Systems and methods for securing data at third-party storage services

摘要

A computer-implemented method for securing data at third-party storage services may include (1) receiving, at a server-side computing system, a request to provide a user with access to a file that is encrypted, (2) determining, in response to the request, whether a transitory symmetric key of the user is available to encrypt a decryption key with which the file may be decrypted, (3) encrypting the decryption key with the transitory symmetric key of the user if the transitory symmetric key of the user is available or encrypting the decryption key with the public key of an asymmetric key pair designated for the user if the transitory symmetric key of the user is unavailable, and (4) storing the encrypted decryption key. Various other methods, systems, and computer-readable media are also disclosed.

主权项

1. A computer-implemented method for securing data at third-party storage services, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
receiving, from a client-side computing device of a first user at a server-side computing system, a request to share with a second user access to a file that is encrypted, wherein:
access to the file requires access to a decryption key with which the file may be decrypted;the decryption key must be encrypted to be stored at the server-side computing system; determining, in response to the request, whether a transitory symmetric key of the second user is available at the server-side computing system to encrypt the decryption key, wherein the transitory symmetric key of the second user is generated at the server-side computing system using information provided to the server-side computing system by the second user and discarded at the server-side computing system when the second user logs out of the server-side computing system; in response to determining that the transitory symmetric key of the second user is available at the server-side computing system, encrypting the decryption key with the transitory symmetric key of the second user; in response to determining that the transitory symmetric key of the second user is unavailable at the server-side computing system:
identifying, at the server-side computing system, an asymmetric key pair designated for the second user, the asymmetric key pair comprising:
a public key;a private key that is encrypted, wherein the private key is decrypted using information provided to the server-side computing system by the second user;encrypting the decryption key with the public key; storing the encrypted decryption key at the server-side computing system, wherein:
the server-side computing system comprises the computing device;the computing device performs the step of determining whether the transitory symmetric key of the second user is available at the server-side computing system.