Secure storage for shared documents

US 9,298,940 B1
Filed: 07/31/2015
Issued: 03/29/2016
Est. Priority Date: 01/13/2015
Status: Active Grant

First Claim

Patent Images

1. A method for managing data storage using a network computer that performs actions, comprising:

providing data and a public key to a secure storage application, wherein the data and the public key are provided by a user or an application;

generating instruction set information that references at least a seed file that is installed on the network computer, wherein the seed file is determined from a plurality of seed files based on an identifier that is included in the instruction set information;

extracting a pass phrase from the seed file based on an offset value and a length value that are included in the instruction set information;

generating an encryption key based on the instruction set information and the pass phrase that is extracted from the seed file;

launching and executing an encryption engine, on the network computer, to encrypt the data using the encryption key;

generating header information that includes the instruction set, wherein the header information is encrypted using the public key; and

generating a secure bundle that includes the public key, the encrypted header information, and the encrypted data, wherein the secure bundle is provided to the user that provided the data and the public key or the application that provided the data and the public key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed towards managing data storage for secure storage of shared documents. A user or an application may provide data destined for encryption and a public key. Instruction set information that references at least a seed file that may be installed on the network computer may be generated. An encryption key based on the instruction set information may be generated. Header information that includes the instruction set may be generated. And, the header information may be encrypted using the public key. A secure bundle that includes the public key, the encrypted header information, and the encrypted data may be generated and provided to the user that provided the data and the public key or the application that provided the data and the public key. Decrypting the data included in the secure bundle the above actions are generally performed in reverse.

39 Citations

View as Search Results

26 Claims

1. A method for managing data storage using a network computer that performs actions, comprising:
- providing data and a public key to a secure storage application, wherein the data and the public key are provided by a user or an application;
  
  generating instruction set information that references at least a seed file that is installed on the network computer, wherein the seed file is determined from a plurality of seed files based on an identifier that is included in the instruction set information;
  
  extracting a pass phrase from the seed file based on an offset value and a length value that are included in the instruction set information;
  
  generating an encryption key based on the instruction set information and the pass phrase that is extracted from the seed file;
  
  launching and executing an encryption engine, on the network computer, to encrypt the data using the encryption key;
  
  generating header information that includes the instruction set, wherein the header information is encrypted using the public key; and
  
  generating a secure bundle that includes the public key, the encrypted header information, and the encrypted data, wherein the secure bundle is provided to the user that provided the data and the public key or the application that provided the data and the public key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - providing the secure bundle to the secure storage application, wherein the secure bundle is provided by the user or the application;
      
      decrypting the encrypted header information that is included in the secure bundle using a private key that corresponds to the public key that was used to encrypt the header information;
      
      accessing the instruction set information that is included in the decrypted header information;
      
      generating the encryption key based on the instruction set information;
      
      decrypting the encrypted data that is included in the secure bundle using the encryption key, wherein the decrypted data is provided to the user that provided the secure bundle and the private key or the application that provided the secure bundle and the private key.
  - 3. The method of claim 1, wherein generating the header information, further includes, adding one or more cache values generated by the encryption engine to the header information.
  - 4. The method of claim 1, further comprising:
    - providing another public key from another user or another application;
      
      generating additional encrypted header information using the other public key and the header information; and
      
      including the other public key and the additional encrypted header information in the secure bundle.
  - 5. The method of claim 1, further comprising:
    - providing a common public key that is used to encrypt header information; and
      
      enabling two or more users or applications to decrypt the encrypted header information using a common private key that corresponds to the common public key.
  - 6. The method claim 1, further comprising, modifying the header information to include a seed file that corresponds to the instruction set information.
  - 7. The method of claim 1, wherein generating the encryption key further comprises employing a sensor to introduce entropy.

8. A system for managing data storage, comprising:
- a network computer, comprising;
  
  a transceiver that communicates over the network;
  
  a memory that stores at least instructions; and
  
  a processor device that executes instructions that perform actions, including;
  
  providing data and a public key to a secure storage application, wherein the data and the public key are provided by a user or an application;
  
  generating instruction set information that references at least a seed file that is installed on the network computer, wherein the seed file is determined from a plurality of seed files based on an identifier that is included in the instruction set information;
  
  extracting a pass phrase from the seed file based on an offset value and a length value that are included in the instruction set information;
  
  generating an encryption key based on the instruction set information and the pass phrase that is extracted from the seed file;
  
  launching and executing an encryption engine, on the network computer, to encrypt the data using the encryption key;
  
  generating header information that includes the instruction set, wherein the header information is encrypted using the public key; and
  
  generating a secure bundle that includes the public key, the encrypted header information, and the encrypted data, wherein the secure bundle is provided to the user that provided the data and the public key or the application that provided the data and the public key; and
  
  a client computer, comprising;
  
  a second transceiver that communicates over the network;
  
  a second memory that stores at least instructions; and
  
  a second processor device that executes instructions that perform actions, including;
  
  providing the data and the public key to the secure storage application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the network computer processor device executes instructions that perform further actions, comprising:
    - providing the secure bundle to the secure storage application, wherein the secure bundle is provided by the user or the application;
      
      decrypting the encrypted header information that is included in the secure bundle using a private key that corresponds to the public key that was used to encrypt the header information;
      
      accessing the instruction set information that is included in the decrypted header information;
      
      generating the encryption key based on the instruction set information;
      
      decrypting the encrypted data that is included in the secure bundle using the encryption key, wherein the decrypted data is provided to the user that provided the secure bundle and the private key or the application that provided the secure bundle and the private key.
  - 10. The system of claim 8, wherein generating the header information, further includes, adding one or more cache values generated by the encryption engine to the header information.
  - 11. The system of claim 8, wherein the network computer processor device executes instructions that perform further actions, comprising:
    - providing another public key from another user or another application;
      
      generating additional encrypted header information using the other public key and the header information; and
      
      including the other public key and the additional encrypted header information in the secure bundle.
  - 12. The system of claim 8, wherein the network computer processor device executes instructions that perform further actions, comprising:
    - providing a common public key that is used to encrypt header information; and
      
      enabling two or more users or applications to decrypt the encrypted header information using a common private key that corresponds to the common public key.
  - 13. The system of claim 8, wherein the network computer processor device executes instructions that perform further actions, comprising, modifying the header information to include a seed file that corresponds to the instruction set information.
  - 14. The system of claim 8, wherein generating the encryption key further comprises employing a sensor to introduce entropy.

15. A processor readable non-transitory storage media that includes instructions for managing data storage, wherein execution of the instructions by a hardware processor performs actions, comprising:
- providing data and a public key to a secure storage application, wherein the data and the public key are provided by a user or an application;
  
  generating instruction set information that references at least a seed file that is installed on the network computer, wherein the seed file is determined from a plurality of seed files based on an identifier that is included in the instruction set information;
  
  extracting a pass phrase from the seed file based on an offset value and a length value that are included in the instruction set information;
  
  generating an encryption key based on the instruction set information and the pass phrase that is extracted from the seed file;
  
  launching and executing an encryption engine, on a network computer, to encrypt the data using the encryption key;
  
  generating header information that includes the instruction set, wherein the header information is encrypted using the public key; and
  
  generating a secure bundle that includes the public key, the encrypted header information, and the encrypted data, wherein the secure bundle is provided to the user that provided the data and the public key or the application that provided the data and the public key.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The media of claim 15, further comprising:
    - providing the secure bundle to the secure storage application, wherein the secure bundle is provided by the user or the application;
      
      decrypting the encrypted header information that is included in the secure bundle using a private key that corresponds to the public key that was used to encrypt the header information;
      
      accessing the instruction set information that is included in the decrypted header information;
      
      generating the encryption key based on the instruction set information;
      
      decrypting the encrypted data that is included in the secure bundle using the encryption key, wherein the decrypted data is provided to the user that provided the secure bundle and the private key or the application that provided the secure bundle and the private key.
  - 17. The media of claim 15, wherein generating the header information, further includes, adding one or more cache values generated by the encryption engine to the header information.
  - 18. The media of claim 15, further comprising:
    - providing another public key from another user or another application;
      
      generating additional encrypted header information using the other public key and the header information; and
      
      including the other public key and the additional encrypted header information in the secure bundle.
  - 19. The media of claim 15, further comprising:
    - providing a common public key that is used to encrypt header information; and
      
      enabling two or more users or applications to decrypt the encrypted header information using a common private key that corresponds to the common public key.
  - 20. The media of claim 15, further comprising, modifying the header information to include a seed file that corresponds to the instruction set information.

21. A network computer for managing data storage, comprising:
- a transceiver that communicates over the network;
  
  a memory that stores at least instructions; and
  
  a processor device that executes instructions that perform actions, including;
  
  providing data and a public key to a secure storage application, wherein the data and the public key are provided by a user or an application;
  
  generating instruction set information that references at least a seed file that is installed on the network computer, wherein the seed file is determined from a plurality of seed files based on an identifier that is included in the instruction set information;
  
  extracting a pass phrase from the seed file based on an offset value and a length value that are included in the instruction set information;
  
  generating an encryption key based on the instruction set information and the pass phrase that is extracted from the seed file;
  
  launching and executing an encryption engine, on the network computer, to encrypt the data using the encryption key;
  
  generating header information that includes the instruction set, wherein the header information is encrypted using the public key; and
  
  generating a secure bundle that includes the public key, the encrypted header information, and the encrypted data, wherein the secure bundle is provided to the user that provided the data and the public key or the application that provided the data and the public key.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The network computer of claim 21, further comprising:
    - providing the secure bundle to the secure storage application, wherein the secure bundle is provided by the user or the application;
      
      decrypting the encrypted header information that is included in the secure bundle using a private key that corresponds to the public key that was used to encrypt the header information;
      
      accessing the instruction set information that is included in the decrypted header information;
      
      generating the encryption key based on the instruction set information;
      
      decrypting the encrypted data that is included in the secure bundle using the encryption key, wherein the decrypted data is provided to the user that provided the secure bundle and the private key or the application that provided the secure bundle and the private key.
  - 23. The network computer of claim 21, wherein generating the header information, further includes, adding one or more cache values generated by the encryption engine to the header information.
  - 24. The network computer of claim 21, further comprising:
    - providing another public key from another user or another application;
      
      generating additional encrypted header information using the other public key and the header information; and
      
      including the other public key and the additional encrypted header information in the secure bundle.
  - 25. The network computer of claim 21, further comprising:
    - providing a common public key that is used to encrypt header information; and
      
      enabling two or more users or applications to decrypt the encrypted header information using a common private key that corresponds to the common public key.
  - 26. The network computer of claim 21, wherein generating the encryption key further comprises employing a sensor to introduce entropy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Centri Technology, Inc. (AgilePQ, Inc.)
Original Assignee
Centri Technology, Inc. (AgilePQ, Inc.)
Inventors
Paris, Luis Gerardo, Mackey, Michael Patrick, Lu, Li Xin Lance
Primary Examiner(s)
Schwartz, Darren B

Application Number

US14/815,806
Time in Patent Office

242 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 2221/2107   File encryption

H04L 63/0227   Filtering policies mail mes...

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/1458   Denial of Service

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

H04L 69/22   Parsing or analysis of headers

H04L 9/30   Public key, i.e. encryption...

Secure storage for shared documents

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Secure storage for shared documents

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links