File sharing with client side encryption
First Claim
1. A computer implemented method for sharing encrypted data within a client-server distributed data storage system, the method comprising:
- encrypting multiple data sets of a first computing device using symmetric encryption keys, wherein each of the data sets is encrypted using a different symmetric encryption key among the symmetric encryption keys;
sharing the encrypted data sets with a second computing device; and
sending the symmetric encryption keys to the second computing device via a secured channel, wherein the symmetric encryption keys are suitable for decrypting the encrypted data sets at the second computing device; and
establishing the secured channel between the first computing device and the second computing device, wherein data transferred through the secured channel are encrypted so that the server cannot access contents of the data, wherein the secured channel is through a server connected with the first and second computing devices, the server cannot access the contents of the secured channel and cannot access contents of the encrypted data sets,wherein the step of establishing the secured channel includes;
determining a starting message between the first and second computing devices;
generating, by the first computing device, a first middle encrypted message by encrypting the starting message with a first private key of the first computing device;
sending, to the second computing device, the first middle encrypted message;
receiving, from the second computing device, a second middle encrypted message, wherein the second middle encrypted message is generated by the second computing device by encrypting the starting message with a second private key of the second computing device; and
generating, by the first computing device, a common key for the secured channel by encrypting the second middle encrypted message using the first private key.
5 Assignments
0 Petitions
Accused Products
Abstract
Technology is disclosed herein for sharing encrypted data within a client-server distributed data storage system. According to at least one embodiment, a first computing device encrypts multiple data sets of the first computing device using symmetric encryption keys. Each of the data sets is encrypted using a different symmetric encryption key among the symmetric encryption keys. The first computing device shares the encrypted data sets with a second computing device. The first computing device further sends the symmetric encryption keys to the second computing device via a secured channel. The symmetric encryption keys are suitable for decrypting the encrypted data sets at the second computing device. The secured channel is through a server connected with the first and second computing devices. The server cannot access the contents of the secured channel and cannot access contents of the encrypted data sets.
8 Citations
25 Claims
-
1. A computer implemented method for sharing encrypted data within a client-server distributed data storage system, the method comprising:
-
encrypting multiple data sets of a first computing device using symmetric encryption keys, wherein each of the data sets is encrypted using a different symmetric encryption key among the symmetric encryption keys; sharing the encrypted data sets with a second computing device; and sending the symmetric encryption keys to the second computing device via a secured channel, wherein the symmetric encryption keys are suitable for decrypting the encrypted data sets at the second computing device; and establishing the secured channel between the first computing device and the second computing device, wherein data transferred through the secured channel are encrypted so that the server cannot access contents of the data, wherein the secured channel is through a server connected with the first and second computing devices, the server cannot access the contents of the secured channel and cannot access contents of the encrypted data sets, wherein the step of establishing the secured channel includes; determining a starting message between the first and second computing devices; generating, by the first computing device, a first middle encrypted message by encrypting the starting message with a first private key of the first computing device; sending, to the second computing device, the first middle encrypted message; receiving, from the second computing device, a second middle encrypted message, wherein the second middle encrypted message is generated by the second computing device by encrypting the starting message with a second private key of the second computing device; and generating, by the first computing device, a common key for the secured channel by encrypting the second middle encrypted message using the first private key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for transferring files between computing devices connected to a server, the method comprising:
-
generating, at a first computing device, multiple symmetric encryption keys from a private device key of the first computing device, wherein each of the symmetric encryption keys corresponds to one of the files of the first computing device; encrypting, at the first computing device, each of the files into an encrypted file using a corresponding symmetric encryption key among the symmetric encryption keys; sending the encrypted files to a server, wherein the encrypted files are suitable to be stored in the server; determining a common key for the first and second computing device, wherein the first and second computing devices know the common key while the server does not know the common key, wherein the common key is determined by a process including; receiving, from the second computing device, a second middle encrypted message, wherein the second middle encrypted message is generated by the second computing device by encrypting a starting message with a second private key of the second computing device, wherein the starting message is shared by the first computing device and the second computing device; and generating, by the first computing device, the common key by encrypting the second middle encrypted message using a first private key of the first computing device, wherein the common key is also generated at the second computing device by encrypting a first middle encrypted message using the second private key of the other computing device, wherein the first middle encrypted message is generated at the computing device by encrypting the starting message with the first private key of the computing device; and securely transmitting the symmetric encryption keys to the second computing device using the common key. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A computing device, comprising:
-
a hardware processor; a data encryption module which, when executed by the hardware processor, encrypts each of multiple files into an encrypted file using one of multiple symmetric encryption keys, wherein each of the symmetric encryption keys corresponds to one of the files of the first computing device; a networking interface configured to send the encrypted files to a server, wherein the encrypted files are suitable to be stored in the server; and a secured channel module which, when executed by the hardware processor, transfers encrypted symmetric encryption keys that are generated using a common key to another computing device; wherein the common key is suitable for decrypting the encrypted symmetric encryption keys into the symmetric encryption keys, and the encrypted files are suitable to be transmitted to the other computing device and to be decrypted using the symmetric encryption keys, wherein the common key is determined by a process including; receiving, from the other computing device, a second middle encrypted message, wherein the second middle encrypted message is generated by the other computing device by encrypting a starting message with a second private key of the other computing device, wherein the starting message is shared by the computing device and the other computing device; and generating, by the first computing device, the common key for the secured channel by encrypting the second middle encrypted message using a first private key of the computing device, wherein the common key is also generated at the other computing device by encrypting a first middle encrypted message using the second private key of the other computing device, wherein the first middle encrypted message is generated at the computing device by encrypting the starting message with the first private key of the computing device. - View Dependent Claims (23, 24, 25)
-
Specification