METHODS AND APPARATUSES FOR SECURING TETHERED DATA

US 20140289517A1
Filed: 03/19/2013
Published: 09/25/2014
Est. Priority Date: 03/19/2013
Status: Active Grant

First Claim

Patent Images

1. A method for securing a file created, the method comprising:

adding a communication portion to the file, the communication portion communicating with an authentication agent on a first computing device;

encrypting data of the file using a first key received through the communication portion from the authentication agent, the first key being generated based on identification information of a second computing device in a trusted network of computing devices, the trusted network including the first computing device and the second computing device; and

saving the file to a remote file storage location.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of a method and apparatus for securing and accessing files are generally described herein. In some embodiments, the method includes adding a communication portion to the file. The communication portion may communicate with an authentication agent on the first computing device. The method may include encrypting data of the file using a first key received through the communication portion from the authentication agent. The first key may be generated based on identification information of a second computing device in a trusted network of computing devices with the first computing device. The method may include saving the file to a remote file storage location.

47 Citations

View as Search Results

22 Claims

1. A method for securing a file created, the method comprising:
- adding a communication portion to the file, the communication portion communicating with an authentication agent on a first computing device;
  
  encrypting data of the file using a first key received through the communication portion from the authentication agent, the first key being generated based on identification information of a second computing device in a trusted network of computing devices, the trusted network including the first computing device and the second computing device; and
  
  saving the file to a remote file storage location.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the identification information of the second computing device includes a media access control (MAC) address of the second computing device.
  - 3. The method of claim 1, further comprising:
    - setting a metadata indicator within the file to a value, the value indicating whether permissions exist to save the file locally to the first computing device; and
      
      if the value indicates that permissions exist to save the file to the first computing device,encrypting data of a second version of the file using a second key received through the communication portion from the authentication agent, the second key being generated based on identification information of the first computing device, andsaving the second version of the file to a local memory of the first computing device.
  - 4. The method of claim 3, further comprising:
    - deleting the file from the first computing device upon closing the file in an editor if the indicator has been set to indicate that permissions do not exist for saving the file locally to the first computing device.
  - 5. The method of claim 1, further comprising:
    - destroying the file upon a failure of the communication portion to communicate with the authentication agent.
  - 6. The method of claim 5, wherein the destroying comprises:
    - encrypting the file a plurality of times using a random key.

7. A method for opening a secured file on a first computing device, the method comprising:
- retrieving the secured file from a file storage, the secured file includinga communication portion for communicating with an authentication agent on the first computing device, andan encrypted data portion;
  
  decrypting the data portion using a key received through the communication portion from the authentication agent; and
  
  opening the decrypted data portion for viewing or editing in an editing application or a viewing application.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein:
    - the file storage is a remote file storage, andthe key is based on identification information of at least one other computing device in the network.
  - 9. The method of claim 8, further comprising:
    - authenticating access permissions of the computing device to the remote file storage.
  - 10. The method of claim 9, wherein the authenticating is performed through a lightweight directory access protocol (LDAP) mechanism or through an Active Directory mechanism.
  - 11. The method of claim 7, further comprising:
    - determining that permissions for local file storage are enabled based on an inspection of a value of a metadata indicator within the secured file; and
      
      retrieving the secured file from a local memory, wherein the key for the decrypting is based on identification information of the first computing device.
  - 12. The method of claim 7, further comprising:
    - destroying the file upon a failure of the communication portion to communicate with the authentication agent.

13. A non-transitory computer-readable medium comprising instructions that, when executed on a machine, cause the machine to:
- receive a request for a first encryption key for encrypting a file;
  
  query a first network device for data of the first network device, the first network device being a member of a trusted network including at least the first network device and the machine;
  
  create the first encryption key using the data of at least first network device, the data being collected by an aggregation server; and
  
  write a secured file to a file storage, the secured file including an encrypted data portion encrypted with the first encryption key.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer-readable medium of claim 13, wherein the data of the first network device includes a medium access control (MAC) address of the first network device.
  - 15. The computer-readable medium of claim 13, further comprising instructions that, when executed on the machine, cause the machine to:
    - determine whether to write the secured file to a local file storage of the machine, to a remote file storage, or to both the local file storage and the remote file storage based on a value of an indicator in metadata of the secured file, the value indicating whether permissions are enabled for local file storage of the secured file.
  - 16. The computer-readable medium of claim 15, further comprising instructions that, when executed on the machine, cause the machine to:
    - if a value of the indicator indicates that permissions exist for enabling local file storage of the secured file, create a second encryption key using at least one piece of identification data of the machine.
  - 17. The computer-readable medium of claim 16, further comprising instructions that, when executed on the machine, cause the machine to:
    - receive a request for a decryption key for decrypting the file; and
      
      provide the first encryption key or the second encryption key in response to the request based on the value of the indicator.
  - 18. The computer-readable medium of claim 17, wherein the request is received over a connection to a communication portion of the file, the communication portion comprising computer-executable code.

19. An apparatus comprising:
- a communication interface;
  
  an authentication agent tocommunicate with a remote file storage over the communication interface, andgenerate an encryption key based on identification information of the apparatus or on identification information of at least a second apparatus in a trusted network with the apparatus, the identification information being collected by an aggregation server; and
  
  one or more file editors to create a secured file, the secured file including a communication portion for requesting the encryption key from the authentication agent and a data portion including data encrypted with the encryption key.
- View Dependent Claims (20, 21, 22)
- - 20. The apparatus of claim 19, further comprising a memory for local file storage of the secured file.
  - 21. The apparatus of claim 20, wherein the authentication agent is further arranged to:
    - save the secured file to the remote file storage, to the local file storage, or to both the remote file storage and the local file storage based on an indicator in the metadata of the secured file.
  - 22. The apparatus of claim 19, further comprising:
    - a credentials agent to authenticate the apparatus to the remote file storage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raytheon Company (Rtx Corporation)
Original Assignee
Raytheon Company (Rtx Corporation)
Inventors
Neumann, Matthew D., Smith, Michael W.

Granted Patent

US 9,697,372 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2149   Restricted operating enviro...

H04L 2463/041   using an encryption or decr...

H04L 63/0428   wherein the data content is...

H04L 63/0876   based on the identity of th...

H04L 63/0892   by using authentication-aut...

METHODS AND APPARATUSES FOR SECURING TETHERED DATA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

47 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND APPARATUSES FOR SECURING TETHERED DATA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links