SECURE SERVER SIDE ENCRYPTION FOR ONLINE FILE SHARING AND COLLABORATION

US 20130254536A1
Filed: 03/13/2013
Published: 09/26/2013
Est. Priority Date: 03/22/2012
Status: Abandoned Application

First Claim

Patent Images

1. A method for storing and accessing documents on a server comprising:

receiving a data file from a remote computer operated by a user;

generating a public/private key pair associated with the user;

generating a public/private key pair associated with the received file;

encrypting the received file using the file public key;

encrypting the file private key using the user public key; and

encrypting the user private key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention discloses a novel system and method for securing files and folders containing files on a computer system whereby the files are encrypted using a hierarchy of encryption keys that permit authorized sharing but are resistant to tampering or hacking or other malicious access of the data.

121 Citations

22 Claims

1. A method for storing and accessing documents on a server comprising:
- receiving a data file from a remote computer operated by a user;
  
  generating a public/private key pair associated with the user;
  
  generating a public/private key pair associated with the received file;
  
  encrypting the received file using the file public key;
  
  encrypting the file private key using the user public key; and
  
  encrypting the user private key.
- View Dependent Claims (2, 3, 4, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1 further comprising:
    - decrypting the user private key;
      
      decrypting the file private key using the decrypted user private key; and
      
      decrypting the file using the decrypted file private key.
  - 3. The method of claim 1 further comprising:
    - receiving a request from the user computer to share the file with an additional user, said additional user being associated with a public/private key pair unique to the additional user;
      
      decrypting the requesting user private key;
      
      decrypting the file private key using the user private key;
      
      retrieving the additional user public key; and
      
      encrypting the file private key with the additional user public key.
  - 4. The method of claim 3 further comprising:
    - receiving and access request from the additional user;
      
      verifying the access request;
      
      decrypting the additional user private key;
      
      decrypting the file private key using the additional user private key; and
      
      decrypting the file.
  - 8. The method of claim 1 further comprising:
    - storing in a data structure for the user, a user identifier, the user'"'"'s encrypted private key and the user'"'"'s public key;
      
      storing in a data structure for the file, a file identifier, the file'"'"'s encrypted private key using the user'"'"'s private key and the file'"'"'s public key.
  - 10. The method of claim 1 where the step of encrypting the user private key is comprised of:
    - receiving a secret key from the user remote computer; and
      
      encrypting the user private key using a symmetric encryption algorithm using the received secret key.
  - 11. The method of claim 1 where the encrypting the received file step is comprised of:
    - encrypting the received data file using a symmetric encryption algorithm with a pre-determined symmetric encryption key; and
      
      encrypting the symmetric key using the file public key.
  - 12. The method of claim 2 where the decrypting the file step is comprised of:
    - decrypting the symmetric key using the file private key; and
      
      decrypting the data file using a symmetric encryption algorithm with the decrypted symmetric key.
  - 13. The method of claim 8 further comprising storing data representing an access permission value associated with the file and with the user.
  - 14. The method of claim 1 where the encrypting the user private key step is further comprised of:
    - receiving a secret key from the user'"'"'s computer; and
      
      encrypting the user'"'"'s private key using the received secret key.
  - 15. The method of claim 14 further comprising:
    - receiving from a user'"'"'s remote computer the user secret key and a replacement user secret key; and
      
      decrypting the user private key using the user secret key; and
      
      re-encrypting the user private key using the replacement user secret key.
  - 16. The method of claim 1 further comprising:
    - encrypting the user private key using a public key of a public/private key pair associated with a permission level senior to the user; and
      
      storing the encrypted private key in a database.
  - 17. A computer system adapted to perform any of the methods of claims 1-16.
  - 18. A computer readable data storage device comprised of programming code, that when executed, causes the computer to execute any of the claims 1-16.

5. A method for storing and accessing documents on a server comprising:
- receiving a data file from a computer operated by a user to be stored in a folder, said user being associated with a user public/private key pair and said file having an associated public/private key pair;
  
  creating a public/private key pair associated with directory folder;
  
  encrypting the received file using the file public key;
  
  encrypting the file private key using the folder public key; and
  
  encrypting the folder private key using the user public key.
- View Dependent Claims (6, 7, 9)
- - 6. The method of claim 5 further comprising:
    - encrypting the folder private key using a plurality of public keys, said public keys corresponding to associated private keys in a key pair, each said key pair associated with a corresponding plurality of users authorized to access files in the folder.
  - 7. The method of claim 6 further comprising:
    - receiving a request from a computer operated by an authorized user to access the file in the folder;
      
      decrypting the authorized user private key;
      
      decrypting the folder private key using the authorized user private key;
      
      decrypting the file private key using the folder private key; and
      
      decrypting the file.
  - 9. The method of claim 7 further comprising:
    - storing in a data structure for the user, a user identifier, the user'"'"'s encrypted private key and the user'"'"'s public key;
      
      storing in a data structure for the file, a file identifier, the file'"'"'s encrypted private key using the user'"'"'s private key and the file'"'"'s public key; and
      
      storing in a data structure for the folder, a folder identifier, the folder'"'"'s encrypted private key using the user'"'"'s private key and the folder'"'"'s public key.

19. A system for storing and accessing documents on a server comprising:
- a component adapted for receiving a data file from a remote computer operated by a user;
  
  a component adapted for generating a public/private key pair associated with the user;
  
  a component adapted for generating a public/private key pair associated with the received file;
  
  a component adapted for encrypting the received file using the file public key;
  
  a component adapted for encrypting the file private key using the user public key; and
  
  a component adapted for encrypting the user private key.
- View Dependent Claims (20, 21, 22)
- - 20. The system of claim 19 further comprising:
    - a component adapted for decrypting the user private key;
      
      a component adapted for decrypting the file private key using the decrypted user private key; and
      
      a component adapted for decrypting the file using the decrypted file private key.
  - 21. The system of claim 19 further comprising:
    - a component adapted for receiving a request from the user computer to share the file with an additional user, said additional user being associated with a public/private key pair unique to the additional user;
      
      a component adapted for decrypting the requesting user private key;
      
      a component adapted for decrypting the file private key using the user private key;
      
      a component adapted for retrieving the additional user public key; and
      
      a component adapted for encrypting the file private key with the additional user public key.
  - 22. The system of claim 21 further comprising:
    - a component adapted for receiving and access request from the additional user;
      
      a component adapted for verifying the access request;
      
      a component adapted for decrypting the additional user private key;
      
      a component adapted for decrypting the file private key using the additional user private key; and
      
      a component adapted for decrypting the file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Workshare Technology Incorporated
Original Assignee
Workshare Technology Incorporated
Inventors
Glover, Robin

Application Number

US13/799,067
Publication Number

US 20130254536A1
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/6209 to a single file or object,...

SECURE SERVER SIDE ENCRYPTION FOR ONLINE FILE SHARING AND COLLABORATION

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

121 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

SECURE SERVER SIDE ENCRYPTION FOR ONLINE FILE SHARING AND COLLABORATION

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

121 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others