Secure Key Management for Roaming Protected Content
First Claim
1. A method implemented in a first computing device, the method comprising:
- protecting content using a data protection public key of a data protection public/private key pair corresponding to an identity of a user of the first computing device;
copying the protected content to cloud storage;
obtaining a public key of a public/private key pair of a second computing device, the first and second computing devices being associated with a same user identity;
encrypting the data protection private key using the public key of the second computing device; and
providing the encrypted data protection private key to the second computing device.
3 Assignments
0 Petitions
Accused Products
Abstract
Content on a device is encrypted and protected based on a data protection key corresponding to a particular identity of the user of the device. The protected content can then be stored to cloud storage, and from the cloud storage the protected content can be transferred to various other ones of the user'"'"'s devices. A data protection key that is used to retrieve the plaintext content from the protected content is maintained by the user'"'"'s device. This data protection key can be securely transferred to other of the user'"'"'s devices, allowing any of the user'"'"'s devices to access the protected content.
48 Citations
20 Claims
-
1. A method implemented in a first computing device, the method comprising:
-
protecting content using a data protection public key of a data protection public/private key pair corresponding to an identity of a user of the first computing device; copying the protected content to cloud storage; obtaining a public key of a public/private key pair of a second computing device, the first and second computing devices being associated with a same user identity; encrypting the data protection private key using the public key of the second computing device; and providing the encrypted data protection private key to the second computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A first computing device comprising:
-
an encryption module configured to protect content by encrypting, using a data protection public key of a data protection public/private key pair corresponding to an identity of a user of the first computing device, the content or a file encryption key that is used to encrypt the content; one or more programs configured to copy the protected content to a cloud storage; and a key transfer module configured to; obtain a public key of a public/private key pair of a second computing device, the first and second computing devices being associated with a same user identity on the cloud storage; facilitate the encryption module encrypting the data protection private key using the public key of the second computing device; and provide the encrypted data protection private key to the second computing device. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A computer-readable storage medium having stored thereon multiple instructions that, responsive to execution by one or more processors of a computing device, cause the one or more processors to perform operations comprising:
-
protecting content by encrypting a file encryption key using a data protection public key of a data protection public/private key pair corresponding to an identity of a user of the computing device, the content being encrypted using the file encryption key; copying the protected content to a cloud storage; obtaining a public key of a public/private key pair of an additional computing device, the computing device and the additional computing device both accessing the cloud storage for protected content stored to the cloud storage by the other; encrypting the data protection private key using the public key of the additional computing device; and providing the encrypted data protection private key to the additional computing device. - View Dependent Claims (18, 19, 20)
-
Specification