US 12,113,916 B2
Method and apparatus for hardware based file/document expiry timer enforcement
Hormuzd M. Khosravi, Portland, OR (US); Alex Nayshtut, Gan Yavne (IL); and Igor Muttik, Aylesbury (GB)
Assigned to McAfee, LLC, San Jose, CA (US)
Filed by McAfee, LLC, San Jose, CA (US)
Filed on Sep. 27, 2021, as Appl. No. 17/486,613.
Application 17/486,613 is a continuation of application No. 16/776,258, filed on Jan. 29, 2020, granted, now 11,133,941.
Application 16/776,258 is a continuation of application No. 14/757,600, filed on Dec. 23, 2015, granted, now 10,581,617, issued on Mar. 3, 2020.
Prior Publication US 2022/0086013 A1, Mar. 17, 2022
Int. Cl. H04L 9/32 (2006.01); G06F 21/62 (2013.01); H04L 9/40 (2022.01); H04L 67/1097 (2022.01)
CPC H04L 9/3263 (2013.01) [G06F 21/6209 (2013.01); H04L 63/0435 (2013.01); H04L 63/068 (2013.01); G06F 2221/2137 (2013.01); H04L 63/0823 (2013.01); H04L 63/108 (2013.01); H04L 67/1097 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A network device comprising:
interface circuitry;
instructions; and
processor circuitry to execute the instructions to:
set a policy according to which a trusted execution environment of a first remote device, different from the network device, is to determine expiry information when generating an encryption key;
after the first remote device has generated the encryption key, cause storage of a certificate obtained from the first remote device, the certificate including the expiry information determined at the first remote device in accordance with the policy, the encryption key associated with a file, the expiry information indicative of a period for which the encryption key is valid to decrypt the file, the certificate identifiable by a file identifier (ID) associated with at least one of the file, the expiry information, or the encryption key; and
in response to a request for the certificate that includes the file ID, cause transmission of the certificate to a second remote device.