DATA SECURITY IN AN OFF-PREMISE ENVIRONMENT

US 20080080718A1
Filed: 12/20/2006
Published: 04/03/2008
Est. Priority Date: 09/29/2006
Status: Active Grant

First Claim

Patent Images

1. A system that facilitates secure data management, comprising:

a security component that automatically encrypts data for transfer to an off-premise store using a key associated with an intended user; and

a partitioning component that separates an off-premise store into a plurality of segments, wherein a set of the segments are associated the intended user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system that enables a cloud-based data repository to function as a secure ‘drop-box’ for data that corresponds to a user is provided. The ‘drop box’ can be facilitated through the use of cryptographic keying technologies. For instance, data that is ‘dropped’ by or on behalf of a particular user can be encrypted using a public key that corresponds to a user-specific private key. Thus, although the data resides within the large pool of ‘cloud-based’ data, it is protected since it can only be decrypted by using the private key, which is kept secret. The innovation can further facilitate user-centric secure storage by partitioning the cloud-based repository into multiple partitions, each of which corresponds to specific indexing criteria.

Citations

20 Claims

1. A system that facilitates secure data management, comprising:
- a security component that automatically encrypts data for transfer to an off-premise store using a key associated with an intended user; and
  
  a partitioning component that separates an off-premise store into a plurality of segments, wherein a set of the segments are associated the intended user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system of claim 1, further comprising the off-premise store that maintains the data in at least a subset of the partitioned segments.
  - 3. The system of claim 1, the key is a public key that corresponds to a private key of the intended user.
  - 4. The system of claim 1, the key is generated as a function of a cryptographic key pair that corresponds to the intended user.
  - 5. The system of claim 4, the key is transferred to the transferor via a digital envelope.
  - 6. The system of claim 1, the security component includes a certificate authority that enables that enables the transferor to verify that the key corresponds to the intended user.
  - 7. The system of claim 1, the partitioning component divides the off-premise store based upon an identity of a user.
  - 8. The system of claim 1, the partitioning component divides the off-site resource store as a function of at least one of strength of the encryption and encryption algorithm.
  - 9. The system of claim 1, further comprising a key management component that associates the key with the identity of the intended user.
  - 10. The system of claim 9, the key management component generates the public/private cryptographic key pair as a function of the identity of the intended user.
  - 11. The system of claim 9, the key management component retrieves the key based upon the identity of the intended user, the key is used to encrypt the data for storage associated to the intended user.
  - 12. The system of claim 1, further comprising a decryption component that enables decryption of the data using a private key that corresponds to the key.
  - 13. The system of claim 12, the security component limits decryption ability based at least in part upon service type, service identity, user preference or policy.
  - 14. The system of claim 1, further comprising a machine learning and reasoning component that employs at least one of a probabilistic and a statistical-based analysis that infers an action that a user desires to be automatically performed.

15. A computer-implemented method of securing data transmission, comprising:
- encrypting data in an on-premise environment using a public key that corresponds to an identity of an intended user of the data;
  
  transmitting the encrypted data to an off-premise environment; and
  
  storing the encrypted data in a store located in the off-premise environment.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, further comprising:
    - generating the public key; and
      
      securely transferring the public key to enable encryption of the data.
  - 17. The method of claim 15, further comprising locating the public key from an off-premise key storage as a function of the identity.
  - 18. The method of claim 15, further comprising verifying that the public key corresponds to the identity of the intended user.

19. A computer-executable system that facilitates secure management of data in an off-premise environment, comprising:
- means for establishing an identity of an intended user of data;
  
  means for encrypting the data using a cryptographic key that corresponds to the identity of the intended user; and
  
  means for storing the data into at least one of a plurality of partitions of a store located in the off-premise environment.
- View Dependent Claims (20)
- - 20. The system of claim 19, further comprising:
    - means for generating the cryptographic key;
      
      means for distributing a private key that corresponds to the cryptographic key; and
      
      means for decrypting the data using the private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Cheng, Lili, Meijer, Henricus Johannes Maria, Ozzie, Raymond E., Zaner-Godsey, Melora, Gounares, Alexander G., Snyder, Ira L., Bergstraesser, Thomas F., Mishra, Debi P., Connolly, Michael, Gates, William H.

Granted Patent

US 8,705,746 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/282
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 9/083   involving central third par...

H04L 9/321   involving a third party or ...

DATA SECURITY IN AN OFF-PREMISE ENVIRONMENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DATA SECURITY IN AN OFF-PREMISE ENVIRONMENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links