Methods and apparatus to securely share data

US 9,411,975 B2
Filed: 03/31/2014
Issued: 08/09/2016
Est. Priority Date: 03/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method of securely sharing data, comprising:

generating, at a first device of a first user of a cloud service, an archive file representative of a drive of the first device;

encrypting, by executing an instruction with a processor, the archive file with an encryption key to form an encrypted archive file;

wrapping, by executing an instruction with the processor, the encryption key with key data associated with a second user of the cloud service;

provisioning the encrypted archive file with the wrapped encryption key; and

conveying the provisioned, encrypted archive file to a cloud service provider, the encrypted archive file to be decrypted by a second device of the second user of the cloud service based on the wrapped encryption key, the decrypted archive file to be mounted to an operating system of the second device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus to securely share data are disclosed. An example includes generating, at a first device of a first user of cloud services, an archive file representative of a drive of the first device; encrypting, via a processor, the archive file to form an encrypted archive file; and conveying the encrypted archive file to a cloud service provider, the encrypted archive file to be decrypted by a second device of a second user of the cloud services, the decrypted archive file to be mounted to an operating system of the second device.

Citations

17 Claims

1. A method of securely sharing data, comprising:
- generating, at a first device of a first user of a cloud service, an archive file representative of a drive of the first device;
  
  encrypting, by executing an instruction with a processor, the archive file with an encryption key to form an encrypted archive file;
  
  wrapping, by executing an instruction with the processor, the encryption key with key data associated with a second user of the cloud service;
  
  provisioning the encrypted archive file with the wrapped encryption key; and
  
  conveying the provisioned, encrypted archive file to a cloud service provider, the encrypted archive file to be decrypted by a second device of the second user of the cloud service based on the wrapped encryption key, the decrypted archive file to be mounted to an operating system of the second device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method as defined in claim 1, further including receiving the key data from the cloud service provider.
  - 3. A method as defined in claim 1, further including conveying access instructions to the cloud service provider to define access privileges to contents of the drive.
  - 4. A method as defined in claim 1, further including:
    - in response to receiving a second encrypted archive file corresponding to second data of a second drive of the second device of the second user, decrypting the second encrypted archive file to generate a second decrypted archive file; and
      
      mounting the second decrypted archive file to a second operating system of the first device.
  - 5. A method as defined in claim 1, wherein the archive file is an ISO image capable of being mounted to an operating system.
  - 6. A method as defined in claim 1, wherein the key data associated with the second user of the cloud service is at least one of a private key generated based on a password associated with the second user of the cloud service or a public key associated with the second user.

7. A tangible computer readable storage medium comprising instructions that, when executed, cause a first device of a first user of a cloud service to at least:
- generate an archive file representative of a drive of the first device;
  
  encrypt, with an encryption key, the archive file to form an encrypted archive file;
  
  wrap the encryption key with key data associated with a second user of the cloud service;
  
  provision the encrypted archive file with the wrapped encryption key; and
  
  convey the provisioned, encrypted archive file to a cloud service provider of the cloud service, the encrypted archive file to be decrypted by a second device of the second user of the cloud service based on the wrapped encryption key, the decrypted archive file to be mounted to an operating system of the second device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. A storage medium as defined in claim 7, wherein the key data is received from the cloud service provider.
  - 9. A storage medium as defined in claim 7, wherein the instructions, when executed, cause the first device to convey access instructions to the cloud service provider to define access privileges to contents of the drive.
  - 10. A storage medium as defined in claim 7, wherein the instructions, when executed, cause the first device to:
    - in response to receiving a second encrypted archive file corresponding to second data of a second drive of the second device of the second user, decrypt the second encrypted archive file to generate a second decrypted archive file; and
      
      mount the second decrypted archive file to a second operating system of the first device.
  - 11. A storage medium as defined in claim 7, wherein the archive file is an ISO image capable of being mounted to an operating system.
  - 12. A storage medium as defined in claim 7, wherein the key data associated with the second user of the cloud service is at least one of a private key generated based on a password associated with the second user of the cloud service or a public key associated with the second user.

13. An apparatus, comprising:
- memory to store data associated with a first user of a cloud service;
  
  a processor;
  
  an archive generator to generate an archive file representative of first data of the memory;
  
  an encryption engine to encrypt the archive file to form an encrypted archive file with an encryption key;
  
  a trusted execution environment to;
  
  wrap the encryption key with key data associated with a second user of the cloud service; and
  
  provision the encrypted archive file with the wrapped encryption key; and
  
  a communicator to convey the provisioned, encrypted archive file to a computing device of a cloud service provider, the encrypted archive file to be decrypted by a second computing device of the second user of the cloud service based on the wrapped encryption key, the decrypted archive file to be mounted to an operating system of the second computing device;
  
  at least one of the archive generator, the encryption engine, the trusted execution environment, and the communicator implemented by the processor.
- View Dependent Claims (14, 15, 16, 17)
- - 14. An apparatus as defined in claim 13, further including a user interface to convey access instructions to the cloud service provider to define access privileges to contents the first data of the memory.
  - 15. An apparatus as defined in claim 13, wherein the encryption engine is to, in response to receiving a second encrypted archive file corresponding to second data of a second memory of the second computing device, decrypt the second encrypted archive file to generate a second decrypted archive file.
  - 16. An apparatus as defined in claim 15, further including a mount point to mount the second decrypted archive file to an operating system of the second computing device.
  - 17. An apparatus as defined in claim 13, wherein the key data associated with the second user of the cloud service is at least one of a private key generated based on a password associated with the second user of the cloud service or a public key associated with the second user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Smith, Ned M., Ben-Shalom, Omer, Nayshtut, Alex
Primary Examiner(s)
Truong, Thanhnga B

Application Number

US14/230,618
Publication Number

US 20150278531A1
Time in Patent Office

862 Days
Field of Search

713/165, 713/180, 713/193, 726 22- 24, 726/26, 726/30, 707/822, 707/679, 707/680, 707/681, 707/826, 707/803, 707/807, 707/809, 717/148, 718/100, 380/46
US Class Current

1/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 67/10   in which an application is ...

H04L 67/12   specially adapted for propr...

H04L 69/22   Parsing or analysis of headers

H04L 9/30   Public key, i.e. encryption...

Methods and apparatus to securely share data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus to securely share data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links