METHOD AND APPARATUS FOR SECURING SENSITIVE DATA IN A CLOUD STORAGE SYSTEM

US 20150365385A1
Filed: 06/11/2015
Published: 12/17/2015
Est. Priority Date: 06/11/2014
Status: Active Grant

First Claim

Patent Images

1. A system for securing sensitive data in a cloud storage system comprising:

an Encrypted Drive System (EDS) automatically linked with cloud storage services associated with a user; and

a key store located separately from the EDS for storing keys used to encrypt documents, wherein the EDS is configured to;

encrypt the document based on file-encryption key associated with the user;

store the encrypted document in the cloud storage services associated with the user;

generate metadata associated with the encrypted document to enable indexing and search over file names and contents;

sharing of encrypted document through email or folder; and

implement a functional security layer around a set of cloud applications to allow the user to access existing features of linked applications.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one aspect, relates to a system and method of seamlessly encrypting data files before uploading them to a public cloud storage system by providing an encrypted drive system (EDS) that forms a security layer around existing cloud storage services to provide enhanced protection to data. The EDS also provides a convenient interface to specify data protection policies across connected cloud storage applications. The EDS implements standard functionalities like accessing, search and sharing directly on the encrypted data using secure indexing and querying of encrypted data. The EDS is able to guarantee a much higher level of security for data in the cloud without the user having to compromise on the features of the various applications.

Citations

20 Claims

1. A system for securing sensitive data in a cloud storage system comprising:
- an Encrypted Drive System (EDS) automatically linked with cloud storage services associated with a user; and
  
  a key store located separately from the EDS for storing keys used to encrypt documents, wherein the EDS is configured to;
  
  encrypt the document based on file-encryption key associated with the user;
  
  store the encrypted document in the cloud storage services associated with the user;
  
  generate metadata associated with the encrypted document to enable indexing and search over file names and contents;
  
  sharing of encrypted document through email or folder; and
  
  implement a functional security layer around a set of cloud applications to allow the user to access existing features of linked applications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the encryption comprises a cipher based on Advances Encryption Standard (AES) 256.
  - 3. The system of claim 1, wherein said key store used for storing keys of the user is selected by the user from options provided by the EDS.
  - 4. The system of claim 1, wherein said functional security layer enables access to the files stored in any of the cloud storage services from multiple devices of the user.
  - 5. The system of claim 1, wherein the EDS performs the following before encryption to process keyword for search including (i) parses document to extract keywords from the documents;
    - (ii) extracts indexable text based on keywords;
      
      (iii) generates metadata for the parsed encrypted documents based on keywords;
      
      (iv) performs coloring of the encrypted documents to generate color-tags based on an extracted word-set (W);
      
      (v) generates content summary and stores the content summary in the metadata field;
      
      (vi) creates Bloom filters per encrypted document; and
      
      (vii) stores the Bloom filters as metadata associated with the document.
  - 6. The system of claim 1, wherein the EDS performs the following before encryption to process pattern for search including (i) parses document to extract patterns from the documents;
    - (ii) extracts indexable text based on pattern;
      
      (iii) generates metadata for the parsed encrypted documents based on patterns;
      
      (iv) performs coloring of the encrypted documents to generate color-tags based on an extracted pattern-set (P);
      
      (v) generates content summary and stores the content summary in the metadata field;
      
      (vi) creates Bloom filters per encrypted document and (vii) stores the Bloom filters as metadata associated with the document
  - 7. The system of claim 6, wherein the Bloom filters used per document records keywords depending upon a frequency with which the keyword appears in a random user query.
  - 8. The system of claim 6, wherein the Bloom filters are serialized and stored along with the color-tags in one metadata field
  - 9. The system of claim 6, wherein the Bloom filters corresponding to the encrypted documents are stored in a separate key-value datastore in the cloud
  - 10. The system of claim 6, wherein the color tags generated for a second user may be stored separately in a different indexable datastore or a key-value datastore in the cloud

11. A method for securing sensitive data in a cloud storage system comprising:
- linking the encrypted drive system (EDS) with cloud storage services associated with the user;
  
  providing a keystore located separately from the said EDS;
  
  creating a public-private key pair for user to encrypt and decrypt using RSA algorithm;
  
  securely storing keys in the key store for the EDS to encrypt and decrypt documents;
  
  storing the encrypted documents in the cloud storage services associated with the user; and
  
  generating metadata associated with the said encrypted document to enable indexing, sharing and searching functionality across the encrypted documents stored by the said cloud storage services.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. A method of claim 11, wherein the metadata enables sharing of the encrypted document in the cloud storage services with the co-workers.
  - 13. A method of claim 12, wherein the sharing comprise steps of:
    - sharing the encrypted content to the share by creating secure folders with security policy;
      
      encrypting the file encryption key using owners private key;
      
      creating a copy of file encryption key by the EDS and encrypting under the sharee'"'"'s public key and storing the copy of file encryption key in the keystore under the sharee'"'"'s identifier and shared document identifier.
  - 14. A method of claim 13, wherein the metadata further enables to read and edit the encrypted document stored in the cloud storage services online.
  - 15. A method of claim 14, wherein the metadata further enables to collaborate with others in real-time to modify the encrypted documents stored in the cloud storage services
  - 16. A method of claim 15, wherein the security policy is applied to the folders.
  - 17. A method of claim 16, wherein the security policy is further applied to the files in the folders.
  - 18. A method of claim 16, wherein the security policy includes:
    - restricting downloading;
      
      restricting printing of the files from the folder and viewing the files only online.

19. A method for full text search over all connected cloud drives by EDS comprise steps of:
- obtaining a list of all files in the connected cloud drive;
  
  parsing each file to extract keyword and pattern information;
  
  extracting indexable text based on keywords and pattern information;
  
  performing coloring of the each file to generate color-tags based on an extracted word-set (W) and pattern set (P);
  
  generating content summary and storing the content summary in the metadata field;
  
  creating Bloom filters per document and storing the Bloom filters as metadata;
  
  storing the metadata for indexing and querying by creating the placeholder file within Google Drive for every file in another cloud drive and sharing files seamlessly irrespective of backend cloud drive connected to the EDS.
- View Dependent Claims (20)
- - 20. A method according to claim 19, wherein the metadata can be further stored by creating a document index in the EDS system server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GarbleCloud, Inc.
Original Assignee
Bijit Hore
Inventors
Hore, Bijit

Granted Patent

US 9,825,925 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/06 for supporting key manageme...

METHOD AND APPARATUS FOR SECURING SENSITIVE DATA IN A CLOUD STORAGE SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR SECURING SENSITIVE DATA IN A CLOUD STORAGE SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links