Crypto proxy for cloud storage services

US 9,137,222 B2
Filed: 10/31/2012
Issued: 09/15/2015
Est. Priority Date: 10/31/2012
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprising:

receiving, by a proxy from a first client node, a file to be stored by a cloud storage server, the proxy and the client node being part of a private network that does not include the cloud storage server;

retrieving, by the proxy, an encryption key associated with a user of a client node;

encrypting, by the proxy, the file using the encryption key;

transmitting, by the proxy, the encrypted file to the cloud storage server;

generating, by the proxy, a public link for accessing the file, wherein the public link includes a unique identifier for the file and points to an address of the proxy, and wherein the public link is provided by the first user of the first client node to a second user of a second client node;

receiving, by the proxy from said second client node, a request to access the file, the request being initiated via the public link;

verifying, by the proxy upon receiving the request, that the public link was previously generated by the proxy; and

in response to the verifying, if a copy of the file is not locally available on the proxy;

retrieving, by the proxy, the encrypted file from the cloud storage server;

retrieving, by the proxy, a decryption key associated with the first user;

decrypting, by the proxy, the encrypted file using the decryption key; and

transmitting, by the proxy, the decrypted file to said second client node.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a proxy receives, from a client node, a file to be stored by a cloud storage server, where the proxy and the client node are part of a private network that does not include the cloud storage server. The proxy retrieves an encryption key associated with a user of the client node and encrypts the file using the encryption key. The proxy then transmits the encrypted file to the cloud storage server.

17 Citations

View as Search Results

21 Claims

1. A computer implemented method comprising:
- receiving, by a proxy from a first client node, a file to be stored by a cloud storage server, the proxy and the client node being part of a private network that does not include the cloud storage server;
  
  retrieving, by the proxy, an encryption key associated with a user of a client node;
  
  encrypting, by the proxy, the file using the encryption key;
  
  transmitting, by the proxy, the encrypted file to the cloud storage server;
  
  generating, by the proxy, a public link for accessing the file, wherein the public link includes a unique identifier for the file and points to an address of the proxy, and wherein the public link is provided by the first user of the first client node to a second user of a second client node;
  
  receiving, by the proxy from said second client node, a request to access the file, the request being initiated via the public link;
  
  verifying, by the proxy upon receiving the request, that the public link was previously generated by the proxy; and
  
  in response to the verifying, if a copy of the file is not locally available on the proxy;
  
  retrieving, by the proxy, the encrypted file from the cloud storage server;
  
  retrieving, by the proxy, a decryption key associated with the first user;
  
  decrypting, by the proxy, the encrypted file using the decryption key; and
  
  transmitting, by the proxy, the decrypted file to said second client node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein the encryption key and the decryption key are maintained by the proxy.
  - 3. The method of claim 1 wherein the encryption key and the decryption key are maintained by a server system that is separate from the proxy.
  - 4. The method of claim 1 further comprising, prior to the encrypting:
    - determining a type of the file; and
      
      based on the type, processing the file using one of a plurality of file services.
  - 5. The method of claim 4 wherein processing the file comprises generating a thumbnail image of the file.
  - 6. The method of claim 5 further comprising:
    - receiving, from the client node, a request to preview the file; and
      
      in response to the request, transmitting the thumbnail image to the client node.
  - 7. The method of claim 4 wherein the type of the file is a text document, and wherein processing the file comprises generating indexing information for searching the file.
  - 8. The method of claim 7 further comprising:
    - receiving, from the client node, a search query;
      
      in response to the search query, accessing the indexing information to determine whether the file satisfies the search query; and
      
      if the file satisfies the search query, transmitting the file to the client node.
  - 9. The method of claim 1 further comprising storing a copy of the file in a proxy cache.
  - 10. The method of claim 9 further comprising:
    - receiving, from the client node, a request to access the file;
      
      in response to the request, retrieving the copy of the file from the proxy cache; and
      
      transmitting the copy of the file to the client node.
  - 11. The method of claim 1 wherein the proxy is a virtual machine executing on one or more physical computer systems.
  - 12. The method of claim 1 further comprising:
    - if a copy of the file is locally available on the proxy, transmitting the copy of the file to said another client node, without accessing the cloud storage server.
  - 13. The method of claim 1 wherein said another client node is not part of the private network.

14. A non-transitory machine readable storage medium embodying computer software, the computer software causing a proxy to perform a method, the method comprising:
- receiving, from a first client node, a file to be stored by a cloud storage server, the proxy and the client node being part of a private network that does not include the cloud storage server;
  
  retrieving an encryption key associated with a user of the client node;
  
  encrypting the file using the encryption key;
  
  transmitting the encrypted file to the cloud storage server;
  
  generating a public link for accessing the file, wherein the public link includes a unique identifier for the file and points to an address of the proxy, and wherein the public link is provided by the first user of the first client node to a second user of a second client node;
  
  receiving from said second client node, a request to access the file, the request being initiated via the public link;
  
  verifying upon receiving the request, that the public link was previously generated by the proxy;
  
  in response to the verifying, if a copy of the file is not locally available on the proxy;
  
  retrieving the encrypted file from the cloud storage server;
  
  retrieving a decryption key associated with the first user;
  
  decrypting the encrypted file using the decryption key; and
  
  transmitting the decrypted file to said second client node.
- View Dependent Claims (15, 16, 17)
- - 15. The non-transitory computer readable storage medium of claim 14 wherein the method further comprises:
    - determining a type of the file; and
      
      processing the file based on the type prior to the encrypting using one of a plurality of file services.
  - 16. The non-transitory machine readable storage medium of claim 14 wherein the method further comprises:
    - if a copy of the file is locally available on the proxy, transmitting the copy of the file to said another client node, without accessing the cloud storage server.
  - 17. The non-transitory machine readable storage medium of claim 14 wherein said another client node is not part of the private network.

18. A Proxy comprising:
- a memory; and
  
  one or more processors configured to;
  
  receive from a first client node, a file to be stored by a cloud storage server, the apparatus and the client node being part of a private network that does not include the cloud storage server;
  
  retrieve an encryption key associated with a user of the client node;
  
  encrypt the file using the encryption key;
  
  transmit the encrypted file to the cloud storage server;
  
  generate a public link for accessing the file, wherein the public link includes a unique identifier for the file and points to an address of the proxy, and wherein the public link is provided by the first user of the first client node to a second user of a second client node;
  
  receive from said second client node, a request to access the file, the request being initiated via the public link;
  
  verify upon receiving the request, that the public link was previously generated by the proxy; and
  
  in response to the verifying, if a copy of the file is not locally available on the apparatus;
  
  retrieve the encrypted file from the cloud storage server;
  
  retrieve a decryption key associated with the first user;
  
  decrypt the encrypted file using the decryption key; and
  
  transmit the file to said second client node.
- View Dependent Claims (19, 20, 21)
- - 19. The proxy of claim 18 wherein the processor is further configured to:
    - determine a type of the file; and
      
      based on the type, process the file prior to the encrypting using one of a plurality of file services.
  - 20. The proxy of claim 18 wherein the one or more processors are further configured to:
    - if a copy of the file is locally available on the apparatus, transmit the copy of the file to said another client node, without accessing the cloud storage server.
  - 21. The proxy of claim 18 wherein said another client node is not part of the private network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.), Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.), DECHO Corporation (Open Text Corporation)
Inventors
Haeger, Edward Scarlett, Schurig, Karl, Cenname, Michael, Elliott, Steve, Skowronski, Andrew
Primary Examiner(s)
ALMEIDA, DEVIN E

Application Number

US13/665,651
Publication Number

US 20140122866A1
Time in Patent Office

1,049 Days
Field of Search

713/153
US Class Current

1/1
CPC Class Codes

H04L 63/0471   applying encryption by an i...

H04L 63/061   for key exchange, e.g. in p...

H04L 67/10   in which an application is ...

Crypto proxy for cloud storage services

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Crypto proxy for cloud storage services

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others