Systems and methods for securely deduplicating data owned by multiple entities
First Claim
1. A computer-implemented method for securely deduplicating data owned by multiple entities, at least a portion of the method being performed by a client device comprising at least one processor, the method comprising:
- identifying, at the client device, a plurality of data segments to store on a third-party storage system;
for each data segment, performing the following steps at the client device;
identifying a hash of the data segment;
transmitting the hash of the data segment to a central server;
receiving an encrypted string that is based on the hash of the data segment from the central server, wherein the encrypted string comprises an encryption of the hash of the data segment using a key that is derived from the hash of the data segment using a transformation function;
encrypting the data segment with the encrypted string;
transferring the encrypted data segment to the third-party storage system.
7 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for securely deduplicating data owned by multiple entities may include identifying a plurality of data segments to store on a third-party storage system and, for each data segment: 1) identifying a hash of the data segment, 2) transmitting the hash of the data segment to a central server, 3) receiving an encrypted string that is based on the hash of the data segment from the central server, 4) encrypting the data segment with the encrypted string, and 5) transferring the encrypted data segment to the third-party storage system. Various other methods, systems, and computer-readable media are also disclosed.
-
Citations
18 Claims
-
1. A computer-implemented method for securely deduplicating data owned by multiple entities, at least a portion of the method being performed by a client device comprising at least one processor, the method comprising:
-
identifying, at the client device, a plurality of data segments to store on a third-party storage system; for each data segment, performing the following steps at the client device; identifying a hash of the data segment; transmitting the hash of the data segment to a central server; receiving an encrypted string that is based on the hash of the data segment from the central server, wherein the encrypted string comprises an encryption of the hash of the data segment using a key that is derived from the hash of the data segment using a transformation function; encrypting the data segment with the encrypted string; transferring the encrypted data segment to the third-party storage system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for securely deduplicating data owned by multiple entities, the system comprising:
-
an identification module programmed to identify, at a client device, a plurality of data segments to store on a third-party storage system; a hash-to-key module programmed to perform the following steps at the client device for each data segment; identify a hash of the data segment; transmit the hash of the data segment to a central server; receive an encrypted string that is based on the hash of the data segment from the central server, wherein the encrypted string comprises an encryption of the hash of the data segment using a key that is derived from the hash of the data segment using a transformation function; an encryption module programmed to encrypt the data segment with the encrypted string; a storage module programmed to transfer the encrypted data segment to the third-party storage system; at least one processor configured to execute the identification module, the hash-to-key module, the encryption module, and the storage module. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing client device, cause the computing client device to:
-
identify, at the client device, a plurality of data segments to store on a third-party storage system; for each data segment, perform the following steps at the client device; identify a hash of the data segment; transmit the hash of the data segment to a central server; receive an encrypted string that is based on the hash of the data segment from the central server, wherein the encrypted string comprises an encryption of the hash of the data segment using a key that is derived from the hash of the data segment using a transformation function; encrypt the data segment with the encrypted string; transfer the encrypted data segment to the third-party storage system.
-
Specification