Secure file transfer

US 9,590,958 B1
Filed: 06/22/2016
Issued: 03/07/2017
Est. Priority Date: 04/14/2016
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a processor configured to;

obtain a first file to upload to a secure file repository;

generate a first encryption key, wherein the first encryption key is generated at least in part by obtaining ephemeral environmental noise from a kernel operation executing on a sender device;

generate a random file name for the first file, wherein the random file name is a universally unique identifier;

encrypt the first file via an encryption algorithm using the first encryption key;

assign the first encrypted file the generated random file name;

upload the first encrypted file to the secure file repository;

receive, from the secure file repository, a location of the first encrypted file and the random file name assigned to the first encrypted file by the secure file repository;

update metadata associated with the first encrypted file, including at least one of the first encryption key, the location of the first encrypted file on the secure file repository, and the random file name assigned to the first encrypted file;

generate a second encryption key;

encrypt the metadata associated with the first encrypted file, including the first encryption key, using the second encryption key; and

transmit, in a first communication, the encrypted file metadata to one or more receivers of the first encrypted file; and

a memory coupled to the processor and configured to provide the processor with instructions.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure describes techniques for storing encrypted files in a secure file repository and transferring those encrypted files to one or more recipients. A user selects a file to upload to a secure file repository. A secure collaboration app on the user'"'"'s device generates a first encryption key that is used to encrypt the file. The encrypted file is then uploaded to the secure file repository, which provides the secure collaboration app with a random file name and a location of the encrypted file. The secure collaboration app updates locally stored metadata of the first encrypted file. To securely transfer the file, the user generates a second encryption key, encrypts the metadata with the second encryption key, and transmits the encrypted metadata to one or more receivers. The one or more receivers decrypt the encrypted metadata and use the decrypted metadata to retrieve the file and decrypt it.

Citations

18 Claims

1. A system, comprising:
- a processor configured to;
  
  obtain a first file to upload to a secure file repository;
  
  generate a first encryption key, wherein the first encryption key is generated at least in part by obtaining ephemeral environmental noise from a kernel operation executing on a sender device;
  
  generate a random file name for the first file, wherein the random file name is a universally unique identifier;
  
  encrypt the first file via an encryption algorithm using the first encryption key;
  
  assign the first encrypted file the generated random file name;
  
  upload the first encrypted file to the secure file repository;
  
  receive, from the secure file repository, a location of the first encrypted file and the random file name assigned to the first encrypted file by the secure file repository;
  
  update metadata associated with the first encrypted file, including at least one of the first encryption key, the location of the first encrypted file on the secure file repository, and the random file name assigned to the first encrypted file;
  
  generate a second encryption key;
  
  encrypt the metadata associated with the first encrypted file, including the first encryption key, using the second encryption key; and
  
  transmit, in a first communication, the encrypted file metadata to one or more receivers of the first encrypted file; and
  
  a memory coupled to the processor and configured to provide the processor with instructions.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the first encryption key is generated by applying multiple rounds of a hash function to a first set of pseudorandom bytes derived from a sender'"'"'s device.
  - 3. The system of claim 1, wherein the encryption algorithm is a symmetric encryption algorithm.
  - 4. The system of claim 1, wherein the secure file repository is a third-party file repository.
  - 5. The system of claim 1, wherein the second encryption key is generated by applying multiple rounds of a hash function to a second set of pseudorandom bytes derived from a sender'"'"'s device.
  - 6. The system of claim 1, wherein the processor is further configured to:
    - encrypt the second encryption key with a key-encrypting key unique to each of the one or more receivers;
      
      encrypt the encrypted second encryption key with a device key unique to each of the one or more receivers to produce a twice-encrypted second encryption key; and
      
      compose the first communication by encapsulating the encrypted file metadata in the payload of the first communication and the twice-encrypted second encryption key in the header of the first communication.

7. A method comprising:
- obtaining a first file to upload to a secure file repository;
  
  generating a first encryption key, wherein the first encryption key is generated at least in part by obtaining ephemeral environmental noise from a kernel operation executing on a sender device;
  
  generating a random file name for the first file, wherein the random file name is a universally unique identifier;
  
  encrypting the first file via an encryption algorithm using the first encryption key;
  
  assigning the first encrypted file the generated random file name;
  
  uploading the first encrypted file to the secure file repository;
  
  receiving, from the secure file repository, a location of the first encrypted file and the random file name assigned to the first encrypted file by the secure file repository;
  
  updating metadata associated with the first encrypted file, including at least one of the first encryption key, the location of the first encrypted file on the secure file repository, and the random file name assigned to the first encrypted file;
  
  generating a second encryption key;
  
  encrypting the metadata associated with the first encrypted file, including the first encryption key, using the second encryption key; and
  
  transmitting, in a first communication, the encrypted file metadata to one or more receivers of the first encrypted file.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the first encryption key is generated by applying multiple rounds of a hash function to a first set of pseudorandom bytes derived from a sender'"'"'s device.
  - 9. The method of claim 7, wherein the encryption algorithm is a symmetric encryption algorithm.
  - 10. The method of claim 7, wherein the secure file repository is a third-party file repository.
  - 11. The method of claim 7, wherein the second encryption key is generated by applying multiple rounds of a hash function to a second set of pseudorandom bytes derived from the sender'"'"'s device.
  - 12. The method of claim 7, further comprising:
    - encrypting the second encryption key with a key-encrypting key unique to each of the one or more receivers;
      
      encrypting the encrypted second encryption key with a device key unique to each of the one or more receivers to produce a twice-encrypted second encryption key; and
      
      composing the first communication by encapsulating the encrypted file metadata in the payload of the first communication and the twice-encrypted second encryption key in the header of the first communication.

13. A non-transitory computer-readable medium comprising instructions that, when executed by at least one processor, perform the steps of:
- obtaining a first file to upload to a secure file repository;
  
  generating a first encryption key, wherein the first encryption key is generated at least in part by obtaining ephemeral environmental noise form a kernel operation executing on a sender device;
  
  generating a random file name for the first file, wherein the random file name is a universally unique identifier;
  
  encrypting the first file via an encryption algorithm using the first encryption key;
  
  assigning the first encrypted file the generated random file name;
  
  uploading the first encrypted file to the secure file repository;
  
  receiving, from the secure file repository, a location of the first encrypted file and a random file name assigned to the first encrypted file by the secure file repository;
  
  updating metadata associated with the first encrypted file, including at least one of the first encryption key, the location of the first encrypted file on the secure file repository, and the random file name assigned to the first encrypted file;
  
  generating a second encryption key;
  
  encrypting the metadata associated with the first encrypted file, including the first encryption key, using the second encryption key; and
  
  transmitting, in a first communication, the encrypted file metadata to one or more receivers of the first encrypted file.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer readable medium of claim 13, wherein the first encryption key is generated by applying multiple rounds of a hash function to a first set of pseudorandom bytes derived from a sender'"'"'s device.
  - 15. The non-transitory computer readable medium of claim 13, wherein the encryption algorithm is a symmetric encryption algorithm.
  - 16. The non-transitory computer readable medium of claim 13, wherein the secure file repository is a third-party file repository.
  - 17. The non-transitory computer readable medium of claim 13, wherein the second encryption key is generated by applying multiple rounds of a hash function to a second set of pseudorandom bytes derived from the sender'"'"'s device.
  - 18. The non-transitory computer readable medium of claim 13, further comprising instructions for:
    - encrypting the second encryption key with a key-encrypting key unique to each of the one or more receivers;
      
      encrypting the encrypted second encryption key with a device key unique to each of the one or more receivers to produce a twice-encrypted second encryption key; and
      
      composing the first communication by encapsulating the encrypted file metadata in the payload of the first communication and the twice-encrypted second encryption key in the header of the first communication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Wickr Inc. (Amazon.com, Inc.)
Inventors
Sugar, David A., Kasabwala, Dipakkumar R., Grzybowski, Ernest W., Howell, Christopher A., Leavy, Thomas Michael
Primary Examiner(s)
Schwartz, Darren B

Application Number

US15/190,132
Time in Patent Office

258 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

H04L 12/1827   Network arrangements for co...

H04L 63/0435   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 9/3234   involving additional secure...

H04W 12/033   of the user plane, e.g. use...

H04W 12/04   Key management, e.g. using ...

Secure file transfer

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Secure file transfer

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links