Systems and methods for secure data sharing

US 9,264,224 B2
Filed: 04/08/2014
Issued: 02/16/2016
Est. Priority Date: 09/20/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A method for encrypting data, comprising:

receiving, using a hardware processor, a request to encrypt the data;

retrieving a workgroup key associated with the data;

generating a file-level key based on unique information associated with the data and the workgroup key, wherein the data is encrypted based on the file-level key;

receiving a request from an entity to access the encrypted data, wherein the entity is not a member of a workgroup associated with the workgroup key; and

sharing the file-level key with the entity.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for creating and using a sharable file-level key to secure data files. The file-level key is generated based on a workgroup key associated with the data file and unique information associated with the data file. The file-level key may be used to encrypt and split data. Systems and methods are also provided for sharing data without replicating the data on an end user machine. Data is encrypted and split across an external/consumer network and an enterprise/producer network. Access to the data is provided using a computing image generated by a server in the enterprise/producer network and then distributed to end users of the external/consumer network. This computing image may include preloaded files that provide pointers to the data. No access or replication of the data on the enterprise/producer network is needed in order for a user of the external/consumer network to access the data.

Citations

19 Claims

1. A method for encrypting data, comprising:
- receiving, using a hardware processor, a request to encrypt the data;
  
  retrieving a workgroup key associated with the data;
  
  generating a file-level key based on unique information associated with the data and the workgroup key, wherein the data is encrypted based on the file-level key;
  
  receiving a request from an entity to access the encrypted data, wherein the entity is not a member of a workgroup associated with the workgroup key; and
  
  sharing the file-level key with the entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the workgroup key does not contain the unique information associated with the data.
  - 3. The method of claim 1, wherein the unique information associated with the data comprises at least one of:
    - a name of the data, a time and date the data was created, a time the data was last modified, a pointer to the location of the data within the file system of a storage device, a size of the data, and a type associated with the data.
  - 4. The method of claim 1, further comprising computing a hash value of the unique information associated with the data, wherein generating the file-level key based on the unique information associated with the data and the workgroup key comprises combining the hash value of the unique information and the workgroup key using a substantially-randomized technique.
  - 5. The method of claim 1, wherein encrypting the data based on the file-level key further comprises:
    - encrypting the data using the file-level key and the workgroup key;
      
      generating a random or pseudo-random value;
      
      distributing, based, at least in part, on the random or pseudorandom value, encrypted data of the encrypted data into two or more shares; and
      
      storing the two or more shares separately on at least one data depository.
  - 6. The method of claim 1, wherein sharing the file-level key comprises sharing the file-level key without sharing the workgroup key.
  - 7. The method of claim 1, wherein generating the file-level key comprises computing a hash value of the workgroup key.
  - 8. The method of claim 1, further comprising transmitting the data to the entity.
  - 9. The method of claim 1, further comprising computing a hash value of the workgroup key, and wherein generating the file-level key based on the unique information associated with the data and the workgroup key comprises combining the hash value of the workgroup key and the unique information associated with the data using a substantially-randomized technique.

10. A system for encrypting data, comprising a hardware processor configured to:
- receive a request to encrypt the data;
  
  retrieve a workgroup key associated with the data;
  
  generate a file-level key based on unique information associated with the data and the workgroup key, wherein the data is encrypted based on the file-level key;
  
  receive a request from an entity to access the encrypted data, wherein the entity is not a member of a workgroup associated with the workgroup key; and
  
  share the file-level key with the entity.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the workgroup key does not contain the unique information associated with the data.
  - 12. The system of claim 10, wherein the unique information associated with the data comprises at least one of:
    - a name of the data, a time and date the data was created, a time the data was last modified, a pointer to the location of the data within the file system of a storage device, a size of the data, and a type associated with the data.
  - 13. The system of claim 10, wherein the hardware processor is further configured to compute a hash value of the unique information associated with the data, and wherein the hardware processor is configured to generate the file-level key based on the unique information associated with the data and the workgroup key by combining the hash value of the unique information and the workgroup key using a substantially-randomized technique.
  - 14. The system of claim 10, wherein the hardware processor is configured to encrypt the data based on the file-level key by:
    - encrypting the data using the file-level key and the workgroup key;
      
      generating a random or pseudo-random value;
      
      distributing, based, at least in part, on the random or pseudorandom value, encrypted data of the encrypted data into two or more shares; and
      
      storing the two or more shares separately on at least one data depository.
  - 15. The system of claim 10, wherein the hardware processor is configured to share the file-level key by sharing the file-level key without sharing the workgroup key.
  - 16. The system of claim 10, wherein the hardware processor is further configured to generate the file-level key by computing a hash value of the workgroup key.
  - 17. The system of claim 10, wherein the hardware processor is further configured to transmit the data to the entity.
  - 18. The system of claim 10, wherein the hardware processor is further configured to compute a hash value of the workgroup key, and wherein the hardware processor is configured to generate the file-level key based on the unique information associated with the data and the workgroup key by combining the hash value of the workgroup key and the unique information associated with the data using a substantially-randomized technique.

19. A non-transitory computer-readable medium comprising instructions that, when executed by processing circuitry, cause a computer system to carry out a method for secure workgroup communication, the method comprising:
- receiving, using a hardware processor, a request to encrypt the data;
  
  retrieving a workgroup key associated with the data;
  
  generating a file-level key based on unique information associated with the data and the workgroup key, wherein the data is encrypted based on the file-level key;
  
  receiving a request from an entity to access the encrypted data, wherein the entity is not a member of a workgroup associated with the workgroup key; and
  
  sharing the file-level key with the entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
O'Hare, Mark S., Orsini, Rick L., Landau, Gabriel D., Staker, Matthew, Yakamovich, William
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US14/247,971
Publication Number

US 20140298012A1
Time in Patent Office

679 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 9/085   Secret sharing or secret sp...

H04L 9/0861   Generation of secret inform...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3268   using certificate validatio...

Systems and methods for secure data sharing

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure data sharing

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links