Encryption-Based Data Access Management
First Claim
1. A method comprising:
- transmitting, by a computing device, a user authentication request for accessing encrypted data to a data storage server storing the encrypted data;
receiving, by the computing device, a validation token associated with the user'"'"'s authentication request, wherein the validation token indicates that the user successfully authenticated;
transmitting, by the computing device, the validation token to a first key server;
in response to transmitting the validation token, receiving, by the computing device from the first key server, a key required for decrypting the encrypted data; and
decrypting, by the computing device, at least a portion of the encrypted data using the key.
8 Assignments
0 Petitions
Accused Products
Abstract
Encryption-based data access management may include a variety of processes. In one example, a device may transmit a user authentication request for decrypting encrypted data to a data storage server storing the encrypted data. The computing device may then receive a validation token associated with the user'"'"'s authentication request, the validation token indicating that the user is authenticated to a domain. Subsequently, the computing device may transmit the validation token to a first key server different from the data storage server. Then, in response to transmitting the validation token the computing device may receive, from the first key server, a key required for decrypting the encrypted data. The device may then decrypt at least a portion of the encrypted data using the key.
-
Citations
20 Claims
-
1. A method comprising:
-
transmitting, by a computing device, a user authentication request for accessing encrypted data to a data storage server storing the encrypted data; receiving, by the computing device, a validation token associated with the user'"'"'s authentication request, wherein the validation token indicates that the user successfully authenticated; transmitting, by the computing device, the validation token to a first key server; in response to transmitting the validation token, receiving, by the computing device from the first key server, a key required for decrypting the encrypted data; and decrypting, by the computing device, at least a portion of the encrypted data using the key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
receiving, by a data storage server storing encrypted data, a user authentication request for decrypting the encrypted data from a client device; transmitting, by the data storage server, a validation token associated with the user authentication request to the client device, wherein the validation token indicates that the user successfully authenticated; receiving, by the data storage server, a confirmation request associated with the user validation token from another device different from the client device; and transmitting, by the data storage server, a confirmation to the other device indicating that the user is authenticated to the data storage server. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium storing computer readable instructions that, when executed, cause an apparatus to:
-
receive a request to decrypt at least a portion of data, the data stored at a first network location at a first physical location controlled by a first entity; retrieve a validation token from a second network location using a user identifier and a password, the second network location at a second physical location controlled by a second entity; retrieve a first encryption secret from a third network location and a second encryption secret from a fourth network location, the third network location at a third physical location, the fourth network location at a fourth physical location; generate a decryption key using the first and second encryption secrets; and decrypt the at least a portion of the data using the decryption key. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification