Secure storage for shared documents

US 9,584,321 B2
Filed: 03/28/2016
Issued: 02/28/2017
Est. Priority Date: 01/13/2015
Status: Active Grant

First Claim

Patent Images

1. A method for managing data storage using a network computer having one or more processor devices that perform actions, comprising:

employing the one or more processor devices to generate instruction set information that references at least a seed file that is installed on the network computer, wherein the seed file is determined from a plurality of seed files based on the instruction set information;

employing the one or more processor devices to extract a pass phrase from the seed file based on the instruction set information;

employing the one or more processor devices to generate an encryption key based on the instruction set information and the pass phrase that is extracted from the seed file;

employing the one or more processor devices to launch and execute an encryption engine, on the network computer, to encrypt data using the encryption key; and

employing the one or more processor devices to generate a secure bundle that includes a public key, the encrypted header information, and the encrypted data, wherein the secure bundle is presented to a provider of the data and the public key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed towards managing data storage for secure storage of shared documents. A user or an application may provide data destined for encryption and a public key. Instruction set information that references at least a seed file that may be installed on the network computer may be generated. An encryption key based on the instruction set information may be generated. Header information that includes the instruction set may be generated. And, the header information may be encrypted using the public key. A secure bundle that includes the public key, the encrypted header information, and the encrypted data may be generated and provided to the user that provided the data and the public key or the application that provided the data and the public key. Decrypting the data included in the secure bundle the above actions are generally performed in reverse.

36 Citations

24 Claims

1. A method for managing data storage using a network computer having one or more processor devices that perform actions, comprising:
- employing the one or more processor devices to generate instruction set information that references at least a seed file that is installed on the network computer, wherein the seed file is determined from a plurality of seed files based on the instruction set information;
  
  employing the one or more processor devices to extract a pass phrase from the seed file based on the instruction set information;
  
  employing the one or more processor devices to generate an encryption key based on the instruction set information and the pass phrase that is extracted from the seed file;
  
  employing the one or more processor devices to launch and execute an encryption engine, on the network computer, to encrypt data using the encryption key; and
  
  employing the one or more processor devices to generate a secure bundle that includes a public key, the encrypted header information, and the encrypted data, wherein the secure bundle is presented to a provider of the data and the public key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the seed file is based on an offset value and a length value that are included in the instruction set information.
  - 3. The method of claim 1, wherein the provider includes a user that provided the data and the public key or an application that provided the data and the public key.
  - 4. The method of claim 1, further comprising generating header information that includes the instruction set information, wherein the header information is encrypted using the public key.
  - 5. The method of claim 1, wherein the instruction set information includes one or more of an entity identifier, a platform identifier, or the public key.
  - 6. The method of claim 1, further comprising:
    - generating a transport key based on the instruction set information; and
      
      employing the encryption engine to employ the transport key to initially encrypt the data communicated between an application server and an application client; and
      
      enabling the application server to generate one or more other transport keys for subsequent communication between the application server and the application client.
  - 7. The method of claim 1, wherein generating the encryption key further comprises employing a signal provided by a sensor to introduce entropy in the generation of the encryption.
  - 8. The method of claim 1, further comprising:
    - decrypting encrypted header information that is included in the secure bundle using a private key that corresponds to the public key that was used to encrypt the header information;
      
      accessing the instruction set information that is included in the decrypted header information;
      
      generating the encryption key based on the instruction set information;
      
      decrypting the encrypted data that is included in the secure bundle using the encryption key, wherein the decrypted data is presented to the provider.

9. A system for managing data storage, comprising:
- a network computer, comprising;
  
  a transceiver that communicates over the network;
  
  a memory that stores at least instructions; and
  
  one or more processor devices that execute instructions that perform actions, including;
  
  generating instruction set information that references at least a seed file that is installed on the network computer, wherein the seed file is determined from a plurality of seed files based on the instruction set information;
  
  extracting a pass phrase from the seed file based on the instruction set information;
  
  generating an encryption key based on the instruction set information and the pass phrase that is extracted from the seed file;
  
  launching and executing an encryption engine, on the network computer, to encrypt data using the encryption key; and
  
  generating a secure bundle that includes a public key, the encrypted header information, and the encrypted data, wherein the secure bundle is presented to a provider of the data and the public key.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the seed file is based on an offset value and a length value that are included in the instruction set information.
  - 11. The system of claim 9, wherein the provider includes a user that provided the data and the public key or an application that provided the data and the public key.
  - 12. The system of claim 9, further comprising generating header information that includes the instruction set information, wherein the header information is encrypted using the public key.
  - 13. The system of claim 9, wherein the instruction set information includes one or more of an entity identifier, a platform identifier, or the public key.
  - 14. The system of claim 9, further comprising:
    - generating a transport key based on the instruction set information; and
      
      employing the encryption engine to employ the transport key to initially encrypt the data communicated between an application server and an application client; and
      
      enabling the application server to generate one or more other transport keys for subsequent communication between the application server and the application client.
  - 15. The system of claim 9, wherein generating the encryption key further comprises employing a signal provided by a sensor to introduce entropy in the generation of the encryption.
  - 16. The system of claim 9, further comprising:
    - decrypting encrypted header information that is included in the secure bundle using a private key that corresponds to the public key that was used to encrypt the header information;
      
      accessing the instruction set information that is included in the decrypted header information;
      
      generating the encryption key based on the instruction set information;
      
      decrypting the encrypted data that is included in the secure bundle using the encryption key, wherein the decrypted data is presented to the provider.

17. A processor readable non-transitory storage media that includes instructions for managing data storage, wherein execution of the instructions by one or more processor devices performs actions, comprising:
- employing the one or more processor devices to generate instruction set information that references at least a seed file that is installed on the network computer, wherein the seed file is determined from a plurality of seed files based on the instruction set information;
  
  employing the one or more processor devices to extract a pass phrase from the seed file based on the instruction set information;
  
  employing the one or more processor devices to generate an encryption key based on the instruction set information and the pass phrase that is extracted from the seed file;
  
  employing the one or more processor devices to launch and execute an encryption engine, on the network computer, to encrypt data using the encryption key; and
  
  employing the one or more processor devices to generate a secure bundle that includes a public key, the encrypted header information, and the encrypted data, wherein the secure bundle is presented to a provider of the data and the public key.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The media of claim 17, wherein the seed file is based on an offset value and a length value that are included in the instruction set information.
  - 19. The media of claim 17, wherein the provider includes a user that provided the data and the public key or an application that provided the data and the public key.
  - 20. The media of claim 17, further comprising generating header information that includes the instruction set information, wherein the header information is encrypted using the public key.
  - 21. The media of claim 17, wherein the instruction set information includes one or more of an entity identifier, a platform identifier, or the public key.
  - 22. The media of claim 17, further comprising:
    - generating a transport key based on the instruction set information; and
      
      employing the encryption engine to employ the transport key to initially encrypt the data communicated between an application server and an application client; and
      
      enabling the application server to generate one or more other transport keys for subsequent communication between the application server and the application client.
  - 23. The media of claim 17, wherein generating the encryption key further comprises employing a signal provided by a sensor to introduce entropy in the generation of the encryption.
  - 24. The media of claim 17, further comprising:
    - decrypting encrypted header information that is included in the secure bundle using a private key that corresponds to the public key that was used to encrypt the header information;
      
      accessing the instruction set information that is included in the decrypted header information;
      
      generating the encryption key based on the instruction set information;
      
      decrypting the encrypted data that is included in the secure bundle using the encryption key, wherein the decrypted data is presented to the provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Centri Technology, Inc. (AgilePQ, Inc.)
Original Assignee
Centri Technology, Inc. (AgilePQ, Inc.)
Inventors
Paris, Luis Gerardo, Mackey, Michael Patrick, Lu, Li Xin Lance
Primary Examiner(s)
SHAIFER HARRIMAN, DANT B

Application Number

US15/083,141
Publication Number

US 20160211976A1
Time in Patent Office

337 Days
Field of Search

713/165
US Class Current

1/1
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 2221/2107   File encryption

H04L 63/0227   Filtering policies mail mes...

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/1458   Denial of Service

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

H04L 69/22   Parsing or analysis of headers

H04L 9/30   Public key, i.e. encryption...

Secure storage for shared documents

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Secure storage for shared documents

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links