公开(公告)号：US09148283B1

公开(公告)日：2015-09-29

申请号：US14067162

申请日：2013-10-30

Applicant: Google Inc.

Inventor： Umesh Shankar ,  Andrei Kulik ,  Bodo Moller ,  Sarvar Patel ,  Brian N. Bershad ,  David Erb

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/321 ,  H04L9/0819 ,  H04L63/0428 ,  H04L63/101 ,  H04L63/104 ,  H04L67/1097 ,  H04L2463/062

Abstract: An encrypted resource is stored in association with an access control list. A request to retrieve the resource is received. The wrapped key and the authentication credentials are sent, from the application server system, to a key server system. An unencrypted version of the resource encryption key is received from the key server system if the key server system determines that the authentication credentials correspond to a user in the group of users identified by the group identifier. The stored encrypted resource is decrypted using the received unencrypted version of the resource encryption key to generate an unencrypted version of the resource. The unencrypted version of the resource is sent, from the application server system, to the client application.

Abstract translation: 与访问控制列表相关联地存储加密资源。 接收到检索资源的请求。 包裹的密钥和认证凭证从应用服务器系统发送到密钥服务器系统。 如果密钥服务器系统确定认证凭证对应于由组标识符标识的用户组中的用户，则从密钥服务器系统接收到资源加密密钥的未加密版本。 存储的加密资源使用所接收的未加密版本的资源加密密钥进行解密，以生成资源的未加密版本。 将资源的未加密版本从应用服务器系统发送到客户端应用程序。