Systems and methods for secure data sharing
First Claim
1. A method for encrypting a data file, comprising:
- receiving a request to encrypt the data file;
retrieving a workgroup key associated with the data file;
retrieving unique information associated with the data file;
computing a hash value of the workgroup key;
combining the hash value of the workgroup key and the unique information by a hardware processor using a substantially randomized technique to form a file-level key;
encrypting the data file based on the file-level key;
receiving a request from an entity to access the encrypted data file, wherein the entity is not a member of a workgroup associated with the workgroup key; and
sharing the file-level key with the entity.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for creating and using a sharable file-level key to secure data files. The sharable file-level key is generated based on a workgroup key associated with the data file, as well as unique information associated with the data file. The sharable file-level key may be used to encrypt and split data using a Secure Parser. Systems and methods are also provided for sharing data without replicating the data on the machine of the end user. Data is encrypted and split across an external/consumer network and an enterprise/producer network. Access to the data is provided using a computing image generated by a server in the enterprise/producer network and then distributed to end users of the external/consumer network. This computing image may include preloaded files that provide pointers to the data that was encrypted and split. No access or replication of the data on the enterprise/producer network is needed in order for a user of the external/consumer network to access the data.
303 Citations
26 Claims
-
1. A method for encrypting a data file, comprising:
-
receiving a request to encrypt the data file; retrieving a workgroup key associated with the data file; retrieving unique information associated with the data file; computing a hash value of the workgroup key; combining the hash value of the workgroup key and the unique information by a hardware processor using a substantially randomized technique to form a file-level key; encrypting the data file based on the file-level key; receiving a request from an entity to access the encrypted data file, wherein the entity is not a member of a workgroup associated with the workgroup key; and sharing the file-level key with the entity. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for encrypting a data file, comprising a hardware processor configured to:
-
receive a request to encrypt the data file; retrieve a workgroup key associated with the data file; retrieve unique information associated with the data file; compute a hash value of the workgroup key; combine the hash value of the workgroup key and the unique information using a substantially randomized technique to form a file-level key; encrypt the data file based on the file-level key; receive a request from an entity to access the encrypted data file, wherein the entity is not a member of a workgroup associated with the workgroup key; and share the file-level key with the entity. - View Dependent Claims (9, 10, 11, 12, 13, 14, 26)
-
-
15. A method for securely sharing a data set, comprising:
-
encrypting the data set using at least one cryptographic key; generating a random or pseudo-random value distributing, based at least in part on the random or pseudorandom value, the encrypted data in the data set into two or more shares; distributing the two or more data shares across at least one consumer storage location and at least one enterprise storage location; generating permissions associated with the data set; generating a computing image that provides one or more pointers to the data set, wherein generating the computing image comprises generating a virtual machine image comprising preloaded stub files, wherein the preloaded stub files provide pointers to the two or more data shares; distributing the computing image to users associated with the at least one consumer storage location; and using the computing image, providing access to the data set based on the permissions. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A system for securely sharing a data set, the system comprising a hardware processor configured to:
-
encrypt the data set using at least one cryptographic stored on a key manager; generate a random or pseudo-random value distribute, based, at least in part, on the random or pseudorandom value, encrypted data in the data set into two or more shares; distribute the two or more data shares across at least one consumer storage location and at least one enterprise storage location; generate permissions associated with the data set; generate a computing image that provides one or more pointers to the data set by generating a virtual machine image comprising preloaded stub files, wherein the preloaded stub files provide pointers to the two or more data shares; distribute the computing image to users associated with the at least one consumer storage location; and using the computing image, provide access to the data set based on the permissions. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification