PORTABLE SECURE DATA FILES
First Claim
1. One or more computer storage media having stored thereon multiple instructions that, when executed by one or more processors of a device, cause the one or more processors to:
- receive a request associated with a current user of the device to access a portable secure data file including an encrypted data portion and a metadata portion;
access a service record in the metadata portion;
access a remote service associated with the service record; and
receive, from the remote service, an indication of whether the current user of the device can access the encrypted data portion.
2 Assignments
0 Petitions
Accused Products
Abstract
A portable secure data file includes an encrypted data portion and a metadata portion. When a request associated with a current user of a device to access a portable secure data file is received, one or more records in the metadata portion are accessed to determine whether the current user is permitted to access the file data in the encrypted data portion. If a record indicates the user is permitted to access the file data, a content encryption key in that record is used to decrypt the encrypted data portion.
169 Citations
20 Claims
-
1. One or more computer storage media having stored thereon multiple instructions that, when executed by one or more processors of a device, cause the one or more processors to:
-
receive a request associated with a current user of the device to access a portable secure data file including an encrypted data portion and a metadata portion; access a service record in the metadata portion; access a remote service associated with the service record; and receive, from the remote service, an indication of whether the current user of the device can access the encrypted data portion. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method implemented in a computing device, the method comprising:
-
obtaining a portable secure data file including an encrypted data portion and a metadata portion; identifying whether a record in the metadata portion permits a user of the computing device to decrypt both the encrypted data portion and an encrypted access control policy in the metadata portion; and allowing the user to have a desired access privilege to the encrypted data portion only if the record is present in the metadata portion and the encrypted access control policy indicates that the user is to have the desired access privilege to the encrypted data portion. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method of generating a portable secure data file, the method comprising:
-
receiving a request to create a portable secure data file including a metadata portion and a data portion; storing, in the data portion, encrypted data of the portable secure data file, the encrypted data having been encrypted using a content encryption key; and storing, in the metadata portion; an encrypted access control policy identifying types of access one or more users are permitted to have to the portable secure data file, the access control policy having been encrypted using a policy encryption key; a signature record affirming the integrity of the portable secure data file; and one or more records each including both the policy encryption key and the content encryption key, each of the one or more records identifying one or more users that are permitted to decrypt both the encrypted policy encryption key and the encrypted content encryption key. - View Dependent Claims (20)
-
Specification