| 发明名称 | Distributed encryption and access control scheme in a cloud environment | ||
| 摘要 | System, computer readable medium and method for decryption. The method may include receiving, by a third computerized system and from a fourth computerized system, a first encrypted file entity key and signed access metadata. The first encrypted file entity key is created by encrypting a file entity key by a first computerized system using an encryption key of a second computerized system. The signed access metadata is signed by the file entity key. The encrypted file entity is created by encrypting a file entity by the first computerized system using the file entity key. Sending, by the third computerized system, the signed access metadata and the first encrypted file entity key to the second computerized system. Receiving a response from the second computerized system. Determining, based on the response from the second computerized system, whether to facilitate a decryption of the encrypted file entity by the fourth computerized entity. | ||
| 申请公布号 | US9373001(B2) | 申请公布日期 | 2016.06.21 |
| 申请号 | US201414203683 | 申请日期 | 2014.03.11 |
| 申请人 | BARRACUDA NETWORKS, INC. | 发明人 | Cidon Asaf;Cidon Israel;Gavish Lior;Gopal Prabandham Madan;Shetty Chandrashekhar |
| 分类号 | G06F7/00;G06F17/30;G06F21/62 | 主分类号 | G06F7/00 |
| 代理机构 | Duane Morris LLP | 代理人 | Duane Morris LLP ;Xue Daivd T. |
| 主权项 | 1. A method for selectively assisting a fourth computerized system in a decryption of an encrypted file entity, the method comprises: receiving, by a third computerized system from the fourth computerized system, a first encrypted file entity key and signed access metadata; wherein the first encrypted file entity key is created by encrypting a file entity key by a first computerized system using an encryption key of a second computerized system;wherein the signed access metadata is signed by the file entity key;wherein the encrypted file entity is created by encrypting a file entity by the first computerized system using the file entity key; sending, by the third computerized system, the signed access metadata and the first encrypted file entity key to the second computerized system; receiving a response from the second computerized system; determining, based on the response from the second computerized system, whether to facilitate the decryption of the encrypted file entity by the fourth computerized system; wherein if determining to facilitate the decryption of the encrypted file entity by the fourth computerized system then sending, by the third computerized system, a fourth computerized system encrypted file entity key to the fourth computerized system; wherein the fourth computerized system encrypted file entity key is created by the second computerized system by (a) decrypting the first encrypted file entity key to provide the file entity key, and (b) encrypting the file entity key with an encryption key of the fourth computerized system; and wherein if determining not to facilitate the decryption of the encrypted file entity by the fourth computerized system then preventing from assisting the fourth computerized system to decrypt the encrypted file entity. | ||
| 地址 | Campbell CA US | ||