Method for flexible data protection with dynamically authorized data receivers in a content network or in cloud storage and content delivery services
First Claim
1. A secure content publishing method implemented by a content provider coupled to a cloud service, comprising:
- encrypting a content object using a data encryption key to obtain an encrypted content object;
re-encrypting the encrypted content object using a secret key to obtain a dual-encrypted content object;
publishing the dual-encrypted content object to the cloud service to obtain a published content object;
distributing a group decryption key for decrypting the published content object to a plurality of users in a group via a content delivery network (CDN);
distributing an updated group decryption key for the users in the group when a user joins, leaves, or is revoked from the group; and
forwarding an updated re-encryption key to the cloud service for re-encrypting the published content object,wherein the published content object is stored in the cloud service and comprises a first component that depends on a random secret and a secret key, a second component that depends on the random secret and a data encryption key, and a third component that depends on the random secret and the content object, andwherein the first component and the second component is smaller in data size than the third component.
1 Assignment
0 Petitions
Accused Products
Abstract
A networking system comprising an application service that runs on a cloud infrastructure and is configured to receive dual encrypted content from a content provider and re-encrypt the dual encrypted content to enable dynamic user group control for group-based user authorization, and a cloud storage service coupled to the application service and configured to store the dual encrypted content from the content provider and the re-encrypted dual encrypted content from the application service, wherein the application service and the storage service are configured to communicate and operate with a content delivery service that uses a content delivery network (CDN) to deliver the re-encrypted content to one or more users in a group authorized by the content provider.
30 Citations
15 Claims
-
1. A secure content publishing method implemented by a content provider coupled to a cloud service, comprising:
-
encrypting a content object using a data encryption key to obtain an encrypted content object; re-encrypting the encrypted content object using a secret key to obtain a dual-encrypted content object; publishing the dual-encrypted content object to the cloud service to obtain a published content object; distributing a group decryption key for decrypting the published content object to a plurality of users in a group via a content delivery network (CDN); distributing an updated group decryption key for the users in the group when a user joins, leaves, or is revoked from the group; and forwarding an updated re-encryption key to the cloud service for re-encrypting the published content object, wherein the published content object is stored in the cloud service and comprises a first component that depends on a random secret and a secret key, a second component that depends on the random secret and a data encryption key, and a third component that depends on the random secret and the content object, and wherein the first component and the second component is smaller in data size than the third component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product comprising computer executable instructions stored on a non-transitory medium that when executed by a processor in a Central Processing Unit (CPU) cause the processor to:
-
encrypt a content object using a data encryption key to obtain an encrypted content object; re-encrypt the encrypted content object using a secret key to obtain a dual-encrypted content object; publish the dual-encrypted content object to the cloud service to obtain a published content object; distribute a group decryption key for decrypting the published content object to a plurality of users in a group via a content delivery network (CDN); distribute an updated group decryption key for the users in the group when a user joins, when a user leaves, and when a user is revoked from the group; and forward an updated re-encryption key to the cloud service for re-encrypting the published content object, wherein the published content object is stored in the cloud service and comprises a first component that depends on a random secret and a secret key, a second component that depends on the random secret and a data encryption key, and a third component that depends on the random secret and the content object, and wherein the first component and the second component is smaller in data size than the third component. - View Dependent Claims (10, 11, 12)
-
-
13. An apparatus for protecting content in a network comprising:
-
a memory; a transmitter; a processor in a Central Processing Unit (CPU) coupled to the transmitter and the memory, wherein the memory contains instructions that when executed by the processor cause the apparatus to; encrypt a content object using a data encryption key to obtain an encrypted content object; re-encrypt the encrypted content object using a secret key to obtain a dual-encrypted content object; publish the dual-encrypted content object to a cloud service to obtain a published content object; distribute a group decryption key for decrypting the published content object to a plurality of users in a group via a content delivery network (CDN); distribute an updated group decryption key for the users in the group when a user joins the group, when a user leaves the group, and when a user is revoked from the group; and forward an updated re-encryption key to the cloud service for re-encrypting the published content object, wherein the published content object is stored in the cloud service and comprises a first component that depends on a random secret and a secret key, a second component that depends on the random secret and a data encryption key, and a third component that depends on the random secret and the content object, and wherein the first component and the second component is smaller in data size than the third component. - View Dependent Claims (14, 15)
-
Specification