| 发明名称 | Multi-identity for secure file sharing | ||
| 摘要 | Techniques for controlling access to shared data files such as stored in a collaborative file sharing service. Organizations want to have access to data originated by their employees and want that access to continue even when the employees leave the company. Also, organizations do not want former employees to have access to the company's files. A file storage service uses an Organization's recovery key while creating a recovery record for a file (which may be stored in a folder), and protected using a Work identity. The individual person who originally creates a file and/or shares a folder securely with others is considered the folder's owner as long as he is part of the same Organization. User's identities are validated upon access. The keys are also purged from a local key store as soon as identity changes are detected. In this way, the folder owner will not be able to decrypt files stored in a folder shared using a Work identity if the identity is canceled by the Organization. | ||
| 申请公布号 | US9053342(B2) | 申请公布日期 | 2015.06.09 |
| 申请号 | US201414299768 | 申请日期 | 2014.06.09 |
| 申请人 | nCrypted Cloud, LLC | 发明人 | Odnovorov Igor;Stamos Nicholas |
| 分类号 | H04L29/06;G06F21/62;H04L9/08;G06F7/04;G06F17/30;H04N7/16 | 主分类号 | H04L29/06 |
| 代理机构 | Cesari and McKenna, LLP | 代理人 | Cesari and McKenna, LLP |
| 主权项 | 1. A computer-implemented method for providing controlled access to a shared data file comprising: creating a designated folder upon request of an individual user; associating an organization related identity with the designated folder; storing a shared data file in the designated folder, the shared date file originated by the individual user; controlling access to the shared data file using the organization related identity and information concerning a present status of the individual user with respect to an organization associated with the organization related identity, and wherein controlling access further comprises: granting access to the shared data file by the individual user only so long as long as the organization approves of the individual user's access to the shared data file;revoking the individual users' access to the shared data file when the organization no longer approves of the individual users' association with the organization;preventing the individual from revoking access to the shared data file by the organization even subsequent to revoking the individual's access to the designated folder, even when designated folder and the shared data file were originally created at the request of the individual;wherein access to the shared data file is protected using a unique file password generated from (a) a key associated with the organization related identity associated with the designated folder in which the shared file is located and (b) a unique file identifier for the shared data file;wherein the unique file password is protected using a recovery key associated with the organization related identity; andwherein the user is granted access to the recovery key only so long as the user is associated with the organization. | ||
| 地址 | Boston MA US | ||