SHARING ENCRYPTED DATA WITH ENHANCED SECURITY

US 20160352517A1
Filed: 05/29/2015
Published: 12/01/2016
Est. Priority Date: 05/29/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

generating an encryption key based on a password;

encrypting plain-text data to generate an output file including encrypted data, at a first computing device, using the encryption key to generate encrypted data;

communicating the output file from the first computing device to a second computing device; and

communicating the encryption key from the first computing device to the second computer, wherein the encryption key is configured to enable generation of the plain-text data from the output file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Concepts and technologies are described herein for sharing encrypted data with enhanced security. In some configurations, an encryption key is generated from a password by the use of a password-based key generation technology. In addition, input data is encrypted using the encryption key. The encrypted data and the generated key may be then shared with a remote computer, such as a server. The encrypted data can then be decrypted at the remote computer by the use of the key. By the use of the technologies described herein, the contents of an encrypted file may be accessed at a remote computer without requiring a user to share the actual password.

25 Citations

20 Claims

1. A computer-implemented method, comprising:
- generating an encryption key based on a password;
  
  encrypting plain-text data to generate an output file including encrypted data, at a first computing device, using the encryption key to generate encrypted data;
  
  communicating the output file from the first computing device to a second computing device; and
  
  communicating the encryption key from the first computing device to the second computer, wherein the encryption key is configured to enable generation of the plain-text data from the output file.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising decrypting the output file, at the second computing device, using the encryption key.
  - 3. The method of claim 1, wherein the output file also includes unencrypted metadata, and wherein the method further comprises removing the unencrypted metadata from the output file.
  - 4. The method of claim 1, wherein the output file also includes unencrypted metadata, and wherein the method further comprises removing the unencrypted metadata from the output file, wherein at least a part of the unencrypted metadata includes salt and describes one or more encryption algorithms.
  - 5. The method of claim 1, wherein the output file also includes unencrypted metadata, and wherein the method further comprises removing unencrypted metadata from the output file, wherein at least a part of the unencrypted metadata describes one or more hash algorithms.
  - 6. The method of claim 1, further comprising removing PBKD-specific metadata from the encryption key.
  - 7. The method of claim 1, wherein the output file also includes a first set of metadata, further comprising:
    - removing the first set of metadata from the output file, wherein at least a part of the first set of metadata describes one or more encryption algorithms; and
      
      removing a second set of metadata from the encryption key.

8. A computing device, comprising:
- a processor;
  
  a memory having computer-executable instructions stored thereupon which, when executed by a computing device, cause the computing device togenerate an encryption key based on a password;
  
  encrypt data using the encryption key to generate encrypted data;
  
  cause a communication of the encrypted data from the computing device to a second computer; and
  
  cause a communication of the encryption key from the computing device to the second computer, wherein the encryption key is configured to enable generation of the data from the encrypted data.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computing device of claim 8, wherein the memory has further computer-executable instructions, which cause the second computer or another computing device to decrypt the encrypted data using the encryption key.
  - 10. The computing device of claim 8, wherein the memory has further computer-executable instructions, which cause the computing device to remove metadata from the encrypted data, wherein the metadata includes salt data.
  - 11. The computing device of claim 8, wherein the memory has further computer-executable instructions, which cause the computing device to remove metadata from the encrypted data, wherein at least a part of the metadata describes one or more encryption algorithms.
  - 12. The computing device of claim 8, wherein the memory has further computer-executable instructions, which cause the computing device to remove metadata from the encrypted data, wherein at least a part of the metadata describes one or more hash algorithms.
  - 13. The computing device of claim 8, wherein the memory has further computer-executable instructions, which cause the computing device to remove PBKD-specific metadata from the encryption key.
  - 14. The computing device of claim 8, wherein the memory has further computer-executable instructions, which cause the computing device to:
    - remove a first set of metadata from the encrypted data, wherein at least a part of the first set of metadata describes one or more encryption algorithms; and
      
      remove a second set of metadata from the encryption key.

15. A computer-readable storage medium having computer-executable instructions stored thereupon which, when executed by a computing device, cause the computing device to:
- generate an encryption key based on a password;
  
  encrypt data using the encryption key to generate encrypted data;
  
  cause a communication of the encrypted data from the computing device to a second computer; and
  
  cause a communication of the encryption key from the computing device to the second computer, wherein the encryption key is configured to enable generation of the data from the encrypted data.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable storage medium of claim 15, wherein the computer storage medium has further computer-executable instructions, which cause the computing device to remove metadata from the encrypted data.
  - 17. The computer-readable storage medium of claim 15, wherein the computer storage medium has further computer-executable instructions, which cause the computing device to remove metadata from the encrypted data, wherein at least a part of the metadata describes one or more encryption algorithms.
  - 18. The computer-readable storage medium of claim 15, wherein the computer storage medium has further computer-executable instructions, which cause the computing device to remove PBKD-specific metadata from the encryption key.
  - 19. The computer-readable storage medium of claim 15, wherein the computer storage medium has further computer-executable instructions, which cause the computing device to:
    - remove metadata from the encrypted data, andremove PBKD-specific metadata from the key.
  - 20. The computer-readable storage medium of claim 15, wherein the computer storage medium has further computer-executable instructions, which cause the computing device to remove a set of metadata from the encrypted data, wherein at least a part of the set of metadata describes at least one encryption algorithm or at least one hash algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Wang, Ray S., Soran, Muhammed Serdar, LeBlanc, David C., Barr, Adam D., Acar, Tolga, Schumacher, Samantha

Granted Patent

US 11,283,604 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 21/46   by designing passwords or c...

G06F 21/6209   to a single file or object,...

G06F 2221/2107   File encryption

H04L 2463/061   applying further key deriva...

H04L 63/0435   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/062   for key distribution, e.g. ...

H04L 9/0863   involving passwords or one-...

SHARING ENCRYPTED DATA WITH ENHANCED SECURITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

SHARING ENCRYPTED DATA WITH ENHANCED SECURITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others