| 发明名称 | Multi-identity for secure file sharing | ||
| 摘要 | Techniques for controlling access to shared data files such as stored in a collaborative file sharing service. Organizations want to have access to data originated by their employees and want that access to continue even when the employees leave the company. Also, organizations do not want former employees to have access to the company's files. A file storage service uses an Organization's recovery key while creating a recovery record for a file (which may be stored in a folder), and protected using a Work identity. The individual person who originally creates a file and/or shares a folder securely with others is considered the folder's owner as long as he is part of the same Organization. User's identities are validated upon access. The keys are also purged from a local key store as soon as identity changes are detected. In this way, the folder owner will not be able to decrypt files stored in a folder shared using a Work identity if the identity is canceled by the Organization. | ||
| 申请公布号 | US9053341(B2) | 申请公布日期 | 2015.06.09 |
| 申请号 | US201414207856 | 申请日期 | 2014.03.13 |
| 申请人 | nCrypted Cloud LLC | 发明人 | Odnovorov Igor;Stamos Nicholas |
| 分类号 | G06F7/04;G06F21/62;H04L9/08;G06F17/30;H04N7/16;G06F15/16;H04L29/06 | 主分类号 | G06F7/04 |
| 代理机构 | Cesari and McKenna, LLP | 代理人 | Cesari and McKenna, LLP |
| 主权项 | 1. A computer-implemented method for providing controlled collaborative access to a data file comprising: selectively associating a personal identity or a work identity with a designated folder in which a shared data file originated by an individual user is stored; when the personal identity is associated with the designated folder, generating a personal recovery key;storing the personal recovery key; andprotecting the shared data file with a unique file password generated from (a) the personal recovery key assigned to the designated folder in which the file is located and (b) a unique file identifier; else when the work identity is associated with the designated folder, generating a work recovery key;storing the work recovery key; andprotecting the shared data file with a unique file password generated from (a) the work recovery key assigned to the designated folder in which the file is located and (b) a unique file identifier;and further:protecting access to the shared data file using the work recovery key and information concerning a present status of the individual user with respect to an organization associated with the work identity, by further generating an organization recovery key associated with the organization;protecting the unique password with the organization recovery key;revoking the individual user's access to the organization recovery key when the organization no longer approves of the individual user's association with the organization; andpreventing the individual user from revoking access to the shared data file by the organization subsequent to revoking the individual user's access to the shared data file, even when the individual user was an original creator of the shared data file: and when the personal identity is associated with the designated folder, further preventing access by the organization to the personal recovery key. | ||
| 地址 | Boston MA US | ||