be updated, a new key using a cipher to replace the old key;
  
  encrypt the new key using credential information of the user;
  
  subsequently receive a request from the user to access a secured document that is secured using the old key;
  
  decrypt at least a portion of the secured document using the old key in response to receiving the request;
  
  encrypt the at least a portion of the secured document using the new key in response to receiving the request; and
  
  upon the server device authorizing the user to access the new key at the server, transmit the new key to a client device of the user, wherein the new key enables the user to access the requested secured document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Inventors
Garcia, Denis Jacques Paul, Ouye, Michael Michio, Rossmann, Alain, Crocker, Steven Toye, Gilbertson, Eric, Huang, Weiqing, Humpich, Serge, Vainstein, Klimenty, Ryan, Nicholas Michael
Primary Examiner(s)
Chai, Longbit

Application Number

US15/402,883
Publication Number

US 20170213045A1
Time in Patent Office

791 Days
Field of Search

713165
US Class Current
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2107   File encryption

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/12   Applying verification of th...

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

Methods and systems for providing access control to secured data

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for providing access control to secured data

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links