Upload and download streaming encryption to/from a cloud-based platform

US 9,135,462 B2
Filed: 08/26/2013
Issued: 09/15/2015
Est. Priority Date: 08/29/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of a cloud-based collaboration platform, the method, comprising:

receiving a data file encrypted with a first key;

receiving the first key encrypted with a second key;

decrypting the first key with the second key;

determining an index into key encryption pool based on the value of the second key, the key encryption pool including multiple indexed keys;

selecting a third key corresponding to the index into the key encryption pool;

encrypting the first key with the third key to generate an encrypted key file;

storing, by the cloud-based collaboration platform, the encrypted key file and the data file encrypted with the first key in a storage location;

creating a record associating the data file with the encrypted key file;

storing a record of the correspondence between the third key and the data file;

receiving a request for the data file; and

sending a response to the request indicating a location of the encryption key file and a location of the encrypted data file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present disclosure include systems and methods for upload and/or download streaming encryption to/from an online service, or cloud-based platform or environment. The encryption process includes the following parts: Upload encryption, download decryption, and a central piece of infrastructure called the Interval Key Server (IKS). During both upload and download, the encryption and decryption processes are performed while the files are being uploaded/downloaded, (e.g., the files are being encrypted/decrypted as they are being streamed).

501 Citations

23 Claims

1. A computer-implemented method of a cloud-based collaboration platform, the method, comprising:
- receiving a data file encrypted with a first key;
  
  receiving the first key encrypted with a second key;
  
  decrypting the first key with the second key;
  
  determining an index into key encryption pool based on the value of the second key, the key encryption pool including multiple indexed keys;
  
  selecting a third key corresponding to the index into the key encryption pool;
  
  encrypting the first key with the third key to generate an encrypted key file;
  
  storing, by the cloud-based collaboration platform, the encrypted key file and the data file encrypted with the first key in a storage location;
  
  creating a record associating the data file with the encrypted key file;
  
  storing a record of the correspondence between the third key and the data file;
  
  receiving a request for the data file; and
  
  sending a response to the request indicating a location of the encryption key file and a location of the encrypted data file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer-implemented method of claim 1, wherein determining the index comprises:
    - calculating a checksum of the second key; and
      
      selecting the index corresponding to the checksum modulo the number of encryption pool keys.
  - 3. The computer-implemented method of claim 1, wherein the third key comprises more bits than the second key.
  - 4. The computer-implemented method of claim 1, wherein the key encryption pool comprises at least one key generated using a different method from another key in the key pool.
  - 5. The computer-implemented method of claim 1, wherein creating a record further comprises inserting a version identifier into the encrypted data file.
  - 6. The computer-implemented method of claim 1, wherein the encrypted key file comprises a version number and a key id, the key id associated with the third key.
  - 7. The computer-implemented method of claim 1, wherein the encrypted data file is received from a client device via a POST action.
  - 8. The computer-implemented method of claim 1, wherein the encrypted data file is received from the client device via a GET action, and the response comprises a response to the GET action.
  - 9. The computer-implemented method of claim 1, wherein the data file encrypted with the first key is received from a client device, the method further comprising providing a response to the client device.
  - 10. The computer-implemented method of claim 1,wherein the response to the request for the data file includes a first header entry indicating the location of the encryption key file, and a second header entry indicating the location of the encrypted data file.
  - 11. The computer-implemented method of claim 10, further comprising:
    - retrieving at least one of the encryption key file and the encrypted data file from the file storage.
  - 12. The computer-implemented method of claim 11, further comprising:
    - streaming at least one of the encryption key file and the encrypted data file to a client device;
      
      wherein, during streaming, decryption of the encrypted data file simultaneously occurs such that the client device receives an unencrypted version of the data file.

13. A system of a cloud-based collaboration platform, the system comprising:
- a key server having at least one processor;
  
  a memory, the memory comprising instructions executable by the at least one processor, to;
  
  receive a data file encrypted with a first key;
  
  receive the first key encrypted with a second key;
  
  decrypt the first key with the second key;
  
  determine an index into key encryption pool based on the value of the second key, the key encryption pool including multiple indexed keys;
  
  select a third key corresponding to the index into the key encryption pool;
  
  encrypt the first key with the third key to generate an encrypted key file;
  
  store by the cloud-based collaboration platform the encrypted key file and the data file in a storage location;
  
  create a record associating the data file with the encrypted key file; and
  
  store a record of the correspondence between the third key and the data filereceive a request for the data file; and
  
  send a response to the request indicating a location of the encryption key file and a location of the encrypted data file.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, further comprising a host server of the cloud-based collaboration platform,wherein, the host server includes the key server or is coupled to the key server;
    - wherein the host server hosts the data file that is encrypted; and
      
      wherein, the encrypted data file is collaborated upon or shared among collaborators in the cloud-based environment.
  - 15. The system of claim 14, wherein, the data file was encrypted while simultaneously being uploaded via streaming encryption from a client device to the host server.
  - 16. The system of claim 14, wherein, the data file is decrypted while simultaneously being downloaded via streaming decryption from host server to a client device.
  - 17. The system of claim 13, wherein the key server is in communication with a filer, the filer configured to store encrypted data files and encrypted key files.
  - 18. The system of claim 13, wherein the key server further comprises the key encryption pool.

19. A non-transitory computer readable storage medium having instructions stored thereon, which when executed by one or more processors of a system, cause the system to:
- receive a data file encrypted with a first key;
  
  receive the first key encrypted with a second key;
  
  decrypting the first key with the second key;
  
  determine an index into key encryption pool based on the value of the second key, the key encryption pool including multiple indexed keys;
  
  selecting a third key corresponding to the index into the key encryption pool;
  
  encrypting the first key with the third key to generate an encrypted key file;
  
  storing, by the cloud-based collaboration platform, the encrypted key file and the data file encrypted with the first key in a storage location;
  
  creating a record associating the data file with the encrypted key file;
  
  storing a record of the correspondence between the third key and the data file;
  
  receiving a request for the data file; and
  
  sending a response to the request indicating a location of the encryption key file and a location of the encrypted data file.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The non-transitory computer readable storage medium of claim 19, wherein determining the index comprises:
    - calculating a checksum of the second key; and
      
      selecting the index corresponding to the checksum modulo the number of encryption pool keys.
  - 21. The non-transitory computer readable storage medium of claim 19 wherein the third key comprises more bits than the second key.
  - 22. The non-transitory computer readable storage medium of claim 19, wherein the key encryption pool comprises at least one key generated using a different method from another key in the key pool.
  - 23. The non-transitory computer readable storage medium of claim 19, wherein creating a record further comprises inserting a version identifier into the encrypted data file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Box Incorporated
Original Assignee
Box Incorporated
Inventors
Scharf, Yuval, Lyons, James P.
Primary Examiner(s)
Rashid, Harunur
Assistant Examiner(s)
Zarrineh, Shahriar

Application Number

US13/975,827
Publication Number

US 20140068254A1
Time in Patent Office

750 Days
Field of Search

713/165
US Class Current

1/1
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2221/2149   Restricted operating enviro...

H04L 63/0428   wherein the data content is...

H04L 67/06   specially adapted for file ...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0894   Escrow, recovery or storing...

Upload and download streaming encryption to/from a cloud-based platform

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

501 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Upload and download streaming encryption to/from a cloud-based platform

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

501 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links