Sharing Encrypted Documents Within and Outside an Organization
First Claim
Patent Images
1. A method comprises:
- providing an information management system having a key management server, a first computing device and a second computing device;
providing the key management server having a first secret and a first seed token;
providing the first computing device having a first encryption service module, wherein the first encryption service module having a second secret and a second seed token;
providing the second computing device having a second encryption service module;
detecting a file save operation on a document by the first encryption service module;
at the first encryption service module, collecting user information;
at the first encryption service module, creating a document identifier for the document;
at the first encryption service module, creating a first encryption key with the document identifier, the user information, the second seed token and the second secret;
at the first encryption service module, creating a second encryption key;
at the first encryption service module, encrypting the document with the second encryption key to produce encrypted content;
at the first encryption service module, encrypting the second encryption key with the first encryption key to produce an encrypted second encryption key;
at the first encryption service module, storing the document identifier, the user information, the first seed token, the second seed token, the encrypted second encryption key and the encrypted content in an encrypted document;
detecting a file open operation on the encrypted document by the second encryption service module;
at the second encryption service module, retrieving the document identifier, the user information and the first seed token in the encrypted document;
at the second encryption service module, sending the document identifier, the user information and the first seed token to the key management server;
at the key management server, creating a third encryption key with the document identifier, the user information, the first seed token and the first secret;
at the second encryption service module, receiving the third encryption key from the key management server;
at the second encryption service module, decrypting encrypted second encryption key in the encrypted document with the third encryption key to produce a fourth encryption key; and
at the second encryption service module, decrypting encrypted content in the encrypted document with the fourth encryption key to produce unencrypted content.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system of creating and managing encryption keys that facilitates sharing of encrypted content. The system may include an information management system with a key management server and a computing device having an encryption service module. The encryption service module detects operations at the computing device and encrypts a document with an encryption key created using user information and a secret.
14 Citations
28 Claims
-
1. A method comprises:
-
providing an information management system having a key management server, a first computing device and a second computing device; providing the key management server having a first secret and a first seed token; providing the first computing device having a first encryption service module, wherein the first encryption service module having a second secret and a second seed token; providing the second computing device having a second encryption service module; detecting a file save operation on a document by the first encryption service module; at the first encryption service module, collecting user information; at the first encryption service module, creating a document identifier for the document; at the first encryption service module, creating a first encryption key with the document identifier, the user information, the second seed token and the second secret; at the first encryption service module, creating a second encryption key; at the first encryption service module, encrypting the document with the second encryption key to produce encrypted content; at the first encryption service module, encrypting the second encryption key with the first encryption key to produce an encrypted second encryption key; at the first encryption service module, storing the document identifier, the user information, the first seed token, the second seed token, the encrypted second encryption key and the encrypted content in an encrypted document; detecting a file open operation on the encrypted document by the second encryption service module; at the second encryption service module, retrieving the document identifier, the user information and the first seed token in the encrypted document; at the second encryption service module, sending the document identifier, the user information and the first seed token to the key management server; at the key management server, creating a third encryption key with the document identifier, the user information, the first seed token and the first secret; at the second encryption service module, receiving the third encryption key from the key management server; at the second encryption service module, decrypting encrypted second encryption key in the encrypted document with the third encryption key to produce a fourth encryption key; and at the second encryption service module, decrypting encrypted content in the encrypted document with the fourth encryption key to produce unencrypted content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method comprises:
-
providing an information management system having a key management server and a computing device, wherein a user has logged on to the computing device; providing the key management server having a first secret and a first seed token; providing the computing device having an encryption service module, wherein the encryption service module having a second secret and a second seed token; detecting a file save operation on a document by the encryption service module; at the encryption service module, collecting user information; at the encryption service module, creating a document identifier for the document; at the encryption service module, creating a first encryption key with the document identifier, the user information, the second seed token and the second secret; at the encryption service module, creating a second encryption key; at the encryption service module, encrypting the document with the second encryption key to produce encrypted content; at the encryption service module, encrypting the second encryption key with the first encryption key to produce an encrypted second encryption key; at the encryption service module, storing the document identifier, the user information, the first seed token, the second seed token, the encrypted second encryption key and the encrypted content in an encrypted document; detecting a file open operation on the encrypted document by the encryption service module; at the encryption service module, retrieving the document identifier, the user information, the first seed token and the second seed token in the encrypted document; at the encryption service module, if the user information identifies the user, creating a third encryption key with the document identifier, the user information, the second seed token and the second secret; at the encryption service module, if the user information does not identify the user, sending the document identifier, the user information and the first seed token to the key management server; at the key management server, creating a third encryption key with the document identifier, the user information, the first seed token and the first secret; at the encryption service module, if the user information does not identify the user, receiving the third encryption key from the key management server; at the encryption service module, decrypting encrypted second encryption key in the encrypted document with the third encryption key to produce a fourth encryption key; and at the encryption service module, decrypting encrypted content in the encrypted document with the fourth encryption key to produce unencrypted content. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification