Secure Data Synchronization
First Claim
Patent Images
1. One or more computer-readable hardware storage media comprising computer-readable instructions which, when executed, implement:
- a synchronization host configured to;
receive at a device encrypted data from an external low cost storage and request that the encrypted data be decrypted; and
request that sensitive data from the device be encrypted before the sensitive data is stored on the external low cost storage; and
a security module configured to;
receive one or more security keys from an external high cost storage that is separate from the low cost storage;
decrypt the encrypted data using a decryption key from the one or more security keys; and
encrypt the sensitive data using an encryption key from the one or more security keys to generate encrypted sensitive data.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for secure data synchronization are described. In one or more implementations, techniques may be employed to conserve high cost data storage by storing larger portions of encrypted data in low cost storage, while storing relatively smaller encryption keys in higher cost storage. A device that is granted access to the encryption keys can retrieve the encrypted data from the low cost storage and use the encryption keys to decrypt the encrypted data.
97 Citations
20 Claims
-
1. One or more computer-readable hardware storage media comprising computer-readable instructions which, when executed, implement:
-
a synchronization host configured to; receive at a device encrypted data from an external low cost storage and request that the encrypted data be decrypted; and request that sensitive data from the device be encrypted before the sensitive data is stored on the external low cost storage; and a security module configured to; receive one or more security keys from an external high cost storage that is separate from the low cost storage; decrypt the encrypted data using a decryption key from the one or more security keys; and encrypt the sensitive data using an encryption key from the one or more security keys to generate encrypted sensitive data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
receiving a request for encrypted data from an application executing on a device; ascertaining whether an application identifier for the application matches an application identifier used to mark the encrypted data; and if the application identifier for the application matches the application identifier used to mark the encrypted data, retrieving and decrypting the encrypted data for the application. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A method comprising:
-
determining that enterprise data is stored locally on a device; ascertaining whether the enterprise data may be propagated to a different device based at least in part on whether the different device is an enterprise device or a non-enterprise device; and in an event that the device is a non-enterprise device, preventing the enterprise data from being propagated to the non-enterprise device unless a permission associated with the enterprise device indicates that the enterprise data may be propagated to the non-enterprise device. - View Dependent Claims (19, 20)
-
Specification