Network-based service content protection

US 9,774,450 B2
Filed: 08/28/2015
Issued: 09/26/2017
Est. Priority Date: 07/25/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

obtaining a runtime routine from a service provider responsive to a service access request configured to permit editing performed locally at a computing device;

receiving content on the computing device;

editing the content locally by the computing device through execution of the runtime routine obtained from the service provider;

automatically encrypting the edited content without any user intervention by the computing device using an encryption credential through execution of the runtime routine and responsive to a request to store the content at the service provider such that the encrypted content can only be decrypted and accessed with the encryption credential at the computing device;

converting a filename of the content to an associated file identifier to protect the filename and to limit the service provider awareness to only the associated file identifier and the corresponding encrypted content;

storing locally, on the computing device, the filename of the content and the associated file identifier; and

uploading the encrypted content and the associated file identifier to the service provider.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network-based service content protection techniques are described. In one or more implementations, content is edited locally by a computing device. The edited content is automatically encrypted without any user intervention by the computing device using an encryption credential, e.g., encryption key or other secret. The automatic encryption is performed responsive to a request to store the content at a network-based service provider such that the encrypted content can only be decrypted and accessed with the encryption credential and the encrypted content is uploaded to the network-based service provider.

28 Citations

20 Claims

1. A method comprising:
- obtaining a runtime routine from a service provider responsive to a service access request configured to permit editing performed locally at a computing device;
  
  receiving content on the computing device;
  
  editing the content locally by the computing device through execution of the runtime routine obtained from the service provider;
  
  automatically encrypting the edited content without any user intervention by the computing device using an encryption credential through execution of the runtime routine and responsive to a request to store the content at the service provider such that the encrypted content can only be decrypted and accessed with the encryption credential at the computing device;
  
  converting a filename of the content to an associated file identifier to protect the filename and to limit the service provider awareness to only the associated file identifier and the corresponding encrypted content;
  
  storing locally, on the computing device, the filename of the content and the associated file identifier; and
  
  uploading the encrypted content and the associated file identifier to the service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as described in claim 1, wherein the encrypting is performed through use of the encryption credential that includes one or more cryptographic keys stored locally at the computing device.
  - 3. The method as described in claim 2, wherein the one or more cryptographic keys are manually entered by a user at the computing device responsive to a prompt to decrypt the encrypted content.
  - 4. The method as described in claim 2, wherein the one or more cryptographic keys are obtained from a third-party service that is accessible via a network, the one or more cryptographic keys not being directly accessible by the service provider from the third-party service.
  - 5. The method as described in claim 2, wherein the one or more cryptographic keys are stored locally at the computing device in secure storage such that the one or more cryptographic keys are not exposed outside of the computing device.
  - 6. The method as described in claim 1, further comprising:
    - forming the service access request configured for communication to the service provider to access the content; and
      
      forming a content access request through execution of the runtime routine on the computing device to obtain the content.
  - 7. The method as described in claim 6, further comprising decrypting the content obtained from the service provider.

8. A method comprising:
- obtaining a runtime routine from a service provider responsive to a service access request;
  
  obtaining encrypted content via a network by a computing device, the encrypted content made available by the service provider;
  
  decrypting the encrypted content for access and editing locally at the computing device through execution of the obtained runtime routine;
  
  responsive to a request to communicate the decrypted content outside of the computing device, automatically encrypting the decrypted content without user intervention through execution of the obtained runtime routine;
  
  converting a filename of the decrypted content to an associated file identifier to protect the filename to limit the service provider awareness to only the associated file identifier and the corresponding encrypted content; and
  
  storing locally, on the computing device, the filename of the content and the associated file identifier.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method as described in claim 8, wherein the decrypted content is encrypted automatically and without user intervention through use of one or more cryptographic keys stored locally at the computing device.
  - 10. The method as described in claim 9, wherein the one or more cryptographic keys are manually entered by a user responsive to a prompt to decrypt the obtained encrypted content.
  - 11. The method as described in claim 9, wherein the one or more cryptographic keys are obtained from a third-party service that is accessible via the network, the one or more cryptographic keys not being directly accessible by the service provider from the third-party service.
  - 12. The method as described in claim 9, wherein the one or more cryptographic keys are stored locally at the computing device in secure storage such that the one or more cryptographic keys are not exposed outside of the computing device.
  - 13. The method as described in claim 8, further comprising:
    - forming a service access request configured for communication to the service provider to access the encrypted content; and
      
      forming a content access request through execution of the runtime routine to obtain the encrypted content, and wherein the obtaining is performed responsive to receipt of the service access request by the service provider.

14. A system comprising:
- a communication module of a computing device configured to receive content and a runtime routine from a service provider;
  
  one or more modules implemented at least partially in hardware, the one or more modules configured to;
  
  obtain the runtime routine from the service provider responsive to a service access request configured to permit the content being encrypted locally at the computing device;
  
  encrypt the content locally by the computing device through execution of the runtime routine that is configured to protect the content automatically and without user intervention from access by the service provider;
  
  store the content encrypted by the runtime routine automatically and without user intervention such that the content is not accessible by the service provider;
  
  convert a filename of the content to an associated file identifier to protect the filename and to limit the service provider awareness to only the associated file identifier and the corresponding encrypted content; and
  
  store locally, on the computing device, the filename of the content and the associated file identifier.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system as described in claim 14, wherein the content is protected using one or more cryptographic keys.
  - 16. The system as described in claim 15, wherein the one or more cryptographic keys are manually entered by a user responsive to a prompt to decrypt the encrypted content.
  - 17. The system as described in claim 15, wherein the one or more cryptographic keys are obtained from a third-party service that is accessible via a network, the one or more cryptographic keys not being directly accessible by the service provider from the third-party service.
  - 18. The system as described in claim 15, wherein the one or more cryptographic keys are stored locally at the computing device in secure storage such that the one or more cryptographic keys are not exposed outside of the computing device.
  - 19. The system as described in claim 14, wherein the runtime routine is exposed for availability by the service provider responsive to a request to obtain the content.
  - 20. The system as described in claim 14, wherein the one or more modules are configured to:
    - form a service access request configured for communication to the service provider to access the content; and
      
      form a content access request through execution of the runtime routine on the computing device to obtain the content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Jalili, Reza
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Tran, Baotram

Application Number

US14/839,064
Publication Number

US 20150372817A1
Time in Patent Office

760 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/0428   wherein the data content is...

H04L 9/14   using a plurality of keys o...

Network-based service content protection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Network-based service content protection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others