PORTABLE ENCRYPTION FORMAT
First Claim
Patent Images
1. A computer program product for creating portable encrypted content comprising non-transitory computer executable code embodied in a computer-readable medium that, when executing on an endpoint, performs the steps of:
- receiving a selection of a file for encryption from a user;
requesting a token uniquely identifying a recipient of the file from a remote identity and access management system to which the recipient can authenticate using authentication credentials;
receiving the token;
transmitting the token to a remote key server;
requesting a cryptographic key associated with the token from the remote key server, the cryptographic key including an encryption key and a decryption key;
receiving the cryptographic key from the remote key server;
receiving a password from the user for local decryption of the file;
encrypting the file with the encryption key to create an encrypted file;
encrypting the decryption key to create an object that can be decrypted using the password to recover the decryption key; and
combining the encrypted file, the object containing the decryption key, application logic providing a user interface and decryption logic for accessing the file to provide a portable encrypted data object, wherein the user interface provides a first mode of accessing the file by supplying the password to locally decrypt the decryption key and a second mode of accessing the file by retrieving the decryption key from the remote key server.
4 Assignments
0 Petitions
Accused Products
Abstract
A portable encryption format wraps encrypted files in a self-executing container that facilitates transparent, identity-based decryption for properly authenticated users while also providing local password access to wrapped files when identity-based decryption is not available.
-
Citations
20 Claims
-
1. A computer program product for creating portable encrypted content comprising non-transitory computer executable code embodied in a computer-readable medium that, when executing on an endpoint, performs the steps of:
-
receiving a selection of a file for encryption from a user; requesting a token uniquely identifying a recipient of the file from a remote identity and access management system to which the recipient can authenticate using authentication credentials; receiving the token; transmitting the token to a remote key server; requesting a cryptographic key associated with the token from the remote key server, the cryptographic key including an encryption key and a decryption key; receiving the cryptographic key from the remote key server; receiving a password from the user for local decryption of the file; encrypting the file with the encryption key to create an encrypted file; encrypting the decryption key to create an object that can be decrypted using the password to recover the decryption key; and combining the encrypted file, the object containing the decryption key, application logic providing a user interface and decryption logic for accessing the file to provide a portable encrypted data object, wherein the user interface provides a first mode of accessing the file by supplying the password to locally decrypt the decryption key and a second mode of accessing the file by retrieving the decryption key from the remote key server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for creating portable encrypted content, the method comprising:
-
receiving a selection of a file for encryption from a user; requesting a token uniquely identifying a recipient of the file from a first computing environment to which the recipient can authenticate using authentication credentials; receiving the token; transmitting the token to a remote key server; requesting a cryptographic key associated with the token from the remote key server, the cryptographic key including an encryption key and a decryption key; receiving the cryptographic key from the remote key server; receiving a password from the user for local decryption of the file; encrypting the file with the encryption key to create an encrypted file; encrypting the decryption key to create an object that can be decrypted using the password to recover the decryption key; and combining the encrypted file, the object containing the decryption key, and application logic providing a user interface for accessing the file into a portable encrypted data object, wherein the user interface provides a first mode of accessing the file by supplying the password to locally decrypt the decryption key and a second mode of accessing the file by retrieving the decryption key from the remote key server. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An endpoint comprising:
-
an interface to a data network; a memory storing a file; and a processor configured to create a portable encrypted data object containing the file for secure distribution over the data network by performing the steps of receiving a selection of a file for encryption from a user, requesting a token uniquely identifying a recipient of the file from a first computing environment to which the recipient can authenticate using authentication credentials, receiving the token, transmitting the token to a remote key server, requesting a cryptographic key associated with the token from the remote key server, the cryptographic key including an encryption key and a decryption key, receiving the cryptographic key from the remote key server, receiving a password from the user for local decryption of the file, encrypting the file with the encryption key to create an encrypted file, encrypting the decryption key to create an object that can be decrypted using the password to recover the decryption key, and combining the encrypted file, the object containing the decryption key, and application logic providing a user interface for accessing the file into a portable encrypted data object, wherein the user interface provides a first mode of accessing the file by supplying the password to locally decrypt the decryption key and a second mode of accessing the file by retrieving the decryption key from the remote key server. - View Dependent Claims (20)
-
Specification