SYSTEM AND METHOD FOR PROTECTING SECRETS FILE

US 20110307705A1
Filed: 03/25/2010
Published: 12/15/2011
Est. Priority Date: 03/25/2009
Status: Active Grant

First Claim

Patent Images

1. A method for protecting a first secrets file, comprising:

generating, by an n-bit generator, a first secrets file name for the first secrets file, wherein the first secrets file comprises a first secret;

generating, by the n-bit generator, a first plurality of decoy file names for a first plurality of decoy files, wherein each of the first plurality of decoy files comprises first decoy file contents, wherein each of the first plurality of decoy files are a same size as the first secrets file, and wherein each of the first plurality of decoy files is associated with a modification time within a range of modification times, wherein a modification time of the first secrets file is within the range of modification times; and

storing the first secrets file and the first plurality of decoy files in a secrets directory.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for protecting a first secrets file. The method includes an n-bit generator generating a secrets file name for the secrets file and generating a decoy file names for decoy files. The secrets file includes a secret. Each of the decoy files includes decoy file contents, are a same size as the secrets file, and is associated with a modification time within a range of modification times. The modification time of the secrets file is within the range of modification times. The secrets file and decoy files are stored in a secrets directory.

Citations

40 Claims

1. A method for protecting a first secrets file, comprising:
- generating, by an n-bit generator, a first secrets file name for the first secrets file, wherein the first secrets file comprises a first secret;
  
  generating, by the n-bit generator, a first plurality of decoy file names for a first plurality of decoy files, wherein each of the first plurality of decoy files comprises first decoy file contents, wherein each of the first plurality of decoy files are a same size as the first secrets file, and wherein each of the first plurality of decoy files is associated with a modification time within a range of modification times, wherein a modification time of the first secrets file is within the range of modification times; and
  
  storing the first secrets file and the first plurality of decoy files in a secrets directory.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first secrets file is generated for a first group of members.
  - 3. The method of claim 2, further comprising:
    - generating, by the n-bit generator, a second secrets file name for a second secrets file for a second group of members, wherein the second secrets file comprises a second secret;
      
      generating, by the n-bit generator, a second plurality of decoy file names and a second decoy file contents for a second plurality of decoy files, wherein each of the second plurality of decoy files comprises second decoy file contents, wherein each of the second plurality of decoy files are a same size as the second secrets file; and
      
      storing the second secrets file and the second plurality of decoy files in the secrets directory.
  - 4. The method of claim 1, further comprising:
    - generating the first secret, wherein generating the first secret comprises;
      
      generating, by the n-bit generator, a first message digest from a group agreed seed for a first group;
      
      extracting the first secret and a second secret from the first message digest; and
      
      storing the first secret and the second secret in the secrets file.
  - 5. The method of claim 4, further comprising:
    - generating, by the n-bit generator, a second message digest using the first secret and the second secret; and
      
      extracting an encryption key from the second message digest,wherein communication between members of the first group are encrypted using the encryption key.
  - 6. The method of claim 1, wherein generating the first secrets file name comprises:
    - generating a message digest using a password of a user of a member of a group, a connect name of the group, a username of the user, and the n-bit generator,wherein the first secrets file name and a secrets file encryption key are extracted from the first secrets file.
  - 7. The method of claim 6, wherein the secrets file is encrypted using the secrets file encryption key and wherein the secrets file is stored in an encrypted format in the secrets directory.

8. A method for encrypting communication, comprising:
- receiving a request to communicate with a group;
  
  obtaining a group agreed connect name corresponding to the group;
  
  obtaining a username and password of a user of a member connecting to the group;
  
  generating a first message digest using the group agreed connect name, the username, the password, and an n-bit generator;
  
  extracting a secrets file name from the first message digest;
  
  obtaining an encrypted secrets file from a secrets directory;
  
  decrypting the encrypted secrets file to obtain a secrets file using a secrets file encryption key obtained from the first message digest;
  
  generating a second message digest using the n-bit generator and a first secret and a second secret from the secrets file; and
  
  encrypting communication between the member and the group using an encryption key obtained, at least in part, from the second message digest.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein the secrets directory comprises a plurality of decoy files.
  - 10. The method of claim 9, wherein each of the plurality of decoy files comprises decoy file contents, wherein each of the plurality of decoy files are a same size as the secrets file.
  - 11. The method of claim 10, wherein each of the plurality of decoy files is associated with a modification time within a range of modification times and a modification time of the secrets file is within the range of modification times.
  - 12. The method of claim 8, wherein the first secret is a static secret and the second secret is a dynamic secret.
  - 13. The method of claim 8, wherein the encryption key is obtained, at least in part, from a third message digest and wherein the third message digest is generated using a portion of the second message digest.

14. A computing device for protecting a secrets file comprising:
- a processor;
  
  a memory; and
  
  software instructions stored in memory for causing the computing device to;
  
  generate, by an n-bit generator, a first secrets file name for the first secrets file, wherein the first secrets file comprises a first secret;
  
  generate, by the n-bit generator, a first plurality of decoy file names for a first plurality of decoy files, wherein each of the first plurality of decoy files comprises first decoy file contents, wherein each of the first plurality of decoy files are a same size as the first secrets file, and wherein each of the first plurality of decoy files is associated with a modification time within a range of modification times, wherein a modification time of the first secrets file is within the range of modification times; and
  
  store the first secrets file and the first plurality of decoy files in a secrets directory.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The computing device of claim 14, wherein the first secrets file is generated for a first group of members.
  - 16. The computing device of claim 15, wherein the software instructions further cause the computing device to:
    - generate, by the n-bit generator, a second secrets file name for a second secrets file for a second group of members, wherein the second secrets file comprises a second secret;
      
      generate, by the n-bit generator, a second plurality of decoy file names and a second decoy file contents for a second plurality of decoy files, wherein each of the second plurality of decoy files comprises second decoy file contents, wherein each of the second plurality of decoy files are a same size as the second secrets file; and
      
      store the second secrets file and the second plurality of decoy files in the secrets directory.
  - 17. The computing device of claim 14, wherein the software instructions further cause the computing device to:
    - generate the first secret, wherein generating the first secret comprises;
      
      generating, by the n-bit generator, a first message digest from a group agreed seed for a first group;
      
      extracting the first secret and a second secret from the first message digest; and
      
      storing the first secret and the second secret in the secrets file.
  - 18. The computing device of claim 17, wherein the software instructions further cause the computing device to:
    - generate, by the n-bit generator, a second message digest using the first secret and the second secret; and
      
      extract an encryption key from the second message digest,wherein communication between members of the first group are encrypted using the encryption key.
  - 19. The computing device of claim 14, wherein generating the first secrets file name comprises:
    - generating a message digest using a password of a user of a member of a group, a connect name of the group, a username of the user, and the n-bit generator,wherein the first secrets file name and a secrets file encryption key are extracted from the first secrets file.
  - 20. The computing device of claim 19, wherein the secrets file is encrypted using the secrets file encryption key and wherein the secrets file is stored in an encrypted format in the secrets directory.
  - 21. The computing device of claim 14, wherein the secrets directory is located on an external device and operatively connected to the computing device.

22. A computing device for encrypting communication, comprising:
- a processor;
  
  a memory; and
  
  software instructions stored in memory for causing the computing device to;
  
  receive a request to communicate with a group;
  
  obtain a group agreed connect name corresponding to the group;
  
  obtain a username and password of a user of a member of the group;
  
  generate a first message digest using the group agreed connect name, the username, the password, and an n-bit generator;
  
  extract a secrets file name from the first message digest;
  
  obtain an encrypted secrets file from a secrets directory;
  
  decrypt the encrypted secrets file to obtain a secrets file using a secrets file encryption key obtained from the first message digest;
  
  generate a second message digest using the n-bit generator and a first secret and a second secret from the secrets file; and
  
  encrypt communication between the member and the group using an encryption key obtained, at least in part, from the second message digest.
- View Dependent Claims (26, 27)
- - 26. The computing device of claim 22, wherein the first secret is a static secret and the second secret is a dynamic secret.
  - 27. The computing device of claim 22, wherein the encryption key is obtained, at least in part, from a third message digest and wherein the third message digest is generated using a portion of the second message digest.

23. The computing device of claim 23, wherein the secrets directory comprises a plurality of decoy files.
- View Dependent Claims (24, 25)
- - 24. The computing device of claim 23, wherein each of the plurality of decoy files comprises decoy file contents, wherein each of the plurality of decoy files are a same size as the secrets file.
  - 25. The computing device of claim 24, wherein each of the plurality of decoy files is associated with a modification time within a range of modification times and a modification time of the secrets file is within the range of modification times.

28. A computer readable medium comprising computer readable program code embodied therein for causing a computer system to perform a method for protecting a first secrets file, the method comprising:
- generating, by an n-bit generator, a first secrets file name for the first secrets file, wherein the first secrets file comprises a first secret;
  
  generating, by the n-bit generator, a first plurality of decoy file names for a first plurality of decoy files, wherein each of the first plurality of decoy files comprises first decoy file contents, wherein each of the first plurality of decoy files are a same size as the first secrets file, and wherein each of the first plurality of decoy files is associated with a modification time within a range of modification times, wherein a modification time of the first secrets file is within the range of modification times; and
  
  storing the first secrets file and the first plurality of decoy files in a secrets directory.
- View Dependent Claims (29, 30, 31, 32, 33, 34)
- - 29. The computer readable medium of claim 28, wherein the first secrets file is generated for a first group of members.
  - 30. The computer readable medium of claim 29, wherein the method further comprises:
    - generating, by the n-bit generator, a second secrets file name for a second secrets file for a second group of members, wherein the second secrets file comprises a second secret;
      
      generating, by the n-bit generator, a second plurality of decoy file names and a second decoy file contents for a second plurality of decoy files, wherein each of the second plurality of decoy files comprises second decoy file contents, wherein each of the second plurality of decoy files are a same size as the second secrets file; and
      
      storing the second secrets file and the second plurality of decoy files in the secrets directory.
  - 31. The computer readable medium of claim 28, wherein the method further comprises:
    - generating the first secret, wherein generating the first secret comprises;
      
      generating, by the n-bit generator, a first message digest from a group agreed seed for a first group;
      
      extracting the first secret and a second secret from the first message digest; and
      
      storing the first secret and the second secret in the secrets file.
  - 32. The computer readable medium of claim 31, wherein the method further comprises:
    - generating, by the n-bit generator, a second message digest using the first secret and the second secret; and
      
      extracting an encryption key from the second message digest,wherein communication between members of the first group are encrypted using the encryption key.
  - 33. The computer readable medium of claim 28, wherein generating the first secrets file name comprises:
    - generating a message digest using a password of a user of a member of a group, a connect name of the group, a username of the user, and the n-bit generator,wherein the first secrets file name and a secrets file encryption key are extracted from the first secrets file.
  - 34. The computer readable medium of claim 33, wherein the secrets file is encrypted using the secrets file encryption key and wherein the secrets file is stored in an encrypted format in the secrets directory.

35. A computer readable medium comprising computer readable program code embodied therein for causing a computer system to perform a method for encrypting communication, the method comprising:
- receiving a request to communicate with a group;
  
  obtaining a group agreed connect name corresponding to the group;
  
  obtaining a username and password of a user of a member of the group;
  
  generating a first message digest using the group agreed connect name, the username, the password, and an n-bit generator;
  
  extracting a secrets file name from the first message digest;
  
  obtaining an encrypted secrets file from a secrets directory;
  
  decrypting the encrypted secrets file to obtain a secrets file using a secrets file encryption key obtained from the first message digest;
  
  generating a second message digest using the n-bit generator and a first secret and a second secret from the secrets file; and
  
  encrypting communication between the member and the group using an encryption key obtained, at least in part, from the second message digest.
- View Dependent Claims (36, 37, 38, 39, 40)
- - 36. The computer readable medium of claim 35, wherein the secrets directory comprises a plurality of decoy files.
  - 37. The computer readable medium of claim 36, wherein each of the plurality of decoy files comprises decoy file contents, wherein each of the plurality of decoy files are a same size as the secrets file.
  - 38. The computer readable medium of claim 36, wherein each of the plurality of decoy files is associated with a modification time within a range of modification times and a modification time of the secrets file is within the range of modification times.
  - 39. The computer readable medium of claim 35, wherein the first secret is a static secret and the second secret is a dynamic secret.
  - 40. The computer readable medium of claim 35, wherein the encryption key is obtained, at least in part, from a third message digest and wherein the third message digest is generated using a portion of the second message digest.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PACid Technologies, LLC
Original Assignee
PACid Technologies, LLC
Inventors
Fielder, Guy

Granted Patent

US 8,726,032 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/181
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 2221/2123   Dummy operation

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2463/121   Timestamp

H04L 63/0428   wherein the data content is...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

SYSTEM AND METHOD FOR PROTECTING SECRETS FILE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR PROTECTING SECRETS FILE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links