File sharing with client side encryption

US 9,537,918 B2
Filed: 10/02/2013
Issued: 01/03/2017
Est. Priority Date: 10/02/2012
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for sharing encrypted data within a client-server distributed data storage system, the method comprising:

encrypting multiple data sets of a first computing device using symmetric encryption keys, wherein each of the data sets is encrypted using a different symmetric encryption key among the symmetric encryption keys;

sharing the encrypted data sets with a second computing device; and

sending the symmetric encryption keys to the second computing device via a secured channel, wherein the symmetric encryption keys are suitable for decrypting the encrypted data sets at the second computing device; and

establishing the secured channel between the first computing device and the second computing device, wherein data transferred through the secured channel are encrypted so that the server cannot access contents of the data, wherein the secured channel is through a server connected with the first and second computing devices, the server cannot access the contents of the secured channel and cannot access contents of the encrypted data sets,wherein the step of establishing the secured channel includes;

determining a starting message between the first and second computing devices;

generating, by the first computing device, a first middle encrypted message by encrypting the starting message with a first private key of the first computing device;

sending, to the second computing device, the first middle encrypted message;

receiving, from the second computing device, a second middle encrypted message, wherein the second middle encrypted message is generated by the second computing device by encrypting the starting message with a second private key of the second computing device; and

generating, by the first computing device, a common key for the secured channel by encrypting the second middle encrypted message using the first private key.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technology is disclosed herein for sharing encrypted data within a client-server distributed data storage system. According to at least one embodiment, a first computing device encrypts multiple data sets of the first computing device using symmetric encryption keys. Each of the data sets is encrypted using a different symmetric encryption key among the symmetric encryption keys. The first computing device shares the encrypted data sets with a second computing device. The first computing device further sends the symmetric encryption keys to the second computing device via a secured channel. The symmetric encryption keys are suitable for decrypting the encrypted data sets at the second computing device. The secured channel is through a server connected with the first and second computing devices. The server cannot access the contents of the secured channel and cannot access contents of the encrypted data sets.

8 Citations

View as Search Results

25 Claims

1. A computer implemented method for sharing encrypted data within a client-server distributed data storage system, the method comprising:
- encrypting multiple data sets of a first computing device using symmetric encryption keys, wherein each of the data sets is encrypted using a different symmetric encryption key among the symmetric encryption keys;
  
  sharing the encrypted data sets with a second computing device; and
  
  sending the symmetric encryption keys to the second computing device via a secured channel, wherein the symmetric encryption keys are suitable for decrypting the encrypted data sets at the second computing device; and
  
  establishing the secured channel between the first computing device and the second computing device, wherein data transferred through the secured channel are encrypted so that the server cannot access contents of the data, wherein the secured channel is through a server connected with the first and second computing devices, the server cannot access the contents of the secured channel and cannot access contents of the encrypted data sets,wherein the step of establishing the secured channel includes;
  
  determining a starting message between the first and second computing devices;
  
  generating, by the first computing device, a first middle encrypted message by encrypting the starting message with a first private key of the first computing device;
  
  sending, to the second computing device, the first middle encrypted message;
  
  receiving, from the second computing device, a second middle encrypted message, wherein the second middle encrypted message is generated by the second computing device by encrypting the starting message with a second private key of the second computing device; and
  
  generating, by the first computing device, a common key for the secured channel by encrypting the second middle encrypted message using the first private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The computer implemented method of claim 1, wherein the step of sending the symmetric encryption keys includes:
    - retrieving, at the first computing device, an asymmetric public key of the second computing device that pairs with an asymmetric private key of the second computing device;
      
      encrypting the symmetric encryption keys into encrypted symmetric encryption keys using the asymmetric public key of the second computing device; and
      
      sending the encrypted symmetric encryption keys to the server or the second computing device so that the second computing device can retrieve the encrypted symmetric encryption keys and use the asymmetric private key to decrypt the encrypted symmetric encryption keys, while the server cannot decrypt the encrypted symmetric encryption keys using the asymmetric public key of the second computing device.
  - 3. The computer implemented method of claim 1, wherein the step of sending the symmetric encryption keys includes:
    - prompting, via a user interface of the first computing device, a channel password provided by a user, wherein the channel password has been provided to the second computing device in a way separate from a network connection relayed by the server between the first and second computing devices;
      
      encrypting the symmetric encryption keys into encrypted symmetric encryption keys using the channel password; and
      
      sending the encrypted symmetric encryption keys to the server or the second computing device so that the second computing device can retrieve the encrypted symmetric encryption keys and use the channel password to decrypt the encrypted symmetric encryption keys, while the server cannot access the channel password.
  - 4. The computer implemented method of claim 1, further comprising:
    - generating the symmetric encryption keys from a private device key of the first computing device, wherein the server and the second computing device do not have access to the private device key of the first computing device.
  - 5. The computer implemented method of claim 1, wherein when two of the multiple data sets contain the same content, data of two encrypted data sets from the two data sets are different.
  - 6. The computer implemented method of claim 1, further comprising:
    - storing each the symmetric encryption keys alongside the corresponding data set.
  - 7. The computer implemented method of claim 1, wherein the step of sharing includes:
    - sending the encrypted data sets for the first computing device to the server; and
      
      instructing the server to grant access of the encrypted data sets stored in the server to the second computing device.
  - 8. The computer implemented method of claim 1, wherein the step of establishing includes:
    - determining a common key based on communications between the first and second computing devices without revealing private device keys of the first and second computing devices to each other, wherein the server does not have access to the common key; and
      
      wherein the data transferred through the secured channel are encrypted using the common key.
  - 9. The computer implemented method of claim 1, wherein the common key is also generated by the second computing device by encrypting the first middle encrypted message using the second private key.
  - 10. The computer implemented method of claim 1, wherein the first private key is a private device key of the first computing device, wherein the symmetric encryption keys are generated from the private device key, and the server and the second computing device do not have access to the private device key.
  - 11. The computer implemented method of claim 1, wherein the server does not have access to the common key or the first and second private keys.
  - 12. The computer implemented method of claim 1, wherein the step of establishing further includes:
    - encrypting, by the first computing device, data to be transferred via the secured channel using the common key such that the encrypted data transferred via the secured channel can be decrypted by the second computing device using the common key.
  - 13. The computer implemented method of claim 1, wherein the server stores the encrypted data sets but cannot access contents of the encrypted data sets.
  - 14. The computer implemented method of claim 1, wherein the data sets include data files.

15. A method for transferring files between computing devices connected to a server, the method comprising:
- generating, at a first computing device, multiple symmetric encryption keys from a private device key of the first computing device, wherein each of the symmetric encryption keys corresponds to one of the files of the first computing device;
  
  encrypting, at the first computing device, each of the files into an encrypted file using a corresponding symmetric encryption key among the symmetric encryption keys;
  
  sending the encrypted files to a server, wherein the encrypted files are suitable to be stored in the server;
  
  determining a common key for the first and second computing device, wherein the first and second computing devices know the common key while the server does not know the common key, wherein the common key is determined by a process including;
  
  receiving, from the second computing device, a second middle encrypted message, wherein the second middle encrypted message is generated by the second computing device by encrypting a starting message with a second private key of the second computing device, wherein the starting message is shared by the first computing device and the second computing device; and
  
  generating, by the first computing device, the common key by encrypting the second middle encrypted message using a first private key of the first computing device,wherein the common key is also generated at the second computing device by encrypting a first middle encrypted message using the second private key of the other computing device, wherein the first middle encrypted message is generated at the computing device by encrypting the starting message with the first private key of the computing device; and
  
  securely transmitting the symmetric encryption keys to the second computing device using the common key.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 15, wherein the step of securely transmitting includes:
    - encrypting the symmetric encryption keys using the common key;
      
      sending the encrypted symmetric encryption keys to the server; and
      
      instructing the server to grant access of the encrypted symmetric encryption keys to the second computing device.
  - 17. The method of claim 15, wherein the encrypted symmetric encryption keys are suitable to be decrypted by the second computing device using the common key.
  - 18. The method of claim 15, wherein the encrypted files are suitable to be decrypted by the second computing device using the symmetric encryption keys.
  - 19. The method of claim 15, wherein the server is configured to relay the encrypted symmetric encryption keys to the second computing device but cannot access the symmetric encryption keys.
  - 20. The method of claim 15, further comprising:
    - maintaining a database for relationships between the files and the symmetric encryption keys.
  - 21. The method of claim 15, wherein each of the symmetric encryption keys is suitable for both encryption and decryption of one of the files.

22. A computing device, comprising:
- a hardware processor;
  
  a data encryption module which, when executed by the hardware processor, encrypts each of multiple files into an encrypted file using one of multiple symmetric encryption keys, wherein each of the symmetric encryption keys corresponds to one of the files of the first computing device;
  
  a networking interface configured to send the encrypted files to a server, wherein the encrypted files are suitable to be stored in the server; and
  
  a secured channel module which, when executed by the hardware processor, transfers encrypted symmetric encryption keys that are generated using a common key to another computing device;
  
  wherein the common key is suitable for decrypting the encrypted symmetric encryption keys into the symmetric encryption keys, and the encrypted files are suitable to be transmitted to the other computing device and to be decrypted using the symmetric encryption keys,wherein the common key is determined by a process including;
  
  receiving, from the other computing device, a second middle encrypted message, wherein the second middle encrypted message is generated by the other computing device by encrypting a starting message with a second private key of the other computing device, wherein the starting message is shared by the computing device and the other computing device; and
  
  generating, by the first computing device, the common key for the secured channel by encrypting the second middle encrypted message using a first private key of the computing device,wherein the common key is also generated at the other computing device by encrypting a first middle encrypted message using the second private key of the other computing device,wherein the first middle encrypted message is generated at the computing device by encrypting the starting message with the first private key of the computing device.
- View Dependent Claims (23, 24, 25)
- - 23. The computing device of claim 22, wherein the symmetric encryption keys are encrypted and then transferred via the secured channel such that the other computing device has access to the symmetric encryption keys but the server does not have access to the symmetric encryption keys.
  - 24. The computing device of claim 22, wherein the networking interface is further configured to instruct the server to grant access of the encrypted files to the other computing device.
  - 25. The computing device of claim 22, wherein the secured channel module is established such that the encrypted symmetric encryption keys are relayed by the server to the other computing device but the server cannot decrypt the encrypted symmetric encryption keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Razer (Asia-Pacific) Pte. Ltd. (Razer Incorporated)
Original Assignee
Nextbit Systems, Inc. (Razer Incorporated)
Inventors
Chan, Michael A., Quan, Justin, Fleming, Michael K.
Primary Examiner(s)
Mehedi, Morshed
Assistant Examiner(s)
Gao, Shu Chun

Application Number

US14/044,046
Publication Number

US 20140095881A1
Time in Patent Office

1,189 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/125   characterised by the use of...

G06F 16/174   Redundancy elimination perf...

G06F 16/20   of structured data, e.g. re...

G06F 16/27   Replication, distribution o...

G06F 16/273   Asynchronous replication or...

G06F 16/275   Synchronous replication

G06F 16/278   Data partitioning, e.g. hor...

G06F 16/93   Document management systems

G06F 9/5038   considering the execution o...

H04B 7/26   at least one of which is mo...

H04L 67/06   specially adapted for file ...

H04L 67/1095   Replication or mirroring of...

H04L 67/1097   for distributed storage of ...

H04L 67/55   Push-based network services

H04L 67/568   Storing data temporarily at...

H04M 1/72412   using two-way short-range w...

H04M 2250/10   including a GPS signal rece...

H04M 2250/12   including a sensor for meas...

Y02D 10/00   Energy efficient computing,...

File sharing with client side encryption

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

8 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

File sharing with client side encryption

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links