Secure storage for shared documents

US 9,647,836 B2
Filed: 08/17/2016
Issued: 05/09/2017
Est. Priority Date: 01/13/2015
Status: Active Grant

First Claim

Patent Images

1. A method for providing a secure bundle that is employed to manage data storage using a network computer, wherein the secure bundle comprises:

an identifier that is provided to uniquely identify and reference the secure bundle;

a first collection that includes each of a plurality of public keys that correspond to a different party, wherein each party is authorized to employ their corresponding public key to decrypt one or more portions of encrypted file data that is included in the secure bundle;

a second collection that includes one or more headers that correspond to the one or more portions of the encrypted file data, wherein a header is encrypted with a same public key that is employed to encrypt a corresponding portion of the encrypted file data, and wherein each header includes instruction set information, and wherein the identifier, the first collection and the second collection are appended to the encrypted file data; and

wherein the network computer includes one or more processors that perform actions, including;

generating the instruction set information that references a seed file that is installed on the network computer, wherein the seed file is determined from a plurality of seed files based on identifying information that is included in the instruction set information; and

generating one or more encryption keys based on the instruction set information and the pass phrase that is extracted from the seed file, wherein the one or more encryption keys are employed to encrypt the file data, and wherein a signal, provided by a sensor, is used to introduce entropy in the generation of the one or more encryption keys.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed towards managing data storage for secure storage of shared documents. A user or an application may provide data destined for encryption and a public key. Instruction set information that references at least a seed file that may be installed on the network computer may be generated. An encryption key based on the instruction set information may be generated. Header information that includes the instruction set may be generated. And, the header information may be encrypted using the public key. A secure bundle that includes the public key, the encrypted header information, and the encrypted data may be generated and provided to the user that provided the data and the public key or the application that provided the data and the public key. Decrypting the data included in the secure bundle the above actions are generally performed in reverse.

Citations

18 Claims

1. A method for providing a secure bundle that is employed to manage data storage using a network computer, wherein the secure bundle comprises:
- an identifier that is provided to uniquely identify and reference the secure bundle;
  
  a first collection that includes each of a plurality of public keys that correspond to a different party, wherein each party is authorized to employ their corresponding public key to decrypt one or more portions of encrypted file data that is included in the secure bundle;
  
  a second collection that includes one or more headers that correspond to the one or more portions of the encrypted file data, wherein a header is encrypted with a same public key that is employed to encrypt a corresponding portion of the encrypted file data, and wherein each header includes instruction set information, and wherein the identifier, the first collection and the second collection are appended to the encrypted file data; and
  
  wherein the network computer includes one or more processors that perform actions, including;
  
  generating the instruction set information that references a seed file that is installed on the network computer, wherein the seed file is determined from a plurality of seed files based on identifying information that is included in the instruction set information; and
  
  generating one or more encryption keys based on the instruction set information and the pass phrase that is extracted from the seed file, wherein the one or more encryption keys are employed to encrypt the file data, and wherein a signal, provided by a sensor, is used to introduce entropy in the generation of the one or more encryption keys.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising providing the secure bundle to either the party that provided the one or more portions of the file data and the one or more public keys or an application that provided at least the file data and the one or more public keys.
  - 3. The method of claim 1, wherein the network computer performs further actions, comprising:
    - launching and executing an encryption engine, on the network computer, to encrypt the file data using the one or more encryption keys.
  - 4. The method of claim 1, wherein the one or more encrypted headers, further comprise one more of seed values, cache values, and metadata, wherein the metadata includes one or more of check sum values, file size information, creation date, the first collection of the one or more public keys, or the identifier.
  - 5. The method of claim 1, wherein the seed file is based on an offset value and a length value that are included in the instruction set information.
  - 6. The method of claim 1, wherein the instruction set information includes one or more of an entity identifier, a platform identifier, or the public key.

7. A system for managing data storage, comprising:
- a network computer, comprising;
  
  a transceiver that communicates over the network;
  
  a memory that stores at least instructions; and
  
  one or more processor devices that execute instructions that perform actions on a secure bundle data structure, including;
  
  generating instruction set information that references a seed file that is installed on the network computer, wherein the seed file is determined from a plurality of seed files based on identifying information that is included in the instruction set information; and
  
  generating one or more encryption keys based on the instruction set information and a pass phrase that is extracted from the seed file, wherein the one or more encryption keys are employed to encrypt the file data, and wherein a signal, provided by a sensor, is used to introduce entropy in the generation of the one or more encryption keys; and
  
  wherein the secure bundle data structure comprises;
  
  an identifier that is provided to uniquely identify and reference the secure bundle data structure;
  
  a first collection that includes each of a plurality of public keys that correspond to a different party, wherein each party is authorized to employ their corresponding public key to decrypt one or more portions of encrypted file data that is included in the secure bundle; and
  
  a second collection that includes one or more headers that correspond to the one or more portions of the encrypted file data, wherein a header is encrypted with a same public key that is employed to encrypt a corresponding portion of the encrypted file data, and wherein each header includes instruction set information, and wherein the identifier, the first collection and the second collection are appended to the encrypted file data, wherein the secure bundle is presented to at least one provider of at least one portion of the file data and at least one public key.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, further comprising providing the secure bundle to either the party that provided the one or more portions of the file data and the one or more public keys or an application that provided at least the file data and the one or more public keys.
  - 9. The system of claim 7, wherein the network computer performs further actions, comprising:
    - launching and executing an encryption engine, on the network computer, to encrypt the file data using the one or more encryption keys.
  - 10. The system of claim 7, wherein the one or more encrypted headers, further comprise one more of seed values, cache values, and metadata, wherein the metadata includes one or more of check sum values, file size information, creation date, the first collection of the one or more public keys, or the identifier.
  - 11. The system of claim 7, wherein the seed file is based on an offset value and a length value that are included in the instruction set information.
  - 12. The system of claim 7, wherein the instruction set information includes one or more of an entity identifier, a platform identifier, or the public key.

13. A processor readable non-transitory storage media that includes instructions for managing data storage, wherein execution of the instructions by a hardware processor performs actions on a secure bundle data structure, comprising:
- generating instruction set information that references a seed file that is installed on the network computer, wherein the seed file is determined from a plurality of seed files based on identifying information that is included in the instruction set information; and
  
  generating one or more encryption keys based on the instruction set information and a pass phrase that is extracted from the seed file, wherein the one or more encryption keys are employed to encrypt the file data, and wherein a signal, provided by a sensor, is used to introduce entropy in the generation of the one or more encryption keys; and
  
  wherein the secure bundle data structure comprises;
  
  an identifier that is provided to uniquely identify and reference the secure bundle data structure;
  
  a first collection that includes each of a plurality of public keys that correspond to a different party, wherein each party is authorized to employ their corresponding public key to decrypt one or more portions of encrypted file data that is included in the secure bundle; and
  
  a second collection that includes one or more headers that correspond to the one or more portions of the encrypted file data, wherein a header is encrypted with a same public key that is employed to encrypt a corresponding portion of the encrypted file data, and wherein each header includes instruction set information, and wherein the identifier, the first collection and the second collection are appended to the encrypted file data, wherein the secure bundle is presented to at least one provider of at least one portion of the file data and at least one public key.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The media of claim 13, further comprising providing the secure bundle to either the party that provided the one or more portions of the file data and the one or more public keys or an application that provided at least the file data and the one or more public keys.
  - 15. The media of claim 13, wherein the network computer performs further actions, comprising:
    - launching and executing an encryption engine, on the network computer, to encrypt the file data using the one or more encryption keys.
  - 16. The media of claim 13, wherein the one or more encrypted headers, further comprise one more of seed values, cache values, and metadata, wherein the metadata includes one or more of check sum values, file size information, creation date, the first collection of the one or more public keys, or the identifier.
  - 17. The media of claim 13, wherein the seed file is based on an offset value and a length value that are included in the instruction set information.
  - 18. The media of claim 13, wherein the instruction set information includes one or more of an entity identifier, a platform identifier, or the public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Centri Technology, Inc. (AgilePQ, Inc.)
Original Assignee
Centri Technology, Inc. (AgilePQ, Inc.)
Inventors
Paris, Luis Gerardo, Mackey, Michael Patrick, Lu, Li Xin Lance
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
ALMEIDA, DEVIN E

Application Number

US15/239,728
Publication Number

US 20160357979A1
Time in Patent Office

265 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 2221/2107   File encryption

H04L 63/0227   Filtering policies mail mes...

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/1458   Denial of Service

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

H04L 69/22   Parsing or analysis of headers

H04L 9/30   Public key, i.e. encryption...

Secure storage for shared documents

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Secure storage for shared documents

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links