What technology area does this patent fall under?

Primary CPC classification G06F21/6209. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jul 03 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Private and public sharing of electronic assets

US10013567B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10013567-B2
Application number	US-201514866782-A
Country	US
Kind code	B2
Filing date	Sep 25, 2015
Priority date	Jan 27, 2015
Publication date	Jul 3, 2018
Grant date	Jul 3, 2018

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

The embodiments set forth techniques for implementing a cloud service that enables cloud data to be shared between different users in a secure manner. One embodiment involves a sharing manager and a sharing client, where the sharing manager is configured to manage various data components stored within a storage system managed by the cloud service. These data components can include user accounts, share objects (for sharing data between users—and, in some cases, public users not known to the sharing manager)—as well as various “wrapping objects” that enable data to be logically separated in an organized manner within the storage system. According to this approach, the sharing client is configured to interface with the sharing manager in order to carry out various encryption/decryption techniques that enable the cloud data to be securely shared between the users.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for enabling a user to securely share an electronic asset, the method comprising: at a server computing device: receiving, from the user, a first request to privately share the electronic asset with a guest, wherein the guest is associated with a guest public key and a guest private key; and in response to the first request: creating a share object that includes a first protected cloud storage object (PCSO), wherein the first PCSO is associated with an invited master key, an invited public key, and an invited private key, adding, to a first encrypted key store associated with the first PCSO, a first value that is produced by encrypting the invited private key using the invited master key, adding, to a first share list associated with the first PCSO, a first tuple that associates the guest public key with a second value that is produced by encrypting the invited master key using the guest public key, identifying a second PCSO that corresponds to the electronic asset, wherein the second PCSO is associated with an asset master key, an asset public key, and an asset private key, and adding, to a second share list included in the second PCSO, a second tuple that associates the invited public key with a third value that is produced by encrypting the asset master key using the invited public key, wherein, when the guest provides the guest private key, the guest is permitted to access the electronic asset. 2. The method of claim 1 , wherein the foregoing private keys enable a decryption of any data that is encrypted using their respective counterpart public keys. 3. The method of claim 1 , wherein the first tuple comprises a key/value pair, such that: the guest public key is the key, and the second value is the value. 4. The method of claim 1 , wherein the second tuple represents a key/value pair, such that: the invited public key is the key, and the third value is the value. 5. The method of claim 1 , further comprising enabling the user to edit the first share list included in the first PCSO. 6. The method of claim 1 , wherein, when the user indicates that the guest is not an administrator, the method further includes preventing the guest from editing the first share list included in the first PCSO. 7. The method of claim 1 , wherein, when the user indicates that the guest is an administrator, the method further includes enabling the guest to edit the first share list included in the first PCSO. 8. A method for enabling a user to securely share an electronic asset, the method comprising: at a server computing device: receiving, from the user, a first request to privately share the electronic asset with a guest, wherein (i) the user is associated with a user public key and a user private key, and (ii) the guest is associated with a guest public key and a guest private key; and in response to the first request: creating a share object that includes a first protected cloud storage object (PCSO), wherein the first PCSO is associated with an invited master key, an invited public key, and an invited private key, encrypting the invited private key using the invited master key to produce a first value, and adding the first value to a first encrypted key store included in the first PCSO, encrypting the invited master key using the guest public key to produce a second value, and adding, to a first share list included in the first PCSO, a first tuple that associates the guest public key with the second value, identifying a second PCSO that corresponds to the electronic asset, wherein the second PCSO is associated with an asset master key, an asset public key, and an asset private key, and encrypting the asset master key using the invited public key to produce a third value, and adding, to a second share list included in the second PCSO, a second tuple that associates the invited public key with the third value, wherein, when the guest provides the guest private key, the guest is permitted to access the electronic asset. 9. The method of claim 8 , further comprising: receiving, from the guest, a second request to access the electronic asset, wherein the second request includes the guest private key; and in response to the second request: decrypting, in accordance with the first share list, the second value using the guest private key to obtain the invited master key, decrypting, in accordance with the first encrypted key store, the first value using the invited master key to obtain the invited private key, and decrypting, in accordance with the second share list, the third value using the invited private key to obtain the asset master key, wherein the asset master key can be used to unlock the electronic asset. 10. The method of claim 8 , further comprising enabling the user to editing the first share list included in the first PCSO. 11. The method of claim 8 , wherein, when the user indicates that the guest is not an administrator, the method further includes preventing the guest from editing the first share list included in the first PCSO. 12. The method of claim 8 , wherein, when the user indicates that the guest is an administrator, the method further includes enabling the guest to edit the first share list included in the first PCSO. 13. The method of claim 8 , further comprising: receiving, from the user, a second request to publicly share the electronic asset; and in response to the second request: creating, within the share object, a third PCSO, wherein: the third PCSO is associated with a self-added master key, a self-added public key, and a self-added private key, the electronic asset is associated with a public sharing key (PSK), and the self-added private key is equal to the PSK, encrypting the self-added private key using the self-added master key to produce a fourth value, and adding the fourth value to a second encrypted key store included in the third PCSO, encrypting the self-added master key using the self-added public key to produce a fifth value, and adding, to a third share list included in the third PCSO, a third tuple that associates the self-added public key with the fifth value, and encrypting the invited master key using the self-added public key to produce a sixth value, and adding, to the first share list included in the first PCSO, a fourth tuple that associates the self-added public key with the sixth value, wherein, when a public user provides the self-added private key, the public user is permitted to access the electronic asset. 14. The method of claim 13 , further comprising: receiving, from the public user, a third request to access the electronic asset, wherein the third request includes the self-added private key; and in response to the third request: decrypting, in accordance with the first share list, the sixth value using the self-added private key to obtain, the invited master key, decrypting, in accordance with the first encrypted key store, the first value using the invited master key to obtain the invited private key, and decrypting, in accordance with the second share list, the third value using the invited private key to obtain the asset master key, wherein the asset master key can be used to unlock the electronic asset. 15. The method of claim 13 , further comprising: generating a uniform resource locator (URL), wherein information included in the URL can be used to identify: (i) a storage location of the electronic asset, and (ii) the guest private key. 16. The method of claim 15 , further comprising: shortening an overall length of the URL in a manner that enables the

Assignees

Apple Inc

Inventors

Classifications

H04L9/14
using a plurality of keys or algorithms · CPC title
G06F21/6209Primary
to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself · CPC title
H04L63/10
for controlling access to devices or network resources · CPC title
H04L9/0894
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
H04L63/06
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title

Patent family

Related publications grouped by family.

View patent family 56432648

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10013567B2 cover?: The embodiments set forth techniques for implementing a cloud service that enables cloud data to be shared between different users in a secure manner. One embodiment involves a sharing manager and a sharing client, where the sharing manager is configured to manage various data components stored within a storage system managed by the cloud service. These data components can include user accounts…
Who is the assignee on this patent?: Apple Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/6209. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jul 03 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).