Sharing encrypted documents within and outside an organization
First Claim
Patent Images
1. A method comprises:
- providing an information management system having a key management server and a computing device;
providing the computing device having an encryption service module;
providing the key management server having a secret, wherein the secret is not known to the encryption service module;
at the computing device at a time T1, saving a document opened in an application program by a user;
at the encryption service module, detecting a file save operation on the document;
at the encryption service module, collecting user information of the user;
at the encryption service module, sending the user information to the key management server;
at the key management server, creating a document identifier for the document;
at the key management server, creating a first encryption key with the document identifier, the user information and the secret;
at the encryption service module, receiving the document identifier and the first encryption key from the key management server;
at the encryption service module, creating a second encryption key;
at the encryption service module, encrypting the document with the second encryption key to produce encrypted content;
at the encryption service module, encrypting the second encryption key with the first encryption key to produce an encrypted second encryption key;
at the encryption service module, storing the document identifier, the user information, the encrypted second encryption key and the encrypted content in an encrypted document;
at the computing device at a time T2, opening the encrypted document in the application program by the user, wherein T2 happens some time after T1;
at the encryption service module, detecting a file open operation on the encrypted document;
at the encryption service module, retrieving the document identifier and the user information in the encrypted document;
at the encryption service module, sending the document identifier and the user information to the key management server;
at the key management server, creating a third encryption key with the document identifier, the user information and the secret;
at the encryption service module, receiving the third encryption key from the key management server;
at the encryption service module, decrypting the encrypted second encryption key in the encrypted document with the third encryption key to produce a fourth encryption key; and
at the encryption service module, decrypting the encrypted content in the encrypted document with the fourth encryption key to produce unencrypted content.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system of creating and managing encryption keys that facilitates sharing of encrypted content. The system may include an information management system with a key management server and a computing device having an encryption service module. The encryption service module detects operations at the computing device and encrypts a document with an encryption key created using user information and a secret.
29 Citations
25 Claims
-
1. A method comprises:
-
providing an information management system having a key management server and a computing device; providing the computing device having an encryption service module; providing the key management server having a secret, wherein the secret is not known to the encryption service module; at the computing device at a time T1, saving a document opened in an application program by a user; at the encryption service module, detecting a file save operation on the document; at the encryption service module, collecting user information of the user; at the encryption service module, sending the user information to the key management server; at the key management server, creating a document identifier for the document; at the key management server, creating a first encryption key with the document identifier, the user information and the secret; at the encryption service module, receiving the document identifier and the first encryption key from the key management server; at the encryption service module, creating a second encryption key; at the encryption service module, encrypting the document with the second encryption key to produce encrypted content; at the encryption service module, encrypting the second encryption key with the first encryption key to produce an encrypted second encryption key; at the encryption service module, storing the document identifier, the user information, the encrypted second encryption key and the encrypted content in an encrypted document; at the computing device at a time T2, opening the encrypted document in the application program by the user, wherein T2 happens some time after T1; at the encryption service module, detecting a file open operation on the encrypted document; at the encryption service module, retrieving the document identifier and the user information in the encrypted document; at the encryption service module, sending the document identifier and the user information to the key management server; at the key management server, creating a third encryption key with the document identifier, the user information and the secret; at the encryption service module, receiving the third encryption key from the key management server; at the encryption service module, decrypting the encrypted second encryption key in the encrypted document with the third encryption key to produce a fourth encryption key; and at the encryption service module, decrypting the encrypted content in the encrypted document with the fourth encryption key to produce unencrypted content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprises:
-
providing an information management system having a key management server and a computing device; providing the computing device having an encryption service module; providing the key management server having a secret, wherein the secret is not known to the encryption service module; at the computing device at a time T1, saving a document opened in an application program by a user; at the encryption service module, detecting a file save operation on the document; at the encryption service module, collecting user information of the user; at the encryption service module, creating a document identifier for the document; at the encryption service module, sending the user information and the document identifier to the key management server; at the key management server, creating a first encryption key with the document identifier, the user information and the secret; at the encryption service module, receiving the first encryption key from the key management server; at the encryption service module, creating a second encryption key; at the encryption service module, encrypting the document with the second encryption key to produce encrypted content; at the encryption service module, encrypting the second encryption key with the first encryption key to produce an encrypted second encryption key; at the encryption service module, storing the document identifier, the user information, the encrypted second encryption key and the encrypted content in an encrypted document; at the computing device at a time T2, opening the encrypted document in the application program by the user, wherein T2 happens some time after T1; at the encryption service module, detecting a file open operation on the encrypted document; at the encryption service module, retrieving the document identifier and the user information in the encrypted document; at the encryption service module, sending the document identifier and the user information to the key management server; at the key management server, creating a third encryption key with the document identifier, the user information and the secret; at the encryption service module, receiving the third encryption key from the key management server; at the encryption service module, decrypting the encrypted second encryption key in the encrypted document with the third encryption key to produce a fourth encryption key; and at the encryption service module, decrypting the encrypted content in the encrypted document with the fourth encryption key to produce unencrypted content. - View Dependent Claims (22, 23, 24)
-
-
25. A method comprises:
-
providing an information management system having a key management server, a first computing device and a second computing device; providing the first computing device having a first encryption service module; providing the second computing device having a second encryption service module; providing the key management server having a secret, wherein the secret is not known to the first encryption service module and the second encryption service module; at the first computing device at a time T1, saving a document opened in a first application program by a first user; at the first encryption service module, detecting a file save operation on the document; at the first encryption service module, collecting user information of the first user; at the first encryption service module, sending the user information to the key management server; at the key management server, creating a document identifier for the document; at the key management server, creating a first encryption key with the document identifier, the user information and the secret; at the first encryption service module, receiving the document identifier and the first encryption key from the key management server; at the first encryption service module, creating a second encryption key; at the first encryption service module, encrypting the document with the second encryption key to produce encrypted content; at the first encryption service module, encrypting the second encryption key with the first encryption key to produce an encrypted second encryption key; at the first encryption service module, storing the document identifier, the user information, the encrypted second encryption key and the encrypted content in an encrypted document; at the second computing device at a time T2, opening the encrypted document in a second application program by a second user, wherein T2 happens some time after T1; at the second encryption service module, detecting a file open operation on the encrypted document; at the second encryption service module, retrieving the document identifier and the user information in the encrypted document; at the second encryption service module, sending the document identifier and the user information to the key management server; at the key management server, creating a third encryption key with the document identifier, the user information and the secret; at the second encryption service module, receiving the third encryption key from the key management server; at the second encryption service module, decrypting the encrypted second encryption key in the encrypted document with the third encryption key to produce a fourth encryption key; and at the second encryption service module, decrypting the encrypted content in the encrypted document with the fourth encryption key to produce unencrypted content.
-
Specification