`
`
`as) United States
`
`
`
`
`
`
`
`
`
`a2) Patent Application Publication co) Pub. No.: US 2011/0119481 Al
`
`
`
`
`
`
`
`
` Auradkaretal. (43) Pub. Date: May 19, 2011
`
`
`
`
`US 20110119481A1
`
`
`
`
`
`
`
`(54) CONTAINERLESS DATA FOR
`TRUSTWORTHY COMPUTING AND DATA
`
`
`
`
`SERVICES
`
`
`(75)
`
`
`
`Inventors:
`
`
`
`
`
`Rahul V. Auradkar, Sammamish,
`
`
`
`
`
`WA (US); Roy Peter D’Souza,
`
`
`
`Bellevue, WA (US); Darrell J.
`
`
`Cannon,Bellevue, WA (US)
`
`
`
`
`(73) Assignee:
`
`
`
`
`MICROSOFT CORPORATION,
`
`Redmond, WA (US)
`
`
`
`
`
`(21) Appl. No.:
`
`
`
`Filed:
`
`(22)
`
`
`
`
`
`12/817,487
`
`
`Jun. 17, 2010
`
`
`
`
`
`
`
`Related U.S. Application Data
`
`
`
`
`
`
`(60) Provisional application No. 61/261,598,filed on Nov.
`
`
`16, 2009.
`
`
`
`
`Publication Classification
`
`
`
`
`
`(51)
`
`
`
`
`
`Int. Cl.
`(2006.01)
`GOOF 12/14
`
`
`
`
`
`
`
`(52) US. CD. eee ceceeectesesenscneecessescneneeansenees 713/150
`
`
`ABSTRACT
`(57)
`
`
`
`
`
`
`
`
`A digital escrow pattern and trustworthy platform is provided
`
`
`
`
`
`
`
`for data services including mathematical transformation tech-
`
`
`
`
`
`
`
`niques, such as searchable encryption techniques, for obscur-
`
`
`
`
`
`
`
`
`ing data stored at remotesite or in a cloud service,distributing
`
`
`
`
`
`
`
`
`trust across multiple entities to avoid a single point of data
`
`
`
`
`
`
`compromise. Using the techniquesofa trustworthy platform,
`
`
`
`
`
`
`
`data (and associated metadata) is decoupled from the contain-
`ers that hold the data (e.g., file systems, databases, etc.)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`enabling the data to act as its own custodian through imposi-
`
`
`
`
`
`
`tion of a shroud of mathematical complexity that is pierced
`
`
`
`
`
`
`
`with presented capabilities, such as keys granted by a cryp-
`
`
`
`
`
`
`
`
`tographic key generator of a trust platform. Sharing of, or
`
`
`
`
`
`
`
`
`access to, the data or a subset of that data is facilitated in a
`
`
`
`
`
`
`
`
`
`
`mannerthat preserves and extends trust without the need for
`
`
`
`
`particular containers for enforcement.
`
`Data as Custodian
`
`
`
`
`
`
`
`
`Containers are Redundant for Security
`
`
`
`Access is Enforced byCrypto Wrapper
`
`
`
`
`
`
`
`
`
`
`
`
`
`Policy is Set by Owner and
`
`
`guaranteed by Crypto Wrapper
`
`
`
`*
`
`*
`
`.
`
`
`|
`
`| | | ||
`
`|
`
`|
`
`
`Security
`
`
`Staff 504
`
`
`Operations
`
`
`Staff 506
`
`|
`
`Cloud Container 500
`
`
`Enterprise
`
`
`Audits 502 |
`
`
`lData Container 510 ]
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Enterprise
`
`
`
`Staff 522
`
`
`
`
`
`Page 1 of 81
`
`Netskope Exhibit 1009
`
`Page 1 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 1 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`OF}Aepiaa
`
`
`
`jSnNipa,Ziape
`
`
`
`ZOLesudiejug
`
`
`
`IL°Old
`
`
`
`OOLesiudiajuyg
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`SSoS
`
`oo——/Zeb|(s)a101g
`
`
`
`sbe10js
`
`
`quowaBbeuey
`
`
`
`0S}.40Ae7
`
`Page 2 of 81
`
`Netskope Exhibit 1009
`
`Page 2 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 2 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`SBOUBIENDISNiL
`
`V I7o
`
`
`
`
`
`
`
`
`
`0¢z|asudiaquy
`
`Page 3 of 81
`
`Netskope Exhibit 1009
`
`JOUMOAg19SAd1]Od«
`uUeBIPOISNsee1eq
`fl4ywoym
`yya139]/9qJoJaduieyXI
`
`
`
`
`pOuUe)fi‘AHpo|Wyouue?&*MalfA
`
`
`
`=
`
`eeeSane
`
`ejeqAqpaajuesend/padiojuqsissaooy«
`JaUMQAqpaljoijzUO9D‘eyeqAgpaqojuq.«
`
`
`juepunpayaesuauleyUuo?)
`
`(ssaxsomayiqo~w=||suesn|zzzquawis2.0}U3
`“3°3)O€ZS4asm—sCé——
`SayOTZHeISsdO>@\a
`geSSSe¢ena=4002pnojD
`z|_|
`
`
`@ESESa‘\
`
`Page 3 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 3 of 54
`
`
`
`
`US 2011/0119481 Al
`
`(s)iossao0i4
`
`
`
`
`
`éd
`
`
`
`
`
`0GSula}eJeqParsujey
`
`OreBegpaldAioug
`
`
`
`
`
`|pejdAinougZlNN
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`oze(s)eoinegBunndweyoo(sjeo1aegBugndwocy
`
`
`JBplAEd\NLUEe/OBEoon,id\(s)lossa901gNX7(ojouyse,=\asiydeiBoydAug7\/\N|“~a“
`
`
`(sa!)Auoway|Zpeeeg\(sai)Aioway
`
`\NCIN|SSLW
`
`
`OLESadlAJegsiskjeuy\Spananey
`YYytd|poo“\<‘oo_dveBie/z9¢\4pajdAisug}“_||soyesauegAaya~\ZL“£0‘“\
`O£E104]U045jouoIBeypuosesOLEjouuEyjouolBeyisul4
`
`
`
`
`OGE[O4jU0DJoUOIBayPAUL\N\
`
` \SpeBedGOt_L
`pajdAuougq|—___________{____,ljageyeq
`
`
`XNiNNN\SekNNsua}eyeq
`NOON4Rai
`COM|16|04]U09jouoiHey
`
`SON2G6E1043U05jouoIGayyyNOY
`
`NNfora_
`
`
`
`
`/
`
`(s)iossoo0ig
`
`bd
`
`
`
`
`Page 4 of 81
`
`Netskope Exhibit 1009
`
`Page 4 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 4 of 54
`
`
`
`
`US 2011/0119481 Al
`
`400
`
`
`
`
`
`
`
`
`
`Receive, by ist computing device in a first region of
`
`
`
`
`
`
`
`control from 2nd computing device in a second region
`
`
`
`
`
`
`
`of control, encrypted data formed from encryption of
`
`
`
`
`
`
`
`
`
`data for a defined data set of the 2nd computing device
`
`
`
`
`
`according to searchable encryption algorithm based on
`
`
`
`cryptographic key information.
`
`
`
`
`
`met.
`
`
`
`
`
`
`
`Receive, by the 1st computing device, encrypted
`
`
`
`
`
`
`
`metadata formed from an analysis of the data and an
`
`
`
`
`
`
`encrypted output of the analysis based on the
`
`
`
`cryptographic key information.
`
`
`
`
`
`Determine container(s) independently of container
`
`
`
`
`
`
`types in which to store at least some of the encrypted
`
`
`
`
`data or the encrypted metadata.
`
`
`
`
`
`
`
`
`
`Automatically change the container(s) in which the
`
`
`
`
`
`encrypted data is stored if a pre-defined condition is
`
`
`
`FIG.4
`
`Page 5 of 81
`
`Netskope Exhibit 1009
`
`Page 5 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`Patent Application Publication
`
`
`
`May 19, 2011 Sheet 5 of 54
`
`
`
`
`US 2011/0119481 Al
`
`Ayansas10}JuepuNpayasesuaulejuo)
`
`
`JaddeinayoydAsgAqpadsojugsissao0y
`
`
` ||||||OTS]UCyBIC|||| Joule
`vosHeiszossupny
`|
`)
`
`Aqunoas|asiudiayuy
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`00¢Jaule,U0DpnoyD
`
`suoljesado
`
`90SJJEIS
`
`
`
`UPIPOISNseejeq
`
`pueJauMOCAq39SSIAdl|Od
`
`
`
`JaddeinyoydAsgAgpaajuesens
`
`80SJ2esf)
`
`S°OM
`
`asiiduayuy 0zSasidiaquy
`
`asiiduayuyssao0y
`
`77SJ4E3SOESAdI|Od
`
`Page 6 of81
`
`Netskope Exhibit 1009
`
`Page 6 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 6 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`‘219‘QdUaIISOY‘Ssad'ySZIWIIdOUedJUdLUDIe}d
`
`
`
`
`
`
`
`
`
`
`
`
`
`‘ZUIUOISIAA‘AQUSISISUOZJueSasuUaijeyDMAN
`
`
`
`‘Ja‘UOIPAIJODaBequeH
`
`9OI
`
`
`
`saduey)uoienbyAqunsas/swiaysAsoYL
`
`
`
`
`
`
`
`SIQUIE]UO7)B/PPeiysUEDe]eq
`
`
`
`SJDUIEJUO?)PUBIJSUBI]UBDe]eg
`
`
`
`aaee
`
`709SYIOMION
`Aeyiaag[[
`
`—_y—29asidia}uy|Zz009—
`
`
`
`
`
`
`
`779
`
`029eSiidiajuy
`
`
`
`jyeisasiduaqug|
`asiduaquy|:O€9Ad1|Od|ssaooy
`
`
`
`ss900yOAID
`
`
`
`VT9SjO4jU0D
`
`|
`
`|otgsesn
`
`Page 7 of 81
`
`Netskope Exhibit 1009
`
`Page 7 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 7 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`00ZSsaulejUuo?ejeq
`
`<>
`
`
`
`Sa
`
`
`
`OZF1eq
`
`
`
`ssaaoyo1dAi9
`
`pOZSjoiquOD
`
`
`
`LOW
`
`
`
`
`
`
`
`
`
`
`
`"‘SUJa}IedSSaD0ypukeSaldOgapnoul
`
`ejeq OTZuoNesqy
`uedLY}BayUOpasegpaynyysuovaypuepajeaijday‘pause ‘pappaiysaquedsuaulequoD
`
`
`
`
`
`
`
`
`
`97ZSAOMISN
`
`
`
`vezSeseqezedecL
`
`AesaA0OZLS@DIAIaS
`
`
`
`asiidiajugsuuayshS
`
`aiid
`
`
`
`e1eqpnoD
`
`Page 8 of 81
`
`Netskope Exhibit 1009
`
`Page 8 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 8 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`008SuaulejUo?eleq
`
`Suances
`
`708Bled
`
`ssaooyodd
`
`vO$jO4}U0D
`
`Aejsaag
`
`
`
`
`
`OTSSJOMION
`
`
`
`8OI
`
`asudisayuy
`
`p7g@saseqejeq
`
`alld
`
`SluaisAS
`
`C78
`
`ejeqpnoyp
`
`
`
`O78sadlvies™
`
`Page 9 of 81
`
`Netskope Exhibit 1009
`
`Page 9 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 9 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`ejeqpaziuauiequo)
`
`OvE
`
`076UoeJISqy
`
`ainaas
`
`Aeyiaag
`
`O€6SYAOMION
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`‘sasea]‘SuUlUolsiaa‘SulyseDpue‘suojjeuuojsues,oidAuD‘suonelosayoydAu9JuaWaldw)suajdepy
`
`
`
`
`
`
`
`
`
`
`
`uedsiauiejwUoDAdega]
`
`awesay}Aejs
`
`aslicsaquy
`
`
`
`VL6saseqejeq
`
`
`
`SUIDISAS2Ii4
`
`é16
`
`
`
`eyeqpnojd
`
`OIGsaaimuas
`
`
`
`
`suonesyddeAdega}
`auwesay}Aejsued
`
`006suoljesiddyAoega7
`
`
`
`6Ol
`
`
`
`Spaeanjaulejuo>Adega]pueuonesyjddyuopaseg‘oj9
`
`
`
`
`
`Page 10 of 81
`
`Netskope Exhibit 1009
`
`Page 10 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 10 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`aiydessoydAu9sppyyey}saAe7
`
`
`
`
`
`OTOTjesiadsiqpueSulppaiys
`
`
`
`
`
`OZOTa401SxXpueSeed0}paspug‘Syo/diuqe4
`
`
`
`
`OOOoTAeliaaoISN]Ps{eisps9ke
`
`suoleaddyjuawajqeuq-Ol4
`
`
`
`SOOT
`
`
`
`
`
`
`
`
`
`
`
`
`
`STOTsuoeaijddeaiemesas,
`
`
`
`ajemyAdualsisuog,
`
` GZOT
`palipowuy
`
`
`
`
`
`‘suoljeuojsues|OdAID‘SuoielosanoydAuDJUsWajdujsuajdepy
`
`
`
`
`
`OLOT‘928‘sadejayy|‘sjov0}Oud‘soijsayeJeYDUaule}UODAde8aq
`
`
`
`
`pueuoijeayddyuopaseq‘dja‘saseay‘SuluoIsaA‘dulyseDpue
`
`
`pueYsadar]BUIPNpOU!SyJOMONAe|aAO
`
`@
`
`suoijeaiddy
`
`
`
`SCOTSuaulejuozAdesa7
`
`OlOW
`
`
`
`
`
`OVOTsuonedijddyAsegaq
`
`Page 11 of 81
`
`Netskope Exhibit 1009
`
`Page 11 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 19, 2011 Sheet 11 of 54
`
`US 2011/0119481 Al
`
`JOsuoneiadg
`
`jeo1bo7
`
`WUOLIdd
`
`suoijeisdo
`
`
`
`“B'9)OZLL
`
`
`
`OLL)Lsbe]pueeyepejyaypaydAsoug
`
`‘youeasydAlsue
`
`
`
`00L})sbe,pueeyepeyoy.
`
`
`
`
`
`
`
`
`
`ZOLLpiooey
`
`soueny|
`
`
`ZLLLpiooaypaydAusug
`
`‘dnyoeg
`
`
`
`(o}9‘Bunipny
`
`WIOLI8d
`
`suoieisdo
`
`
`
`“Be)O€LL
`
`/AyB93u|
`
`dodwey
`
`‘yoeUD
`
`AypiqepeayOLLLshel,jeuonippyjeuondo
`
`
`
`
`(‘930‘yooug|
`
`
`
`IOW
`
`
`
`
`
`
`uopaseqe}eq|euOHIppyjeuondo
`
`PEEL()juonoung
`
`Page 12 of 81
`
`Netskope Exhibit 1009
`
`Page 12 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 12 of 54
`
`
`
`
`US 2011/0119481 Al
`
`UNOLIdd
`
`X
`
`
`
`
`
`ajdwexy
`
`
`
`
`
`
`
`Ayyiqepeay91Z)sheljeucnippyjeuondg
`
`UNOLIIE
`
`suoneidg
`
`
`
`Ba)O€Zh
`
`fAsBeyuy
`
`Jodwe]
`
`‘yoayD
`
`<
`
` uopaseg
`
`
`
`e}eqjeuonippyjeuondo
`
`
`
`
`
`(‘aya‘yOayD
`
`
`
`clOl
`
`suoneisdg
`
`
`
`“B°8)OZZL
`
`‘yoiees
`
`soueny
`
`‘dnyoeg
`
`iosuonjeiado
`
`jeoibo7]<
`
`
`(‘938‘Bunipny“
`
`
`
`NOWAG>9d0MYLXSHEOSOOTLLE.»,
`
`umoigyoinbat,
`
`‘OU/e_-,,
`
`sduinfxoj
`ZOZL..bopAzejay}4800
`
`
`00ZLBop‘xo:shey
`
`ZhTbcP?
`
`ydAisue
`
`
`
`O12).OL«90S<OAII{O9-/a}UIGq!§,,
`
`1X}KO]
`
`Page 13 of 81
`
`Netskope Exhibit 1009
`
`Page 13 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 13 of 54
`
`
`
`
`US 2011/0119481 Al
`
`eyepS}soy)OZE}Sd1AI0S
`
`
`eyep0}puljqsiyey)Aem
`eBulSuoH}eoldde10/pue
`
`eyedPNoj]yD10YIOMION
`
`
`(susayjedssaooe10
`OSEL(DMO)uoHes9UEeN
`
`
`Ady10§10}U84
`
`NOVWAG>9dOMNALX$HEOLOOZr1e,»,
`
`OLEL«LENS<OAII{LO9:/2}WIGd!§,,
`
`——=
`
`jsanboysanyiqedes
`
`Orel(Shey‘6ra)
`
`BAI?(seiBojopoyjow
`
`
`SaLany10suoHeiedgjeoibo7
`
`
`OSE)SuOHeiadDWUOLid,
`
`‘yoouy/AysBeyuysodwe
`
`
`(ojo‘yoaygAyjiqeyleay
`
`aqUBDUOTeyUaWA/du
`
`ABojouyosyoydAuy
`
`
`Ou)00E}J9PIAOId
`
`
`
`tlOW
`
`
`
`“B'a)
`
`‘yoieas
`
`‘dnyoeg
`
`‘Buipny
`
`Page 14 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`CLEL«:
`
`
`
`‘sioopyoeq
`
`uadouopesegq
`
`Page 14 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 14 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`:pnojDayyulAyenuapiju0yejyeg3ulya}01g
`
`
` Sexapu|puepuodaypaydAuouypeojdg—
`SaXxapU|‘spsodaydasJOUSBOPpNo|D—
`
`
`piodaypajdAuougsaaaiijaypnojp—
`
`
`
`Kuanwou}Aujiqedepayesauay—
`
`
`
`saxapu|ajqeyoieasajeusuayH——
`
`
`ACa|DBY}UL,SAaNHJO
`
`
`uondAinuyajqeysieas
`pnojD0}Ayyiqedegpuas—
`
`
`
`piooayydAiouqg—
`paydAsoug
`ZZVTBinjeusis
`
`OCTSPi0094
`
` vIVTsexapu|
`BANEUBISaEDa1e1auay
`\SiSSemrunnsumsemiemmmmmmmemnssmnammannanaa”
`Scenenee
`
`
`COVTSPs020u
`pOrTSexspu|
`
`
`
`
`
`PlOW
`
`
`
`dAaIIaY
`
`:peojdn
`
`yjeueg
`
`dAaU1aY
`
`paydAsiouq
`
`Jawoisn)
`
`OOvT
`
`Page 15 of 81
`
`Netskope Exhibit 1009
`
`Page 15 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 15 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`Technology for Confidentiality: Searchable Encryption
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Encrypted
`Encrypted
`Document
`
`Index Store
`
`
`
`
`Store 1550
`
`
`1555
`
`
`
`
`
`Cloud Data
`
`
`Service
`(CDS) isso
`
`
`
`
`
`
`
`
`Customers
`
`
`
`
`Technology
`Upload
`
`CO enemies51560 Provider
`
`
`
`
`
`
`
`
`| Upload 1545 | \
`CTP) 1579
`
`
`
`
`
`
`
`
`Generate
`
`Encrypted
`
`
`
`
`} Public Parameters 1565
`
`
`Upload Examples:
`
`
`‘Sentinel’ on Exchange Captures-Email
`*
`
`
`
`
`* Business User Uploads a Record
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`1535)
`
`t
`
`Ke
`
`
`
`
`
`
`
`
`
`
`
`|
`
`
`
`Document 1500p} Keywords 1510
`
`
`
`
`
`
`
`
`
`
`
`
`
`FIG. 15
`
`Page 16 of 81
`
`Netskope Exhibit 1009
`
`Page 16 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 16 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`Technology for Confidentiality: Searchable Encryption
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`| [Decryot1655]Decrypt1655]1655 1644 I |
`
`
`
`/
`
`
`
`
`
`
`
`—__
`
`
`Encrypted Index
`
`Store 1625
`
`
`
`Cloud Data
`
`
`
`
`
`
`
`Encrypted
`Service
`
`
`Document
`Search
`
`
`(CDS) 1680
`
`
`
`
`
`
`Store 1630
`
`
`
`Encrypted
`
`
`
`
`
`
`
`
`
`
`
`
`
`{
`crore
`R
`ocation
`Encrypted
`Result 1635
`etrieveRetrieve1645]
`
`
`
`
`
`
`
`
`
`Acquire
`| Encrypted
`:
`
`
`| Document
`Trapdoor
`
`
`1650
`1605
`
`
`
`
`
`nen eee eee
`
`
`
`Search Examples:
`Auditor Searches - EMail Archives
`
`
`
`Business User Retrieves Recards
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Document 1660
`
`
`
`
`Query 1600
`
`
`
`
`FIG. 16
`
`Page 17 of 81
`
`Netskope Exhibit 1009
`
`Page 17 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 17 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`Technology: Proofs of Data Possession (PDP)
`
`
`
`
`
`
`Cloud Data
`
`
`Service
`
`
`
` Encrypted
`
`
`
`Records &
`
`
`
`Indexes 175Q PDP Tags 1760
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Encrypted
`Records &
`
`Indexes 1710
`
`
`
`Publisher 1700
`
`
`
`
`
`Example:
`°
`First Generate Searchable Indexes
`
`
`
`
`
`
`
`
`
`¢ Then Encode Encrypted Records & indexes
`
`
`
`
`FIG. 17
`
`Page 18 of81
`
`Netskope Exhibit 1009
`
`Page 18 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 18 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`
`
`Technology: Proofs of Data Possession — after encoding, verification
`
`
`
`
`
`
`
`
`Sreneenisiemmneenteeeraaoty
`
`
`PDP Tags 1840
`
`
`
`
`
`Cloud Data
`
`
`
`
`
`Encrypted
`Service
`Records &
`
`
`
` |Prove1820|1820
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Provider
`
`
`
`
`CTP) 1870,
`
`
`
`
`
`
`
` Challenge 1810 Verify 1850
`Secret 1825
`
`
`
`
`ed Se ee
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`rnd
`Example:
`
`
`Namteer
`° Auditor Checks Integrity without
`Success or
`
`
`
`
`
`
`Retrieving Records or Indexes
`i
`
`
`
`
`
`
`
`41805
`Failure 1860
`g
`Auditor 1800
`
`
`
`
`
`
`
`
`
`
`FIG. 18
`
`
`
`Page 19 of 81
`
`Netskope Exhibit 1009
`
`Page 19 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 19 of 54
`
`
`
`
`US 2011/0119481 Al
`
`UNOjiad
`
`suojeisdg
`
`
`
`“B'8)OZEL
`
`‘yoiees
`
`jeoibo7}
`
`iosuoneiedg
`
`salienh
`
`‘dnyoereg
`
`
`
`(‘o}9‘Buripny
`
`WIOLIad
`
`suoyeisdg
`
`
`
`“B-8)O€61
`
`/AyBauU]
`
`dodwe
`
`‘yoeyd
`
`Ayjiqeyeay
`
`
`
`foyqnd‘yae4uD
`
`
`
`‘yooudjai098s
`
`(‘o}8
`
`c
`
`
`
`Ol6LsbeyWxpea3dAsoug
`
`
`
`0061shelTNX
`
`
`
`
`
`
`
`
`
`
`
`
`“Wx‘6-e)Z06)peojAedqIWX
`
`
`
`
`(sayyjospuawbey10sayy
`
`
`
`
`
`ZL6LpeojAedTWXpaydAioug
`
`
`
`
`
`
`
`
`
`
`
`peojAedTNX[2uonIppyjeuondg
`
`
`
`VL6L()jUoNOUNYUOpaseqe}eq
`
`
`
`
`
`
`
`9L6LsbeLTNX[euoHIppyjeuondo
`
`
`
`61‘OW
`
`
`
`Page 20 of81
`
`Netskope Exhibit 1009
`
`Page 20 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 20 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`2000
`
`
`
`
`
`Receive, by a computing devicein a first region of
`
`
`
`
`
`
`control from at least one computing device in a second
`
`
`
`
`
`
`region of control, encrypted XML data including
`
`
`
`
`
`
`
`
`encrypted XML payload data and encrypted XML tags.
`
`
`
`
`
`
`
`The encrypted XML data is formed from encryption of a
`
`
`
`
`
`
`
`
`defined XML data set of the computing device in the
`
`
`
`
`
`second region of control according to searchable
`
`
`
`
`encryption algorithm(s) based on cryptographic key
`
`information.
`
`
`
`subscriber device consistent with the requesting.
`
`
`
`{
`
`2010
`
`
`
`
`
`
`
`
`
`
`Receive, by the computing device in the first region of
`
`
`
`
`
`
`control, auxiliary metadata encrypted based on the
`
`
`
`
`
`
`cryptographic key information, the auxiliary metadata
`
`
`
`
`
`
`
`formed from an analysis of the encrypted XML payload
`
`
`
`
`data or encrypted XML tags.
`
`
`
`|
`
`
`2020
`
`
`
`
`
`
`
`
`
`Receive a request for data including capability(ies)
`
`
`
`
`
`
`based on the cryptographic key information defining
`
`
`
`
`
`
`
`privilege(s) for accessing some of the encrypted XML
`
`
`
`
`
`
`
`payload data or the encrypted XML tags enabling
`
`
`
`
`
`
`selective access to the encrypted XML data as defined
`
`
`
`by the capability(ies).
`
`
`
`
`
`
`
`
`
`
`
`
`Validate that a correct subset of encrypted XML data
`
`
`
`
`
`
`and corresponding XML tag data is received by the
`
`
`
`
`
`
`
`
`FIG.20
`
`Page 21 of 81
`
`Netskope Exhibit 1009
`
`Page 21 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 21 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`2100
`
`
`
`
`
`
`receiving cryptographic key information from a key
`
`
`
`
`
`generation componentthat generates the cryptographic
`
`
`
`
`
`key information based onidentity information
`
`
`
`
`
`
`
`
`
`
`
`
`
`associated with the at least one subscriber device.
`
`2110
`
`
`
`
`
`
`
`
`
`Request a subset of searchably encrypted XML data
`
`
`
`
`
`and corresponding XML tag data by a subscriber device
`
`
`
`
`
`including transmitting the cryptographic key
`
`
`
`
`
`information to a storage provider for the searchably
`
`
`
`
`
`
`
`encrypted XML data and corresponding tag data.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Decrypt the subset of encrypted XML data and
`
`
`
`
`corresponding XML. tag data as allowed by capabilities
`
`
`
`
`
`defined in the cryptographic key information.
`
`
`
`
`
`
`
`
`
`
`Validate that a correct subset of encrypted XML data
`
`
`
`
`
`
`and corresponding XML tag data is received by the
`
`
`
`
`
`
`
`
`subscriber device consistent with the requesting.
`
`
`
`
`
`
`
`
`Verify content of the subset of encrypted XML data and
`
`
`
`
`
`corresponding XML tag data was not deleted or
`
`
`
`
`
`
`modified prior to receiving the subset of encrypted XML
`
`
`
`
`
`data and corresponding XML tag data.
`
`
`
`
`
`
`FIG. 21
`
`Page 22 of 81
`
`Netskope Exhibit 1009
`
`Page 22 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 22 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`2200
`
`
`
`
`
`
`
`
`Encrypt XML data according to searchable encryption
`
`
`
`
`
`
`algorithm(s) to form encrypted XML data including
`
`
`
`
`encrypted XML tag information based on cryptographic
`
`
`
`
`
`
`key information received from a separate key generator
`
`
`
`
`
`
`that generates the cryptographic key information.
`
`
`
`requesting device.
`
`
`
`
`
`
`
`
`
`
`
`
`Transmit the encrypted XML data to a network service
`
`
`
`
`
`
`provider for storage of the encrypted data.
`
`
`
`
`
`
`Encrypted data is selectively accessible according to
`
`
`
`
`
`late binding of selected privileges granted to a
`
`
`
`
`
`requesting device based on identity information of the
`
`
`
`
`
`
`FIG, 22
`
`Page 23 of 81
`
`Netskope Exhibit 1009
`
`Page 23 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 23 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`
`
`
`
`
`Receive request for a subset of searchably encrypted
`
`
`
`
`
`
`
`XML data including encrypted XML tags by a subscriber
`
`device.
`
`2300
`
`the cryptographic key information.
`
`
`
`
`
`
`
`Receive cryptographic key information from a key
`
`
`
`
`
`generation componentthat generates the cryptographic
`
`
`
`
`
`key information based on identity information
`
`
`
`
`
`associated with the subscriber device.
`
`
`
`
`
`
`
`
`
`Decrypt the subset of encrypted XML data as a function
`
`
`
`
`
`
`
`of privileges granted the subscriber device defined in
`
`
`
`
`
`
`
`
`FIG, 23
`
`Page 24 of 81
`
`Netskope Exhibit 1009
`
`Page 24 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 24 of 54
`
`
`
`
`US 2011/0119481 Al
`
`siaquosqns
`
`Ovre
`
`
`
`
`
`UUMOLPzBJeqpeydAiougAjqeysieasg
`
`
`
`DIOSSJEQPols
`
`00rd
`
`OLSAOUpPNYose
`
`$JO}EI}SIUIUPY
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`UdIeIYWaAJo/pueuoHeplyeA
`
`
`
`
`
`(S)8d1A19gYIOMION
`
`0Zrz
`
`SI3UMO
`
`
`
`OSve
`
`
`
`beOl
`
`sioysiiqnd
`
`oerz
`
`Page 25 of 81
`
`Netskope Exhibit 1009
`
`Page 25 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 25 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`
`
`
`
`Authenticate publisher (e.g., publisher logs in with
`
`
`
`
`
`
`username and password, Live ID credentials, etc.)
`
`
`2500
`
`
`
`
`
`
`
`
`
`Generate key information by an independententity.
`
`
`
`
`
`
`
`
`Searchably encrypt set of publisher documents by
`
`
`
`
`
`
`cryptographic technology provider based on the key
`
`information.
`
`
`
`information of a requesting device (subscriber).
`
`
`
`
`
`
`Upload document(s) with capabilities to network service
`
`
`
`
`
`
`
`
`provider, e.g., storage service provider, such that the
`
`
`
`
`
`
`document(s) are selectively accessible with late binding
`
`
`
`
`
`
`of selected privileges granted based on identity
`
`
`
`
`
`
`
`
`
`
`FIG.25
`
`Page 26 of81
`
`Netskope Exhibit 1009
`
`Page 26 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 26 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`2600
`
`
`
`
`
`
`Authenticate subscriber (e.g., subscriber logs in with
`
`
`
`
`
`
`
`
`
`username and password, Live ID credentials, etc.)
`
`
`
`
`
`
`Receive subscriber request for publisher data.
`
`
`
`
`
`
`
`bound capabilities granted by owner/publisher.
`
`
`
`
`
`
`Generate key information based on subscriber request
`
`
`
`
`
`by an independent entity. Optionally encode
`
`
`
`
`capabilities of subscriber in key information.
`
`
`
`
`
`
`
`
`Decrypt subset of publisher data based on capabilities
`
`
`
`
`of the key information.
`
`
`
`
`
`
`
`
`
`
`
`Access subset of publisher data by subscriber, e.g.,
`
`
`
`
`
`
`
`download, view, process, change, etc. based on late
`
`
`
`
`
`
`FIG.26
`
`Page 27 of 81
`
`Netskope Exhibit 1009
`
`Page 27 of 81
`
`Netskope Exhibit 1009
`
`
`
`Patent Application Publication
`
`
`
`
`May 19, 2011 Sheet 27 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`JOUBAISNA
`
`802e
`
`
`
`AvesqryJual|D
`
`
`
`yoléAspeo|uUMOoGg
`
`(4ay}oBoL
`
`
`92272
`
`
`
`dSOejdwexg
`
`BdAIOg
`
`Bunsoy
`
`822e
`
`aque
`
`Joajyeredas
`
`Seuowes
`
`
`
`adIAIagpnoly
`
`
`
`(dS)4apiAoid
`
`0eLe
`
`
`
`
`
`
`
`
`
`aBbeiojs
`
`
`
`
`
`d$Osjdwexg
`Bulsoy|
`Key301088||dioJo/pueD9
`AJ@ANEGWd|Aay10]sajue4aI\I||
`
`4o}ORIyKS;aJeMyos
`PZLZ
`ZZ1z
`
`
`90212SiryJusuidojeasgq
`202UOHEIBUSH)hoe
`soyddyjus (sayjaGoyJ0ayesedag)
`
`LL2zsennugdidajdwexg
`
`
`
`
`
`Buipjingo7dA1y1819uondAisuleaAneulaly
`
`
`
`8LléSxSO01gyLizsenbiuyses
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`0022(Dvd)
`
`(s)aowiojsng
`
`0€2Z
`
`I
`
`
`
`oréz(snas)
`
`siydeiBoydAiy
`
`ABojouyse]
`
`
`
`(dL)J9plAold
`
`OLLZ
`
`l
`
`9112DUDJoyddy
`Bulpooug
`
`
`ZLLzBuipooegpue
`
`Page 28 of81
`
`Netskope Exhibit 1009
`
`Page 28 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 28 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`
`
`
`
`
`
`0282SdSO
`
`
`
`BdIAJ8gpno]D
`
`
`
`
`
` ad1Alegpnoja|
`
`
`
`
`
`BdIA19SpNojD
`
`
`
`
`
`ad1Aagpnoja
`
`
`
`
`
`
`
`
`
`8¢OLA
`
`
`
`
`9192(dSD)4epIAoIg®
`
`
`“$192(d$D)sepinoig®
`
`
`“€EL9Z(dSO)Jeplaoig®
`(>)ayeusues
`|)OreJeUsIiqndCO)
`
`
`svezydAiougGESTSiajaWeIe”
`
`
`6g8z}dAIDaqKayjaioes
`8282ONO8L8zAdio
`uonoe.nsaqy_|2282290|682OND
`
`
`
`0982JBquasqnsaj}eAld
`
`
`
`nh
`plezAono,
`y282OHO
`
`
`
`
`
`
`
`
`
`0fezwiajsAsoog
`
`SGNule}qO
`
`
`
`
`
`0982S91A1sS
`
`
`
`928¢DHD
`
`
`
`
`
`
`S98¢
`
`
`
`
`
`
`
`
`
`
`
`00987sesiudisjuy
`
`082yuoneziuesig
`
`ZL8ZAdllod
`
`
`
`v08équonezuehip
`
`
`
`
`
`
`
`
`90825uonezuebio
`
`
`
`
`
` 91L8¢Adllod
`
`qduonezueiip
`
`8082
`
`Page 29 of 81
`
`Netskope Exhibit 1009
`
`Page 29 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 29 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`
`
`soyjoeds
`
`
`
`
`
`GanaeBesolsajdwis
`
`
`
`v0GZS8IIAIVS
`
` |I
`
`
`
`
`
`206ZSODIAIVSB1eQTOS3101Sonorya}PALid
`
`
`
`7S7
`
`
`
`
`
`
`
`
`
`Zv6ZOv6z
`
`||
`
`Page 30 of81
`
`Netskope Exhibit 1009
`
`4oAsoyisodayyabes0}¢ay)jnoqe
`
`
`
`sjual]Day}wosseojisoday
`
`BDIAIS
`
`8v6~
`
`
`
`BIIAIBS
`
`6¢‘DIA
`
`||
`
`sjaejsqySVSay OLGZ
`
`uolpeisqyebei0j}¢Kay10419U99
`
`9v6Zuonesddyuonesddy
`
`
`SIIAISES0@6ZUOCI}BIEUas
`
`
`
`VG?SIIAIOSyuaydJUSITD
`
`
`
`Z7£6zdo}yseq0¢6zdoyjseq
`
`Page 30 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 30 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`
`
`SavoyisodaySssoioyBjepejayypueBegpojdAusuqBulbueyoxy10jJeuio4eGueyosojuypsepuelseSI41S
`
`
`
`
`
`
`
`
`
`ocoe
`
`
`
`PE0ESOJeAIEg
`
`
`
`Ot“OT
`
`
`
`
`
`gemebelojsajdwis
`
`
`
`POOESESIAI8S
`
`
`
`
`
`
`
`
`uoneziuPbig
`9coeavzZe0eSLS301megobe101gZz0¢Jo}es9UIayHAay
`
`
`
`
`doyyseq
` ||Wuel1Djua!d||||
`
`
`
`zgoedoyyseqoS0e
`
`uonesiddyuonesiddy
`EvOCOPOC
`
`uonoejusqyabesojsAdy10}sa}Uay
`
`
`
`
`
`OL0ESOIAISSOZ0EUOHeiaUaX
`
`Page 31 of 81
`
`Netskope Exhibit 1009
`
`000¢
`
`
`
`
`
`
`
`
`
`
`
`ZOOESODdIAIBSBIEQ1OSaJ0}]SPNO]Dajeauid
`
`
`
`
`
`Page 31 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 31 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`
`
`ZELE(dSD)AOpIAdId
`
`
`
`quoneziuebig (2)
`
`
`
`
`"B'9)OGLEC4sjuaDe}eEq
`
`
`
`
`(AyoulnyIsNiL/9againdag‘B'a)OSLE|1a}Uagejeg
`
`
`(49PIAGIdOFGAID“B'9)OPLEZ4ajueDejeq
`
`
`abei0js(a)pueJajnduisc4—SgLeydAuoug|seuenang_|
`
`ZpLeuonoensqySLLE}a
` sevenseeemeteesseseeeeeseneetnessneenenteesteneseeeesestpeseisena
`SOLEPeIXY
`
`
`GYLeSidjoweie,”
`
`sNgNnduleIGO
`
`
`
`dAisesaquosqns
`
`
`
`OOLESesiiduajuy
`vyuoneziuebio
`
`
`
`
`
`(aapiaoido6el10)s
`
`
`
`BDAIVSPND
`
`
`
`OZLEwiajshsoog
`
`
`
`Ie“Ol
`
`
`
`zereAoyod
`
`
`
`eOLEe
`
`
`
`ZLLEJOAI8S
`
`Bra)
`
`(Ulogaueys
`
`
`
`
`
`
`
`
`
`
`
`
`
`POLE
`
`OLLE
`
`Page 32 of 81
`
`Netskope Exhibit 1009
`
`Page 32 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`vonebyiy1230sseuisngjdnyoegMOJOS3
`
`
`
`
`seoateS|eOIUOAZEzE“B-a)9LZeAuaaoosiqBuyndwo5msn9s10]
`
`
`yioddnsaoueydwo5ancespnol9puessas0idBSPJPAIUDIYooze
`
`
`
`UHESHeS®SdHaan]Aianoosigay6ipsees
`oezeyeze(ddH)||Peed(xoaqizezize
`
`
`
`
`
`
`
`
`BDIAIBSWpsigjQisyje1eSIdIAIISje6e7]pueSOUBULIOLIOgdsddy
`
`
`
`
`
`oveeovzegezejouenxySonAtosBulopuoyySLZESIIAISS
`
`
`
`OLZESODAINSJOUR,OLZEsedtasagpAuedui0og
`
`
`
`
`
`
`
`
`
`06ZEsalBojouysesWuoye}gUMMolosgje16igpaisniljouonesGeuy
`
`
`
`uondAsouyBulAsesaidJ8piO‘(Syaq)eiqeyqiesspuomAsypueUuondAiouyAey-oyqngobi4
`
`
`
`
`
`
`
`seolasasaiudemBodhuyZAZEswiayossiydesBojdAiygajqeysieesjuawajduy!oez|e
`
`
`
`
`
`
`
`
`
`
`
`
`‘(aq})uondAiougpasegAyjuap](ass)uondAsougoujawuAsajqeyoieas‘6'9)lesbid
`(spensqeAsnpulplepuelsYUMspo0oaouUaJajessapnjoul((Sa4qoO)euueyosmonet
`
`
`
`
`
`
`
`
`
`
`
`Ppezesowayoso1ydeiGodA14yjouonlUysagJO]uoljOeNnsgy
`
`
`
`
`
`(218(993)Sapo0oUONDe1090O18‘WiNNBig‘:6'e)
`
`
`
`
`
`
`Uece
`
`
`
`
`
`
`
`
`
`(938‘S._LS‘SINd‘eAlussy/dnyoeg‘einzy‘sas“6's)
`
`
`
`
`
`
`
`
`
`09Z¢Wisjsksooguojeojddysees10}uonoesqy
`
`
`
`
`
`
`
`(938“()ydAusaq‘()j9e13xg‘()}dAoug‘()dnias“6'a)
`
`Patent Application Publication
`
`May 19, 2011 Sheet 32 of 54
`
`US 2011/0119481 Al
`
`ctOTA
`
`
`
`
`
`
`
`
`
`98zeSaueIqiy]a1YydeiBoydAInYew
`
`
`
`
`
`jey6iq
`
`
`
`pojsniy
`
`Page 33 of 81
`
`Netskope Exhibit 1009
`
`Page 33 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 33 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`3300
`
`
`
`
`
`
`
`
`
`Authenticate User (e.g., user logs in with
`
`
`
`
`username and password or Live ID credentials,
`
`etc.)
`
`
`
`
`
`
`
`
`
`Upload document(s) and enter tags.
`
`
`
`Service to send blob to Storage Service.
`
`
`
`
`
`
`Client Sends Tags to Escrow Agent and
`
`
`
`
`Receives Hashed Tags in Response.
`
`
`
`
`
`
`
`
`
`
`Client encrypts document(s) and sends
`
`
`
`
`document(s) with capabilities to Digital Safe
`
`
`
`Service (e.g., DBox).
`
`
`
`
`
`
`
`
`Digital Safe Service interfaces with Storage
`
`
`
`
`
`
`
`
`
`FIG.33
`
`
`Page 34 of 81
`
`Netskope Exhibit 1009
`
`Page 34 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 34 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`3400
`
`
`
`
`
`
`
`
`
`Authenticate User (e.g., user logs in with
`
`
`
`
`username and password or Live ID credentials,
`
`etc.)
`
`
`
`
`
`
`
`
`Client Sends Tags to Escrow Agent and
`
`
`
`
`Receives Hashed Tags in Response.
`
`
`
`Storage Service.
`
`
`
`
`
`
`Client Sends Hashed Tagsto Digital Safe
`
`
`
`Service (e.g., DBox).
`
`
`
`
`
`
`
`
`
`
`
`Digital Safe Service Sends Search Requestto
`
`
`
`
`FIG. 34
`
`Page 35 of 81
`
`Netskope Exhibit 1009
`
`Page 35 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`Patent Application Publication
`
`
`
`
`
`
`May 19, 2011 Sheet 35 of 54
`
`
`
`
`US 2011/0119481 Al
`
`(ZAND—NOA—SAD“*6°a)
`
`
`
`((zhlodga-$49“B'a)>
`
`
`
`PZSEadIAlagBIE
`
`eeesé‘Old
`
`
`
`
`
`
`
`a31AIASpnolD
`
`
`
`
`
`OZSE(dSD)4eplAoig
`
`
`
`
`
`
`
`Aioysodaypaieys
`
`
`
`
`
`Quiogaueyg“6e)oLGe
`
`aydeiBoydéug
`
`
`
`dapiaoigABojouysel
`
`(did)
`
` O1se
`||L
`
`
`
`
`ZZGEBdIAJaSuoleNSqyaBe10]S
`
`
`
`
`
`
`
`dopsag
`
`“B’8)AAS“Sng
`
`OSS
`
`
`
`opse(jauHUES
`
`
`
`
`
`
`
`
`
`00S¢(DYNO)uoHessuag
`
`
`
`Ady10]10]U904
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`(LAND—NOS—SAD“Bra)zogesaAeQMO
`
`
`
`
`
`
`
`
`
`uayo,Ayinoas
`
`
`
`OEGESIIAIES
`
`
`
`Page 36 of81
`
`Netskope Exhibit 1009
`
`Page 36 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 36 of 54
`
`
`
`
`US 2011/0119481 Al
`
`3600
`
`
`
`
`
`
`interact with Application/Generate Requests.
`
`
`
`Provider (CSP), e.g., for executing Searches.
`
`
`
`
`
`
`
`
`
`
`
`Application Communicates with security token
`
`
`
`
`
`
`service (STS), e.g., for obtaining Claims.
`
`
`
`
`
`
`
`
`
`
`
`Application Communicates with Center for Key
`
`
`
`
`
`Generation, e.g., for obtaining Trapdoors.
`
`
`
`
`
`
`
`
`
`Application Communicates with Cloud Services
`
`
`
`
`
`
`
`
`
`
`FIG.36
`
`Page 37 of81
`
`Netskope Exhibit 1009
`
`Page 37 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 37 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`3700
`
`
`
`
`
`
`
`Receive Useridentification Information (e.g.
`
`
`
`infoCard information) by Application.
`
`
`
`
`
`the privileges and/orrestrictions of a given User.
`
`
`
`
`
`
`Application Obtains Relevant Claims from STS.
`
`
`
`
`
`
`
`
`
`Application Presents Role-Specific User
`
`
`
`
`Experience, i.e., an experience commensurate with
`
`
`
`
`
`
`
`
`
`
`FIG. 37
`
`Page 38 of81
`
`Netskope Exhibit 1009
`
`Page 38 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 38 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`3800
`
`
`
`
`
`
`
`
`
`Record (e.g., document) and Keywords Received by
`
`Application.
`
`Repository.
`
`
`
`
`
`
`
`
`Application Obtains master public key (MPK) and
`
`
`
`
`
`Applies Public-Key Encryption Keyword Searchable
`
`
`
`
`
`(PEKS) scheme. MPK can be Cached by Application.
`
`
`
`
`
`
`
`
`Application enters Encrypted Record into CSP
`
`
`
`
`
`FIG.38
`
`Page 39 of 81
`
`Netskope Exhibit 1009
`
`Page 39 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 39 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`3900
`
`
`
`
`
`Conjunctive Query Received or Initiated by
`
`Application.
`
`3910
`
`
`
`
`
`
`
`
`Application Obtains Relevant Claims from STS.
`
`
`
`
`
`
`
`For instance, the STS maps user Role to
`
`
`
`
`
`
`appropriate Query Groups and returns the Legal
`
`
`
`
`
`
`
`
`
`
`
`Query Set for the Given Role.
`to the Application (or Rejection of Claims).
`custom rendering based on User Role.
`
`
`
`
`
`
`
`3920
`
`
`
`
`
`
`Application Submits Filtered Claim and Query.
`
`
`
`
`
`
`Claim(s) that Correspond to the Query can be
`
`
`
`
`
`efficiently submitted, rather than all Claim(s).
`
`
`
`
`
`Optionally, the CKG Returns Trapdoor Claim(s)
`
`
`
`
`
`
`
`
`
`3930
`
`
`
`
`Application executes Trapdoor Claims on
`
`
`
`
`
`
`Remote Indices. Results are received and Can
`
`
`
`
`
`be Rendered by Application to User, e.g.,
`
`
`
`
`
`
`
`
`
`
`
`FIG.39
`
`Page 40 of81
`
`Netskope Exhibit 1009
`
`Page 40 of 81
`
`Netskope Exhibit 1009
`
`
`
`
`
`
`
`
`
`Patent Application Publication May 19,2011 Sheet 40 of 54
`
`
`
`
`US 2011/0119481 Al
`
`
`
`
`
`
`
`
`The STS of Enterprise2 is Resource Provider.
`
`
`
`
`
`
`For instance, Application Obtains Claims for
`
`
`
`
`
`Resource Access from Resource Provider.
`
`4000
`
`
`
`from Identity Provider.
`
`
`
`
`
`
`
`
`The STS of Enterprise is Identity Provider. For
`
`
`
`
`
`instance, Application Obtains Claims for Roles
`
`
`
`
`
`
`
`
`Claims Retrieved based on
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
