Authenticator device facilitating file security

US 9,413,754 B2
Filed: 12/23/2014
Issued: 08/09/2016
Est. Priority Date: 12/23/2014
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying a program executable in a computing device, the program, when executed by the computing device, being configured to cause the computing device to at least:

receive an encrypted security key from a computing environment in the computing device, the encrypted security key corresponding to a secured file and being encrypted using a public key associated with a second computing device on which the secured file is accessed;

generate a time-varying password in the computing device, the time-varying password based at least in part upon a shared secret between the computing device and the second computing device;

generate a double-encrypted security key by encrypting the encrypted security key based at least in part upon the time-varying password; and

transmit the double-encrypted security key to the second computing device via a localized communication mechanism, wherein the second computing device is configured to independently generate the time-varying password and decrypt the double-encrypted security key using the time-varying password and a private key corresponding to the public key, wherein the security key is employed by the second computing device to access the secured file or a collection of keys associated with the secured file.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for facilitating the encryption of files as well as facilitating requiring a user to employ an authenticator device in order to access a file that is encrypted or otherwise secured. The authenticator device can provide an authenticator code in which a security key used to access a secured file can be embedded. An additional layer of encryption can also be applied in the authenticator code.

Citations

21 Claims

1. A non-transitory computer-readable medium embodying a program executable in a computing device, the program, when executed by the computing device, being configured to cause the computing device to at least:
- receive an encrypted security key from a computing environment in the computing device, the encrypted security key corresponding to a secured file and being encrypted using a public key associated with a second computing device on which the secured file is accessed;
  
  generate a time-varying password in the computing device, the time-varying password based at least in part upon a shared secret between the computing device and the second computing device;
  
  generate a double-encrypted security key by encrypting the encrypted security key based at least in part upon the time-varying password; and
  
  transmit the double-encrypted security key to the second computing device via a localized communication mechanism, wherein the second computing device is configured to independently generate the time-varying password and decrypt the double-encrypted security key using the time-varying password and a private key corresponding to the public key, wherein the security key is employed by the second computing device to access the secured file or a collection of keys associated with the secured file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The non-transitory computer-readable medium of claim 1, wherein the localized communication mechanism comprises a quick-response (QR) code generated on a display associated with the computing device, wherein the double-encrypted security key is embedded within the QR code.
  - 3. The non-transitory computer-readable medium of claim 1, wherein the localized communication mechanism comprises a data representation in which the double-encrypted security key is embedded, wherein the data representation is transmitted to the second computing device via at least one of:
    - near-field communication (NFC), an audible communication, or a Bluetooth transmission.
  - 4. The non-transitory computer-readable medium of claim 1, wherein the computing device generates the time-varying password by seeding a hash function with at least a portion of a time code corresponding to at least a portion of a current time and the shared secret.
  - 5. The non-transitory computer-readable medium of claim 4, wherein the hash function comprises a Secure Hash Algorithm or a pseudo-random number generator.
  - 6. The non-transitory computer-readable medium of claim 4, wherein the time code corresponds to a truncation of the current time.
  - 7. The non-transitory computer-readable medium of claim 1, wherein the shared secret comprises at least one of a password or a personal identification number (PIN).
  - 8. The non-transitory computer-readable medium of claim 1, wherein the computing device generates the double-encrypted security key by generating a keyed-hash message authentication code based at least in part upon the encrypted security key and the time-varying password.
  - 9. The non-transitory computer-readable medium of claim 8, wherein the keyed-hash message authentication code is transmitted to the second computing device as the double-encrypted security key.

10. A system, comprising:
- a computing device;
  
  programming code executable in the computing device, the programming code comprising;
  
  logic that receives a request to access a secured file via the computing device;
  
  logic that obtains a data representation of a double-encrypted security key from an authenticator device, the double-encrypted security key comprising a security key corresponding to the secured file or a collection of keys associated with the secured file;
  
  logic that generates a time-varying password based upon a current time and a shared secret corresponding to the time-varying password;
  
  logic that generates an encrypted security key by removing a first layer of encryption from the double-encrypted security key, the first layer of encryption being removed based at least in part upon the time-varying password; and
  
  logic that extracts the security key from the encrypted security key by removing a second layer of encryption from the double-encrypted security key, the second layer of encryption being removed based at least in part upon a private key, wherein the second layer of encryption is applied using a public key corresponding to the private key.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10, wherein the logic that generates the time-varying password further comprises logic that seeds a hash function with a time code corresponding to a current time and a shared secret between the computing device and the authenticator device from which the double-encrypted security key is obtained.
  - 12. The system of claim 11, wherein the first layer of encryption is removed by extracting a message content from a keyed-hash message authentication code, wherein a key associated with the keyed-hash message authentication code is based upon the time code and the shared secret.
  - 13. The system of claim 10, further comprising logic that decrypts the secured file using the security key.
  - 14. The system of claim 13, further comprising logic that discards the security key from memory upon decryption of the secured file using the security key.
  - 15. The system of claim 13, further comprising logic that renders the secured file in a file viewer upon decryption of the secured file using the security key.
  - 16. The system of claim 15, further comprising logic that discards the secured file upon termination of a session of the file viewer in which the secured file is rendered.
  - 17. The system of claim 15, further comprising logic that discards a portion of the secured file upon viewing of the portion of the secured file in the file viewer in which the secured file is rendered.

18. A method, comprising:
- obtaining, within a server, a request to store a file in association with a storage account associated with at least one of a user or at least one computing device;
  
  generating, within the server, a security key corresponding to at least one of the file or the storage account;
  
  generating, within the server, a secured file corresponding to the file based at least in part upon the security key;
  
  storing, via the server, the secured file in storage accessible to the server;
  
  identifying, within the server, at least one public key corresponding to the storage account;
  
  generating, within the server, at least one encrypted security key corresponding to the security key, the at least one encrypted security key being encrypted using the at least one public key corresponding to the storage account; and
  
  storing, via the server, the at least one encrypted security key in storage accessible to the server.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 18, further comprising:
    - receiving, in the server, a request to access the secured file;
      
      transmitting, from the server, the at least one encrypted security key to an authenticator device associated with the storage account; and
      
      transmitting, from the server, the secured file to an access device associated with the authenticator device.
  - 20. The method of claim 19, wherein the server is configured to only transmit the encrypted security key to the authenticator device.
  - 21. The method of claim 18, wherein the at least one security key corresponds to a plurality of encrypted security keys, wherein each of the plurality of encrypted security keys is encrypted using a respective public key corresponding to a respective computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Omnissa, LLC
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Stuntebeck, Erich Peter, Tse, Kar Fai, Lu, Chen, Xuan, Chaoting
Primary Examiner(s)
McNally, Michael S

Application Number

US14/580,653
Publication Number

US 20160182495A1
Time in Patent Office

595 Days
Field of Search

713/156
US Class Current

1/1
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/36   by graphic or iconic repres...

G06F 21/6209   to a single file or object,...

H04L 2463/062   applying encryption of the ...

H04L 63/0428   wherein the data content is...

H04L 63/045   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/068   using time-dependent keys, ...

H04L 63/0846   using time-dependent-passwo...

H04L 63/0853   using an additional device,...

H04L 9/0863   involving passwords or one-...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/77   Graphical identity

H04W 4/80   Services using short range ...

Authenticator device facilitating file security

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticator device facilitating file security

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links