Cloud file system
First Claim
1. A non-transitory tangible machine-readable medium that provides instructions that, when executed by a processor of a client device, cause the processor to perform operations for saving a file to a cloud file system, wherein the cloud file system resides, at least partially, in a cloud storage system, the operations comprising:
- splitting the file into a plurality of chunks;
for each of the plurality of chunks, performing the following;
generating an encryption key based on data with that chunk,encrypting that chunk using the generated encryption key,generating a chunk identifier based on data within the encrypted chunk,including the encryption key and the chunk identifier in a file manifest,determining whether the cloud storage system includes the encrypted chunk, andtransmitting the encrypted chunk and chunk identifier to the cloud storage system only if it is determined that the cloud storage system does not contain the encrypted chunk;
wherein the file manifest includes a list of the encryption keys and corresponding chunk identifiers for the plurality of chunks;
generating a file manifest encryption key based on the data within the file manifest;
encrypting the file manifest using the file manifest encryption key;
generating a file manifest identifier based on data within the encrypted file manifest;
determining that the cloud storage system does not include the encrypted file manifest; and
transmitting the encrypted file manifest and the file manifest identifier to the cloud storage system responsive to the determining that the cloud storage system does not include the encrypted file manifest.
0 Assignments
0 Petitions
Accused Products
Abstract
A cloud storage system supporting user agnostic encryption and deduplication of encrypted files is described. Further the cloud storage system enables users to share a file, a group of files, or an entire file system with other users without a user sending each file to the other users. The cloud storage system further allows a client device to minimize the utilization of bandwidth by determining whether the encrypted data to transfer is already present in the cloud storage system. Further the cloud storage system comprises mechanisms for a client device to inform the cloud storage system of which data is likely to be required in the future so that the cloud storage system can make that data available with less latency one the client device requests the data.
5 Citations
19 Claims
-
1. A non-transitory tangible machine-readable medium that provides instructions that, when executed by a processor of a client device, cause the processor to perform operations for saving a file to a cloud file system, wherein the cloud file system resides, at least partially, in a cloud storage system, the operations comprising:
-
splitting the file into a plurality of chunks; for each of the plurality of chunks, performing the following; generating an encryption key based on data with that chunk, encrypting that chunk using the generated encryption key, generating a chunk identifier based on data within the encrypted chunk, including the encryption key and the chunk identifier in a file manifest, determining whether the cloud storage system includes the encrypted chunk, and transmitting the encrypted chunk and chunk identifier to the cloud storage system only if it is determined that the cloud storage system does not contain the encrypted chunk; wherein the file manifest includes a list of the encryption keys and corresponding chunk identifiers for the plurality of chunks; generating a file manifest encryption key based on the data within the file manifest; encrypting the file manifest using the file manifest encryption key; generating a file manifest identifier based on data within the encrypted file manifest; determining that the cloud storage system does not include the encrypted file manifest; and transmitting the encrypted file manifest and the file manifest identifier to the cloud storage system responsive to the determining that the cloud storage system does not include the encrypted file manifest. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory tangible machine-readable medium that provides instructions that, when executed by a processor of a client device, cause the processor to perform operations for reading a file stored in a cloud file system, wherein the cloud file system resides, at least partially, in a cloud storage system, the operations comprising:
-
receiving an instruction from an operating system of the client device to read the file, wherein the file is stored in the cloud file system; determining a file manifest identifier corresponding to the file, wherein the file manifest identifier identifies a file manifest that includes a listing of a plurality of encryption keys and a plurality of chunk identifiers corresponding to a plurality of chunks of the file; determining that a decrypted file manifest corresponding to the file manifest identifier and an encrypted file manifest corresponding to the file manifest identifier is not present in a local cache of the client device used for the cloud file system, and responsive to that determination, downloading the encrypted file manifest from the cloud storage system; retrieving a key used to decrypt the encrypted file manifest; decrypting the encrypted file manifest using the retrieved key; determining the plurality of chunk identifiers from the decrypted file manifest; for each of the plurality of chunk identifiers, determining whether a decrypted chunk or an encrypted chunk corresponding to that chunk identifier is present in the local cache of the client device used for the cloud file system; for each of the plurality of chunk identifiers where a corresponding decrypted chunk or encrypted chunk is not present in the local cache of the client device used for the cloud file system, performing the following; downloading that encrypted chunk from the cloud storage system, retrieving, from the decrypted file manifest, a key to decrypt that encrypted chunk, and decrypting the encrypted chunk using the retrieved key; for each of the plurality of chunk identifiers where a corresponding encrypted chunk is present in the local cache of the client device used for the cloud file system, performing the following; retrieving, from the local cache, the encrypted chunk, retrieving, from the decrypted file manifest, a key to decrypt that encrypted chunk, and decrypting the encrypted chunk using the retrieved key; for each of the plurality of chunk identifiers where a decrypted chunk is present in the local cache of the client device used for the cloud file system, retrieving that decrypted chunk from the local cache; and returning the file to the operating system. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory tangible machine-readable medium that provides instructions that, when executed by a processor of a client device, cause the processor to perform operations for saving a file to a cloud file system, wherein the cloud file system resides, at least partially, in a cloud storage system, the operations comprising:
-
splitting the file into a plurality of chunks; for each of the plurality of chunks, performing the following; generating an encryption key based on data with that chunk, encrypting that chunk using the generated encryption key, generating a chunk identifier based on data within the encrypted chunk, including the encryption key and the chunk identifier in a file manifest, determining that the cloud storage system does not include the encrypted chunk, and transmitting the encrypted chunk and chunk identifier to the cloud storage system responsive to the determining that the cloud storage system does not contain the encrypted chunk; wherein the file manifest includes a list of the encryption keys and corresponding chunk identifiers for the plurality of chunks; generating a file manifest encryption key based on the data within the file manifest; encrypting the file manifest using the file manifest encryption key; generating a file manifest identifier based on data within the encrypted file manifest; including the file manifest encryption key and the file manifest identifier in a file system manifest, wherein the file system manifest includes a listing of the file manifests; determining that the cloud storage system does not include the encrypted file manifest; transmitting the encrypted file manifest and the file manifest identifier to the cloud storage system responsive to the determining that the cloud storage system does not include the encrypted file manifest; generating a file system manifest encryption key based on data within the file system manifest; encrypting the file system manifest with the generated file system manifest encryption key; generating a file system manifest identifier based on data within the encrypted file system manifest; including the file system manifest key and the file system manifest identifier in metadata that is associated with a user of the client device; encrypting the metadata; and storing the encrypted metadata in the cloud storage system. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification