Method and system for securing documents on a remote shared storage resource

US 9,070,112 B2
Filed: 03/30/2012
Issued: 06/30/2015
Est. Priority Date: 06/08/2011
Status: Active Grant

First Claim

Patent Images

1. A method executed by a shared computer system that is comprised of data storage of securing a content file associated with a folder data structure stored on the shared computer system, said folder data structure being associated with a public/private encryption key pair and a folder originator, said folder originator being associated with a public/private encryption key pair, the method comprising:

by a computer, receiving and storing the content file;

generating a public/private encryption key pair associated with the content file;

encrypting the content file with the public key associated with the content file;

retrieving from data storage the public key of the public/private encryption key pair associated with the folder data structure;

encrypting the private key associated with the content file using the public key of the folder data structure;

encrypting the private key associated with the folder data structure using the public key associated with the folder originator associated with the folder data structure; and

preventing access to an unencrypted version of the folder data structure private key and an unencrypted version of the private key associated with the content file.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention discloses a novel system and method for displaying electronic documents on remote devices and enabling collaborative editing in conjunction with a content management system where the documents that are shared are securely encrypted on the system in a manner that avoids a single point of failure in the security.

30 Citations

View as Search Results

12 Claims

1. A method executed by a shared computer system that is comprised of data storage of securing a content file associated with a folder data structure stored on the shared computer system, said folder data structure being associated with a public/private encryption key pair and a folder originator, said folder originator being associated with a public/private encryption key pair, the method comprising:
- by a computer, receiving and storing the content file;
  
  generating a public/private encryption key pair associated with the content file;
  
  encrypting the content file with the public key associated with the content file;
  
  retrieving from data storage the public key of the public/private encryption key pair associated with the folder data structure;
  
  encrypting the private key associated with the content file using the public key of the folder data structure;
  
  encrypting the private key associated with the folder data structure using the public key associated with the folder originator associated with the folder data structure; and
  
  preventing access to an unencrypted version of the folder data structure private key and an unencrypted version of the private key associated with the content file.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 further comprising:
    - decrypting the folder data structure private key using the folder originator private key;
      
      obtaining a destination user public key; and
      
      encrypting the folder data structure private key using the public key of the destination user.
  - 3. The method of claim 1 where the preventing access step is comprised of:
    - removing from data storage the unencrypted version of the private key associated with the content file; and
      
      removing from data storage the unencrypted version of the folder data structure private key.
  - 4. The method of claim 1 where the preventing access step is comprised of:
    - encrypting the unencrypted version of the private key associated with the content file; and
      
      encrypting the unencrypted version of the folder data structure private key.

5. A computer system for securing a content file comprising:
- at least one central processing unit connected using a data channel to at least one data storage device;
  
  a folder data structure stored on the shared computer system, said folder data structure being associated with a public/private encryption key pair and a folder originator, said folder originator being associated with a public/private encryption key pair;
  
  said system being adapted to execute a method comprising;
  
  receiving and storing the content file;
  
  generating a public/private encryption key pair associated with the content file;
  
  encrypting the content file with the public key associated with the content file;
  
  retrieving from data storage the public key of the public/private encryption key pair associated with the folder data structure;
  
  encrypting the private key associated with the content file using the public key of the folder data structure;
  
  encrypting the private key associated with the folder data structure using the public key associated with the folder originator associated with the folder data structure; and
  
  preventing access to an unencrypted version of the folder data structure private key and an unencrypted version of the unencrypted private key associated with the content file.
- View Dependent Claims (6, 7, 8)
- - 6. The shared computer system of claim 5 further adapted to execute the method of:
    - decrypting the folder data structure private key using the folder originator private key;
      
      obtaining a destination user public key; and
      
      encrypting the folder data structure private key using the public key of the destination user.
  - 7. The system of claim 5 further adapted to execute the preventing access by:
    - removing from data storage the unencrypted version of the private key associated with the content file; and
      
      removing from computer data storage the unencrypted version of the folder data structure private key.
  - 8. The system of claim 5 further adapted to execute the preventing access by:
    - encrypting the unencrypted version of the private key associated with the content file; and
      
      encrypting the unencrypted version of the folder data structure private key.

9. A non-transitory computer storage medium containing program code that, when executed by a shared computer system, causes the shared computer system to execute a method of securing a content file associated with a folder data structure stored on the shared computer system, said folder data structure being associated with a public/private encryption key pair and a folder originator, said folder originator being associated with a public/private encryption key pair, the method comprising:
- receiving and storing the content file;
  
  generating a public/private encryption key pair associated with the content file;
  
  encrypting the content file with the public key associated with the content file;
  
  retrieving from data storage the public key of the public/private encryption key pair associated with the folder data structure;
  
  encrypting the private key associated with the content file using the public key of the folder data structure;
  
  encrypting the private key associated with the folder data structure using the public key associated with the folder originator associated with the folder data structure; and
  
  preventing access to an unencrypted version of the folder data structure private key and an unencrypted version of the unencrypted private key associated with the content file.
- View Dependent Claims (10, 11, 12)
- - 10. The non-transitory storage medium of claim 9 further adapted so that the executed method is further comprised of:
    - decrypting the folder data structure private key using the folder originator private key;
      
      obtaining a destination user public key; and
      
      encrypting the folder data structure private key using the public key of the destination user.
  - 11. The non-transitory storage medium of claim 9 further adapted so that the preventing access is executed by:
    - removing from computer data storage the unencrypted private key associated with the content file andremoving from computer data storage the unencrypted folder data structure private key.
  - 12. The non-transitory storage medium of claim 9 further adapted so that the preventing access is executed by:
    - encrypting the unencrypted version of the private key associated with the content file; and
      
      encrypting the unencrypted version of the folder data structure private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Workshare Technology Incorporated
Original Assignee
Workshare Technology Incorporated
Inventors
Glover, Robin
Primary Examiner(s)
Holder, Bradley
Assistant Examiner(s)
MOHAMMADI, FAHIMEH M

Application Number

US13/436,577
Publication Number

US 20120317414A1
Time in Patent Office

1,187 Days
Field of Search

713164-167, 713/184, 713/193, 380/47, 380227-230, 380/282, 380/284, 705/67, 726/4, 726/17, 726/21
US Class Current

1/1
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

G06F 21/6227   where protection concerns t...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2149   Restricted operating enviro...

G06F 40/166   Editing, e.g. inserting or ...

G06Q 10/101   Collaborative creation, e.g...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/107   wherein the security polici...

H04L 9/0861   Generation of secret inform...

Method and system for securing documents on a remote shared storage resource

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for securing documents on a remote shared storage resource

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links