Secure cloud-based shared content

US 10,013,431 B2
Filed: 04/27/2016
Issued: 07/03/2018
Est. Priority Date: 04/29/2015
Status: Active Grant

First Claim

Patent Images

1. A method for deduplication of a shared object in a cloud-based environment having with one or more storage devices that store one or more files that are accessible by two or more entities, the method comprising:

generating a content-based encryption key for a shared object, wherein the content-based encryption key is derived from the shared object;

encrypting the shared object using the content-based encryption key to generate a content-based encrypted file;

storing the content-based encrypted file at a cloud-based storage system at least once;

storing at least one of, a first enterprise key, the content-based encryption key, or a first enterprise-based encryption key, in object metadata, wherein the content-based encryption key is produced by decrypting the first enterprise-based encrypted key based at least in part on a first enterprise key corresponding to a first entity, wherein an unencrypted file is produced by decrypting the content-based encrypted file based at least in part on the content-based encryption key;

provisioning file access by at least a second entity to the shared object, the file access characterized at least in part by an association between a second enterprise key and the shared object, the second enterprise key for the second entity being different than the first enterprise key for the first entity;

encrypting, based at least in part on the second enterprise key, the content-based encryption key to produce a second enterprise-based encrypted key, the second enterprise-based encrypted key corresponding to the second entity being different than the first enterprise-based encrypted key corresponding to the first entity; and

performing deduplication of the content-based encrypted file across multiple entities that perform encryption, wherein the deduplication is performed based on at least one of, an intra-enterprise deduplicate directive, or an inter-enterprise deduplicate directive.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems for managing content in a cloud-based service platform. Procedures for deduplication of a shared object in a cloud-based environment having one or more storage devices that store one or more files that are accessible by two or more entities. A computer-implemented method commences by generating a content-based encryption key for a shared object wherein the key is derived from one of the shared objects. The shared object is encrypted using the content-based encryption key to generate a content-based encrypted file. The content-based encrypted file is stored in a cloud-based storage system. A second or Nth entity and/or any number of users from the respective entities can upload the same file for shared storage, and before storing the same file for shared storage, a server in the cloud-based storage environment performs deduplication of the encrypted file across multiple entities by applying an intra-enterprise deduplicate directive or an inter-enterprise deduplicate directive.

Citations

18 Claims

1. A method for deduplication of a shared object in a cloud-based environment having with one or more storage devices that store one or more files that are accessible by two or more entities, the method comprising:
- generating a content-based encryption key for a shared object, wherein the content-based encryption key is derived from the shared object;
  
  encrypting the shared object using the content-based encryption key to generate a content-based encrypted file;
  
  storing the content-based encrypted file at a cloud-based storage system at least once;
  
  storing at least one of, a first enterprise key, the content-based encryption key, or a first enterprise-based encryption key, in object metadata, wherein the content-based encryption key is produced by decrypting the first enterprise-based encrypted key based at least in part on a first enterprise key corresponding to a first entity, wherein an unencrypted file is produced by decrypting the content-based encrypted file based at least in part on the content-based encryption key;
  
  provisioning file access by at least a second entity to the shared object, the file access characterized at least in part by an association between a second enterprise key and the shared object, the second enterprise key for the second entity being different than the first enterprise key for the first entity;
  
  encrypting, based at least in part on the second enterprise key, the content-based encryption key to produce a second enterprise-based encrypted key, the second enterprise-based encrypted key corresponding to the second entity being different than the first enterprise-based encrypted key corresponding to the first entity; and
  
  performing deduplication of the content-based encrypted file across multiple entities that perform encryption, wherein the deduplication is performed based on at least one of, an intra-enterprise deduplicate directive, or an inter-enterprise deduplicate directive.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further receiving a designation from an enterprise to two or more entities for access to sets of the files within the cloud-based environment wherein a first set of files are allocated to a first entity and wherein a second set of files are allocated to a second entity.
  - 3. The method of claim 2, further comprising receiving an encrypted subject file to be added to the first set of the files that are allocated to the first entity.
  - 4. The method of claim 1, further comprising:
    - determining at least one deduplication directive; and
      
      storing, based at least in part on the deduplication directive, the content-based encrypted file.
  - 5. The method of claim 4, wherein at least one of, the intra-enterprise deduplicate directive, or the inter-enterprise deduplicate directive is accessed from metadata pertaining to a respective entity.
  - 6. The method of claim 1, wherein the content-based encryption key is a same content-based encryption key used by the first entity and the second entity to perform encryption on the shared object.
  - 7. The method of claim 1, further comprising:
    - receiving a collaboration invitation acceptance from at least one invitee from the multiple entities.
  - 8. The method of claim 7, further comprising storing the second enterprise-based encrypted key in object metadata.
  - 9. The method of claim 1, further comprising delivering, over a network, a virtual file system module to one or more user devices associated with the two or more entities to access one or more of the files, wherein the virtual file system module performs at least one act of the method.

10. A computer readable medium, embodied in a non-transitory computer readable medium, the non-transitory computer readable medium having stored thereon a sequence of instructions which, when stored in memory and executed by a processor causes the processor to perform a set of acts for deduplication of a shared object in a cloud-based environment having with one or more storage devices that store one or more files that are accessible by two or more entities, the acts comprising:
- generating a content-based encryption key for a shared object, wherein the content-based encryption key is derived from the shared object;
  
  encrypting the shared object using the content-based encryption key to generate a content-based encrypted file;
  
  storing the content-based encrypted file at a cloud-based storage system at least once;
  
  storing at least one of, a first enterprise key, the content-based encryption key, or a first enterprise-based encryption key, in object metadata, wherein the content-based encryption key is produced by decrypting the first enterprise-based encrypted key based at least in part on a first enterprise key corresponding to a first entity, wherein an unencrypted file is produced by decrypting the content-based encrypted file based at least in part on the content-based encryption key;
  
  provisioning file access by at least a second entity to the shared object, the file access characterized at least in part by an association between a second enterprise key and the shared object, the second enterprise key for the second entity being different than the first enterprise key for the first entity;
  
  encrypting, based at least in part on the second enterprise key, the content-based encryption key to produce a second enterprise-based encrypted key, the second enterprise-based encrypted key corresponding to the second entity being different than the first enterprise-based encrypted key corresponding to the first entity; and
  
  performing deduplication of the content-based encrypted file across multiple entities that perform encryption, wherein the deduplication is performed based on at least one of, an intra-enterprise deduplicate directive, or an inter-enterprise deduplicate directive.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The computer readable medium of claim 10, further receiving a designation from an enterprise to two or more entities for access to sets of the files within the cloud-based environment wherein a first set of files are allocated to a first entity and wherein a second set of files are allocated to a second entity.
  - 12. The computer readable medium of claim 11, further comprising instructions which, when stored in memory and executed by the processor causes the processor to perform acts of receiving an encrypted subject file to be added to the first set of the files that are allocated to the first entity.
  - 13. The computer readable medium of claim 10, further comprising instructions which, when stored in memory and executed by the processor causes the processor to perform acts of:
    - determining at least one deduplication directive; and
      
      storing, based at least in part on the deduplication directive, the content-based encrypted file.
  - 14. The computer readable medium of claim 13, wherein at least one of, the intra-enterprise deduplicate directive, or the inter-enterprise deduplicate directive is accessed from metadata pertaining to a respective entity.
  - 15. The computer readable medium of claim 10, wherein the content-based encryption key is a same content-based encryption key used by the first entity and the second entity to perform encryption on the shared object.
  - 16. The computer readable medium of claim 10, further comprising instructions which, when stored in memory and executed by the processor causes the processor to perform acts of:
    - receiving a collaboration invitation acceptance from at least one invitee from the multiple entities.

17. A system for accessing a shared object in a cloud-based environment having one or more storage devices that store one or more files that are accessible by two or more entities, the system comprising:
- a processor to execute a set of program code instructions,a memory to hold the program code instructions, in which the program code instructions comprises program code to perform;
  
  generating a content-based encryption key for a shared object, wherein the content-based encryption key is derived from the shared object;
  
  encrypting the shared object using the content-based encryption key to generate a content-based encrypted file;
  
  storing the content-based encrypted file at a cloud-based storage system at least once;
  
  storing at least one of, a first enterprise key, the content-based encryption key, or a first enterprise-based encryption key, in object metadata, wherein the content-based encryption key is produced by decrypting the first enterprise-based encrypted key based at least in part on a first enterprise key corresponding to a first entity, wherein an unencrypted file is produced by decrypting the content-based encrypted file based at least in part on the content-based encryption key;
  
  provisioning file access by at least a second entity to the shared object, the file access characterized at least in part by an association between a second enterprise key and the shared object, the second enterprise key for the second entity being different than the first enterprise key for the first entity;
  
  encrypting, based at least in part on the second enterprise key, the content-based encryption key to produce a second enterprise-based encrypted key, the second enterprise-based encrypted key corresponding to the second entity being different than the first enterprise-based encrypted key corresponding to the first entity; and
  
  performing deduplication of the content-based encrypted file across multiple entities that perform encryption, wherein the deduplication is performed based on at least one of, an intra-enterprise deduplicate directive, or an inter-enterprise deduplicate directive.
- View Dependent Claims (18)
- - 18. The system of claim 17, further receiving a designation from an enterprise to two or more entities for access to sets of the files within the cloud-based environment wherein a first set of files are allocated to a first entity and wherein a second set of files are allocated to a second entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Box Incorporated
Original Assignee
Box Incorporated
Inventors
Luthra, Tanooj, Malhotra, Ritik
Primary Examiner(s)
Mehrmanesh, Amir

Application Number

US15/140,330
Publication Number

US 20160321290A1
Time in Patent Office

797 Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/0891   using clearing, invalidatin...

G06F 12/1081   for peripheral access to ma...

G06F 12/122   of the least frequently use...

G06F 16/113   Details of archiving lifecy...

G06F 16/172   Caching, prefetching or hoa...

G06F 16/1727   Details of free space manag...

G06F 16/1748   De-duplication implemented ...

G06F 16/1774   Locking methods, e.g. locki...

G06F 16/182   Distributed file systems

G06F 16/183   Provision of network file s...

G06F 16/185   Hierarchical storage manage...

G06F 16/188   Virtual file systems

G06F 16/196   Specific adaptations of the...

G06F 16/22   Indexing; Data structures t...

G06F 16/23   Updating

G06F 16/2443   Stored procedures

G06F 16/9574   of access to content, e.g. ...

G06F 2212/1016   Performance improvement

G06F 2212/1044   Space efficiency improvement

G06F 2212/154   Networked environment

G06F 2212/463 : File

G06F 2212/60 : Details of cache memory

G06F 2212/657 : Virtual address space manag...

G06F 9/46 : Multiprogramming arrangements

H04L 63/0428 : wherein the data content is...

H04L 65/70 : Media network packetisation

H04L 65/762 : at the source reformatting...

H04L 65/80 : Responding to QoS

H04L 67/06 : specially adapted for file ...

H04L 67/1097 : for distributed storage of ...

H04L 67/34 : involving the movement of s...

H04N 19/40 : using video transcoding, i....

View All

Secure cloud-based shared content

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Secure cloud-based shared content

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links