Secure key management for roaming protected content
First Claim
Patent Images
1. A method implemented in a first computing device, the method comprising:
- protecting, by the first computing device, content using a data protection public key of a first data protection public/private key pair corresponding to an identity of a user of the first computing device;
copying, by the first computing device, the protected content to cloud storage;
obtaining, by the first computing device, a public key of a second public/private key pair of a second computing device from a key store in the cloud storage, the first and second computing devices being separate computing devices, the first and second computing devices and the key store being associated with a same user identity, the key store configured to store device public keys corresponding to multiple devices associated with the same user identity, the key store further configured to make the device public keys of the respective multiple devices available to other devices of the multiple devices associated with the same user identity by the other devices accessing the key store in the cloud storage;
encrypting, by the first computing device, the data protection private key using the public key of the second computing device; and
providing, by the first computing device, the encrypted data protection private key to the second computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
Content on a device is encrypted and protected based on a data protection key corresponding to a particular identity of the user of the device. The protected content can then be stored to cloud storage, and from the cloud storage the protected content can be transferred to various other ones of the user'"'"'s devices. A data protection key that is used to retrieve the plaintext content from the protected content is maintained by the user'"'"'s device. This data protection key can be securely transferred to other of the user'"'"'s devices, allowing any of the user'"'"'s devices to access the protected content.
229 Citations
20 Claims
-
1. A method implemented in a first computing device, the method comprising:
-
protecting, by the first computing device, content using a data protection public key of a first data protection public/private key pair corresponding to an identity of a user of the first computing device; copying, by the first computing device, the protected content to cloud storage; obtaining, by the first computing device, a public key of a second public/private key pair of a second computing device from a key store in the cloud storage, the first and second computing devices being separate computing devices, the first and second computing devices and the key store being associated with a same user identity, the key store configured to store device public keys corresponding to multiple devices associated with the same user identity, the key store further configured to make the device public keys of the respective multiple devices available to other devices of the multiple devices associated with the same user identity by the other devices accessing the key store in the cloud storage; encrypting, by the first computing device, the data protection private key using the public key of the second computing device; and providing, by the first computing device, the encrypted data protection private key to the second computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A first client computing device comprising:
-
a processing system and memory configured to implement an algorithm of the first client computing device to protect content by encrypting, using a data protection public key of a first data protection public/private key pair corresponding to an identity of a user of the first client computing device, the content or a file encryption key that is used to encrypt the content; one or more programs configured to copy, by the first client computing device, the protected content to a cloud storage; and the processing system and memory further configured to; obtain, by the first client computing device, a public key of a second public/private key pair of a second client computing device from a key store in the cloud storage, the first and second client computing devices being separate computing devices, the first and second client computing devices and the key store being associated with a same user identity on the cloud storage, the key store configured to store device public keys corresponding to multiple devices associated with the same user identity, the key store further configured to make the device public keys of the respective multiple devices available to other devices of the multiple devices associated with the same user identity; facilitate, by the first client computing device, the algorithm encrypting the data protection private key by the first client computing device using the public key of the second client computing device; and provide, by the first client computing device, the encrypted data protection private key to the second client computing device via the cloud storage, the encrypted data protection private key configured to be decrypted using the private key of the second public/private key pair of the second client computing device, and, once decrypted, facilitate decryption of the content or the file encryption key used to encrypt the content by the second computing device. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A computer-readable storage medium having stored thereon multiple instructions that, responsive to execution by one or more processors of a client computing device, cause the one or more processors to perform operations comprising:
-
protecting, by the client computing device, content by encrypting a file encryption key using a data protection public key of a first data protection public/private key pair corresponding to an identity of a user of the client computing device, the content being encrypted using the file encryption key; copying, by the client computing device, the protected content to a cloud storage; obtaining, by the client computing device, a public key of a second public/private key pair of a separate, additional client computing device from a key store in the cloud storage, the client computing device and the additional client computing device both accessing the cloud storage for protected content stored to the cloud storage by the other, the cloud storage comprising a key store that is accessible by the client computing device and the additional client computing device, the key store configured to store device public keys corresponding to multiple devices, and make the device public keys of the respective multiple devices available to other devices of the multiple devices by the other devices accessing the key store in the cloud storage; encrypting, by the client computing device, the data protection private key by the client computing device using the public key of the additional client computing device; and providing, by the client computing device, the encrypted data protection private key to the additional client computing device, the encrypted data protection private key configured to be decrypted using the private key of the second public/private key pair of the second client computing device, and, once decrypted, facilitate decryption of the file encryption key used to encrypt the content by the second computing device. - View Dependent Claims (18, 19, 20)
-
Specification