Secure peer-to-peer distribution of an updatable keyring

US 8,885,832 B2
Filed: 03/31/2008
Issued: 11/11/2014
Est. Priority Date: 03/30/2007
Status: Active Grant

First Claim

Patent Images

1. A first computerized device for documents comprising:

a processing unit; and

data storage including executable program code,wherein the processing unit is configured to;

generate a feed object;

generate a first key based on contents of the feed object, wherein the first key comprises information identifying the feed object and a decryption key to decrypt an encrypted form of the feed object;

generate a first keyring entry comprising an encrypted form of the first key, wherein an entry key is configured to decrypt the encrypted form of the first key, wherein the first keyring entry is associated with the feed object;

transmit the encrypted form of the feed object to a second computerized device that is in communication with the first computerized device; and

transmit the first keyring entry to the second computerized device,wherein the encrypted form of the feed object and the first keyring entry are stored on the second computerized device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A distributed peer-to-peer document archive system provides version-control, security, access control, linking among stored documents and remote access to documents usually associated with centralized storage systems while still providing the simplicity, personalization and robustness to network outages associated with personal and peer-to-peer storage systems. A “keyring” is an encrypted repository that allows a user to recover and access a user'"'"'s entire digital archive with a single master key. After the key is created, it does not need to be updated, and can be stored in a safe, safety-deposit box or other secure location. In the event the user'"'"'s computer is stolen or destroyed, the user need only install the system on a new machine and import the master key. The system will then use that key to browse nearby servers to find and decrypt all files necessary to recreate the full digital archive in its most recent state.

42 Citations

View as Search Results

12 Claims

1. A first computerized device for documents comprising:
- a processing unit; and
  
  data storage including executable program code,wherein the processing unit is configured to;
  
  generate a feed object;
  
  generate a first key based on contents of the feed object, wherein the first key comprises information identifying the feed object and a decryption key to decrypt an encrypted form of the feed object;
  
  generate a first keyring entry comprising an encrypted form of the first key, wherein an entry key is configured to decrypt the encrypted form of the first key, wherein the first keyring entry is associated with the feed object;
  
  transmit the encrypted form of the feed object to a second computerized device that is in communication with the first computerized device; and
  
  transmit the first keyring entry to the second computerized device,wherein the encrypted form of the feed object and the first keyring entry are stored on the second computerized device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The device of claim 1 wherein the processing unit is further configured to receive a passphrase, encrypt the first key with the passphrase to create a second encrypted form of the first key, and store the second encrypted form of the first key on the data storage.
  - 3. The device of claim 2 wherein the passphrase is received from a user.
  - 4. The device of claim 1 wherein the feed object is an encrypted document or an encrypted key for a second feed object.
  - 5. The device of claim 1 wherein the processing unit is further configured to:
    - receive input from a user to create a first document;
      
      encrypt the first document to produce a first encrypted document;
      
      generate a first object key including a first decryption key to decrypt the first encrypted document;
      
      produce a second keyring entry comprising an encrypted form of the first object key, wherein the second keyring entry is associated with the feed object; and
      
      transmit the second keyring entry to the second computerized device.
  - 6. The device of claim 5 wherein the processing unit is further configured to transmit the first encrypted document to the second computerized device and wherein the first encrypted document is backed up on the second computerized device.
  - 7. The device of claim 1 wherein the processing unit is further configured to:
    - receive a second key from another user;
      
      encrypt the received second key using the entry key to produce a second keyring entry, wherein the second keyring entry is associated with the feed object; and
      
      transmit the second keyring entry to the second computerized device.

8. A method for creating a keyring feed entry comprising:
- receiving, by a first device, a passphrase from a user of the first device;
  
  creating, by the first device, a keyring feed comprising an entry key;
  
  receiving, by the first device, a first access key, wherein the first access key includes (a) information identifying a first encrypted document object and (b) a first decryption key for decrypting the first encrypted document object and wherein the entry key is used to encrypt and decrypt the first access key;
  
  encrypting, by the first device, the first access key using the entry key to generate an encrypted first access key; and
  
  storing, by the first device, the encrypted first access key as a first keyring entry associated with the keyring feed.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8 further comprising:
    - generating, by the first device, a master key for the keyring feed, wherein the master key is used to decrypt the keyring feed; and
      
      adding, by the first device, the master key to the keyring feed as a second keyring entry.
  - 10. The method of claim 8 further comprising:
    - receiving, by the first device, a second access key, wherein the second access key includes information identifying a second encrypted document object and a second decryption key for decrypting the second encrypted document object;
      
      if the first device does not have the second encrypted document object;
      
      querying, by the first device, in response to receiving the second access key, one or more second devices to determine whether the one or more second devices have the second encrypted document;
      
      receiving, by the first device, the second encrypted document object from at least one of the one or more second devices;
      
      encrypting, by the first device, the second access key using the entry key to generate an encrypted second access key;
      
      associating the encrypted second access key with the second encrypted document object; and
      
      storing, by the first device, the encrypted second access key as a second keyring entry associated with the keyring feed.
  - 11. The method of claim 9 further comprising communicating, by the first device, the second keyring entry to any of the one or more second devices that do not already have the second keyring entry.
  - 12. The method of claim 8 further comprising:
    - determining, by the first device, whether the first keyring entry is stored on a second device; and
      
      if it is determined that the first keyring entry is not stored on the second device, sending, by the first device, the first keyring entry to the second device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ricoh Company Limited
Original Assignee
Ricoh Company Limited
Inventors
Rhodes, Bradley J., Savitzky, Stephen R, Piersol, Kurt
Primary Examiner(s)
Kyle, Tamara T

Application Number

US12/060,048
Publication Number

US 20090060201A1
Time in Patent Office

2,416 Days
Field of Search

380/284
US Class Current

380/284
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

H04L 63/06   for supporting key manageme...

H04L 63/10   for controlling access to d...

H04L 9/0836   using tree structure or hie...

H04L 9/0891   Revocation or update of sec...

Secure peer-to-peer distribution of an updatable keyring

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Secure peer-to-peer distribution of an updatable keyring

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others