Method and system for sharing encrypted content

US 10,432,394 B2
Filed: 07/11/2014
Issued: 10/01/2019
Est. Priority Date: 03/09/2010
Status: Active Grant

First Claim

Patent Images

1. A method of encrypting and/or decrypting content by a first user having a first computer, using a first permit obtained from a system for sharing content, which has been encrypted, between the first user and a second user having a second computer, the method comprising:

providing the first permit for use by the first user, the first permit having an encrypted first content key for use to encrypt and/or decrypt the content and having an encrypted first workspace key, the first workspace key being independent of the first user and including one or more control parameters associated with the first workspace, for use to encrypt and/or decrypt the first content key;

obtaining by the first computer the first permit and therefrom the encrypted first content key and the encrypted first workspace key;

decrypting by the first computer the encrypted first workspace key to obtain the first workspace key and using the first workspace key to decrypt the encrypted first content key to obtain the first content key;

using by the first computer the first content key to encrypt the content and provide the encrypted content and/or decrypting the encrypted content using the first content key to obtain the content;

using by the second user'"'"'s second computer a second permit obtained from the system for sharing encrypted content, the second permit having a second encrypted first content key for use to encrypt and/or decrypt the content and having a second encrypted first workspace key for use to encrypt and/or decrypt the first content key;

obtaining by the second computer the second permit and therefrom the second encrypted first content key and the second encrypted first workspace key;

decrypting by the second computer the second encrypted first workspace key to obtain the first workspace key and using the first workspace key to decrypt the encrypted first content key to obtain the first content key; and

using by the second computer the first content key to encrypt the content and provide the encrypted content and/or decrypting the encrypted content using the first content key to obtain the content, wherein users sharing the same workspace share a common community key defining the users who are members of a community, the first workspace key being operable to encrypt and/or decrypt using the community key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to the field of sharing encrypted content. In one form, the invention relates to multiple user access and management of encrypted content. In one particular aspect, the present invention is suitable for use in community controlled encryption of shared content using indirect keys.

The present invention relates to the use of encrypted intermediate key(s), such as an encrypted community key and/or workspace key. A changeable group of users is associated with a community key. Changeable set of content is associated with a workspace key. The present invention also uses permits in association with encrypted keys.

Citations

24 Claims

1. A method of encrypting and/or decrypting content by a first user having a first computer, using a first permit obtained from a system for sharing content, which has been encrypted, between the first user and a second user having a second computer, the method comprising:
- providing the first permit for use by the first user, the first permit having an encrypted first content key for use to encrypt and/or decrypt the content and having an encrypted first workspace key, the first workspace key being independent of the first user and including one or more control parameters associated with the first workspace, for use to encrypt and/or decrypt the first content key;
  
  obtaining by the first computer the first permit and therefrom the encrypted first content key and the encrypted first workspace key;
  
  decrypting by the first computer the encrypted first workspace key to obtain the first workspace key and using the first workspace key to decrypt the encrypted first content key to obtain the first content key;
  
  using by the first computer the first content key to encrypt the content and provide the encrypted content and/or decrypting the encrypted content using the first content key to obtain the content;
  
  using by the second user'"'"'s second computer a second permit obtained from the system for sharing encrypted content, the second permit having a second encrypted first content key for use to encrypt and/or decrypt the content and having a second encrypted first workspace key for use to encrypt and/or decrypt the first content key;
  
  obtaining by the second computer the second permit and therefrom the second encrypted first content key and the second encrypted first workspace key;
  
  decrypting by the second computer the second encrypted first workspace key to obtain the first workspace key and using the first workspace key to decrypt the encrypted first content key to obtain the first content key; and
  
  using by the second computer the first content key to encrypt the content and provide the encrypted content and/or decrypting the encrypted content using the first content key to obtain the content, wherein users sharing the same workspace share a common community key defining the users who are members of a community, the first workspace key being operable to encrypt and/or decrypt using the community key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method as claimed in claim 1, wherein the first workspace key encrypts and/or decrypts a second content key.
  - 3. The method as claimed in claim 2, whereinthe first content key is used to encrypt and/or decrypt first content and the second content key is used to encrypt and/or decrypt second content.
  - 4. The method as claimed in claim 1, wherein the second encrypted first workspace key obtained by the second user is a duplicate of the encrypted first workspace key obtained by the first user.
  - 5. The method as claimed in claim 4, wherein the first content key is only used to encrypt and/or decrypt the first content.
  - 6. The method as claimed in claim 1, wherein the encrypted first content key obtained by the second user is a duplicate of the encrypted first content key obtained by the first user.
  - 7. The method as claimed in claim 1, wherein the first permit provides information necessary for the first user and/or the first computer to perform predetermined operations.
  - 8. The method as claimed in claim 1, wherein the first permit has an encrypted second content key for use with second content.
  - 9. The method as claimed in claim 1, wherein the first permit has an encrypted second workspace key.
  - 10. The method as claimed in claim 9, wherein each workspace key is common to users encrypting and/or decrypting the same content.
  - 11. The method as claimed in claim 1, wherein each computer has a respective private key which enables the respective workspace key(s) and/or respective content key(s) to be obtained from the respective permit.
  - 12. The method as claimed in claim 1, wherein any permit further comprises at least one of:
    - Certificate(s);
      
      Encrypted key(s);
      
      Parameter(s);
      
      Encrypted Parameter(s);
      
      Parts of parameters;
      
      Information limited to a particular user; and
      
      Information limited to particular content.
  - 13. The method as claimed in claim 1, wherein any permit and/or information contained in the permit is provided via a permit service.
  - 14. The method as claimed in claim 1, wherein the first permit contains information for the first user on a need to know basis.
  - 15. The method as claimed in claim 1, wherein any permit contains information for any user on a need to know basis.
  - 16. The method of claim 1, comprising:
    - using by the first computer the first content key to encrypt first content and provide the encrypted first content; and
      
      using by the first computer the first content key to decrypt encrypted second content using the first content key to obtain the second content.

17. A system for sharing content using encryption and decryption comprising:
- a permit source for providing at least first and second permits;
  
  a first computer operative by a first user for-encrypting and/or decrypting content using a first permit obtained from said permit source, anda second computer in communication with said first computer and operative by a second user, for encrypting and/or decrypting content which has been encrypted,wherein said permit source provides the first permit for use by the first user, the first permit having an encrypted first content key, for use to encrypt and/or decrypt the content and having an encrypted first workspace key for use to encrypt and/or decrypt the first content key, the first workspace key being independent of the first user and including one or more control parameters associated with the first workspace;
  
  wherein the first computer obtains the first permit and therefrom the encrypted first content key and the encrypted first workspace key;
  
  wherein the first computer decrypts the encrypted first workspace key to obtain the first workspace key and uses the first workspace key to decrypt the encrypted first content key to obtain the first content key;
  
  wherein the first computer uses the first content key to encrypt the content and provide the encrypted content and/or decrypt the encrypted content using the first content key to obtain the content;
  
  wherein the second computer obtains the second permit from the permit source, the second permit having a second encrypted first content key for use to encrypt and/or decrypt the content and having a second encrypted first workspace key for use to encrypt and/or decrypt the first content key;
  
  wherein the second computer decrypts the second encrypted first workspace key to obtain the first workspace key and uses the first workspace key to decrypt the encrypted first content key to obtain the first content key;
  
  wherein the second computer uses the first content key to encrypt the content and provide the encrypted content and/or uses the first content key to decrypt the encrypted content and obtain the content; and
  
  wherein users sharing the same workspace share a common community key defining the users who are members of a community, the first workspace key being operable to encrypt and/or decrypt using the community key.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The system as claimed in claim 17, wherein the first workspace key encrypts and/or decrypts a second content key.
  - 19. The system as claimed in claim 18, wherein the first content key is used to encrypt and/or decrypt first content and the second content key is used to encrypt and/or decrypt second content.
  - 20. The system as claimed in claim 17, wherein the encrypted first content key obtained by the second user is a duplicate of the encrypted first content key obtained by the first user.
  - 21. The system as claimed in claim 17, wherein each said first computer and second computer has a respective private key which enables the respective workspace key(s) and/or respective content key(s) to be obtained from the respective permit.
  - 22. The system as claimed in claim 17, wherein each of said first and second permit further comprises at least one of:
    - Certificate(s);
      
      Encrypted key(s);
      
      Parameter(s);
      
      Encrypted Parameter(s);
      
      Parts of parameters;
      
      Information limited to a particular user; and
      
      Information limited to particular content.
  - 23. The system as claimed in claim 17, wherein any permit and/or information contained in the permit is provided via said permit source.
  - 24. The system of claim 17 wherein:
    - the first computer uses the first content key to encrypt first content; and
      
      the first computer uses the first content key to decrypt encrypted second content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
KL Data Security Pty Limited
Original Assignee
KL Data Security Pty Limited
Inventors
Hook, David Geoffrey, Harvey, Richard Hans, Dettman, Peter Kai
Primary Examiner(s)
Pearson, David J

Application Number

US14/329,060
Publication Number

US 20140325231A1
Time in Patent Office

1,908 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/62   Protecting access to data v...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/60   Digital content management,...

H04L 63/0435   wherein the sending and rec...

H04L 63/065   for group communications cr...

H04L 63/104   Grouping of entities

H04L 9/0822   using key encryption key

H04L 9/088   Usage controlling of secret...

Method and system for sharing encrypted content

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for sharing encrypted content

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links