Systems and methods for secure hybrid third-party data storage
First Claim
1. A computer-implemented method for secure hybrid third-party data storage, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying, at a trusted proxy system, an access request from a client system to access an encrypted file stored under a user account at a third-party storage system, wherein the requested access requires decryption of the encrypted file, wherein the trusted proxy system is owned by an owner of the encrypted file and the third-party storage system is not owned by the owner of the encrypted file;
retrieving, in response to the request, from the third-party storage system and for the trusted proxy system;
the encrypted file;
a decryption key that has been encrypted with a client-side key, wherein an asymmetric key pair designated for the user account comprises an encryption key and the encrypted decryption key;
receiving, at the trusted proxy system, the client-side key, without exposing the client-side key to the third-party storage system;
decrypting the encrypted decryption key with the client-side key at the trusted proxy system rather than at the third-party storage system responsive to the trusted proxy system being owned by the owner of the encrypted file and the third-party storage system not being owned by the owner of the encrypted file;
using the decryption key to access an unencrypted version of the encrypted file at the trusted proxy system.
2 Assignments
0 Petitions
Accused Products
Abstract
The disclosed computer-implemented method for secure hybrid third-party data storage may include (1) identifying, at a trusted proxy system, an access request from a client system to access an encrypted file stored under a user account at a third-party storage system, where the requested access requires decryption of the encrypted file, (2) retrieving, from the third-party storage system, (i) the encrypted file and (ii) a decryption key that has been encrypted with a client-side key, where an asymmetric key pair designated for the user account includes an encryption key and the encrypted decryption key, (3) receiving, at the trusted proxy system, the client-side key, (4) decrypting, at the trusted proxy system, the decryption key with the client-side key, and (5) using the decryption key to access an unencrypted version of the encrypted file at the trusted proxy system. Various other methods, systems, and computer-readable media are also disclosed.
47 Citations
20 Claims
-
1. A computer-implemented method for secure hybrid third-party data storage, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying, at a trusted proxy system, an access request from a client system to access an encrypted file stored under a user account at a third-party storage system, wherein the requested access requires decryption of the encrypted file, wherein the trusted proxy system is owned by an owner of the encrypted file and the third-party storage system is not owned by the owner of the encrypted file; retrieving, in response to the request, from the third-party storage system and for the trusted proxy system; the encrypted file; a decryption key that has been encrypted with a client-side key, wherein an asymmetric key pair designated for the user account comprises an encryption key and the encrypted decryption key; receiving, at the trusted proxy system, the client-side key, without exposing the client-side key to the third-party storage system; decrypting the encrypted decryption key with the client-side key at the trusted proxy system rather than at the third-party storage system responsive to the trusted proxy system being owned by the owner of the encrypted file and the third-party storage system not being owned by the owner of the encrypted file; using the decryption key to access an unencrypted version of the encrypted file at the trusted proxy system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for secure hybrid third-party data storage, the system comprising:
-
an identification module, stored in memory, that identifies, at a trusted proxy system, an access request from a client system to access an encrypted file stored under a user account at a third-party storage system, wherein the requested access requires decryption of the encrypted file, wherein the trusted proxy system is owned by an owner of the encrypted file and the third-party storage system is not owned by the owner of the encrypted file; a retrieving module, stored in memory, that retrieves, in response to the request, from the third-party storage system and for the trusted proxy system; the encrypted file; a decryption key that has been encrypted with a client-side key, wherein an asymmetric key pair designated for the user account by an encryption key and the encrypted decryption key; a receiving module, stored in memory, that receives, at the trusted proxy system, the client-side key, without exposing the client-side key to the third-party storage system; a decryption module, stored in memory, that decrypts the encrypted decryption key with the client-side key at the trusted proxy system rather than at the third-party storage system responsive to the trusted proxy system being owned by the owner of the encrypted file and the third-party storage system not being owned by the owner of the encrypted file; a using module, stored in memory, that uses the decryption key to access an unencrypted version of the encrypted file at the trusted proxy system; at least one physical processor configured to execute the identification module, the retrieving module, the receiving module, the decryption module, and the using module. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify, at a trusted proxy system, an access request from a client system to access an encrypted file stored under a user account at a third-party storage system, wherein the requested access requires decryption of the encrypted file, wherein the trusted proxy system is owned by an owner of the encrypted file and the third-party storage system is not owned by the owner of the encrypted file; retrieve, in response to the request, from the third-party storage system and for the trusted proxy system; the encrypted file; a decryption key that has been encrypted with a client-side key, wherein an asymmetric key pair designated for the user account comprises an encryption key and the encrypted decryption key; receive, at the trusted proxy system, the client-side key, without exposing the client-side key to the third-party storage system; decrypt the encrypted decryption key with the client-side key at the trusted proxy system rather than at the third-party storage system responsive to the trusted proxy system being owned by the owner of the encrypted file and the third-party storage system not being owned by the owner of the encrypted file; use the decryption key to access an unencrypted version of the encrypted file at the trusted proxy system.
-
Specification