SECURE CLOUD STORAGE DISTRIBUTION AND AGGREGATION
First Claim
1. A method comprising:
- establishing and maintaining, by a trusted a trusted gateway device logically interposed between an enterprise network and a plurality of third-party cloud storage services, a plurality of cryptographic keys;
receiving, by the trusted gateway device, a request from a user of the enterprise network to store a file;
partitioning, by the trusted gateway device, the file into a plurality of chunks of a predefined or configurable size;
causing to be created, by the trusted gateway device, a directory within one or more cloud storage services of the plurality of third-party cloud storage services, wherein a name attribute of the directory is set based on an encrypted version of a name of the file; and
for each chunk of the plurality of chunks;
selecting, by the trusted gateway device, a cryptographic key of the plurality of cryptographic keys;
identifying, by the trusted gateway device, existence of data within the chunk associated with one or more predefined search indices of a plurality of predefined searchable indices;
generating, by the trusted gateway device, searchable encrypted metadata based on the identified data and the selected cryptographic key;
generating, by the trusted gateway device, an encrypted version of the chunk; and
causing to be created, by the trusted gateway device, a file within the directory, wherein a name attribute of the file includes the searchable encrypted metadata and wherein a contents of the file includes the encrypted version of the chunk.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for secure cloud storage are provided. According to one embodiment, a trusted gateway device establishes and maintains multiple cryptographic keys. A request is received by the gateway from a user of an enterprise network to store a file. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) a cryptographic key is selected; (ii) existence of data is identified within the chunk associated with one or more predefined search indices; (iii) searchable encrypted metadata is generated based on the identified data and the selected cryptographic key; (iv) an encrypted version of the chunk is generated; and (v) a file is created within the directory in which a name attribute includes the searchable encrypted metadata and the file content includes the encrypted chunk.
-
Citations
14 Claims
-
1. A method comprising:
-
establishing and maintaining, by a trusted a trusted gateway device logically interposed between an enterprise network and a plurality of third-party cloud storage services, a plurality of cryptographic keys; receiving, by the trusted gateway device, a request from a user of the enterprise network to store a file; partitioning, by the trusted gateway device, the file into a plurality of chunks of a predefined or configurable size; causing to be created, by the trusted gateway device, a directory within one or more cloud storage services of the plurality of third-party cloud storage services, wherein a name attribute of the directory is set based on an encrypted version of a name of the file; and for each chunk of the plurality of chunks; selecting, by the trusted gateway device, a cryptographic key of the plurality of cryptographic keys; identifying, by the trusted gateway device, existence of data within the chunk associated with one or more predefined search indices of a plurality of predefined searchable indices; generating, by the trusted gateway device, searchable encrypted metadata based on the identified data and the selected cryptographic key; generating, by the trusted gateway device, an encrypted version of the chunk; and causing to be created, by the trusted gateway device, a file within the directory, wherein a name attribute of the file includes the searchable encrypted metadata and wherein a contents of the file includes the encrypted version of the chunk. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium embodying a set of instructions, which when executed by one or more processors of a trusted gateway device logically interposed between a plurality of third-party cloud storage services and an enterprise network, cause the one or more processors to perform a method comprising:
-
establishing and maintaining a plurality of cryptographic keys; receiving a request from a user of the enterprise network to store a file; partitioning the file into a plurality of chunks of a predefined or configurable size; causing to be created a directory within one or more cloud storage services of the plurality of third-party cloud storage services, wherein a name attribute of the directory is set based on an encrypted version of a name of the file; and for each chunk of the plurality of chunks; selecting a cryptographic key of the plurality of cryptographic keys; identifying existence of data within the chunk associated with one or more predefined search indices of a plurality of predefined searchable indices; generating searchable encrypted metadata based on the identified data and the selected cryptographic key; generating an encrypted version of the chunk; and causing to be created a file within the directory, wherein a name attribute of the file includes the searchable encrypted metadata and wherein a contents of the file includes the encrypted version of the chunk. - View Dependent Claims (9, 10, 11, 13, 14)
-
-
12. The non-transitory computer-readable storage medium of claim 12, wherein the global policy file defines for each user of the enterprise network a manner in which file data is encrypted, stored, accessed and processed.
Specification