Leveraging Security As A Service For Cloud-Based File Sharing

US 20170070506A1
Filed: 09/04/2015
Published: 03/09/2017
Est. Priority Date: 09/04/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

at a cloud-based file sharing server external to an enterprise network and having connectivity to the enterprise network, receiving instructions from the enterprise network to validate a file uploaded by a first user associated with the enterprise network before allowing the file to be downloaded;

receiving the file from the first user, the file specifying at least one second user authorized to download the file;

forwarding the file to a cloud-based security-as-a-service (SECaaS) server;

receiving a determination of validation from the cloud-based SECaaS server; and

allowing the at least one second user to download the file based on the determination.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of leveraging security-as-a-service for cloud-based file sharing includes receiving, at a cloud-based file sharing server external to an enterprise network and having connectivity to the enterprise network, instructions from an enterprise network to validate a file uploaded by a first user associated with the enterprise network before allowing the file to be downloaded. The file sharing server may then receive the file from the first user and forward the file to a cloud-based security-as-a-service (SECaaS) server that is also external to the enterprise network and has connectivity to the enterprise network. The file sharing server receives a determination of validation from the cloud-based SECaaS server and allows a second user to download the file based on the determination. To make the determination, the SECaaS server retrieves cryptographic keying material from a cloud-based key management server, and decrypts the file.

35 Citations

View as Search Results

20 Claims

1. A method comprising:
- at a cloud-based file sharing server external to an enterprise network and having connectivity to the enterprise network, receiving instructions from the enterprise network to validate a file uploaded by a first user associated with the enterprise network before allowing the file to be downloaded;
  
  receiving the file from the first user, the file specifying at least one second user authorized to download the file;
  
  forwarding the file to a cloud-based security-as-a-service (SECaaS) server;
  
  receiving a determination of validation from the cloud-based SECaaS server; and
  
  allowing the at least one second user to download the file based on the determination.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein forwarding the file to the cloud-based SECaaS server further comprises:
    - forwarding a uniform resource locator (URL) to the cloud-based SECaaS server, the URL enabling the cloud-based SECaaS server to obtain cryptographic keying information from a cloud-based key management server having connectivity to the enterprise network, the keying information allowing the file to be decrypted when the file is encrypted.
  - 3. The method of claim 1, wherein at least one of the first user or the second user is located outside of the enterprise network.
  - 4. The method of claim 1, wherein the first user and the second user are unaware of the SECaaS validation.
  - 5. The method of claim 1, further comprising:
    - authenticating the cloud-based file sharing server to the cloud-based SECaaS server with authorization information obtained by the enterprise network from the cloud-based SECaaS server.
  - 6. The method of claim 1, wherein the file is an encrypted file and is stored and forwarded while encrypted.
  - 7. The method of claim 1, wherein the enterprise network is off-path from a path used to receive the file.

8. A system comprisingan enterprise network;
- a cloud-based security-as-a-service (SECaaS) server external to the enterprise network and having connectivity to the enterprise network; and
  
  a cloud-based file sharing server external to the enterprise network and having connectivity to the enterprise network, the cloud-based file sharing server being configured to;
  
  receive instructions from the enterprise network to validate a file uploaded by a first user associated with the enterprise network before allowing the file to be downloaded;
  
  receive the file from the first user, the file specifying at least one second user authorized to download the file;
  
  forward the file to the cloud-based SECaaS server;
  
  receive a determination of validation from the cloud-based SECaaS server; and
  
  allow the at least one second user to download the file based on the determination.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, further comprising:
    - a cloud-based key management server external to the enterprise network and having connectivity to the enterprise network, wherein the cloud-based file sharing server forwards the file to the cloud-based SECaaS server by;
      
      forwarding a uniform resource locator (URL) to the cloud-based SECaaS server, the URL enabling the cloud-based SECaaS server to obtain cryptographic keying information from the cloud-based key management server, the cryptographic keying information allowing the file to be decrypted when the file is encrypted.
  - 10. The system of claim 8, wherein at least one of the first user or the second user is located outside of the enterprise network.
  - 11. The system of claim 8, wherein the first user and the second user are unaware of the SECaaS validation.
  - 12. The system of claim 8, wherein the file sharing server is further configured to:
    - authenticate itself with the cloud-based SECaaS server with authorization information obtained by the enterprise network from the cloud-based SECaaS server.
  - 13. The system of claim 8, wherein the file is an encrypted file and is stored and forwarded while encrypted.
  - 14. The system of claim 8, wherein the enterprise network is off-path from a path used to receive the file.

15. A system comprisingan enterprise network;
- a cloud-based file sharing server external to the enterprise network and having connectivity to the enterprise network;
  
  a cloud-based key management server external to the enterprise network and having connectivity to the enterprise network; and
  
  a cloud-based security-as-a-service (SECaaS) server external to an enterprise network and having connectivity to the enterprise network, the cloud-based SECaaS server being configured to;
  
  receive a request from the enterprise network for authorization information that authorizes the SECaaS server to perform file scanning services;
  
  provide the requested authorization information to the enterprise network;
  
  authenticate the file sharing server using the authorization information;
  
  receive a file from the file sharing server;
  
  retrieve cryptographic keying material from the key management server, the keying material allowing the file to be decrypted;
  
  decrypt the file;
  
  inspect the decrypted file to determine whether the file is malicious; and
  
  notify the file sharing server as to whether the file is malicious.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the file is received from the file sharing server with a uniform resource locator (URL) and the cloud-based SECaaS server uses the URL to obtain the keying material from the cloud-based key management server.
  - 17. The system of claim 15, wherein the authorization information is a first piece of authorization information and the cloud-based SECaaS server authorizes itself with the cloud-based key management server with a second piece of authorization information.
  - 18. The system of claim 17, wherein the second piece of authorization information is received from the enterprise network, the enterprise network retrieving the second piece of authorization information from the cloud-based key management server.
  - 19. The system of claim 15, wherein the decrypted file remains on the cloud-based SECaaS server.
  - 20. The system of claim 15, wherein the enterprise network is off-path from a path used to receive the file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Wing, Daniel, Reddy, K. Tirumaleswar, Patil, Prashanth

Granted Patent

US 10,135,826 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/56   Computer malware detection ...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/062   for key distribution, e.g. ...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04L 67/06   specially adapted for file ...

H04L 67/10   in which an application is ...

Leveraging Security As A Service For Cloud-Based File Sharing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Leveraging Security As A Service For Cloud-Based File Sharing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links