Authenticator device facilitating file security

US 9,813,247 B2
Filed: 07/20/2016
Issued: 11/07/2017
Est. Priority Date: 12/23/2014
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to an encrypted file, comprising:

establishing a trusted relationship between an authenticator device and a file storage application hosting the encrypted file;

receiving a request to access the encrypted file from an access device;

authenticating the request by determining that the access device has authority to access the encrypted file;

providing a decryption key to the authenticator device when the access device has authority;

providing the encrypted file to the access device;

transmitting the decryption key from the authenticator device to the access device; and

decrypting the encrypted file, by the access device, using the decryption key received from the authenticator device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for facilitating the encryption of files as well as facilitating requiring a user to employ an authenticator device in order to access a file that is encrypted or otherwise secured. The authenticator device can provide an authenticator code in which a security key used to access a secured file can be embedded. An additional layer of encryption can also be applied in the authenticator code.

214 Citations

20 Claims

1. A method for controlling access to an encrypted file, comprising:
- establishing a trusted relationship between an authenticator device and a file storage application hosting the encrypted file;
  
  receiving a request to access the encrypted file from an access device;
  
  authenticating the request by determining that the access device has authority to access the encrypted file;
  
  providing a decryption key to the authenticator device when the access device has authority;
  
  providing the encrypted file to the access device;
  
  transmitting the decryption key from the authenticator device to the access device; and
  
  decrypting the encrypted file, by the access device, using the decryption key received from the authenticator device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein establishing the trusted relationship comprises:
    - receiving authentication credentials from the authenticator device; and
      
      verifying authenticity of the authentication credentials.
  - 3. The method of claim 1, wherein determining that the access device has authority to access the encrypted file comprises:
    - obtaining a hardware identifier of the access device; and
      
      determining that the hardware identifier corresponds to a device with authorization to access the encrypted file.
  - 4. The method of claim 1, wherein the access device automatically deletes the decryption key after decrypting the encrypted file.
  - 5. The method of claim 1, further comprising:
    - receiving, by the authenticator device, a password;
      
      using the password to generate a time-varying password; and
      
      double-encrypting the decryption key using the time-varying password prior to providing the decryption key to the access device.
  - 6. The method of claim 5, further comprising:
    - executing a pairing process to establish a trusted relationship between the authenticator device and the access device; and
      
      exchanging a shared secret used to create the time-varying password between the authenticator device and the access device during the pairing process.
  - 7. The method of claim 1, wherein transmitting the decryption key from the authenticator device to the access device comprises:
    - displaying the decryption key on the authenticator device in the form of a QR code; and
      
      taking a picture of the QR code using the access device.

8. One or more non-transitory computer readable media comprising instructions which, when executed by one or more processors, execute a method for controlling access to an encrypted file, the instructions being configured to:
- establish a trusted relationship between an authenticator device and a file storage application hosting the encrypted file;
  
  receive a request to access the encrypted file from an access device;
  
  authenticate the request by determining that the access device has authority to access the encrypted file;
  
  provide a decryption key to the authenticator device when the access device has authority;
  
  provide the encrypted file to the access device;
  
  transmit the decryption key from the authenticator device to the access device; and
  
  decrypt the encrypted file, by the access device, using the decryption key received from the authenticator device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The one or more non-transitory computer readable media of claim 8, further comprising instructions which, when executed:
    - receive authentication credentials from the authenticator device; and
      
      verify authenticity of the authentication credentials.
  - 10. The one or more non-transitory computer readable media of claim 8, wherein determining that the access device has authority to access the encrypted file comprises:
    - obtaining a hardware identifier of the access device; and
      
      determining that the hardware identifier corresponds to a device with authorization to access the encrypted file.
  - 11. The one or more non-transitory computer readable media of claim 8, further comprising instructions which, when execute, delete the decryption key after decrypting the encrypted file.
  - 12. The one or more non-transitory computer readable media of claim 8, further comprising instructions which, when executed:
    - receive, by the authenticator device, a password;
      
      use the password to generate a time-varying password; and
      
      double-encrypt the decryption key using the time-varying password prior to providing the decryption key to the access device.
  - 13. The one or more non-transitory computer readable media claim 12, further comprising instructions which, when executed:
    - execute a pairing process to establish a trusted relationship between the authenticator device and the access device; and
      
      exchange a shared secret used to create the time-varying password between the authenticator device and the access device during the pairing process.
  - 14. The one or more non-transitory computer readable media of claim 8, wherein transmitting the decryption key from the authenticator device to the access device comprises:
    - displaying the decryption key on the authenticator device in the form of a QR code; and
      
      taking a picture of the QR code using the access device.

15. A system for controlling access to an encrypted file, comprising:
- an authenticator device;
  
  an access device; and
  
  a file storage system hosting the encrypted file, wherein;
  
  the file storage system establishes a trusted relationship with the authenticator device;
  
  the file storage system receives a request to access the encrypted file from an access device;
  
  the file storage system authenticates the request by determining that the access device has authority to access the encrypted file;
  
  the file storage system provides a decryption key to the authenticator device when the access device has authority;
  
  the file storage system provides the encrypted file to the access device;
  
  the authenticator device transmits the decryption key to the access device; and
  
  the access device decrypts the encrypted file using the decryption key received from the authenticator device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein establishing the trusted relationship comprises:
    - receiving authentication credentials from the authenticator device; and
      
      verifying authenticity of the authentication credentials.
  - 17. The system of claim 15, wherein determining that the access device has authority to access the encrypted file comprises:
    - obtaining a hardware identifier of the access device; and
      
      determining that the hardware identifier corresponds to a device with authorization to access the encrypted file.
  - 18. The system of claim 15, wherein the access device automatically deletes the decryption key after decrypting the encrypted file.
  - 19. The system of claim 15, wherein:
    - the authenticator device receives a password and uses the password to generate a time-varying password; and
      
      the authenticator device double-encrypts the decryption key using the time-varying password prior to providing the decryption key to the access device.
  - 20. The system of claim 15, wherein transmitting the decryption key from the authenticator device to the access device comprises:
    - displaying the decryption key on the authenticator device in the form of a QR code; and
      
      taking a picture of the QR code using the access device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirWatch LLC (Broadcom, Inc.)
Original Assignee
AirWatch LLC (Broadcom, Inc.)
Inventors
Stuntebeck, Erich Peter, Tse, Kar Fai, Lu, Chen, Xuan, Chaoting
Primary Examiner(s)
McNally, Michael S

Application Number

US15/214,954
Publication Number

US 20160330029A1
Time in Patent Office

475 Days
Field of Search

713168
US Class Current
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/36   by graphic or iconic repres...

G06F 21/6209   to a single file or object,...

H04L 2463/062   applying encryption of the ...

H04L 63/0428   wherein the data content is...

H04L 63/045   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/068   using time-dependent keys, ...

H04L 63/0846   using time-dependent-passwo...

H04L 63/0853   using an additional device,...

H04L 9/0863   involving passwords or one-...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/77   Graphical identity

H04W 4/80   Services using short range ...

Authenticator device facilitating file security

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

214 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticator device facilitating file security

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

214 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links