Methods and apparatuses for reducing or eliminating unauthorized access to tethered data
First Claim
1. A method for reducing or eliminating unauthorized access to a secured file, the method comprising:
- adding a communication portion, comprised of executable code, to the secured file;
establishing a connection between the communication portion of the secured file and an authentication agent, the secured file further including an encrypted portion;
requesting a decryption key, using the communication portion, from the authentication agent for accessing the secured file on a first computing device, the decryption key being based on identification information other than user information, the identification information being retrieved from at least a second computing device and a third computing device in an authenticated environment of devices including the first computing device, the authenticated environment being an environment in which the secured file was encrypted;
determining, by the authentication agent, whether the first computing device is in the authenticated environment by reading a plurality of hash values of the secured file, the hash values represent the environment in which the secured file was created;
converting the hash values to network locations within the authentication environment;
retrieving key segments from the network locations including the second and third computing devices;
determining the first computing device is not in the authenticated environment in response to determining a hash value of the hash values does not correspond to a location within the authenticated environment; and
destroying the secured file, using the communication portion, subsequent to receiving a message indicating that the requesting has failed, including encrypting, using the communication portion, the secured file a plurality of times with an encryption key, the encryption key being based on data stored on the first computing device.
11 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of a method and apparatus for reducing or eliminating unauthorized access to secured files are generally described herein. In some embodiments, the method includes establishing a connection between a communication portion of the secured file and an authentication agent. The method may include requesting a decryption key from the authentication agent for accessing the secured file on a first computing device. The decryption key may be based on device information retrieved from devices in an authenticated environment of devices. The authenticated environment may be an environment in which the secured the was encrypted. The method may include destroying the secured file subsequent to receiving a message indicating that the requesting has failed.
76 Citations
16 Claims
-
1. A method for reducing or eliminating unauthorized access to a secured file, the method comprising:
-
adding a communication portion, comprised of executable code, to the secured file; establishing a connection between the communication portion of the secured file and an authentication agent, the secured file further including an encrypted portion; requesting a decryption key, using the communication portion, from the authentication agent for accessing the secured file on a first computing device, the decryption key being based on identification information other than user information, the identification information being retrieved from at least a second computing device and a third computing device in an authenticated environment of devices including the first computing device, the authenticated environment being an environment in which the secured file was encrypted; determining, by the authentication agent, whether the first computing device is in the authenticated environment by reading a plurality of hash values of the secured file, the hash values represent the environment in which the secured file was created; converting the hash values to network locations within the authentication environment; retrieving key segments from the network locations including the second and third computing devices; determining the first computing device is not in the authenticated environment in response to determining a hash value of the hash values does not correspond to a location within the authenticated environment; and destroying the secured file, using the communication portion, subsequent to receiving a message indicating that the requesting has failed, including encrypting, using the communication portion, the secured file a plurality of times with an encryption key, the encryption key being based on data stored on the first computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable medium comprising instructions that, when executed on a first machine, cause the first machine to:
-
receive a request for access to a file, the file being stored on the first machine, on a remote machine, or on both the first machine and the remote machine, wherein the file includes a communication portion comprised of executable code; establish a connection, through the communication portion of the file for which access is requested, to an authentication agent on the first machine, the file further including an encrypted data portion; request a decryption key, using the communication portion, from the authentication agent for decrypting the file, the decryption key being based on identification information retrieved from at least a second machine and a third machine in an authenticated environment of devices that includes the first machine, the authenticated environment of devices being an environment in which the file was encrypted; determine whether the first machine is in the authenticated environment by reading a plurality of hash values of the file, the hash values represent the environment in which the file was created; convert the hash values to respective network locations within the authentication environment; retrieve key segments from the network locations including the second and third machines; determine the first machine is not in the authenticated environment in response to determining a hash value of the hash values does not correspond to a location within the authenticated environment; and destroy the file, using the communication portion, subsequent to determining that the request has failed, including encrypting, using the communication portion, the file a plurality of times with an encryption key, the encryption key being based on data stored on the first computing device. - View Dependent Claims (10, 11, 12, 13)
-
-
14. An apparatus comprising:
-
a communication interface to communicate with a remote file storage; an authentication agent configured to; communicate with the remote file storage over the communication interface; communicate with a secured file through a communication portion of the secured file, the secured file further including an encrypted portion, wherein the communication portion is comprised of executable code; receive a request, from the communication portion, for a decryption key for accessing the secured file, the decryption key being based on identification information retrieved from at least a second device and a third device in an authenticated environment, the authenticated environment being an environment in which the secured file was encrypted, wherein the identification information includes information of other devices that are not components of the apparatus; determine whether the apparatus is in the authenticated environment by reading a plurality of hash values of the secured file, the hash values represent the environment in which the secured file was created; convert the hash values to respective network locations within the authentication environment; retrieve key segments from the network locations including the second and third devices; determine the apparatus is not in the authenticated environment in response to determining a hash value of the hash values does not correspond to a location within the authenticated environment; and generate either the decryption key or an error message, based on whether the request is received from within the authenticated environment; wherein the communication portion is configured to destroy the secured file subsequent to determining that the request has failed, including encrypting, using the communication portion, the secured file a plurality of times with an encryption key, the encryption key being based on data stored on the first computing device. - View Dependent Claims (15, 16)
-
Specification