Systems and methods for secure data sharing

US 9,785,785 B2
Filed: 12/30/2015
Issued: 10/10/2017
Est. Priority Date: 09/20/2010
Status: Active Grant

First Claim

Patent Images

1. A method for securely sharing a data set, comprising:

distributing, using a hardware processor, the data set into two or more shares;

distributing the two or more shares across at least one consumer storage location and at least one enterprise storage location;

generating permissions associated with the data set;

in response to receiving a request for the data set, generating a computing image that provides one or more pointers to the two or more shares, wherein generating the computing image comprises;

generating a virtual machine that includes a pointer to a storage location of the two or more shares;

retrieving updated stub file information; and

recreating, using the retrieved stub file information, a stub file associated with the computing image;

distributing the computing image to a user associated with the at least one consumer storage location;

executing the virtual machine on the at least one consumer storage location;

using the virtual machine, providing access to the one or more pointers to the two or more shares based on the permissions without replicating the data set at the at least one consumer storage location.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for creating and using a sharable file-level key to secure data files. The file-level key is generated based on a workgroup key associated with the data file and unique information associated with the data file. The file-level key may be used to encrypt and split data. Systems and methods are also provided for sharing data without replicating the data on an end user machine. Data is encrypted and split across an external/consumer network and an enterprise/producer network. Access to the data is provided using a computing image generated by a server in the enterprise/producer network and then distributed to end users of the external/consumer network. This computing image may include preloaded files that provide pointers to the data. No access or replication of the data on the enterprise/producer network is needed in order for a user of the external/consumer network to access the data.

Citations

18 Claims

1. A method for securely sharing a data set, comprising:
- distributing, using a hardware processor, the data set into two or more shares;
  
  distributing the two or more shares across at least one consumer storage location and at least one enterprise storage location;
  
  generating permissions associated with the data set;
  
  in response to receiving a request for the data set, generating a computing image that provides one or more pointers to the two or more shares, wherein generating the computing image comprises;
  
  generating a virtual machine that includes a pointer to a storage location of the two or more shares;
  
  retrieving updated stub file information; and
  
  recreating, using the retrieved stub file information, a stub file associated with the computing image;
  
  distributing the computing image to a user associated with the at least one consumer storage location;
  
  executing the virtual machine on the at least one consumer storage location;
  
  using the virtual machine, providing access to the one or more pointers to the two or more shares based on the permissions without replicating the data set at the at least one consumer storage location.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the permissions designate the data set as read and write access enabled for users associated with the at least one enterprise storage location and as read access enabled for users associated with the at least one consumer storage location.
  - 3. The method of claim 1, further comprising receiving, from the at least one consumer storage location, a request for the data set.
  - 4. The method of claim 1, wherein the computing image comprises a stub file that provides attributes of the two or more shares.
  - 5. The method of claim 1, wherein the computing image comprises a virtual machine file, stub files, and configuration data that allows the user the access to the data set.
  - 6. The method of claim 1, wherein distributing the computing image further comprises distributing the computing image, across a network, as a virtual machine that may be installed on hardware associated with the user.
  - 7. The method of claim 1, wherein distributing the computing image further comprises distributing a physical device.
  - 8. The method of claim 1, wherein providing access to the one or more pointers to the two or more shares comprises providing access to a subset of the data set.
  - 9. The method of claim 1, further comprising generating stub files independently of generating the computing image.

10. A system for securely sharing a data set, comprising:
- a hardware processor configured to;
  
  distribute, using a hardware processor, the data set into two or more shares;
  
  distribute the two or more shares across at least one consumer storage location and at least one enterprise storage location;
  
  generate permissions associated with the data set;
  
  in response to receiving a request for the data set, generate a computing image that provides one or more pointers to the two or more shares, wherein the generated computing image comprises;
  
  generating a virtual machine that includes a pointer to a storage location of the two or more shares;
  
  retrieving updated stub file information; and
  
  recreating, using the retrieved stub file information, a stub file associated with the computing image;
  
  distribute the computing image to a user associated with the at least one consumer storage location;
  
  execute the virtual machine on the at least one consumer storage location;
  
  use the virtual machine to provide access to the one or more pointers to the two or more shares based on the permissions without replicating the data set at the at least one consumer storage location.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the permissions designate the data set as read and write access enabled for users associated with the at least one enterprise storage location and as read access enabled for users associated with the at least one consumer storage location.
  - 12. The system of claim 10, wherein the hardware processor is further configured to receive, from the at least one consumer storage location, a request for the data set.
  - 13. The system of claim 10, wherein the computing image comprises a stub file that provides attributes of the two or more shares.
  - 14. The system of claim 10, wherein the computing image comprises a virtual machine file, stub files, and configuration data that allows the user the access to the data set.
  - 15. The system of claim 10, wherein the hardware processor is configured to distribute the computing image by distributing the computing image, across a network, as a virtual machine that may be installed on hardware associated with the user.
  - 16. The system of claim 10, wherein the computing image is distributed on a physical device.
  - 17. The system of claim 10, wherein the hardware processor is configured to provide access to the one or more pointers to the two or more shares by providing access to a subset of the data set.
  - 18. The system of claim 10, wherein the hardware processor is further configured to generate stub files independently of generating the computing image.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
O'Hare, Mark S., Orsini, Rick L., Landau, Gabriel D., Staker, Matthew, Yakamovich, William
Primary Examiner(s)
Cribbs, Malcolm

Application Number

US14/984,087
Publication Number

US 20160196440A1
Time in Patent Office

650 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 9/085   Secret sharing or secret sp...

H04L 9/0861   Generation of secret inform...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3268   using certificate validatio...

Systems and methods for secure data sharing

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure data sharing

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links