Secure cloud-based shared content
First Claim
1. A method for deduplication of a shared object in a cloud-based environment having with one or more storage devices that store one or more files that are accessible by two or more entities, the method comprising:
- generating a content-based encryption key for a shared object, wherein the content-based encryption key is derived from the shared object;
encrypting the shared object using the content-based encryption key to generate a content-based encrypted file;
storing the content-based encrypted file at a cloud-based storage system at least once;
storing at least one of, a first enterprise key, the content-based encryption key, or a first enterprise-based encryption key, in object metadata, wherein the content-based encryption key is produced by decrypting the first enterprise-based encrypted key based at least in part on a first enterprise key corresponding to a first entity, wherein an unencrypted file is produced by decrypting the content-based encrypted file based at least in part on the content-based encryption key;
provisioning file access by at least a second entity to the shared object, the file access characterized at least in part by an association between a second enterprise key and the shared object, the second enterprise key for the second entity being different than the first enterprise key for the first entity;
encrypting, based at least in part on the second enterprise key, the content-based encryption key to produce a second enterprise-based encrypted key, the second enterprise-based encrypted key corresponding to the second entity being different than the first enterprise-based encrypted key corresponding to the first entity; and
performing deduplication of the content-based encrypted file across multiple entities that perform encryption, wherein the deduplication is performed based on at least one of, an intra-enterprise deduplicate directive, or an inter-enterprise deduplicate directive.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems for managing content in a cloud-based service platform. Procedures for deduplication of a shared object in a cloud-based environment having one or more storage devices that store one or more files that are accessible by two or more entities. A computer-implemented method commences by generating a content-based encryption key for a shared object wherein the key is derived from one of the shared objects. The shared object is encrypted using the content-based encryption key to generate a content-based encrypted file. The content-based encrypted file is stored in a cloud-based storage system. A second or Nth entity and/or any number of users from the respective entities can upload the same file for shared storage, and before storing the same file for shared storage, a server in the cloud-based storage environment performs deduplication of the encrypted file across multiple entities by applying an intra-enterprise deduplicate directive or an inter-enterprise deduplicate directive.
-
Citations
18 Claims
-
1. A method for deduplication of a shared object in a cloud-based environment having with one or more storage devices that store one or more files that are accessible by two or more entities, the method comprising:
-
generating a content-based encryption key for a shared object, wherein the content-based encryption key is derived from the shared object; encrypting the shared object using the content-based encryption key to generate a content-based encrypted file; storing the content-based encrypted file at a cloud-based storage system at least once; storing at least one of, a first enterprise key, the content-based encryption key, or a first enterprise-based encryption key, in object metadata, wherein the content-based encryption key is produced by decrypting the first enterprise-based encrypted key based at least in part on a first enterprise key corresponding to a first entity, wherein an unencrypted file is produced by decrypting the content-based encrypted file based at least in part on the content-based encryption key; provisioning file access by at least a second entity to the shared object, the file access characterized at least in part by an association between a second enterprise key and the shared object, the second enterprise key for the second entity being different than the first enterprise key for the first entity; encrypting, based at least in part on the second enterprise key, the content-based encryption key to produce a second enterprise-based encrypted key, the second enterprise-based encrypted key corresponding to the second entity being different than the first enterprise-based encrypted key corresponding to the first entity; and performing deduplication of the content-based encrypted file across multiple entities that perform encryption, wherein the deduplication is performed based on at least one of, an intra-enterprise deduplicate directive, or an inter-enterprise deduplicate directive. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer readable medium, embodied in a non-transitory computer readable medium, the non-transitory computer readable medium having stored thereon a sequence of instructions which, when stored in memory and executed by a processor causes the processor to perform a set of acts for deduplication of a shared object in a cloud-based environment having with one or more storage devices that store one or more files that are accessible by two or more entities, the acts comprising:
-
generating a content-based encryption key for a shared object, wherein the content-based encryption key is derived from the shared object; encrypting the shared object using the content-based encryption key to generate a content-based encrypted file; storing the content-based encrypted file at a cloud-based storage system at least once; storing at least one of, a first enterprise key, the content-based encryption key, or a first enterprise-based encryption key, in object metadata, wherein the content-based encryption key is produced by decrypting the first enterprise-based encrypted key based at least in part on a first enterprise key corresponding to a first entity, wherein an unencrypted file is produced by decrypting the content-based encrypted file based at least in part on the content-based encryption key; provisioning file access by at least a second entity to the shared object, the file access characterized at least in part by an association between a second enterprise key and the shared object, the second enterprise key for the second entity being different than the first enterprise key for the first entity; encrypting, based at least in part on the second enterprise key, the content-based encryption key to produce a second enterprise-based encrypted key, the second enterprise-based encrypted key corresponding to the second entity being different than the first enterprise-based encrypted key corresponding to the first entity; and performing deduplication of the content-based encrypted file across multiple entities that perform encryption, wherein the deduplication is performed based on at least one of, an intra-enterprise deduplicate directive, or an inter-enterprise deduplicate directive. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A system for accessing a shared object in a cloud-based environment having one or more storage devices that store one or more files that are accessible by two or more entities, the system comprising:
-
a processor to execute a set of program code instructions, a memory to hold the program code instructions, in which the program code instructions comprises program code to perform; generating a content-based encryption key for a shared object, wherein the content-based encryption key is derived from the shared object; encrypting the shared object using the content-based encryption key to generate a content-based encrypted file; storing the content-based encrypted file at a cloud-based storage system at least once; storing at least one of, a first enterprise key, the content-based encryption key, or a first enterprise-based encryption key, in object metadata, wherein the content-based encryption key is produced by decrypting the first enterprise-based encrypted key based at least in part on a first enterprise key corresponding to a first entity, wherein an unencrypted file is produced by decrypting the content-based encrypted file based at least in part on the content-based encryption key; provisioning file access by at least a second entity to the shared object, the file access characterized at least in part by an association between a second enterprise key and the shared object, the second enterprise key for the second entity being different than the first enterprise key for the first entity; encrypting, based at least in part on the second enterprise key, the content-based encryption key to produce a second enterprise-based encrypted key, the second enterprise-based encrypted key corresponding to the second entity being different than the first enterprise-based encrypted key corresponding to the first entity; and performing deduplication of the content-based encrypted file across multiple entities that perform encryption, wherein the deduplication is performed based on at least one of, an intra-enterprise deduplicate directive, or an inter-enterprise deduplicate directive. - View Dependent Claims (18)
-
Specification