Cloud file system

US 10,715,314 B2
Filed: 01/22/2018
Issued: 07/14/2020
Est. Priority Date: 05/14/2011
Status: Active Grant

First Claim

Patent Images

1. A non-transitory tangible machine-readable medium that provides instructions that, when executed by a processor of a client device, cause the processor to perform operations for saving a file to a cloud file system, wherein the cloud file system resides, at least partially, in a cloud storage system, the operations comprising:

splitting the file into a plurality of chunks;

for each of the plurality of chunks, performing the following;

generating an encryption key based on data with that chunk,encrypting that chunk using the generated encryption key,generating a chunk identifier based on data within the encrypted chunk,including the encryption key and the chunk identifier in a file manifest,determining whether the cloud storage system includes the encrypted chunk, andtransmitting the encrypted chunk and chunk identifier to the cloud storage system only if it is determined that the cloud storage system does not contain the encrypted chunk;

wherein the file manifest includes a list of the encryption keys and corresponding chunk identifiers for the plurality of chunks;

generating a file manifest encryption key based on the data within the file manifest;

encrypting the file manifest using the file manifest encryption key;

generating a file manifest identifier based on data within the encrypted file manifest;

determining that the cloud storage system does not include the encrypted file manifest; and

transmitting the encrypted file manifest and the file manifest identifier to the cloud storage system responsive to the determining that the cloud storage system does not include the encrypted file manifest.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud storage system supporting user agnostic encryption and deduplication of encrypted files is described. Further the cloud storage system enables users to share a file, a group of files, or an entire file system with other users without a user sending each file to the other users. The cloud storage system further allows a client device to minimize the utilization of bandwidth by determining whether the encrypted data to transfer is already present in the cloud storage system. Further the cloud storage system comprises mechanisms for a client device to inform the cloud storage system of which data is likely to be required in the future so that the cloud storage system can make that data available with less latency one the client device requests the data.

5 Citations

19 Claims

1. A non-transitory tangible machine-readable medium that provides instructions that, when executed by a processor of a client device, cause the processor to perform operations for saving a file to a cloud file system, wherein the cloud file system resides, at least partially, in a cloud storage system, the operations comprising:
- splitting the file into a plurality of chunks;
  
  for each of the plurality of chunks, performing the following;
  
  generating an encryption key based on data with that chunk,encrypting that chunk using the generated encryption key,generating a chunk identifier based on data within the encrypted chunk,including the encryption key and the chunk identifier in a file manifest,determining whether the cloud storage system includes the encrypted chunk, andtransmitting the encrypted chunk and chunk identifier to the cloud storage system only if it is determined that the cloud storage system does not contain the encrypted chunk;
  
  wherein the file manifest includes a list of the encryption keys and corresponding chunk identifiers for the plurality of chunks;
  
  generating a file manifest encryption key based on the data within the file manifest;
  
  encrypting the file manifest using the file manifest encryption key;
  
  generating a file manifest identifier based on data within the encrypted file manifest;
  
  determining that the cloud storage system does not include the encrypted file manifest; and
  
  transmitting the encrypted file manifest and the file manifest identifier to the cloud storage system responsive to the determining that the cloud storage system does not include the encrypted file manifest.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The non-transitory tangible machine-readable medium of claim 1, wherein the encryption key generated for each chunk is based on a result of hashing that chunk.
  - 3. The non-transitory tangible machine-readable medium of claim 1, wherein the generated chunk identifier for each chunk is based on a result of hashing the encrypted chunk.
  - 4. The non-transitory tangible machine-readable medium of claim 1, wherein the operations further comprise including the file manifest encryption key and the file manifest identifier in a file system manifest, wherein the file system manifest includes a listing of the file manifests for each of a plurality of files including the file and a path of the plurality of files, and wherein the file system manifest is encrypted using an encryption key unique to the client device or a user of the client device.
  - 5. The non-transitory tangible machine-readable medium of claim 1, wherein the operations further comprise:
    - removing the file from a local storage system of the client device after saving the file to the cloud file system.
  - 6. The non-transitory tangible machine-readable medium of claim 1, wherein determining whether the cloud storage system includes the encrypted chunk comprises:
    - transmitting a query to the cloud storage system that requests information indicating whether the chunk identifier corresponding to the encrypted chunk is present in the cloud storage system; and
      
      receiving a response indicating whether the chunk identifier is present in the cloud storage system.

7. A non-transitory tangible machine-readable medium that provides instructions that, when executed by a processor of a client device, cause the processor to perform operations for reading a file stored in a cloud file system, wherein the cloud file system resides, at least partially, in a cloud storage system, the operations comprising:
- receiving an instruction from an operating system of the client device to read the file, wherein the file is stored in the cloud file system;
  
  determining a file manifest identifier corresponding to the file, wherein the file manifest identifier identifies a file manifest that includes a listing of a plurality of encryption keys and a plurality of chunk identifiers corresponding to a plurality of chunks of the file;
  
  determining that a decrypted file manifest corresponding to the file manifest identifier and an encrypted file manifest corresponding to the file manifest identifier is not present in a local cache of the client device used for the cloud file system, and responsive to that determination, downloading the encrypted file manifest from the cloud storage system;
  
  retrieving a key used to decrypt the encrypted file manifest;
  
  decrypting the encrypted file manifest using the retrieved key;
  
  determining the plurality of chunk identifiers from the decrypted file manifest;
  
  for each of the plurality of chunk identifiers, determining whether a decrypted chunk or an encrypted chunk corresponding to that chunk identifier is present in the local cache of the client device used for the cloud file system;
  
  for each of the plurality of chunk identifiers where a corresponding decrypted chunk or encrypted chunk is not present in the local cache of the client device used for the cloud file system, performing the following;
  
  downloading that encrypted chunk from the cloud storage system,retrieving, from the decrypted file manifest, a key to decrypt that encrypted chunk, anddecrypting the encrypted chunk using the retrieved key;
  
  for each of the plurality of chunk identifiers where a corresponding encrypted chunk is present in the local cache of the client device used for the cloud file system, performing the following;
  
  retrieving, from the local cache, the encrypted chunk,retrieving, from the decrypted file manifest, a key to decrypt that encrypted chunk, anddecrypting the encrypted chunk using the retrieved key;
  
  for each of the plurality of chunk identifiers where a decrypted chunk is present in the local cache of the client device used for the cloud file system, retrieving that decrypted chunk from the local cache; and
  
  returning the file to the operating system.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory tangible machine-readable medium of claim 7, wherein the operations further comprise:
    - storing each decrypted chunk in the local cache of the client device used for the cloud file system.
  - 9. The non-transitory tangible machine-readable medium of claim 7, wherein downloading each encrypted chunk from the cloud storage system includes performing the following:
    - including a chunk identifier corresponding to that encrypted chunk in a download queue;
      
      accessing the decrypted file manifest to determine a set of one or more other chunk identifiers whose corresponding chunks are located near that encrypted chunk in the decrypted file manifest;
      
      including, in the download queue, the set of other chunk identifiers; and
      
      downloading the encrypted chunks from the cloud storage system according to the download queue.
  - 10. The non-transitory tangible machine-readable medium of claim 7, wherein the operations further comprise:
    - for each of the encrypted chunks downloaded from the cloud storage system, downloading a set of one or more additional encrypted chunks from the cloud storage system.
  - 11. The non-transitory tangible machine-readable medium of claim 10, wherein the operations further comprise:
    - for each of the encrypted chunks downloaded from the cloud storage system, using an analytical model that indicates the set of additional encrypted chunks that will likely be accessed when the encrypted chunk is accessed.
  - 12. The non-transitory tangible machine-readable medium of claim 7, wherein the operations further comprise:
    - instructing the cloud storage system to prefetch one or more chunks to a cloud storage pool.

13. A non-transitory tangible machine-readable medium that provides instructions that, when executed by a processor of a client device, cause the processor to perform operations for saving a file to a cloud file system, wherein the cloud file system resides, at least partially, in a cloud storage system, the operations comprising:
- splitting the file into a plurality of chunks;
  
  for each of the plurality of chunks, performing the following;
  
  generating an encryption key based on data with that chunk,encrypting that chunk using the generated encryption key,generating a chunk identifier based on data within the encrypted chunk,including the encryption key and the chunk identifier in a file manifest,determining that the cloud storage system does not include the encrypted chunk, andtransmitting the encrypted chunk and chunk identifier to the cloud storage system responsive to the determining that the cloud storage system does not contain the encrypted chunk;
  
  wherein the file manifest includes a list of the encryption keys and corresponding chunk identifiers for the plurality of chunks;
  
  generating a file manifest encryption key based on the data within the file manifest;
  
  encrypting the file manifest using the file manifest encryption key;
  
  generating a file manifest identifier based on data within the encrypted file manifest;
  
  including the file manifest encryption key and the file manifest identifier in a file system manifest, wherein the file system manifest includes a listing of the file manifests;
  
  determining that the cloud storage system does not include the encrypted file manifest;
  
  transmitting the encrypted file manifest and the file manifest identifier to the cloud storage system responsive to the determining that the cloud storage system does not include the encrypted file manifest;
  
  generating a file system manifest encryption key based on data within the file system manifest;
  
  encrypting the file system manifest with the generated file system manifest encryption key;
  
  generating a file system manifest identifier based on data within the encrypted file system manifest;
  
  including the file system manifest key and the file system manifest identifier in metadata that is associated with a user of the client device;
  
  encrypting the metadata; and
  
  storing the encrypted metadata in the cloud storage system.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The non-transitory tangible machine-readable medium of claim 13, wherein the encryption key generated for each chunk is based on a result of hashing that chunk.
  - 15. The non-transitory tangible machine-readable medium of claim 13, wherein the generated chunk identifier for each chunk is based on a result of hashing the encrypted chunk.
  - 16. The non-transitory tangible machine-readable medium of claim 13, wherein the file system manifest is encrypted using an encryption key unique to the client device or a user of the client device.
  - 17. The non-transitory tangible machine-readable medium of claim 13, wherein the operations further comprise:
    - removing the file from a local storage system of the client device after saving the file to the cloud file system.
  - 18. The non-transitory tangible machine-readable medium of claim 13, wherein determining whether the cloud storage system includes the encrypted chunk comprises:
    - transmitting a query to the cloud storage system that requests information indicating whether the chunk identifier corresponding to the encrypted chunk is present in the cloud storage system; and
      
      receiving a response indicating whether the chunk identifier is present in the cloud storage system.
  - 19. The non-transitory tangible machine-readable medium of claim 13, wherein the user manifest further includes information identifying an index.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Puccini World Limited
Original Assignee
Puccini World Limited
Inventors
Gauda, Anthony Francois
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Kaplan, Benjamin A

Application Number

US15/877,286
Publication Number

US 20190044706A1
Time in Patent Office

904 Days
Field of Search

713153, 713168
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/6272   by registering files or doc...

G06F 2221/2107   File encryption

H04L 63/0428   wherein the data content is...

H04L 67/1097   for distributed storage of ...

H04L 9/0816   Key establishment, i.e. cry...

Cloud file system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

5 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Cloud file system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links