Method and apparatus for hardware based file/document expiry timer enforcement
First Claim
1. A machine readable medium on which instructions are stored, comprising instructions that when executed cause a machine to:
- request a trusted execution environment to generate an encryption key and a certificate for a document, wherein the certificate comprises expiry information for the document and the encryption key;
encrypt the document with the encryption key;
transmit the certificate to a remote key manager; and
transmit the document to a remote network storage device.
10 Assignments
0 Petitions
Accused Products
Abstract
A technique for secure network storage includes generating, by a trusted execution environment in a first device, an encryption key and a certificate for a document, wherein the certificate comprises expiry information for the document and the encryption key, encrypting, by a general execution environment in the first device, the document with the encryption key, transmitting the encryption key to a remote key manager, and transmitting the document to a remote network storage device, wherein a second device is allowed to decrypt the document based on the expiry information.
22 Citations
22 Claims
-
1. A machine readable medium on which instructions are stored, comprising instructions that when executed cause a machine to:
-
request a trusted execution environment to generate an encryption key and a certificate for a document, wherein the certificate comprises expiry information for the document and the encryption key; encrypt the document with the encryption key; transmit the certificate to a remote key manager; and transmit the document to a remote network storage device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A machine readable medium on which instructions are stored, comprising instructions that when executed cause a machine to:
-
obtain an encrypted document from a remote network storage device; obtain a certificate for the encrypted document from a remote key manager, the certificate comprising expiry information for the encrypted document and an encryption key, wherein the certificate was created in a trusted execution environment; determine, based on the expiry information, that decryption of the encrypted document is allowed; and in response to determining that decryption allowed, decrypt the encrypted document. - View Dependent Claims (7, 8)
-
-
9. A system for secure network storage, comprising:
-
a trusted execution environment; one or more processors; and a memory, coupled to the one or more processors, on which instructions are stored comprising instructions which, when executed cause at least some of the one or more processors to; obtain an encrypted document; obtain a certificate for the encrypted document from a remote key manager, the certificate comprising expiry information for the encrypted document and an encryption key, wherein the certificate was created in a trusted execution environment; determine, based on the expiry information, whether decryption of the encrypted document is allowed; and in response to determining that decryption is allowed, decrypting the encrypted document. - View Dependent Claims (10, 11)
-
-
12. A system for secure network storage, comprising:
-
a trusted execution environment; one or more processors; and a memory, coupled to the one or more processors, on which instructions are stored comprising instructions which, when executed cause at least some of the one or more processors to; request a trusted execution environment to generate an encryption key and a certificate for a document, wherein the certificate comprises expiry information for the document and the encryption key; encrypt the document with the encryption key; transmit the certificate to a remote key manager; and transmit the document to a remote network storage device. - View Dependent Claims (13, 14, 15)
-
-
16. A machine readable medium on which instructions are stored, comprising instructions that when executed cause a machine to:
-
receive, from a first device, a certificate, wherein the certificate is associated with an encrypted document, and wherein the certificate comprises expiry information for the encrypted document and an encryption key, wherein the expiry information indicates a time after which decryption of the encrypted document is not allowed; receive, from a second device, a request for the certificate; and transmit the certificate to the second device in response to the request. - View Dependent Claims (17)
-
-
18. A method of encrypting a document, comprising:
-
requesting a trusted execution environment of a programmable device to generate an encryption key and a certificate for a document, wherein the certificate comprises expiry information for the document and the encryption key; encrypting the document with the encryption key; transmitting the certificate to a remote key manager; and transmitting the document to a remote network storage device. - View Dependent Claims (19, 20, 21, 22)
-
Specification