SYSTEMS AND METHODS FOR SECURE THIRD-PARTY DATA STORAGE
First Claim
1. A computer-implemented method for secure third-party data storage, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying, at the server-side computing device, a request from a client system to share access to an encrypted file stored under a user account, wherein the access to the encrypted file comprises access to unencrypted contents of the encrypted file;
identifying, in response to the request, an asymmetric key pair designated for the user account, the asymmetric key pair comprising an encryption key and a decryption key that has been encrypted with a client-side key;
receiving, from the client system, the client-side key;
decrypting the decryption key with the client-side key;
identifying a file key used to encrypt the encrypted file, wherein the file key is encrypted with the encryption key;
decrypting the file key with the decryption key to create an unencrypted version of the file key;
generating a temporary encryption key;
encrypting the unencrypted version of the file key with the temporary encryption key to create a temporary encrypted file key;
transmitting a temporary decryption key corresponding to the temporary encryption key to share the access to the encrypted file.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for secure third-party data storage may include 1) identifying, at a server-side computing device, a request from a client system to access an encrypted file stored under a user account, 2) identifying, in response to the request, an asymmetric key pair designated for the user account that includes an encryption key and a decryption key that has been encrypted with a client-side key, 3) receiving, from the client system, the client-side key, 4) decrypting the decryption key with the client-side key, and 5) using the decryption key to access an unencrypted version of the encrypted file. Various other methods, systems, and computer-readable media are also disclosed.
76 Citations
20 Claims
-
1. A computer-implemented method for secure third-party data storage, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying, at the server-side computing device, a request from a client system to share access to an encrypted file stored under a user account, wherein the access to the encrypted file comprises access to unencrypted contents of the encrypted file; identifying, in response to the request, an asymmetric key pair designated for the user account, the asymmetric key pair comprising an encryption key and a decryption key that has been encrypted with a client-side key; receiving, from the client system, the client-side key; decrypting the decryption key with the client-side key; identifying a file key used to encrypt the encrypted file, wherein the file key is encrypted with the encryption key; decrypting the file key with the decryption key to create an unencrypted version of the file key; generating a temporary encryption key; encrypting the unencrypted version of the file key with the temporary encryption key to create a temporary encrypted file key; transmitting a temporary decryption key corresponding to the temporary encryption key to share the access to the encrypted file. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for secure third-party data storage, the system comprising:
-
an identification module programmed to identify, at the server-side computing device, a request from a client system to share access to an encrypted file stored under a user account, wherein the access to the encrypted file comprises access to unencrypted contents of the encrypted file; a key module programmed to identify, in response to the request, an asymmetric key pair designated for the user account, the asymmetric key pair comprising an encryption key and a decryption key that has been encrypted with a client-side key; a receiving module programmed to receive, from the client system, the client-side key; a decryption module programmed to; decrypt the decryption key with the client-side key; identify a file key used to encrypt the encrypted file, wherein the file key is encrypted with the encryption key; decrypt the file key with the decryption key to create an unencrypted version of the file key; a sharing module programmed to; generate a temporary encryption key; encrypt the unencrypted version of the file key with the temporary encryption key to create a temporary encrypted file key; transmit a temporary decryption key corresponding to the temporary encryption key to share the access to the encrypted file; at least one processor configured to execute the identification module, the key module, the receiving module, the decryption module, and the sharing module. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify, at the server-side computing device, a request from a client system to share access to an encrypted file stored under a user account, wherein the access to the encrypted file comprises access to unencrypted contents of the encrypted file; identify, in response to the request, an asymmetric key pair designated for the user account, the asymmetric key pair comprising an encryption key and a decryption key that has been encrypted with a client-side key; receive, from the client system, the client-side key; decrypt the decryption key with the client-side key; identify a file key used to encrypt the encrypted file, wherein the file key is encrypted with the encryption key; decrypt the file key with the decryption key to create an unencrypted version of the file key; generate a temporary encryption key; encrypt the unencrypted version of the file key with the temporary encryption key to create a temporary encrypted file key; transmit a temporary decryption key corresponding to the temporary encryption key to share the access to the encrypted file. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification