Encryption-based data access management
First Claim
1. One or more non-transitory computer-readable media storing computer-readable instructions that, when executed by a hardware processor, cause a system to:
- receive a request to decrypt data stored at a first network location in encrypted format;
request a validation token from a second network location using an identifier and a password;
request a first encryption secret from a third network location, a first portion of the data having been encrypted using the first encryption secret, the first portion of the data comprising directory data and file header information for the data;
request a second encryption secret from a fourth network location, a second portion of the data having been encrypted using the second encryption secret, the second portion of the data comprising file data;
generate a decryption key using the first encryption secret and the second encryption secret; and
decrypt the data using the decryption key.
8 Assignments
0 Petitions
Accused Products
Abstract
Encryption-based data access management may include a variety of processes. In one example, a device may transmit a user authentication request for decrypting encrypted data to a data storage server storing the encrypted data. The computing device may then receive a validation token associated with the user'"'"'s authentication request, the validation token indicating that the user is authenticated to a domain. Subsequently, the computing device may transmit the validation token to a first key server different from the data storage server. Then, in response to transmitting the validation token the computing device may receive, from the first key server, a key required for decrypting the encrypted data. The device may then decrypt at least a portion of the encrypted data using the key.
-
Citations
20 Claims
-
1. One or more non-transitory computer-readable media storing computer-readable instructions that, when executed by a hardware processor, cause a system to:
-
receive a request to decrypt data stored at a first network location in encrypted format; request a validation token from a second network location using an identifier and a password; request a first encryption secret from a third network location, a first portion of the data having been encrypted using the first encryption secret, the first portion of the data comprising directory data and file header information for the data; request a second encryption secret from a fourth network location, a second portion of the data having been encrypted using the second encryption secret, the second portion of the data comprising file data; generate a decryption key using the first encryption secret and the second encryption secret; and decrypt the data using the decryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
one or more hardware processors; non-transitory memory storing instructions that, when executed by the one or more hardware processors, cause the system to; receive a request to decrypt data stored at a first network location in encrypted format; request a validation token from a second network location using an identifier and a password; request a first encryption secret from a third network location, a first portion of the data having been encrypted using the first encryption secret, the first portion of the data comprising directory data and file header information for the data; request a second encryption secret from a fourth network location, a second portion of the data having been encrypted using the second encryption secret, the second portion of the data comprising file data; generate a decryption key using the first encryption secret and the second encryption secret; and decrypt the data using the decryption key. - View Dependent Claims (20)
-
-
18. A method comprising:
-
receiving a request to decrypt data, the data stored at a first network location in encrypted format; requesting a validation token from a second network location using an identifier and a password; requesting a first encryption secret from a third network location, a first portion of the data having been encrypted using the first encryption secret, the first portion of the data comprising directory data and file header information for the data; requesting a second encryption secret from a fourth network location, a second portion of the data having been encrypted using the second encryption secret, the second portion of the data comprising file data; generating a decryption key using the first encryption secret and the second encryption secret; and decrypting the data using the decryption key. - View Dependent Claims (19)
-
Specification