SYSTEMS AND METHODS FOR SECURE HYBRID THIRD-PARTY DATA STORAGE
First Claim
1. A computer-implemented method for secure hybrid third-party data storage, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying, at a trusted proxy system, an access request from a client system to access an encrypted file stored under a user account at a third-party storage system, wherein the requested access requires decryption of the encrypted file;
retrieving, in response to the request, from the third-party storage system and for the trusted proxy system;
the encrypted file;
a decryption key that has been encrypted with a cryptographic key, wherein an asymmetric key pair designated for the user account comprises an encryption key and the encrypted decryption key;
decrypting, at the trusted proxy system, the decryption key with the cryptographic key;
using the decryption key to access an unencrypted version of the encrypted file at the trusted proxy system.
3 Assignments
0 Petitions
Accused Products
Abstract
The disclosed computer-implemented method for secure hybrid third-party data storage may include (1) identifying, at a trusted proxy system, an access request from a client system to access an encrypted file stored under a user account at a third-party storage system, where the requested access requires decryption of the encrypted file, (2) retrieving, from the third-party storage system, (i) the encrypted file and (ii) a decryption key that has been encrypted with a cryptographic key, where an asymmetric key pair designated for the user account includes an encryption key and the encrypted decryption key, (3) decrypting, at the trusted proxy system, the decryption key with the cryptographic key, and (4) using the decryption key to access an unencrypted version of the encrypted file at the trusted proxy system. Various other methods, systems, and computer-readable media are also disclosed.
-
Citations
20 Claims
-
1. A computer-implemented method for secure hybrid third-party data storage, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying, at a trusted proxy system, an access request from a client system to access an encrypted file stored under a user account at a third-party storage system, wherein the requested access requires decryption of the encrypted file; retrieving, in response to the request, from the third-party storage system and for the trusted proxy system; the encrypted file; a decryption key that has been encrypted with a cryptographic key, wherein an asymmetric key pair designated for the user account comprises an encryption key and the encrypted decryption key; decrypting, at the trusted proxy system, the decryption key with the cryptographic key; using the decryption key to access an unencrypted version of the encrypted file at the trusted proxy system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for secure hybrid third-party data storage, the system comprising:
-
an identification module, stored in memory, that identifies, at a trusted proxy system, an access request from a client system to access an encrypted file stored under a user account at a third-party storage system, wherein the requested access requires decryption of the encrypted file; a retrieving module, stored in memory, that retrieves, in response to the request, from the third-party storage system and for the trusted proxy system; the encrypted file; a decryption key that has been encrypted with a cryptographic key, wherein an asymmetric key pair designated for the user account by an encryption key and the encrypted decryption key; a decryption module, stored in memory, that decrypts, at the trusted proxy system, the decryption key with the cryptographic key; a using module, stored in memory, that uses the decryption key to access an unencrypted version of the encrypted file at the trusted proxy system; at least one physical processor that executes the identification module, the retrieving module, the decryption module, and the using module. - View Dependent Claims (19)
-
-
20. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify, at a trusted proxy system, an access request from a client system to access an encrypted file stored under a user account at a third-party storage system, wherein the requested access requires decryption of the encrypted file; retrieve, in response to the request, from the third-party storage system and for the trusted proxy system; the encrypted file; a decryption key that has been encrypted with a cryptographic key, wherein an asymmetric key pair designated for the user account comprises an encryption key and the encrypted decryption key; decrypt, at the trusted proxy system, the decryption key with the cryptographic key; use the decryption key to access an unencrypted version of the encrypted file at the trusted proxy system.
-
Specification