×

Secure cloud-based shared content

  • US 10,013,431 B2
  • Filed: 04/27/2016
  • Issued: 07/03/2018
  • Est. Priority Date: 04/29/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method for deduplication of a shared object in a cloud-based environment having with one or more storage devices that store one or more files that are accessible by two or more entities, the method comprising:

  • generating a content-based encryption key for a shared object, wherein the content-based encryption key is derived from the shared object;

    encrypting the shared object using the content-based encryption key to generate a content-based encrypted file;

    storing the content-based encrypted file at a cloud-based storage system at least once;

    storing at least one of, a first enterprise key, the content-based encryption key, or a first enterprise-based encryption key, in object metadata, wherein the content-based encryption key is produced by decrypting the first enterprise-based encrypted key based at least in part on a first enterprise key corresponding to a first entity, wherein an unencrypted file is produced by decrypting the content-based encrypted file based at least in part on the content-based encryption key;

    provisioning file access by at least a second entity to the shared object, the file access characterized at least in part by an association between a second enterprise key and the shared object, the second enterprise key for the second entity being different than the first enterprise key for the first entity;

    encrypting, based at least in part on the second enterprise key, the content-based encryption key to produce a second enterprise-based encrypted key, the second enterprise-based encrypted key corresponding to the second entity being different than the first enterprise-based encrypted key corresponding to the first entity; and

    performing deduplication of the content-based encrypted file across multiple entities that perform encryption, wherein the deduplication is performed based on at least one of, an intra-enterprise deduplicate directive, or an inter-enterprise deduplicate directive.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×