Secure cloud-based shared content
First Claim
1. A method for:
- identifying a cloud-based environment, the cloud-based environment comprising at least a storage device storing a content object accessible by two or more users over a network;
performing, for a first user from a first enterprise, a content-based encryption that generates a first copy of an encrypted file by encrypting the content object with a content-based encryption key, wherein the content-based encryption key is encrypted by a first enterprise-based encryption key;
storing the first copy of the encrypted file at a cloud-based environment;
performing, for a second user from a second enterprise, the content-based encryption that generates a second copy of the encrypted file by encrypting the content object with the content-based encryption key, wherein the content-based encryption key is encrypted by a second enterprise-based encryption key that is different from the first enterprise-based encryption key;
storing the second copy of the encrypted file at a cloud-based environment; and
performing deduplication of the content object across multiple users that perform encryption, wherein the deduplication is performed based at least in part on at least one of, an intra-enterprise deduplicate directive, or an inter-enterprise deduplicate directive, wherein the at least one of the intra-enterprise deduplicate directive or the inter-enterprise deduplicate directive is accessed from metadata pertaining to a respective entity, wherein at least one deduplication directive is determined and the encrypted file is stored based at least in part on the at least one deduplication directive.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems for managing content in a cloud-based service platform. Procedures for deduplication of a shared object in a cloud-based environment having one or more storage devices that store one or more files that are accessible by two or more entities. A computer-implemented method commences by generating a content-based encryption key for a shared object wherein the key is derived from one of the shared objects. The shared object is encrypted using the content-based encryption key to generate a content-based encrypted file. The content-based encrypted file is stored in a cloud-based storage system. A second or Nth entity and/or any number of users from the respective entities can upload the same file for shared storage, and before storing the same file for shared storage, a server in the cloud-based storage environment performs deduplication of the encrypted file across multiple entities by applying an intra-enterprise deduplicate directive or an inter-enterprise deduplicate directive.
-
Citations
16 Claims
-
1. A method for:
-
identifying a cloud-based environment, the cloud-based environment comprising at least a storage device storing a content object accessible by two or more users over a network; performing, for a first user from a first enterprise, a content-based encryption that generates a first copy of an encrypted file by encrypting the content object with a content-based encryption key, wherein the content-based encryption key is encrypted by a first enterprise-based encryption key; storing the first copy of the encrypted file at a cloud-based environment; performing, for a second user from a second enterprise, the content-based encryption that generates a second copy of the encrypted file by encrypting the content object with the content-based encryption key, wherein the content-based encryption key is encrypted by a second enterprise-based encryption key that is different from the first enterprise-based encryption key; storing the second copy of the encrypted file at a cloud-based environment; and performing deduplication of the content object across multiple users that perform encryption, wherein the deduplication is performed based at least in part on at least one of, an intra-enterprise deduplicate directive, or an inter-enterprise deduplicate directive, wherein the at least one of the intra-enterprise deduplicate directive or the inter-enterprise deduplicate directive is accessed from metadata pertaining to a respective entity, wherein at least one deduplication directive is determined and the encrypted file is stored based at least in part on the at least one deduplication directive. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer readable medium, embodied in a non-transitory computer readable medium, the non-transitory computer readable medium having stored thereon a sequence of instructions which, when stored in memory and executed by a processor causes the processor to perform a set of acts for deduplication of a shared object in a cloud-based environment having with one or more storage devices that store one or more files that are accessible by two or more entities, the acts comprising:
-
identifying a cloud-based environment, the cloud-based environment comprising at least a storage device storing a content object accessible by two or more users over a network; performing, for a first user from a first enterprise, a content-based encryption that generates a first copy of an encrypted file by encrypting the content object with a content-based encryption key, wherein the content-based encryption key is encrypted by a first enterprise-based encryption key; storing the first copy of the encrypted file at a cloud-based environment; performing, for a second user from a second enterprise, the content-based encryption that generates a second copy of the encrypted file by encrypting the content object with the content-based encryption key, wherein the content-based encryption key is encrypted by a second enterprise-based encryption key that is different from the first enterprise-based encryption key; storing the second copy of the encrypted file at a cloud-based environment; and performing deduplication of the content object across multiple users that perform encryption, wherein the deduplication is performed based at least in part on at least one of, an intra-enterprise deduplicate directive, or an inter-enterprise deduplicate directive, wherein the at least one of the intra-enterprise deduplicate directive or the inter-enterprise deduplicate directive is accessed from metadata pertaining to a respective entity, wherein at least one deduplication directive is determined and the encrypted file is stored based at least in part on the at least one deduplication directive. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system for accessing a shared object in a cloud-based environment having one or more storage devices that store one or more files that are accessible by two or more entities, the system comprising:
-
a storage medium having stored thereon a sequence of instructions; and a processor or processors that execute the instructions to cause the processor or processors to perform a set of acts, the acts comprising, identifying a cloud-based environment, the cloud-based environment comprising at least a storage device storing a content object accessible by two or more users over a network; performing, for a first user from a first enterprise, a content-based encryption that generates a first copy of an encrypted file by encrypting the content object with a content-based encryption key, wherein the content-based encryption key is encrypted by a first enterprise-based encryption key; storing the first copy of the encrypted file at a cloud-based environment; performing, for a second user from a second enterprise, the content-based encryption that generates a second copy of the encrypted file by encrypting the content object with the content-based encryption key, wherein the content-based encryption key is encrypted by a second enterprise-based encryption key that is different from the first enterprise-based encryption key; storing the second copy of the encrypted file at a cloud-based environment; and performing deduplication of the content object across multiple users that perform encryption, wherein the deduplication is performed based at least in part on at least one of, an intra-enterprise deduplicate directive, or an inter-enterprise deduplicate directive, wherein the at least one of the intra-enterprise deduplicate directive or the inter-enterprise deduplicate directive is accessed from metadata pertaining to a respective entity, wherein at least one deduplication directive is determined and the encrypted file is stored based at least in part on the at least one deduplication directive. - View Dependent Claims (16)
-
Specification