Controlling access to data within encrypted copies of files using salt parameters
First Claim
Patent Images
1. A method of controlling access to a file, of controlling access to a file, the method comprising:
- creating a file encryption key based on (i) a user input parameter from a user of the client device and (ii) an automatically generated salt parameter;
encrypting the file using the file encryption key to form an encrypted copy of the file; and
providing the salt parameter to an external storage system to externally store the salt parameter, access to data within the encrypted copy of the file requiring the salt parameter provided to the external storage system;
wherein the external storage system includes a remote backup assembly which performs backup operations on behalf of multiple client devices; and
wherein the method further comprises;
while the file resides locally in the client device, sending the encrypted copy of the file to the remote backup assembly to backup the file in the remote backup assembly;
wherein the salt parameter is a random number which is locally generated by the client device;
wherein creating the file encryption key includes deriving the file encryption key based on the user input parameter and the random number;
wherein the user input parameter is a user password obtained from the user of the client device;
wherein the file encryption key is created from the user password and the random number; and
wherein providing the salt parameter to the external storage system includes sending the salt parameter to the external storage system while withholding the user password from the external storage system in a secure mode which imposes responsibility to manage the user password on the user of the client device to decrypt the encrypted copy of the file.
5 Assignments
0 Petitions
Accused Products
Abstract
A technique controls access to a file. The technique involves creating a file encryption key based on (i) a user input parameter (e.g., a user password) from a user of the client device and (ii) an automatically generated salt parameter (e.g., a random number). The technique further involves encrypting the file using the file encryption key to form an encrypted copy of the file, and providing the salt parameter to an external storage system to externally store the salt parameter. Access to data within the encrypted copy of the file requires the salt parameter provided to the external storage system.
-
Citations
15 Claims
-
1. A method of controlling access to a file, of controlling access to a file, the method comprising:
-
creating a file encryption key based on (i) a user input parameter from a user of the client device and (ii) an automatically generated salt parameter; encrypting the file using the file encryption key to form an encrypted copy of the file; and providing the salt parameter to an external storage system to externally store the salt parameter, access to data within the encrypted copy of the file requiring the salt parameter provided to the external storage system; wherein the external storage system includes a remote backup assembly which performs backup operations on behalf of multiple client devices; and
wherein the method further comprises;while the file resides locally in the client device, sending the encrypted copy of the file to the remote backup assembly to backup the file in the remote backup assembly; wherein the salt parameter is a random number which is locally generated by the client device; wherein creating the file encryption key includes deriving the file encryption key based on the user input parameter and the random number; wherein the user input parameter is a user password obtained from the user of the client device; wherein the file encryption key is created from the user password and the random number; and wherein providing the salt parameter to the external storage system includes sending the salt parameter to the external storage system while withholding the user password from the external storage system in a secure mode which imposes responsibility to manage the user password on the user of the client device to decrypt the encrypted copy of the file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A client device, comprising:
-
a network interface; a user interface; and a controller coupled to the network interface and the user interface, the controller being constructed and arranged to; create a file encryption key based on (i) a user input parameter received from a user through the user interface and (ii) an automatically generated salt parameter, encrypt the file using the file encryption key to form an encrypted copy of the file, and provide the salt parameter to an external storage system through the network interface to externally store the salt parameter, access to data within the encrypted copy of the file requiring the salt parameter provided to the external storage system; wherein the external storage system includes a remote backup assembly which performs backup operations on behalf of multiple client devices; and
wherein the controller is further constructed and arranged to;while the file resides locally in the client device, send the encrypted copy of the file to the remote backup assembly through the network interface to backup the file in the remote backup assembly; wherein the salt parameter is a random number which is locally generated by the client device; wherein creating the file encryption key includes deriving the file encryption key based on the user input parameter and the random number; wherein the user input parameter is a user password obtained from the user of the client device; wherein the file encryption key is created from the user password and the random number; and wherein providing the salt parameter to the external storage system includes sending the salt parameter to the external storage system while withholding the user password from the external storage system in a secure mode which imposes responsibility to manage the user password on the user of the client device to decrypt the encrypted copy of the file.
-
-
13. A computer program product having a non-transitory computer readable medium which stores a set of instructions that, when performed by a computerized device, cause the computerized device to:
-
create a file encryption key based on (i) a user input parameter from a user of the computerized device and (ii) an automatically generated salt parameter; encrypt the file using the file encryption key to form an encrypted copy of the file; and provide the salt parameter to an external storage system to externally store the salt parameter, access to data within the encrypted copy of the file requiring the salt parameter provided to the external storage system; wherein the external storage system includes a remote backup assembly which performs backup operations on behalf of multiple client devices; and
wherein set of instructions further causes the computerized device to;while the file resides locally in the client device, send the encrypted copy of the file to the remote backup assembly through the network interface to backup the file in the remote backup assembly; wherein the salt parameter is a random number which is locally generated by the client device; wherein creating the file encryption key includes deriving the file encryption key based on the user input parameter and the random number; wherein the user input parameter is a user password obtained from the user of the client device; wherein the file encryption key is created from the user password and the random number; and wherein providing the salt parameter to the external storage system includes sending the salt parameter to the external storage system while withholding the user password from the external storage system in a secure mode which imposes responsibility to manage the user password on the user of the client device to decrypt the encrypted copy of the file.
-
-
14. In a storage system, a method of controlling access to a file, the method comprising:
-
after an external client device creates a file encryption key based on (i) a user input parameter from a user of the external client device and (ii) an automatically generated salt parameter and after the external client device encrypts the file using the file encryption key to form an encrypted copy of the file, obtaining the salt parameter from the external client device, access to data within the encrypted copy of the file requiring the salt parameter; storing the salt parameter within the storage system; and providing a response message to the external client device informing the external client device that the salt parameter is stored within the storage system; wherein the storage system includes a backup assembly which performs backup operations on behalf of multiple client devices, and wherein the method further comprises; while the file resides locally in the external client device, receiving the encrypted copy of the file, and storing the encrypted copy of the file in the backup assembly; wherein the salt parameter is a random number which is locally generated by the external client device; wherein, when the external client device creates the file encryption key, the external client device derives the file encryption key based on the user input parameter and the random number; wherein the user input parameter is a user password obtained from the user of the external client device; wherein the file encryption key is created from the user password and the random number; and wherein obtaining the salt parameter from the external client device includes receiving the salt parameter while the external client device withholds the user password in a secure mode which imposes responsibility to manage the user password on the user of the external client device to decrypt the encrypted copy of the file. - View Dependent Claims (15)
-
Specification