Method and apparatus for accessing sensitive information on-demand
US9355259B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | May 29, 2015 |
| Grant date | May 31, 2016 |
| Priority date | — |
| Expiry date | May 29, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L9/0869
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Exposure of sensitive tenant information is minimized in a multi-tenant/multi-user environment. A unique encryption key is provided for each tenant. The tenant encryption key is never stored in the clear and each copy of the tenant encryption key is protected by a user derived password. A secure folder is created for each tenant and encrypted by the tenant encryption key. Secure folders are mounted only on-demand, i.e. when an authenticated request is received for that tenant. The secure folders are mounted only for specific durations only. Otherwise, they are un-mounted. When a secure folder is mounted, any read/write operation to the secure folder is encrypted/decrypted on-the-fly. When the secure folder is un-mounted, all file contents in the secure folder, and the secure folder itself, are not visible in the file system and no application can browse to the secure folder without the tenant encryption key.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.