Patent Grant
9413754
An enterprise and/or its users may wish to secure documents or other files by requiring a password or another authentication mechanism that is designated as a requirement in order to access a particular file. In some cases a document can be protected with a password or key that must be supplied in order to open or access the document. In some cases, if such a password is compromised, access to a particular document or file can also be compromised.
Many aspects of the present disclosure can be better understood with reference to the following drawings. The components in the drawings are not necessarily to scale, with emphasis instead being placed upon clearly illustrating the principles of the disclosure. Moreover, in the drawings, like reference numerals designate corresponding parts throughout the several views.
An enterprise or users of an enterprise may wish to secure files or documents to prevent access by unauthorized users. Files may be secured by applying an encryption process in which the file is encrypted utilizing a security key such that in order to be accessed, the file must be decrypted with the security key. In other words, a symmetric encryption process can be utilized. In some embodiments, the security key can encrypt a collection of file keys rather than a security key that is specific to the file. In some scenarios, a user may wish to utilize public key-private key encryption methodologies where a file is encrypted using a public key and must be decrypted using a private key that corresponds to the public key in order for the file to be accessed, or an asymmetric encryption process. Files can also be secured by utilizing a password protection process that may not involve encryption of the file. For example, a binary file that is encoded in a proprietary or open format that is viewable by a reader or editor, such as a file format supported by MICROSOFT WORD, ADOBE ACROBAT, or other software programs, can be password protected such that in order to be accessed using a reader or editor program, a correct password must be supplied by a user attempting to access the file.
Accordingly, access to files that are secured using such methodologies may be compromised in the event that a password or other pre-shared secret is compromised. Therefore, embodiments of the disclosure can employ an authenticator computing device (hereinafter “authenticator device”) that is separate from a computing device that is attempting to access a secured file (hereinafter “access device”). In order to access a secured file on an access device, embodiments of the disclosure can require that a security key must be obtained from such an authenticator device. In some embodiments, such a security key may be received from the authenticator device by a localized communication interface, such as via a quick response (QR) code or any other barcode or visual identifier displayed on a display of the authenticator device, communication via a localized network interface, such as BLUETOOTH, near-field communication (NFC), radio-frequency identification (RFID), or any other localized communication mechanism.
Additionally, the security key that facilitates decryption or access to a secured file can itself be encrypted or further secured to protect against the possibility that the communication between the authenticator device and the device attempting to access the secured file is intercepted. For example, the security key can be encrypted or protected using a one-time password or a time varying token. In addition to such a one-time password, the security key can also be protected using a password, personal identification number (PIN) or a pre-shared secret that must be supplied in addition to or in combination with the one-time password in order to access the security key obtained from the authenticator device. The security key can also be encrypted with a public key that corresponds to a private key associated with a particular user or access device. Additionally, an application executed by the access device can also be configured to avoid storage or persistence of the security key in mass storage, disk, or any other non-volatile storage of the device so that subsequent attempts to access the secured file via the access device would require obtaining the security key again from the authenticator device. In some embodiments, the security key can secure a collection of keys that are in turn employed to decrypt the secured file rather than being a file-specific security key.
Accordingly, embodiments of the present disclosure can facilitate the security of files that are obtained from a server or other resource by requiring that a device on which a file is accessed communicates with an authenticator device in order to obtain an authenticator code, or a double-encrypted security key, that can be used to facilitate access or decrypt the file.
As shown in the example scenario of
The authenticator code can be obtained from the authenticator device 106 by the access device 107 via a localized networking or communication capability. In the depicted scenario of
Accordingly, a secured file obtained or received by the access device 107 can be encrypted with the security key, but the security key can be initially withheld from the access device 107. The security key can be encrypted by a file server or other computing device with a public key that corresponds to a private key associated with the access device 107 or a user associated with the access device 107. The encrypted security key can be provided to the authenticator device 106, which can apply an additional encryption layer to the encrypted security key to generate the double-encrypted security key. The authenticator code can comprise the double-encrypted security key. As will be described herein, the access device 107 can decrypt the authenticator code or the double-encrypted security key in order to access a secured file.
With reference to
The computing environment 203 may comprise, for example, a server computer or any other system providing computing capability. Alternatively, the computing environment 203 may comprise a plurality of computing devices that are arranged, for example, in one or more server banks or computer banks or other arrangements. For example, the computing environments 203 may comprise a grid computing resource and/or any other distributed computing arrangement. Such computing devices may be located in a single installation or may be distributed among many different geographical locations. For purposes of convenience, the computing environment 203 is referred to herein in the singular. Even though the computing environment 203 is referred to in the singular, it is understood that a plurality of computing environments 203 may be employed in the various arrangements as described above.
Various applications and/or other functionality may be executed in the computing environment 203 according to various embodiments. Also, various data is stored in a data store 213 that is accessible to the computing device 203. The data store 213 may be representative of memory of the computing environment 203, mass storage resources of the computing environment 203, or any other storage resources on which data may be stored by the computing environment 203. The data store 213 may also be representative of a plurality of data stores 213 as can be appreciated. The data stored in the data store 213, for example, is associated with the operation of the various applications and/or functional entities described below.
The components executed by the computing environment 203, for example, include a file storage application 216 and other applications, services, processes, systems, engines, or functionality not discussed in detail herein. The file storage application 216 is executed to facilitate the storage of files on behalf of a user, an enterprise or organizational storage account, or any other entity. The file storage application 216 can facilitate access to files stored by or on behalf of users as well as the encryption and security of the files that are stored within the computing environment.
The data stored in the data store 213 includes, for example, file data 221 and potentially other data. The file data 221 can include data associated with a user or an account associated with an organization or entity. File data 221 can include information about files that are stored on behalf of a user or organization within the computing environment 203. File data 221 can also include other data and information that facilitates access to files that are stored within the computing environment 203. For example, file data 221 can also include access settings, such as authentication credentials, delegation settings (e.g., information about other users who may be provided access to the files of a particular user or organization), synchronization settings, user or organizational profile information, or any other forms of user data.
As noted above, file data 221 can include data about various files that are stored within the computing environment 203. A particular file can be stored as a secured file 227. A secured file 227 is encrypted or otherwise protected by a security key. Such a security key may or may not be stored in conjunction with the secured file 227 in the file data 221. In some embodiments, it may be desired that the security key used to encrypt and/or decrypt the file should not be stored in the data store 221 unless it is encrypted. Accordingly, in some embodiments, an encrypted form of the security key, or an encrypted security key 229 is stored with file data 221. An encrypted security key 229 can be encrypted with a public key 230 corresponding to a user, organization and/or access device 107 that is associated with the secured file 227. In other words, the security key used to encrypt the file of a user is encrypted with the public key 230 of the user and stored as the encrypted security key 229. In some embodiments, the encrypted security key 229 can correspond to a key that is employed to encrypt a collection of security keys rather than a file-specific security key.
Secured files 227 can correspond to files that can represent documents, media, or any other data that can be stored in a file system or storage accessible to the computing environment 203. A security key used to encrypt or protect a file as a secured file 227 can represent a password, encryption key, or any other data that can be used to generate an encrypted or secured version of a particular file. The public key 230 can correspond to an encryption key in an asymmetric encryption methodology such as RSA in which an encryption key used to generate encrypted data is separate from a private key that is used to decrypt data that was encrypted using the public key 230. As noted above, the encrypted security key 229 can be encrypted using the public key 230 corresponding to a user or organization to which the secured file 227 belongs.
The authenticator device 106 and access device 107 are representative of one or more devices that may be associated with a user or organization associated with a particular secured file 227 stored within the computing environment 203 and made accessible via the file storage application 216. The authenticator device 106 and/or access device 107 may comprise, for example, a processor-based system, such as a computer system, that may be embodied in the form of a desktop computer, a laptop computer, a personal digital assistant, a cellular telephone, a smartphone, a set-top box, a music player, a web pad, a tablet computer system, a game console, an electronic book reader, or any other device with like capability. The authenticator device 106 and/or access device 107 may include a display that comprises, for example, one or more devices such as liquid crystal display (LCD) displays or other types of display devices. The authenticator device 106 and/or access device 107 may also be equipped with networking capability or networking interfaces, including a localized networking or communication capability such as an NFC capability, RFID read and/or write capability, a microphone and/or speaker, or other localized communication capability.
The authenticator device 106 may be configured to execute various applications, such as an authenticator application 257. The authenticator application 257 is configured to obtain an encrypted security key 229 associated with a particular secured file 227 or a collection of security keys, one of which is associated with the secured file 227 from the file storage application 216 in response to a request on behalf of a user or organization to access one or more secured files 227 that are stored within the computing environment 203 and/or stored within a particular access device 107 of a user or enterprise. Additionally, the authenticator application 257 is also configured to generate an authenticator code, or a double-encrypted security key 270 from the encrypted security key 229. The authenticator application 257 can transmit the double-encrypted security key 270 to an access device 107 on which a user is attempting to access a secured file 227 that corresponds to the encrypted security key from which the double-encrypted security key 270 was generated.
The access device 107 may be configured to execute various applications, such as a file decrypter 259, a file viewer 261, and other applications or services. The file decrypter 259 is executed to decrypt a secured file 227 using a double-encrypted security key 270 obtained from the authenticator device 106. The file viewer 261 is executed to facilitate viewing or other ingestion or processing of a secured file 227 that is decrypted by the file decrypter 259. In some embodiments, the functionality described herein as a part of the file viewer 261 and file decrypter 259 can be combined into a single application or invoked via an application programming interface (API) calls.
Next, a general description of the operation of the various components of the networked environment 200 is provided. To begin, the file storage application 216 can facilitate encryption of files with a security key on behalf of a user or organization. A file can be encrypted or secured with a security key and stored as a secured file 227 in the data store 213 as file data 221 by the file storage application 216. For example, a user may upload a file or cause a file to be uploaded by an application configured to synchronize files between the computing environment 203 and the access device 107. Such a file can be received by the file storage application 216. A security key corresponding to the file or a collection of keys, one of which corresponds to the file, can be generated by the file storage application 216 and used as an encryption key with which a secured file 227 is generated. Then, the file storage application 216 can encrypt the security key as an encrypted security key 229 with a public key 230 corresponding to the user and/or access device 107 with which the file is associated or to whom the file belongs.
It should be appreciated that in some embodiments, a copy of the public key 230 may not be stored in association with each secured file 227 and that a single copy of a public key 230 may be stored in association with a particular user account or an organization account within the data store 213. Additionally, in some embodiments, a unique encrypted security key 229 may or may not be generated for each secured file 227 that is stored by the file storage application 216 in the data store 213. In certain scenarios, the file storage application 216 may employ a single security key that is in turn encrypted with a single public key 230, where the same security key is employed to generate secured files 227 that correspond to various files stored by or on behalf of users or organizations within the computing environment 203. By generating the security key or obtaining the security key from a source other than the user or the access device 107, the file storage application 216 can store a file in a manner such that a decryption key for a secured file 227 is not available to the access device 107. Additionally, by encrypting the security key with the public key 230 as an encrypted security key 229, the decryption key needed to access the secured file 227 is also unavailable to the file storage application 216, as the file storage application 216 can be configured to avoid storing or persisting the unencrypted security key used to generate the secured file 227.
Accordingly, now that a secured file 227 that is protected by an encryption methodology is stored in the data store 213, the file storage application 216 can respond to requests by or on behalf of a user to access the secured file 227. In embodiments of the disclosure, the file storage application 216 can require that in order for a user to access a particular secured file 227, that a pairing relationship be established between a user account and an authenticator device 106 such that the file storage application 216 will only provide an encrypted security key 229 needed to access a secured file 227 to a particular authenticator device 106 executing an authenticator application 257 that provides particular authentication credentials or parameters to the file storage application 216. A process for establishing such a pairing relationship can provide for a public key 230 corresponding to the access device 107 or a user associated with the access device 107 being transmitted to the file storage application 216, which can store the public key 230 in association with a user account or a device account in the data store 213. The file decrypter 259 or any other software executed by the access device 107 can generate or obtain a public key-private key pair and retain the private key 281 on the access device 107. Such a pairing relationship can also be established in a manner that allows the authenticator device 106 and access device 107 to exchange a shared secret from which a one-time password or a time-varying password can be later generated that will facilitate decryption of a double-encrypted security key 270.
In some embodiments, the file storage application 216 can authenticate a request to access a secured file 227 with a username/password pair or other form of user authentication credentials. In some embodiments, the file storage application 216 can be configured to only provide a copy of the secured file 227 to a particular access device 107 based upon a hardware identifier associated with the access device 107, such as a media access control (MAC) address. Upon receiving a request to access a secured file 227, the file storage application 216 can provide the secured file 227 to the file decrypter 259 or file viewer 261 executed by the access device 107 but not the encrypted security key 229. The encrypted security key 229 can be transmitted or pushed to the authenticator application 257 executed by the authenticator device 106.
The authenticator device 106 can generate a time-varying password that can be used to encrypt the encrypted security key 229 in order to generate a double-encrypted security key 270. In other words, the authenticator application 257 can apply an additional encryption layer to the encrypted security key 229 based upon the time-varying password generated by the authenticator application 257. The time-varying password can be used as an encryption key that is used to apply the additional encryption layer. In one embodiment, such a time-varying password can be generated from a time code that corresponds to at least a portion of the current time. Such a time code can be combined with a shared secret that can be pre-shared between the authenticator device 106 and access device 107 as a part of the above-referenced pairing process. Such a time code can also be combined with a password or PIN that is provided by the user from which time-varying passwords should be generated. For example, the time code can be concatenated onto or otherwise combined with such a shared secret, password or PIN to form a time-varying password.
In some embodiments, the time code can represent a truncation of the current time so that a corresponding time code generated by the access device 107 that is generated some quantum of time later, such as seconds or minutes later, matches the time code generated by the authenticator application 257. For example, the time code, in some embodiments, can represent a truncation of the current time such that the seconds are removed from the time code so that a corresponding time code generated by the access device 107 sixty seconds after the generation of the time code matches the time code. In another scenario, a corresponding time code generated by the access device 107 that is within a certain of a time code generated by the authenticator device 106 can also form an acceptable time code such that a range of acceptable time codes can be employed.
Upon generating a time-varying password, the authenticator application 257 can encrypt the encrypted security key 229 using the time-varying password to generate the double-encrypted security key 270. For example, the authenticator application 257 can generate a keyed-hash message authentication code (HMAC) where the cryptographic key is the time-varying password and the message-content encrypted is the encrypted key 229. In other words, the authenticator application 257 can execute an HMAC algorithm, such as SHA1, SHA256, etc., where the inputs are the time-varying password and the encrypted security key 229.
In another scenario, the time-varying password can be used as an input to a hash function or cryptographic hash function to generate an output. The output of such a hash function can then be employed as an encryption key with which the additional encryption layer is applied to the encrypted security key 229 in order to generate the double-encrypted security key 270. In yet another scenario, the time-varying password itself can be employed as an encryption key that is used to generate the double-encrypted security key 270 from the security key 229.
Upon generating the double-encrypted security key 270, the authenticator application 257 can provide the double-encrypted security key 270 to the file decrypter 259 executed by the access device 107, which is tasked with decrypting the secured file 227 obtained from the file storage application 216. In one embodiment, an application executed by the access device 107, such as the file viewer 261 or the file decrypter 259, can prompt a user to obtain an authenticator code, or the double-encrypted security key 270 from the authenticator device 106, when the user attempts to access a secured file 227 via the file viewer 261 and/or file decrypter 259. In some embodiments, the file viewer 261 can transmit a request to the authenticator application 257 with data identifying the secured file 227 so that the authenticator application 257 can obtain an encrypted security key 229 corresponding to the secured file 227 and from which the double-encrypted security key 270 can be generated.
As noted above, the double-encrypted security key 270 can be embedded within a QR code or other visual data representation that is displayed on a display of the authenticator device 106. The double-encrypted security key 270 can also be transmitted via an NFC capability from the authenticator device 106 to the access device 107. As noted above, the authenticator application 257 can also generate an audible data representation of the double-encrypted security key 270 that is emitted via a speaker of the authenticator device 106. The access device 107 can capture the audible representation via one or more microphones integrated within the access device 107. By employing a localized communication interface or capability of the authenticator device 106 and access device 107, in order to obtain the double-encrypted security key 270, the authenticator device 106 and access device 107 can be required to be in proximity with one another.
Upon receiving the double-encrypted security key 270, the file decrypter 259 can remove the first layer of encryption from the double-encrypted security key 270. In other words, the file decrypter 259 can decrypt the layer of encryption applied to the encrypted security key 229 by the authenticator application 257. In order to do so, the file decrypter 259 can generate the time-varying password that was generated by the authenticator application 257 to apply the second layer of encryption. As noted above, the time-varying password is based upon a time code corresponding to the current time or a truncation of the current time as well as a shared secret that is either shared between the authenticator device 106 and the access device 107 or known to the user, such as a password or PIN. Accordingly, the file decrypter 259 can generate the same time-varying password as was generated by the authenticator application 257 so long as it does so within a period of time after the time-varying password was generated by the authenticator application 257. Such a period of time can vary depending upon the precision of the time code used to generate the time-varying password by the authenticator application 257.
Upon generating the time-varying password, the file decrypter 259 can use the time-varying password to remove the second layer of encryption applied to the double-encrypted security key 270. In other words, the file decrypter 259 can extract the encrypted security key 229 from the double-encrypted security key 270. Next, because, as noted above, the encrypted security key 229 was encrypted using a public key 230 corresponding to a private key 281 associated with the access device 107, the file decrypter can extract the security key used to generate the secured file 227 from the encrypted security key 229 by decrypting the encrypted security key 229 using the private key 281.
The security key can then be used by the file decrypter 259 to access the secured file 227 obtained from the file storage application 216. As noted above, the security key can comprise an encryption key employed as a part of a symmetric encryption process to generate the secured file 227 from a file associated with the user or a particular organization to which the file belongs. The security key may also comprise a password that is used to password protect access to the file. The file decrypter 259 can be configured to decrypt or otherwise access a secured file 227 as well as be configured to only store the security key, the encrypted security key 229 and/or double-encrypted security key 270 in volatile memory. In other words, the file decrypter 259 can be configured as a trusted application that does not persist the security key, the encrypted security key 229 and/or double-encrypted security key 270 associated with a particular secured file 227 in non-volatile memory, mass storage, or in any other portion of the access device 107 in which they may be accessed by any other application or service that is not authorized to do so. In some embodiments, the security key, the encrypted security key 229 and/or double-encrypted security key 270 can only be manipulated in a trusted or secure memory portion of the access device 107. In some embodiments, the file decrypter 259 can also be configured to discard the security key, the encrypted security key 229 and/or double-encrypted security key 270 from memory upon decryption of a file. In this way, the security key, the encrypted security key 229 and/or double-encrypted security key 270 are not retained within the access device 107 once a secured file 227 has been decrypted or otherwise accessed by the file decrypter 259.
Upon decryption of the secured file 227, the file decrypter 259 can provide the file to the file viewer 261, which can facilitate viewing, printing or other consumption of the contents of the file by a user using the access device 107. The file viewer 261 can also be configured as a trusted application that does not persist the decrypted version of the secured file 227 or any portion thereof in non-volatile memory, mass storage, or in any other portion of the access device 107 in which they may be accessed by any other application or service that is not authorized to do so. In some embodiments, the file viewer 261 can also be configured to discard portions of a decrypted version of the secured file 227 when a user terminates a session associated with viewing the file in the file viewer 261 or when a particular decrypted portion of the secured file 227 are no longer displayed by the file viewer 261. In this way, neither the security key nor the decrypted version of the secured file 227 persist on the access device 107.
In some embodiments, the file storage application 216 can generate encrypted keys 229 corresponding to a particular secured file 227 in the event that a particular user account or organizational account is associated with multiple computing devices 107 that are associated with different public key 227 private key 281 pairs. In such a scenario, the file storage application 216 can generate more than one encrypted security key 229 that is encrypted with each respective public key 227 associated with the user account. Accordingly, in response to a request to access a secured file 227, the file storage application 216 can provide the multiple encrypted keys 229 to the authenticator application 257, which can in turn generate multiple double-encrypted keys 270 that can be transmitted to the access device 107.
In some embodiments, in response to a request to invoke the authenticator application 257 to display a QR code in which the double-encrypted security keys 270 are embedded, the authenticator application 257 can embed the multiple double-encrypted security keys 270 in such a QR code or other data representation of the double-encrypted security keys 270. The double-encrypted security keys 270 can be embedded in such a data representation along with metadata identifying a particular access device 107 or public key 227 to which each of the double-encrypted encrypted security keys 270 that are embedded therein correspond. In this way, the file decrypter 259 can identify which of the double-encrypted security keys 270 have been encrypted with the public key 227 corresponding to the access device 107 or user to which the particular instance of the file decrypter 259 corresponds.
Referring next to
Next, the authenticator device 106 can generate a time-varying password at arrow 301. As noted above, such a time-varying password can be used to apply an additional encryption layer to the encrypted security key 229. Then, the authenticator application 257 executed by the authenticator device 106 can transmit the double-encrypted security key 270 to the file decrypter 259 executed by the access device 107. As described above, the double-encrypted security key 270 can be transmitted to the file decrypter 259 via a localized communication interface.
Upon receiving the double-encrypted security key 270, the file decrypter 259 can extract the encrypted security key 229 by generating the time-varying password with which the security key 229 can be accessed at arrow 303. Next, the file decrypter 259 can decrypt the encrypted security key 229 to access the security key associated with the secured file 227 using the private key 281 corresponding to the public key 227 with which the encrypted security key 229 was generated at arrow 305. Next, the file decrypter 259 can decrypt the secured file 227 using the security key extracted from the encrypted security key 229 at arrow 307. In some embodiments, the security key extracted from the encrypted security key 229 can correspond to a security key that is used to access a collection of security keys from which a file-specific security key is extracted.
Referring next to
Accordingly, the file decrypter 259 executed by the access device 107 can capture the double-encrypted security key 270. Referring next to
Referring next to
Beginning with box 501, the file storage application 216 can generate a security key in response to a request to store a file in association with a particular user account or organizational account in the data store 213. At box 503, the file storage application 216 can generate a secured file 227 from the security key by encrypting or password-protecting the file using the security key. At box 505, the file storage application 216 can generate one or more encrypted security key 229 using one or more public key 227 corresponding to a user, organization or access device 107. In some embodiments, the security key embedded within the encrypted security key 229 can correspond to a security key that is used to access a collection of security keys from which a file-specific security key is extracted.
At box 507, the file storage application 216 stores the secured file 227 in the data store 213. In this way, the unsecured or unencrypted file can avoid being stored in the data store 213. At box 509, the file storage application 216 can store the one or more encrypted security key 229 generated using the respective public key 227. In this way, the unencrypted security key can avoid being stored in the data store 213, and the file storage application 216 would not have access to the private key 281 needed to decrypt the encrypted security key 229. At box 511, the process proceeds to completion.
Referring next to
Beginning with box 601, the file storage application 216 can obtain a request to access a secured file 227 stored in the data store 213 on behalf of a particular user, access device 107 and/or organization. At box 603, the file storage application 216 can transmit the secured file 227 to an access device 107 that is executing a file decrypter 259. In some embodiments, the file storage application 216 can authenticate the access device 107 and/or the user prior to transmitting the secured file 227. At box 605, the file storage application 216 can transmit the one or more encrypted security key 229 corresponding to the secured file 227 to the authenticator device 106. In this way, the secured file 227 and the encrypted security key 229 are provided to different computing devices so that a user can be required to obtain the encrypted security key 229 from the authenticator device 106 to access the secured file 227 on the access device 107. In some embodiments, the security key embedded within the encrypted security key 229 can correspond to a security key that is used to access a collection of security keys from which a file-specific security key is extracted.
Referring next to
Beginning with box 701, the authenticator application 257 can obtain a request to access an authenticator code, or a double-encrypted security key 270, on behalf of an access device 107 associated with a user. Such a request can take the form of a user executing the authenticator application 257 on the authenticator device 106 or the authenticator application 257 receiving a request from the access device 107. Such a request can also be generated in response to a file decrypter 259 executed by the access device 107 attempting to access a secured file 227. If such a request is received, then at box 703, the authenticator application 257 can generate a double-encrypted security key 270 that is encrypted based upon a time-varying password generated by the authenticator application 257. At box 705, the authenticator application 257 can transmit the double-encrypted security key 270 to the file decrypter 259 executed by the access device 107. Thereafter, the process proceeds to completion at box 707.
Referring next to
Beginning with box 801, the file decrypter 259 can obtain a request to access a secured file 227 obtained from the file storage application 216 on behalf of a access device 107 associated with a user. Such a request can take the form of a user attempting to access a particular file via the file storage application 216 or a storage account of the user. If such a request is received, then at box 803, the file decrypter 259 can obtain a double-encrypted security key 270 that is encrypted based upon a time-varying password generated by the authenticator application 257 from an authenticator device 106. At box 805, the file decrypter 259 can generate a time-varying password in order to remove the first encryption layer from the double-encrypted security key 270.
At box 807, the file decrypter 259 can remove the first encryption layer from the double-encrypted security key 270 using the time-varying password. In other words, the file decrypter 259 can extract the encrypted security key 229 from the double-encrypted security key 270. At box 809, the file decrypter 259 can then decrypt the encrypted security key 229 using the private key 281 stored on or accessible to the access device 107 to extract the security key associated with the secured file 227. At box 811, the file decrypter 259 can then decrypt the secured file 227 using the security key extracted from the double-encrypted security key 270. In some embodiments, the security key embedded within the encrypted security key 229 can correspond to a security key that is used to access a collection of security keys from which a file-specific security key is extracted. Thereafter, the process proceeds to completion at box 813.
The authenticator device 106, access device 107 or computing devices comprising the computing environment 203 can include at least one processor circuit, for example, having a processor and at least one memory device, both of which are coupled to a local interface, respectively. Such a device may comprise, for example, at least one computer, a mobile device, smartphone, computing device or like device. The local interface may comprise, for example, a data bus with an accompanying address/control bus or other bus structure as can be appreciated.
Stored in the memory device are both data and several components that are executable by the processor. In particular, stored in the one or more memory device and executable by the processor of such a device can be the authenticator application 257, file decrypter 259, the file storage application 216, and potentially other applications. Also stored in the memory may be a data store 213 and other data.
A number of software components are stored in the memory and are executable by a processor. In this respect, the term “executable” means a program file that is in a form that can ultimately be run by the processor. Examples of executable programs may be, for example, a compiled program that can be translated into machine code in a format that can be loaded into a random access portion of one or more of the memory devices and run by the processor, code that may be expressed in a format such as object code that is capable of being loaded into a random access portion of the one or more memory devices and executed by the processor, or code that may be interpreted by another executable program to generate instructions in a random access portion of the memory devices to be executed by the processor, etc. An executable program may be stored in any portion or component of the memory devices including, for example, random access memory (RAM), read-only memory (ROM), hard drive, solid-state drive, USB flash drive, memory card, optical disc such as compact disc (CD) or digital versatile disc (DVD), floppy disk, magnetic tape, or other memory components.
Memory can include both volatile and nonvolatile memory and data storage components. Also, a processor may represent multiple processors and/or multiple processor cores, and the one or more memory devices may represent multiple memories that operate in parallel processing circuits, respectively. Memory devices can also represent a combination of various types of storage devices, such as RAM, mass storage devices, flash memory, hard disk storage, etc. In such a case, a local interface may be an appropriate network that facilitates communication between any two of the multiple processors, between any processor and any of the memory devices, etc. The local interface may comprise additional systems designed to coordinate this communication, including, for example, performing load balancing. The processor 503 may be of electrical or of some other available construction.
The computing device 106 may include a display upon which a user interface generated by the file storage application 216 or another application can be rendered. The computing device 106 may also include one or more input/output devices that may include, for example, a capacitive touchscreen or other type of touch input device, fingerprint reader, keyboard, etc.
Although the file storage application 216 and other various systems described herein may be embodied in software or code executed by general purpose hardware as discussed above, as an alternative the same may also be embodied in dedicated hardware or a combination of software/general purpose hardware and dedicated hardware. If embodied in dedicated hardware, each can be implemented as a circuit or state machine that employs any one of or a combination of a number of technologies. These technologies may include, but are not limited to, discrete logic circuits having logic gates for implementing various logic functions upon an application of one or more data signals, application specific integrated circuits (ASICs) having appropriate logic gates, field-programmable gate arrays (FPGAs), or other components, etc. Such technologies are generally well known by those skilled in the art and, consequently, are not described in detail herein.
The sequence diagram and flowcharts show an example of the functionality and operation of an implementation of portions of components described herein. If embodied in software, each block may represent a module, segment, or portion of code that comprises program instructions to implement the specified logical function(s). The program instructions may be embodied in the form of source code that comprises human-readable statements written in a programming language or machine code that comprises numerical instructions recognizable by a suitable execution system such as a processor in a computer system or other system. The machine code may be converted from the source code, etc. If embodied in hardware, each block may represent a circuit or a number of interconnected circuits to implement the specified logical function(s).
Although the sequence diagram flowcharts show a specific order of execution, it is understood that the order of execution may differ from that which is depicted. For example, the order of execution of two or more blocks may be scrambled relative to the order shown. Also, two or more blocks shown in succession may be executed concurrently or with partial concurrence. Further, in some embodiments, one or more of the blocks shown in the drawings may be skipped or omitted. In addition, any number of counters, state variables, warning semaphores, or messages might be added to the logical flow described herein, for purposes of enhanced utility, accounting, performance measurement, or providing troubleshooting aids, etc. It is understood that all such variations are within the scope of the present disclosure.
Also, any logic or application described herein that comprises software or code can be embodied in any non-transitory computer-readable medium for use by or in connection with an instruction execution system such as, for example, a processor in a computer system or other system. In this sense, the logic may comprise, for example, statements including instructions and declarations that can be fetched from the computer-readable medium and executed by the instruction execution system. In the context of the present disclosure, a “computer-readable medium” can be any medium that can contain, store, or maintain the logic or application described herein for use by or in connection with the instruction execution system.
The computer-readable medium can comprise any one of many physical media such as, for example, magnetic, optical, or semiconductor media. More specific examples of a suitable computer-readable medium would include, but are not limited to, solid-state drives, flash memory, etc. Further, any logic or application described herein may be implemented and structured in a variety of ways. For example, one or more applications described may be implemented as modules or components of a single application. Further, one or more applications described herein may be executed in shared or separate computing devices or a combination thereof. For example, a plurality of the applications described herein may execute in the same computing device, or in multiple computing devices. Additionally, it is understood that terms such as “application,” “service,” “system,” “engine,” “module,” and so on may be interchangeable and are not intended to be limiting.
It is emphasized that the above-described embodiments of the present disclosure are merely possible examples of implementations set forth for a clear understanding of the principles of the disclosure. Many variations and modifications may be made to the above-described embodiments without departing substantially from the spirit and principles of the disclosure. All such modifications and variations are intended to be included herein within the scope of this disclosure and protected by the following claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5029207 | Gammie | Jul 1991 | A |
| 5574786 | Dayan et al. | Nov 1996 | A |
| 5604800 | Johnson | Feb 1997 | A |
| 5937066 | Gennaro | Aug 1999 | A |
| 5987609 | Hasebe | Nov 1999 | A |
| 6021492 | May | Feb 2000 | A |
| 6023708 | Mendez et al. | Feb 2000 | A |
| 6038666 | Hsu | Mar 2000 | A |
| 6085192 | Mendez et al. | Jul 2000 | A |
| 6131096 | Ng et al. | Oct 2000 | A |
| 6131116 | Riggins et al. | Oct 2000 | A |
| 6151606 | Mendez | Nov 2000 | A |
| 6233341 | Riggins | May 2001 | B1 |
| 6317829 | Van Oorschot | Nov 2001 | B1 |
| 6377792 | Brown | Apr 2002 | B1 |
| 6560772 | Slinger | May 2003 | B1 |
| 6708221 | Mendez et al. | Mar 2004 | B1 |
| 6714859 | Jones | Mar 2004 | B2 |
| 6726106 | Han et al. | Apr 2004 | B1 |
| 6727856 | Hill | Apr 2004 | B1 |
| 6741232 | Siedlikowski et al. | May 2004 | B1 |
| 6741927 | Jones | May 2004 | B2 |
| 6766454 | Riggins | Jul 2004 | B1 |
| 6779118 | Ikudome et al. | Aug 2004 | B1 |
| 6904359 | Jones | Jun 2005 | B2 |
| 6965876 | Dabbiere | Nov 2005 | B2 |
| 6995749 | Friend | Feb 2006 | B2 |
| 7032181 | Farcasiu | Apr 2006 | B1 |
| 7039394 | Bhaskaran | May 2006 | B2 |
| 7039679 | Mendez et al. | May 2006 | B2 |
| 7064688 | Collins et al. | Jun 2006 | B2 |
| 7092943 | Roese et al. | Aug 2006 | B2 |
| 7184801 | Farcasiu | Feb 2007 | B2 |
| 7191058 | Laird et al. | Mar 2007 | B2 |
| 7203959 | Nachenberg et al. | Apr 2007 | B2 |
| 7225231 | Mendez et al. | May 2007 | B2 |
| 7228383 | Friedman et al. | Jun 2007 | B2 |
| 7275073 | Ganji et al. | Sep 2007 | B2 |
| 7284045 | Marl et al. | Oct 2007 | B1 |
| 7287271 | Riggins | Oct 2007 | B1 |
| 7308703 | Wright et al. | Dec 2007 | B2 |
| 7310535 | MacKenzie et al. | Dec 2007 | B1 |
| 7353533 | Wright et al. | Apr 2008 | B2 |
| 7363349 | Friedman et al. | Apr 2008 | B2 |
| 7363361 | Tewari et al. | Apr 2008 | B2 |
| 7373517 | Riggins | May 2008 | B1 |
| 7430757 | Chari et al. | Sep 2008 | B1 |
| 7437752 | Heard et al. | Oct 2008 | B2 |
| 7444375 | McConnell et al. | Oct 2008 | B2 |
| 7447506 | MacKenzie et al. | Nov 2008 | B1 |
| 7447799 | Kushner | Nov 2008 | B2 |
| 7475152 | Chan et al. | Jan 2009 | B2 |
| 7496957 | Howard et al. | Feb 2009 | B2 |
| 7539665 | Mendez | May 2009 | B2 |
| 7543146 | Karandikar et al. | Jun 2009 | B1 |
| 7565314 | Borgeson et al. | Jul 2009 | B2 |
| 7590403 | House et al. | Sep 2009 | B1 |
| 7594224 | Patrick et al. | Sep 2009 | B2 |
| 7603547 | Patrick et al. | Oct 2009 | B2 |
| 7603548 | Patrick et al. | Oct 2009 | B2 |
| 7603703 | Craft et al. | Oct 2009 | B2 |
| 7617222 | Coulthard et al. | Nov 2009 | B2 |
| 7620001 | Ganji | Nov 2009 | B2 |
| 7620392 | Maurya et al. | Nov 2009 | B1 |
| 7650491 | Craft et al. | Jan 2010 | B2 |
| 7660902 | Graham et al. | Feb 2010 | B2 |
| 7665118 | Mann et al. | Feb 2010 | B2 |
| 7665125 | Heard et al. | Feb 2010 | B2 |
| 7685645 | Doyle et al. | Mar 2010 | B2 |
| 7702322 | Maurya et al. | Apr 2010 | B1 |
| 7702785 | Bruton, III et al. | Apr 2010 | B2 |
| 7735122 | Johnson et al. | Jun 2010 | B1 |
| 7739334 | Ng et al. | Jun 2010 | B1 |
| 7752166 | Quinlan et al. | Jul 2010 | B2 |
| 7788382 | Jones et al. | Aug 2010 | B1 |
| 7792297 | Piccionelli et al. | Sep 2010 | B1 |
| 7840631 | Farcasiu | Nov 2010 | B2 |
| 7890091 | Puskoor et al. | Feb 2011 | B2 |
| 7912896 | Wolovitz et al. | Mar 2011 | B2 |
| 7917641 | Crampton | Mar 2011 | B2 |
| 7970386 | Bhat et al. | Jun 2011 | B2 |
| 7991697 | Fransdonk | Aug 2011 | B2 |
| 8001082 | Muratov | Aug 2011 | B1 |
| 8012219 | Mendez et al. | Sep 2011 | B2 |
| 8041776 | Friedman et al. | Oct 2011 | B2 |
| 8046823 | Begen et al. | Oct 2011 | B1 |
| 8060074 | Danford et al. | Nov 2011 | B2 |
| 8069144 | Quinlan et al. | Nov 2011 | B2 |
| 8078157 | Maurya et al. | Dec 2011 | B2 |
| 8094591 | Hunter et al. | Jan 2012 | B1 |
| 8108687 | Ellis et al. | Jan 2012 | B2 |
| 8117344 | Mendez et al. | Feb 2012 | B2 |
| 8150431 | Wolovitz et al. | Apr 2012 | B2 |
| 8214862 | Lee et al. | Jul 2012 | B1 |
| 8225381 | Lemke | Jul 2012 | B2 |
| 8621208 | Hu | Dec 2013 | B1 |
| 20020013721 | Dabbiere et al. | Jan 2002 | A1 |
| 20020049580 | Kutaragi et al. | Apr 2002 | A1 |
| 20020157019 | Kadyk et al. | Oct 2002 | A1 |
| 20020199119 | Dunnion | Dec 2002 | A1 |
| 20030065950 | Yarborough | Apr 2003 | A1 |
| 20030110084 | Eberhard et al. | Jun 2003 | A1 |
| 20030204716 | Rockwood et al. | Oct 2003 | A1 |
| 20040123153 | Wright et al. | Jun 2004 | A1 |
| 20040181687 | Nachenberg et al. | Sep 2004 | A1 |
| 20040224703 | Takaki et al. | Nov 2004 | A1 |
| 20050097032 | Benco et al. | May 2005 | A1 |
| 20050097327 | Ondet et al. | May 2005 | A1 |
| 20050246192 | Jauffred et al. | Nov 2005 | A1 |
| 20060013566 | Nakamura | Jan 2006 | A1 |
| 20060190984 | Heard et al. | Aug 2006 | A1 |
| 20070033397 | Phillips, II et al. | Feb 2007 | A1 |
| 20070130473 | Mazotas | Jun 2007 | A1 |
| 20070136492 | Blum et al. | Jun 2007 | A1 |
| 20070156897 | Lim | Jul 2007 | A1 |
| 20070174433 | Mendez et al. | Jul 2007 | A1 |
| 20070261099 | Broussard et al. | Nov 2007 | A1 |
| 20070288637 | Layton et al. | Dec 2007 | A1 |
| 20080010689 | Ooi et al. | Jan 2008 | A1 |
| 20080133712 | Friedman et al. | Jun 2008 | A1 |
| 20080134305 | Hinton et al. | Jun 2008 | A1 |
| 20080134347 | Goyal et al. | Jun 2008 | A1 |
| 20080201453 | Assenmacher | Aug 2008 | A1 |
| 20080301057 | Oren | Dec 2008 | A1 |
| 20080307219 | Karandikar | Dec 2008 | A1 |
| 20080318548 | Bravo et al. | Dec 2008 | A1 |
| 20090036111 | Danford et al. | Feb 2009 | A1 |
| 20090144632 | Mendez | Jun 2009 | A1 |
| 20090198997 | Yeap et al. | Aug 2009 | A1 |
| 20090203375 | Gisby et al. | Aug 2009 | A1 |
| 20090260064 | McDowell et al. | Oct 2009 | A1 |
| 20090300739 | Nice et al. | Dec 2009 | A1 |
| 20090307362 | Mendez et al. | Dec 2009 | A1 |
| 20100005125 | Mendez et al. | Jan 2010 | A1 |
| 20100005157 | Mendez et al. | Jan 2010 | A1 |
| 20100005195 | Mendez et al. | Jan 2010 | A1 |
| 20100023630 | Mendez et al. | Jan 2010 | A1 |
| 20100083359 | Readshaw et al. | Apr 2010 | A1 |
| 20100100641 | Quinlan et al. | Apr 2010 | A1 |
| 20100120450 | Herz | May 2010 | A1 |
| 20100138667 | Adams et al. | Jun 2010 | A1 |
| 20100144323 | Collins et al. | Jun 2010 | A1 |
| 20100146269 | Baskaran | Jun 2010 | A1 |
| 20100254410 | Collins | Oct 2010 | A1 |
| 20100268844 | Quinlan et al. | Oct 2010 | A1 |
| 20100273456 | Wolovitz et al. | Oct 2010 | A1 |
| 20100299152 | Batchu et al. | Nov 2010 | A1 |
| 20100299362 | Osmond | Nov 2010 | A1 |
| 20100299376 | Batchu et al. | Nov 2010 | A1 |
| 20100299719 | Burks et al. | Nov 2010 | A1 |
| 20110004941 | Mendez et al. | Jan 2011 | A1 |
| 20110039506 | Lindahl et al. | Feb 2011 | A1 |
| 20110082900 | Nagpal et al. | Apr 2011 | A1 |
| 20110113062 | Quinlan et al. | May 2011 | A1 |
| 20110145932 | Nerger et al. | Jun 2011 | A1 |
| 20110153779 | Mendez et al. | Jun 2011 | A1 |
| 20110153799 | Ito | Jun 2011 | A1 |
| 20110167474 | Sinha et al. | Jul 2011 | A1 |
| 20110202589 | Piernot et al. | Aug 2011 | A1 |
| 20110225252 | Bhat et al. | Sep 2011 | A1 |
| 20110270799 | Muratov | Nov 2011 | A1 |
| 20110276805 | Nagpal et al. | Nov 2011 | A1 |
| 20110296186 | Wong et al. | Dec 2011 | A1 |
| 20110320552 | Friedman et al. | Dec 2011 | A1 |
| 20120005578 | Hawkins | Jan 2012 | A1 |
| 20120015644 | Danford et al. | Jan 2012 | A1 |
| 20120102392 | Reesman et al. | Apr 2012 | A1 |
| 20120198547 | Fredette et al. | Aug 2012 | A1 |
| 20120272287 | Kuhlke et al. | Oct 2012 | A1 |
| 20130061307 | Livne | Mar 2013 | A1 |
| 20130152169 | Stuntebeck | Jun 2013 | A1 |
| 20130165232 | Nelson et al. | Jun 2013 | A1 |
| 20140025256 | Armitage et al. | Jan 2014 | A1 |
| 20140047240 | Kato | Feb 2014 | A1 |
| 20140068717 | Mayes et al. | Mar 2014 | A1 |
| 20140143852 | Cottrell et al. | May 2014 | A1 |
| 20140177495 | Mallikarjunan et al. | Jun 2014 | A1 |
| 20140223182 | Avanzi | Aug 2014 | A1 |
| Number | Date | Country |
|---|---|---|
| 2149337 | Jun 1994 | CA |
| 2346716 | Aug 2000 | GB |
| 2361558 | Oct 2001 | GB |
| WO9600485 | Jan 1996 | WO |
| WO0003316 | Jan 2000 | WO |
| WO0241661 | May 2002 | WO |
| WO2010052669 | May 2010 | WO |
| Entry |
|---|
| Office Action mailed Nov. 30, 2015 in U.S. Appl. No. 13/841,853. |
| International Search Report for PCT/US2014/025256 mailed Jul. 3, 2014. |
| Non-Final Office Action cited in U.S. Appl. No. 13/316,073 dated Jan. 18, 2013. |
| Asynchrony Software, Inc., , “PDA Defense User Guide”, 726, 2002. |
| Belani, Eshwar et al., “The CRISIS Wide Area Security Architecture”, 726, 1998. |
| Benaloh, Josh et al., “Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records”, 726, Nov. 13, 2009. |
| Fox, Armando et al., “Security on the Move: Indirect Authentication Using Kerberos”, 726, 1996. |
| Menaria, Pankaj et al., “Security in Mobile Database Systems”, 707, 726,Mar. 17, 2011. |
| Pfitzmann, Andreas et al., “Mobile User Devices and Security Modules: Design for Trustworthiness”, 726, Feb. 5, 1996. |
| Steiner, Jennifer , “Kerberos: An Authentication Service for Open Network Systems”, 726, Jan. 12, 1988. |
| Strunk, John et al., “Self-Securing Storage: Protecting Data in Compromised Systems”, Symposium on Operating Systems Design and Implementation, 726, 2000. |
| Non-final Office Action cited in U.S. Appl. No. 13/841,853 mailed Jan. 28, 2015. |
| Office Action mailed Jul. 9, 2015 in U.S. Appl. No. 13/841,853, filed Mar. 15, 2013. |
| Number | Date | Country | |
|---|---|---|---|
| 20160182495 A1 | Jun 2016 | US |
