System and method for protecting secrets file

US 9,165,153 B2
Filed: 03/28/2014
Issued: 10/20/2015
Est. Priority Date: 03/25/2009
Status: Active Grant

First Claim

Patent Images

1. A method for protecting a secrets file, comprising:

initiating configuration of a group;

obtaining a group agreed connect name corresponding to the group;

obtaining a username and password of a user of a member of the group;

generating a first message digest using the group agreed connect name, the username, the password, and an n-bit generator;

extracting a secrets file name and a secrets file encryption key from the first message digest;

obtaining a group agreed seed for a secrets file;

generating a second message digest using the group agreed seed and the n-bit generator;

extracting a first secret from the second message digest;

encrypting, using the secrets file encryption key, the secrets file in a security directory, wherein the secrets file is associated with the secrets file name, and wherein the secrets file comprises the first secret;

generating a third message digest using the first secret;

extracting a first decoy file name and first decoy file contents from the third message digest;

creating a first decoy file using the first decoy file name and the first decoy file contents; and

storing the first decoy file in the security directory,wherein the security directory comprises a plurality of decoy files comprising the first decoy file, andwherein each of the plurality of decoy files comprises decoy file contents, wherein each of the plurality of decoy files are a same size as the secrets file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for protecting a first secrets file. The method includes an n-bit generator generating a secrets file name for the secrets file and generating a decoy file names for decoy files. The secrets file includes a secret. Each of the decoy files includes decoy file contents, are a same size as the secrets file, and is associated with a modification time within a range of modification times. The modification time of the secrets file is within the range of modification times. The secrets file and decoy files are stored in a secrets directory.

55 Citations

19 Claims

1. A method for protecting a secrets file, comprising:
- initiating configuration of a group;
  
  obtaining a group agreed connect name corresponding to the group;
  
  obtaining a username and password of a user of a member of the group;
  
  generating a first message digest using the group agreed connect name, the username, the password, and an n-bit generator;
  
  extracting a secrets file name and a secrets file encryption key from the first message digest;
  
  obtaining a group agreed seed for a secrets file;
  
  generating a second message digest using the group agreed seed and the n-bit generator;
  
  extracting a first secret from the second message digest;
  
  encrypting, using the secrets file encryption key, the secrets file in a security directory, wherein the secrets file is associated with the secrets file name, and wherein the secrets file comprises the first secret;
  
  generating a third message digest using the first secret;
  
  extracting a first decoy file name and first decoy file contents from the third message digest;
  
  creating a first decoy file using the first decoy file name and the first decoy file contents; and
  
  storing the first decoy file in the security directory,wherein the security directory comprises a plurality of decoy files comprising the first decoy file, andwherein each of the plurality of decoy files comprises decoy file contents, wherein each of the plurality of decoy files are a same size as the secrets file.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first secret is modified prior to generating the third message digest.
  - 3. The method of claim 1, further comprising:
    - opening, by the member of the group, a chat application based on a request by the user;
      
      initiating, by the chat application, a communication with the group;
      
      transparently to the user and by a security application;
      
      obtaining the first secret from the secrets file;
      
      intercepting a message from the chat application to the group;
      
      encrypting, using the first secret, the message from the chat application to obtain an encrypted message; and
      
      sending the encrypted message to the group.
  - 4. The method of claim 1, further comprising:
    - transparently to the user and by a security application;
      
      intercepting a received encrypted message from the group;
      
      obtaining the first secret from the secrets file in response to intercepting the received encrypted message;
      
      decrypting the received encrypted message to obtain a received message; and
      
      sending the received message to a chat application; and
      
      opening, by the chat application, the received message.
  - 5. The method of claim 1, further comprising:
    - storing a plurality of secrets in the secrets file,wherein the plurality of secrets comprises the first secret, andwherein the plurality of secrets is organized according to a type of communication associated with each secret of the plurality of secrets.
  - 6. The method of claim 1, wherein each of the plurality of decoy files is associated with a modification time within a range of modification times and a modification time of the secrets file is within the range of modification times.
  - 7. The method of claim 1, further comprising:
    - extracting a second secret from the second message digest;
      
      storing an encrypted second secret in the secrets file prior to encrypting the secrets file;
      
      generating a fourth message digest using the first secret and the second secret; and
      
      extract an encryption key from the fourth message digest,wherein communication between members of the first group are encrypted using the encryption key.

8. A non-transitory computer readable medium comprising computer readable program code embodied therein for performing a method for protecting a secrets file, the non-transitory computer readable medium comprising:
- initiating configuration of a group;
  
  obtaining a group agreed connect name corresponding to the group;
  
  obtaining a username and password of a user of a member of the group;
  
  generating a first message digest using the group agreed connect name, the username, the password, and an n-bit generator;
  
  extracting a secrets file name and a secrets file encryption key from the first message digest;
  
  obtaining a group agreed seed for a secrets file;
  
  generating a second message digest using the group agreed seed and the n-bit generator;
  
  extracting a first secret from the second message digest;
  
  encrypting, using the secrets file encryption key, the secrets file in a security directory, wherein the secrets file is associated with the secrets file name, and wherein the secrets file comprises the first secret;
  
  generating a third message digest using the first secret;
  
  extracting a first decoy file name and first decoy file contents from the third message digest;
  
  creating a first decoy file using the first decoy file name and the first decoy file contents; and
  
  storing the first decoy file in the security directory,wherein the security directory comprises a plurality of decoy files comprising the first decoy file, andwherein each of the plurality of decoy files comprises decoy file contents, wherein each of the plurality of decoy files are a same size as the secrets file.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer readable medium of claim 8, wherein the first secret is modified prior to generating the third message digest.
  - 10. The non-transitory computer readable medium of claim 8, wherein the method further comprises:
    - transparently to the user and by a security application;
      
      obtaining the first secret from the secrets file;
      
      intercepting a message from a chat application to the group;
      
      encrypting, using the first secret, the message from the chat application to obtain an encrypted message; and
      
      sending the encrypted message to the group.
  - 11. The non-transitory computer readable medium of claim 8, wherein the method further comprises:
    - transparently to the user and by a security application;
      
      intercepting a received encrypted message from the group;
      
      obtaining the first secret from the secrets file in response to intercepting the received encrypted message;
      
      decrypting the received encrypted message from the chat application to obtain a received message; and
      
      sending the received message to a chat application.
  - 12. The non-transitory computer readable medium of claim 8, wherein the method further comprises:
    - storing a plurality of secrets in the secrets file,wherein the plurality of secrets comprises the first secret, andwherein the plurality of secrets is organized according to a type of communication associated with each secret of the plurality of secrets.
  - 13. The non-transitory computer readable medium of claim 8, wherein each of the plurality of decoy files is associated with a modification time within a range of modification times and a modification time of the secrets file is within the range of modification times.
  - 14. The non-transitory computer readable medium of claim 8, wherein the method further comprises:
    - extracting a second secret from the second message digest;
      
      storing an encrypted second secret in the secrets file prior to encrypting the secrets file;
      
      generating a fourth message digest using the first secret and the second secret; and
      
      extract an encryption key from the fourth message digest,wherein communication between members of the first group are encrypted using the encryption key.

15. A computing device for protecting a secrets file comprising:
- a processor;
  
  a memory; and
  
  software instructions stored in the memory for causing the computing device to;
  
  initiate configuration of a group;
  
  obtain a group agreed connect name corresponding to the group;
  
  obtain a username and password of a user of a member of the group;
  
  generate a first message digest using the group agreed connect name, the username, the password, and an n-bit generator;
  
  extract a secrets file name and a secrets file encryption key from the first message digest;
  
  obtain a group agreed seed for a secrets file;
  
  generate a second message digest using the group agreed seed and the n-bit generator;
  
  extract a first secret from the second message digest;
  
  encrypt, using the secrets file encryption key, the secrets file in a security directory, wherein the secrets file is associated with the secrets file name, and wherein the secrets file comprises the first secret;
  
  generate a third message digest using the first secret;
  
  extract a first decoy file name and first decoy file contents from the third message digest;
  
  create a first decoy file using the first decoy file name and the first decoy file contents; and
  
  store the first decoy file in the security directory,wherein the security directory comprises a plurality of decoy files comprising the first decoy file, andwherein each of the plurality of decoy files comprises decoy file contents, wherein each of the plurality of decoy files are a same size as the secrets file.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The computing device of claim 15, further comprising software instructions stored in the memory for causing the computing device to:
    - open, by the member of the group, a chat application based on a request by the user;
      
      initiate, by the chat application, a communication with the group;
      
      transparently to the user and by a security application;
      
      obtain the first secret from the secrets file;
      
      intercept a message from the chat application to the group;
      
      encrypt, using the first secret, the message from the chat application to obtain an encrypted message; and
      
      send the encrypted message to the group.
  - 17. The computing device of claim 15, further comprising software instructions stored in the memory for causing the computing device to:
    - transparently to the user and by a security application;
      
      intercept a received encrypted message from the group;
      
      obtain the first secret from the secrets file in response to intercepting the received encrypted message;
      
      decrypt the received encrypted message from the chat application to obtain a received message; and
      
      send the received message to a chat application; and
      
      open, by the chat application, the received message.
  - 18. The computing device of claim 15, further comprising software instructions stored in the memory for causing the computing device to:
    - store a plurality of secrets in the secrets file,wherein the plurality of secrets comprises the first secret, andwherein the plurality of secrets is organized according to a type of communication associated with each secret of the plurality of secrets.
  - 19. The computing device of claim 15, further comprising software instructions stored in the memory for causing the computing device to:
    - extract a second secret from the second message digest;
      
      store the encrypted second secret in the secrets file prior to encrypting the secrets file;
      
      generate a fourth message digest using the first secret and the second secret; and
      
      extract an encryption key from the fourth message digest,wherein communication between members of the first group are encrypted using the encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PACid Technologies, LLC
Original Assignee
PACid Technologies, LLC
Inventors
Fielder, Guy
Primary Examiner(s)
SHAW, BRIAN F

Application Number

US14/228,463
Publication Number

US 20140298036A1
Time in Patent Office

571 Days
Field of Search

713/168, 713/171, 713/169, 713/181, 713/156, 713/189, 370/338, 709/204
US Class Current

1/1
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 2221/2123   Dummy operation

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/0428   wherein the data content is...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H05K 999/99   dummy group

System and method for protecting secrets file

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

55 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protecting secrets file

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links