Methods and apparatus to securely share data
First Claim
1. A first computing device associated with a first user of a cloud service, comprising:
- a processor;
a trusted execution environment to;
retrieve an encrypted archive file and a wrapped encryption key from a second computing device associated with a second user of the cloud service, the wrapped encryption key wrapped with key data associated with the first user of the cloud service at the second computing device, the encrypted archive file provisioned with the wrapped encryption key; and
unwrap the wrapped encryption key with the key data to obtain an unwrapped encryption key; and
an encryption engine to decrypt the encrypted archive file with the unwrapped encryption key to obtain a first archive file representative of first data from the second computing device, the first archive file to be mounted to an operating system (OS) of the first computing device thereby exposing the first data of the first archive file to an OS file system of the first computing device as a virtual drive, at least one of the encryption engine, and the trusted execution environment implemented using the processor.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus to securely share data are disclosed. An example includes retrieving, by executing an instruction with a processor at a first computing device associated with a first user of a cloud service, an encrypted archive file and a wrapped encryption key from a second computing device associated with a second user of the cloud service, the wrapped encryption key wrapped with key data associated with the first user of the cloud service at the second computing device, unwrapping the wrapped encryption key with the key data to obtain an unwrapped encryption key, and decrypting the encrypted archive file with the unwrapped encryption key to obtain a decrypted archive file.
-
Citations
13 Claims
-
1. A first computing device associated with a first user of a cloud service, comprising:
-
a processor; a trusted execution environment to; retrieve an encrypted archive file and a wrapped encryption key from a second computing device associated with a second user of the cloud service, the wrapped encryption key wrapped with key data associated with the first user of the cloud service at the second computing device, the encrypted archive file provisioned with the wrapped encryption key; and unwrap the wrapped encryption key with the key data to obtain an unwrapped encryption key; and an encryption engine to decrypt the encrypted archive file with the unwrapped encryption key to obtain a first archive file representative of first data from the second computing device, the first archive file to be mounted to an operating system (OS) of the first computing device thereby exposing the first data of the first archive file to an OS file system of the first computing device as a virtual drive, at least one of the encryption engine, and the trusted execution environment implemented using the processor. - View Dependent Claims (2, 3, 4)
-
-
5. A method, comprising:
-
retrieving, by executing an instruction with a processor at a first computing device associated with a first user of a cloud service, an encrypted archive file and a wrapped encryption key from a second computing device associated with a second user of the cloud service, the wrapped encryption key wrapped with key data associated with the first user of the cloud service at the second computing device, the encrypted archive file provisioned with the wrapped encryption key; unwrapping, by executing an instruction with the processor, the wrapped encryption key with the key data to obtain an unwrapped encryption key; and decrypting, by executing an instruction with the processor, the encrypted archive file with the unwrapped encryption key to obtain a decrypted archive file, the decrypted archive file to be mounted, by executing an instruction with the processor, to an operating system (OS) of the first computing device thereby exposing data of the decrypted archive file to an OS file system of the first computing device as a virtual drive. - View Dependent Claims (7, 8)
-
-
6. A first computing device associated with a first user of a cloud service, comprising:
-
a processor; a trusted execution environment to; retrieve an encrypted archive file and a wrapped encryption key from a second computing device associated with a second user of the cloud service, the wrapped encryption key wrapped with first key data associated with the first user of the cloud service at the second computing device; and unwrap the wrapped encryption key with the first key data to obtain an unwrapped encryption key; and an encryption engine to decrypt the encrypted archive file with the unwrapped encryption key to obtain a first archive file representative of first data from the second computing device; wherein the encrypted archive file is a first encrypted archive file, the wrapped encryption key is a first wrapped encryption key, and further including an archive generator to generate a second archive file representative of second data from the first computing device, the encryption engine to encrypt the second archive file with a second encryption key to form a second encrypted archive file, and the trusted execution environment to wrap the second encryption key with second key data associated with the second user of the cloud service to form a second wrapped encryption key, and the trusted execution environment is to provision the second encrypted archive file with the second wrapped encryption key; and a communicator to convey the provisioned, second encrypted archive file to the second computing device, the second encrypted archive file to be decrypted by the second computing device based on the second wrapped encryption key to obtain the second archive file, the second archive file to be mounted to an operating system of the second computing device, at least one of the encryption engine, the trusted execution environment and the communicator implemented using the processor.
-
-
9. A method, comprising:
-
retrieving, by executing an instruction with a processor at a first computing device associated with a first user of a cloud service, an encrypted archive file and a wrapped encryption key from a second computing device associated with a second user of the cloud service, the wrapped encryption key wrapped with first key data associated with the first user of the cloud service at the second computing device; unwrapping, by executing an instruction with the processor, the wrapped encryption key with the first key data to obtain an unwrapped encryption key; and decrypting, by executing an instruction with the processor, the encrypted archive file with the unwrapped encryption key to obtain a decrypted archive file; wherein the encrypted archive file is a first encrypted archive file, the wrapped encryption key is a first wrapped encryption key, and further including; generating a second archive file representative of data from the first computing device; encrypting the second archive file with an encryption key to form a second encrypted archive file; and wrapping the encryption key with second key data associated with the second user of the cloud service to form a second wrapped encryption key; provisioning the second encrypted archive file with the second wrapped encryption key; and conveying the provisioned, second encrypted archive file to the second computing device, the second encrypted archive file to be decrypted by the second computing device based on the second wrapped encryption key to obtain the second archive file, the second archive file to be mounted to an operating system of the second computing device.
-
-
10. At least one tangible computer readable storage medium comprising instructions that, when executed, cause a first computing device associated with a first user of a cloud service to at least:
-
retrieve a first encrypted archive file and a first wrapped encryption key from a second computing device associated with a second user of the cloud service, the first wrapped encryption key wrapped with key data associated with the first user of the cloud service at the second computing device, the first encrypted archive file provisioned with the first wrapped encryption key; unwrap the first wrapped encryption key with the key data to obtain an unwrapped encryption key; and decrypt the first encrypted archive file with the unwrapped encryption key to obtain a first archive file representative of first data from the second computing device, the first archive file to be mounted to an operating system (OS) of the first computing device thereby exposing the first data of the first archive file to an OS file system of the first computing device as a virtual drive. - View Dependent Claims (11, 12)
-
-
13. At least one tangible computer readable storage medium comprising instructions that, when executed, cause a first computing device associated with a first user of a cloud service to at least:
-
retrieve an encrypted archive file and a wrapped encryption key from a second computing device associated with a second user of the cloud service, the wrapped encryption key wrapped with first key data associated with the first user of the cloud service at the second computing device; unwrap the wrapped encryption key with the first key data to obtain an unwrapped encryption key; and decrypt the encrypted archive file with the unwrapped encryption key to obtain a first archive file representative of first data from the second computing device; wherein the encrypted archive file is a first encrypted archive file, the wrapped encryption key is a first wrapped encryption key, and where the instructions, when executed, cause the first computing device to; generate a second archive file representative of second data from the first computing device; encrypt the second archive file with an encryption key to form a second encrypted archive file; and wrap the encryption key with second key data associated with the second user of the cloud service to form a second wrapped encryption key; provision the second encrypted archive file with the second wrapped encryption key; and convey the provisioned, second encrypted archive file to the second computing device, the provisioned second encrypted archive file to be decrypted by the second computing device based on the second wrapped encryption key to obtain the second archive file, the second archive file to be mounted to an operating system of the second computing device.
-
Specification