Methods and apparatus to securely share data

US 9,912,645 B2
Filed: 06/30/2016
Issued: 03/06/2018
Est. Priority Date: 03/31/2014
Status: Active Grant

First Claim

Patent Images

1. A first computing device associated with a first user of a cloud service, comprising:

a processor;

a trusted execution environment to;

retrieve an encrypted archive file and a wrapped encryption key from a second computing device associated with a second user of the cloud service, the wrapped encryption key wrapped with key data associated with the first user of the cloud service at the second computing device, the encrypted archive file provisioned with the wrapped encryption key; and

unwrap the wrapped encryption key with the key data to obtain an unwrapped encryption key; and

an encryption engine to decrypt the encrypted archive file with the unwrapped encryption key to obtain a first archive file representative of first data from the second computing device, the first archive file to be mounted to an operating system (OS) of the first computing device thereby exposing the first data of the first archive file to an OS file system of the first computing device as a virtual drive, at least one of the encryption engine, and the trusted execution environment implemented using the processor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus to securely share data are disclosed. An example includes retrieving, by executing an instruction with a processor at a first computing device associated with a first user of a cloud service, an encrypted archive file and a wrapped encryption key from a second computing device associated with a second user of the cloud service, the wrapped encryption key wrapped with key data associated with the first user of the cloud service at the second computing device, unwrapping the wrapped encryption key with the key data to obtain an unwrapped encryption key, and decrypting the encrypted archive file with the unwrapped encryption key to obtain a decrypted archive file.

Citations

13 Claims

1. A first computing device associated with a first user of a cloud service, comprising:
- a processor;
  
  a trusted execution environment to;
  
  retrieve an encrypted archive file and a wrapped encryption key from a second computing device associated with a second user of the cloud service, the wrapped encryption key wrapped with key data associated with the first user of the cloud service at the second computing device, the encrypted archive file provisioned with the wrapped encryption key; and
  
  unwrap the wrapped encryption key with the key data to obtain an unwrapped encryption key; and
  
  an encryption engine to decrypt the encrypted archive file with the unwrapped encryption key to obtain a first archive file representative of first data from the second computing device, the first archive file to be mounted to an operating system (OS) of the first computing device thereby exposing the first data of the first archive file to an OS file system of the first computing device as a virtual drive, at least one of the encryption engine, and the trusted execution environment implemented using the processor.
- View Dependent Claims (2, 3, 4)
- - 2. The first computing device as defined in claim 1, wherein the key data associated with the first user of the cloud service is at least one of a private key generated based on a password associated with the first user of the cloud service or a public key associated with the first user.
  - 3. The first computing device as defined in claim 1, further including a mount point to mount the first archive file to the operating system of the first computing device.
  - 4. The first computing device as defined in claim 3, wherein the operating system of the first computing device is different from an operating system of the second computing device.

5. A method, comprising:
- retrieving, by executing an instruction with a processor at a first computing device associated with a first user of a cloud service, an encrypted archive file and a wrapped encryption key from a second computing device associated with a second user of the cloud service, the wrapped encryption key wrapped with key data associated with the first user of the cloud service at the second computing device, the encrypted archive file provisioned with the wrapped encryption key;
  
  unwrapping, by executing an instruction with the processor, the wrapped encryption key with the key data to obtain an unwrapped encryption key; and
  
  decrypting, by executing an instruction with the processor, the encrypted archive file with the unwrapped encryption key to obtain a decrypted archive file, the decrypted archive file to be mounted, by executing an instruction with the processor, to an operating system (OS) of the first computing device thereby exposing data of the decrypted archive file to an OS file system of the first computing device as a virtual drive.
- View Dependent Claims (7, 8)
- - 7. The method as defined in claim 5, wherein the operating system of the first computing device is different from a second operating system of the second computing device.
  - 8. The method as defined in claim 7, wherein the key data associated with the first user of the cloud service is at least one of a private key generated based on a password associated with the first user of the cloud service or a public key associated with the first user.

6. A first computing device associated with a first user of a cloud service, comprising:
- a processor;
  
  a trusted execution environment to;
  
  retrieve an encrypted archive file and a wrapped encryption key from a second computing device associated with a second user of the cloud service, the wrapped encryption key wrapped with first key data associated with the first user of the cloud service at the second computing device; and
  
  unwrap the wrapped encryption key with the first key data to obtain an unwrapped encryption key; and
  
  an encryption engine to decrypt the encrypted archive file with the unwrapped encryption key to obtain a first archive file representative of first data from the second computing device;
  
  wherein the encrypted archive file is a first encrypted archive file, the wrapped encryption key is a first wrapped encryption key, and further including an archive generator to generate a second archive file representative of second data from the first computing device, the encryption engine to encrypt the second archive file with a second encryption key to form a second encrypted archive file, and the trusted execution environment to wrap the second encryption key with second key data associated with the second user of the cloud service to form a second wrapped encryption key, and the trusted execution environment is to provision the second encrypted archive file with the second wrapped encryption key; and
  
  a communicator to convey the provisioned, second encrypted archive file to the second computing device, the second encrypted archive file to be decrypted by the second computing device based on the second wrapped encryption key to obtain the second archive file, the second archive file to be mounted to an operating system of the second computing device, at least one of the encryption engine, the trusted execution environment and the communicator implemented using the processor.

9. A method, comprising:
- retrieving, by executing an instruction with a processor at a first computing device associated with a first user of a cloud service, an encrypted archive file and a wrapped encryption key from a second computing device associated with a second user of the cloud service, the wrapped encryption key wrapped with first key data associated with the first user of the cloud service at the second computing device;
  
  unwrapping, by executing an instruction with the processor, the wrapped encryption key with the first key data to obtain an unwrapped encryption key; and
  
  decrypting, by executing an instruction with the processor, the encrypted archive file with the unwrapped encryption key to obtain a decrypted archive file;
  
  wherein the encrypted archive file is a first encrypted archive file, the wrapped encryption key is a first wrapped encryption key, and further including;
  
  generating a second archive file representative of data from the first computing device;
  
  encrypting the second archive file with an encryption key to form a second encrypted archive file; and
  
  wrapping the encryption key with second key data associated with the second user of the cloud service to form a second wrapped encryption key;
  
  provisioning the second encrypted archive file with the second wrapped encryption key; and
  
  conveying the provisioned, second encrypted archive file to the second computing device, the second encrypted archive file to be decrypted by the second computing device based on the second wrapped encryption key to obtain the second archive file, the second archive file to be mounted to an operating system of the second computing device.

10. At least one tangible computer readable storage medium comprising instructions that, when executed, cause a first computing device associated with a first user of a cloud service to at least:
- retrieve a first encrypted archive file and a first wrapped encryption key from a second computing device associated with a second user of the cloud service, the first wrapped encryption key wrapped with key data associated with the first user of the cloud service at the second computing device, the first encrypted archive file provisioned with the first wrapped encryption key;
  
  unwrap the first wrapped encryption key with the key data to obtain an unwrapped encryption key; and
  
  decrypt the first encrypted archive file with the unwrapped encryption key to obtain a first archive file representative of first data from the second computing device, the first archive file to be mounted to an operating system (OS) of the first computing device thereby exposing the first data of the first archive file to an OS file system of the first computing device as a virtual drive.
- View Dependent Claims (11, 12)
- - 11. The at least one storage medium as defined in claim 10, wherein the key data associated with the first user of the cloud service is at least one of a private key generated based on a password associated with the first user of the cloud service or a public key associated with the first user.
  - 12. The at least one storage medium as defined in claim 10, wherein the operating system of the first computing device is different from an operating system of the second computing device.

13. At least one tangible computer readable storage medium comprising instructions that, when executed, cause a first computing device associated with a first user of a cloud service to at least:
- retrieve an encrypted archive file and a wrapped encryption key from a second computing device associated with a second user of the cloud service, the wrapped encryption key wrapped with first key data associated with the first user of the cloud service at the second computing device;
  
  unwrap the wrapped encryption key with the first key data to obtain an unwrapped encryption key; and
  
  decrypt the encrypted archive file with the unwrapped encryption key to obtain a first archive file representative of first data from the second computing device;
  
  wherein the encrypted archive file is a first encrypted archive file, the wrapped encryption key is a first wrapped encryption key, and where the instructions, when executed, cause the first computing device to;
  
  generate a second archive file representative of second data from the first computing device;
  
  encrypt the second archive file with an encryption key to form a second encrypted archive file; and
  
  wrap the encryption key with second key data associated with the second user of the cloud service to form a second wrapped encryption key;
  
  provision the second encrypted archive file with the second wrapped encryption key; and
  
  convey the provisioned, second encrypted archive file to the second computing device, the provisioned second encrypted archive file to be decrypted by the second computing device based on the second wrapped encryption key to obtain the second archive file, the second archive file to be mounted to an operating system of the second computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Smith, Ned M., Ben-Shalom, Omer, Nayshtut, Alex
Primary Examiner(s)
Truong, Thanhnga B

Application Number

US15/198,508
Publication Number

US 20160315917A1
Time in Patent Office

614 Days
Field of Search

713165, 713168, 713180, 713193, 726 22- 24, 726 26, 726 30, 707822, 707679, 707680, 707681, 707826, 707803, 707807, 707809, 717148, 718100, 380 46
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 67/10   in which an application is ...

H04L 67/12   specially adapted for propr...

H04L 69/22   Parsing or analysis of headers

H04L 9/30   Public key, i.e. encryption...

Methods and apparatus to securely share data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus to securely share data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links