Cloud file system
First Claim
1. A method performed by a cloud storage client in a client device for saving a plurality of files to a cloud file system, wherein the cloud file system resides, at least partially, in a cloud storage system, the method comprising the steps of:
- for each of the plurality of files, performing the following;
splitting that file into a plurality of chunks,for each of the plurality of chunks, performing the following;
generating an encryption key based on data with that chunk,encrypting that chunk using the generated encryption key,generating a chunk identifier based on data within the encrypted chunk,including the encryption key and the chunk identifier in a file manifest,determining whether the cloud storage system includes the encrypted chunk, andtransmitting the encrypted chunk and chunk identifier to the cloud storage system only if it is determined that the cloud storage system does not contain the encrypted chunk,wherein the file manifest includes a list of the encryption keys and corresponding chunk identifiers for the plurality of chunks,generating a file manifest encryption key based on the data within the file manifest,encrypting the file manifest using the file manifest encryption key,generating a file manifest identifier based on data within the encrypted file manifest,including the file manifest encryption key and the file manifest identifier in a file system manifest,determining whether the cloud storage system includes the encrypted file manifest, andtransmitting the encrypted file manifest and the file manifest identifier to the cloud storage system only if it is determined that the cloud storage system does not include the encrypted file manifest;
wherein the file system manifest includes a listing of the file manifests for each of the plurality of files and a path of the plurality of files;
encrypting the file system manifest; and
transmitting the encrypted file system manifest to the cloud storage system.
3 Assignments
0 Petitions
Accused Products
Abstract
A cloud storage system supporting user agnostic encryption and deduplication of encrypted files is described. Further the cloud storage system enables users to share a file, a group of files, or an entire file system with other users without a user sending each file to the other users. The cloud storage system further allows a client device to minimize the utilization of bandwidth by determining whether the encrypted data to transfer is already present in the cloud storage system. Further the cloud storage system comprises mechanisms for a client device to inform the cloud storage system of which data is likely to be required in the future so that the cloud storage system can make that data available with less latency one the client device requests the data.
65 Citations
162 Claims
-
1. A method performed by a cloud storage client in a client device for saving a plurality of files to a cloud file system, wherein the cloud file system resides, at least partially, in a cloud storage system, the method comprising the steps of:
-
for each of the plurality of files, performing the following; splitting that file into a plurality of chunks, for each of the plurality of chunks, performing the following; generating an encryption key based on data with that chunk, encrypting that chunk using the generated encryption key, generating a chunk identifier based on data within the encrypted chunk, including the encryption key and the chunk identifier in a file manifest, determining whether the cloud storage system includes the encrypted chunk, and transmitting the encrypted chunk and chunk identifier to the cloud storage system only if it is determined that the cloud storage system does not contain the encrypted chunk, wherein the file manifest includes a list of the encryption keys and corresponding chunk identifiers for the plurality of chunks, generating a file manifest encryption key based on the data within the file manifest, encrypting the file manifest using the file manifest encryption key, generating a file manifest identifier based on data within the encrypted file manifest, including the file manifest encryption key and the file manifest identifier in a file system manifest, determining whether the cloud storage system includes the encrypted file manifest, and transmitting the encrypted file manifest and the file manifest identifier to the cloud storage system only if it is determined that the cloud storage system does not include the encrypted file manifest; wherein the file system manifest includes a listing of the file manifests for each of the plurality of files and a path of the plurality of files; encrypting the file system manifest; and transmitting the encrypted file system manifest to the cloud storage system. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. At least one non-transitory machine-readable storage medium that provides instructions that, if executed by a processor of a client device, will cause said processor to perform operations for saving a plurality of files to a cloud file system that resides, at least partially, in a cloud storage system, the operations comprising:
-
for each of the plurality of files, performing the following; splitting that file into a plurality of chunks, for each of the plurality of chunks, performing the following; generating an encryption key based on data with that chunk, encrypting that chunk using the generated encryption key, generating a chunk identifier based on data within the encrypted chunk, including the encryption key and the chunk identifier in a file manifest, determining whether the cloud storage system includes the encrypted chunk, and transmitting the encrypted chunk and chunk identifier to the cloud storage system only if it is determined that the cloud storage system does not contain the encrypted chunk, wherein the file manifest includes a list of the encryption keys and corresponding chunk identifiers for the plurality of chunks, generating a file manifest encryption key based on the data within the file manifest, encrypting the file manifest using the file manifest encryption key, generating a file manifest identifier based on data within the encrypted file manifest, including the file manifest encryption key and the file manifest identifier in a file system manifest, determining whether the cloud storage system includes the encrypted file manifest, and transmitting the encrypted file manifest and the file manifest identifier to the cloud storage system only if it is determined that the cloud storage system does not include the encrypted file manifest; wherein the file system manifest includes a listing of the file manifests for each of the plurality of files and a path of the plurality of files; encrypting the file system manifest; and transmitting the encrypted file system manifest to the cloud storage system. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A client device configured to save a plurality of files to a cloud file system that resides, at least partially, in a cloud storage system, the client device comprising:
-
a processor to execute instructions, and at least one non-transitory machine-readable storage medium coupled with the processor, the medium storing one or more instructions that, when executed, cause the processor to perform operations comprising; for each of the plurality of files, performing the following; splitting that file into a plurality of chunks, for each of the plurality of chunks, performing the following; generating an encryption key based on data with that chunk, encrypting that chunk using the generated encryption key, generating a chunk identifier based on data within the encrypted chunk, including the encryption key and the chunk identifier in a file manifest, determining whether the cloud storage system includes the encrypted chunk, and transmitting the encrypted chunk and chunk identifier to the cloud storage system only if it is determined that the cloud storage system does not contain the encrypted chunk, wherein the file manifest includes a list of the encryption keys and corresponding chunk identifiers for the plurality of chunks, generating a file manifest encryption key based on the data within the file manifest, encrypting the file manifest using the file manifest encryption key, generating a file manifest identifier based on data within the encrypted file manifest, including the file manifest encryption key and the file manifest identifier in a file system manifest, determining whether the cloud storage system includes the encrypted file manifest, and transmitting the encrypted file manifest and the file manifest identifier to the cloud storage system only if it is determined that the cloud storage system does not include the encrypted file manifest; wherein the file system manifest includes a listing of the file manifests for each of the plurality of files and a path of the plurality of files; encrypting the file system manifest; and transmitting the encrypted file system manifest to the cloud storage system. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A method in a cloud storage client of a client device for reading a file stored in a cloud file system, wherein the cloud file system resides, at least partially, in a cloud storage system, the method comprising the steps of:
-
receiving an instruction from an operating system of the client device to read the file stored in the cloud file system; determining a file manifest identifier corresponding to the file, wherein the file manifest identifier identifies a file manifest that includes a listing of a plurality of encryption keys and a plurality of chunk identifiers corresponding to a plurality of chunks of the file, wherein determining the file manifest identifier corresponding to the file includes accessing a file system manifest that includes a listing of file manifests for files stored in the cloud file system and paths for those files; responsive to determining that a decrypted file manifest corresponding to the file manifest identifier and an encrypted file manifest corresponding to the file manifest identifier is not present in a local cache of the client device used for the cloud file system, downloading the encrypted file manifest from the cloud storage system; retrieving a key used to decrypt the encrypted file manifest; decrypting the encrypted file manifest using the retrieved key; determining the plurality of chunk identifiers from the decrypted file manifest; for each of the plurality of chunk identifiers, determining whether a decrypted chunk or an encrypted chunk corresponding to that chunk identifier is present in the local cache of the client device used for the cloud file system; for each of the plurality of chunk identifiers where a corresponding decrypted chunk or encrypted chunk is not present in the local cache of the client device used for the cloud file system, performing the following; downloading that encrypted chunk from the cloud storage system, retrieving, from the decrypted file manifest, a key to decrypt that encrypted chunk, and decrypting the encrypted chunk using the retrieved key; for each of the plurality of chunk identifiers where a corresponding encrypted chunk is present in the local cache of the client device used for the cloud file system, performing the following; retrieving, from the local cache, the encrypted chunk, retrieving, from the decrypted file manifest, a key to decrypt that encrypted chunk, and decrypting the encrypted chunk using the retrieved key; for each of the plurality of chunk identifiers where a decrypted chunk is present in the local cache of the client device used for the cloud file system, retrieving that decrypted chunk from the local cache; and returning the requested file to the cloud file system. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. At least one non-transitory machine-readable storage medium that provides instructions that, if executed by a processor of a client device, will cause said processor to perform operations for reading a file stored in a cloud file system that resides, at least partially, in a cloud storage system, the operations comprising:
-
receiving an instruction from an operating system of the client device to read the file stored in the cloud file system; determining a file manifest identifier corresponding to the file, wherein the file manifest identifier identifies a file manifest that includes a listing of a plurality of encryption keys and a plurality of chunk identifiers corresponding to a plurality of chunks of the file, wherein determining the file manifest identifier corresponding to the file includes accessing a file system manifest that includes a listing of file manifests for files stored in the cloud file system and paths for those files; responsive to determining that a decrypted file manifest corresponding to the file manifest identifier and an encrypted file manifest corresponding to the file manifest identifier is not present in a local cache of the client device used for the cloud file system, downloading the encrypted file manifest from the cloud storage system; retrieving a key used to decrypt the encrypted file manifest; decrypting the encrypted file manifest using the retrieved key; determining the plurality of chunk identifiers from the decrypted file manifest; for each of the plurality of chunk identifiers, determining whether a decrypted chunk or an encrypted chunk corresponding to that chunk identifier is present in the local cache of the client device used for the cloud file system; for each of the plurality of chunk identifiers where a corresponding decrypted chunk or encrypted chunk is not present in the local cache of the client device used for the cloud file system, performing the following; downloading that encrypted chunk from the cloud storage system, retrieving, from the decrypted file manifest, a key to decrypt that encrypted chunk, and decrypting the encrypted chunk using the retrieved key; for each of the plurality of chunk identifiers where a corresponding encrypted chunk is present in the local cache of the client device used for the cloud file system, performing the following; retrieving, from the local cache, the encrypted chunk, retrieving, from the decrypted file manifest, a key to decrypt that encrypted chunk, and decrypting the encrypted chunk using the retrieved key; for each of the plurality of chunk identifiers where a decrypted chunk is present in the local cache of the client device used for the cloud file system, retrieving that decrypted chunk from the local cache; and returning the requested file to the cloud file system. - View Dependent Claims (26, 27, 28, 29, 30)
-
-
31. A client device configured to read a file stored in a cloud file system that resides, at least partially, in a cloud storage system, the client device comprising:
-
a processor to execute instructions, and at least one non-transitory machine-readable storage medium coupled with the processor, the medium storing one or more instructions that, when executed, cause the processor to perform operations comprising; receiving an instruction from an operating system of the client device to read the file stored in the cloud file system; determining a file manifest identifier corresponding to the file, wherein the file manifest identifier identifies a file manifest that includes a listing of a plurality of encryption keys and a plurality of chunk identifiers corresponding to a plurality of chunks of the file, wherein determining the file manifest identifier corresponding to the file includes accessing a file system manifest that includes a listing of file manifests for files stored in the cloud file system and paths for those files; responsive to determining that a decrypted file manifest corresponding to the file manifest identifier and an encrypted file manifest corresponding to the file manifest identifier is not present in a local cache of the client device used for the cloud file system, downloading the encrypted file manifest from the cloud storage system; retrieving a key used to decrypt the encrypted file manifest; decrypting the encrypted file manifest using the retrieved key; determining the plurality of chunk identifiers from the decrypted file manifest; for each of the plurality of chunk identifiers, determining whether a decrypted chunk or an encrypted chunk corresponding to that chunk identifier is present in the local cache of the client device used for the cloud file system; for each of the plurality of chunk identifiers where a corresponding decrypted chunk or encrypted chunk is not present in the local cache of the client device used for the cloud file system, performing the following; downloading that encrypted chunk from the cloud storage system, retrieving, from the decrypted file manifest, a key to decrypt that encrypted chunk, and decrypting the encrypted chunk using the retrieved key; for each of the plurality of chunk identifiers where a corresponding encrypted chunk is present in the local cache of the client device used for the cloud file system, performing the following; retrieving, from the local cache, the encrypted chunk, retrieving, from the decrypted file manifest, a key to decrypt that encrypted chunk, and decrypting the encrypted chunk using the retrieved key; for each of the plurality of chunk identifiers where a decrypted chunk is present in the local cache of the client device used for the cloud file system, retrieving that decrypted chunk from the local cache; and returning the requested file to the cloud file system. - View Dependent Claims (32, 33, 34, 35, 36)
-
-
37. A method performed by a cloud storage client in a client device for saving a plurality of files to a cloud file system, wherein the cloud file system resides, at least partially, in a cloud storage system, the method comprising the steps of:
-
for each of the plurality of files, performing the following; splitting that file into a plurality of chunks, for each of the plurality of chunks, performing the following; generating an encryption key based on data with that chunk, encrypting that chunk using the generated encryption key, generating a chunk identifier based on data within the encrypted chunk, including the encryption key and the chunk identifier in a file manifest, determining whether the cloud storage system includes the encrypted chunk, and transmitting the encrypted chunk and chunk identifier to the cloud storage system only if it is determined that the cloud storage system does not contain the encrypted chunk, wherein the file manifest includes a list of the encryption keys and corresponding chunk identifiers for the plurality of chunks, generating a file manifest encryption key based on the data within the file manifest, encrypting the file manifest using the file manifest encryption key, generating a file manifest identifier based on data within the encrypted file manifest, including the file manifest encryption key and the file manifest identifier in a file system manifest, determining whether the cloud storage system includes the encrypted file manifest, and transmitting the encrypted file manifest and the file manifest identifier to the cloud storage system only if it is determined that the cloud storage system does not include the encrypted file manifest; wherein the file system manifest includes a listing of the file manifests; encrypting the file system manifest; generating a file system manifest identifier based on data within the encrypted file system manifest; including the file system manifest key and the file system manifest identifier in a user manifest that is associated with a user of the client device, wherein the user manifest includes information that indicates a mount point at which the user has mounted the cloud file system; encrypting the user manifest with a key specific to the user; and storing the encrypted user manifest in the cloud storage system. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44)
-
-
45. At least one non-transitory machine-readable storage medium that provides instructions that, if executed by a processor of a client device, will cause said processor to perform operations for saving a plurality of files to a cloud file system that resides, at least partially, in a cloud storage system, the operations comprising:
-
for each of the plurality of files, performing the following; splitting that file into a plurality of chunks, for each of the plurality of chunks, performing the following; generating an encryption key based on data with that chunk, encrypting that chunk using the generated encryption key, generating a chunk identifier based on data within the encrypted chunk, including the encryption key and the chunk identifier in a file manifest, determining whether the cloud storage system includes the encrypted chunk, and transmitting the encrypted chunk and chunk identifier to the cloud storage system only if it is determined that the cloud storage system does not contain the encrypted chunk, wherein the file manifest includes a list of the encryption keys and corresponding chunk identifiers for the plurality of chunks, generating a file manifest encryption key based on the data within the file manifest, encrypting the file manifest using the file manifest encryption key, generating a file manifest identifier based on data within the encrypted file manifest, including the file manifest encryption key and the file manifest identifier in a file system manifest, determining whether the cloud storage system includes the encrypted file manifest, and transmitting the encrypted file manifest and the file manifest identifier to the cloud storage system only if it is determined that the cloud storage system does not include the encrypted file manifest; wherein the file system manifest includes a listing of the file manifests; encrypting the file system manifest; generating a file system manifest identifier based on data within the encrypted file system manifest; including the file system manifest key and the file system manifest identifier in a user manifest that is associated with a user of the client device, wherein the user manifest includes information that indicates a mount point at which the user has mounted the cloud file system; encrypting the user manifest with a key specific to the user; and storing the encrypted user manifest in the cloud storage system. - View Dependent Claims (46, 47, 48, 49, 50, 51, 52)
-
-
53. A client device configured to save a plurality of files to a cloud file system that resides, at least partially, in a cloud storage system, the client device comprising:
-
a processor to execute instructions, and at least one non-transitory machine-readable storage medium coupled with the processor, the medium storing one or more instructions that, when executed, cause the processor to perform operations comprising; for each of the plurality of files, performing the following; splitting that file into a plurality of chunks, for each of the plurality of chunks, performing the following; generating an encryption key based on data with that chunk, encrypting that chunk using the generated encryption key, generating a chunk identifier based on data within the encrypted chunk, including the encryption key and the chunk identifier in a file manifest, determining whether the cloud storage system includes the encrypted chunk, and transmitting the encrypted chunk and chunk identifier to the cloud storage system only if it is determined that the cloud storage system does not contain the encrypted chunk, wherein the file manifest includes a list of the encryption keys and corresponding chunk identifiers for the plurality of chunks, generating a file manifest encryption key based on the data within the file manifest, encrypting the file manifest using the file manifest encryption key, generating a file manifest identifier based on data within the encrypted file manifest, including the file manifest encryption key and the file manifest identifier in a file system manifest, determining whether the cloud storage system includes the encrypted file manifest, and transmitting the encrypted file manifest and the file manifest identifier to the cloud storage system only if it is determined that the cloud storage system does not include the encrypted file manifest; wherein the file system manifest includes a listing of the file manifests; encrypting the file system manifest; generating a file system manifest identifier based on data within the encrypted file system manifest; including the file system manifest key and the file system manifest identifier in a user manifest that is associated with a user of the client device, wherein the user manifest includes information that indicates a mount point at which the user has mounted the cloud file system; encrypting the user manifest with a key specific to the user; and storing the encrypted user manifest in the cloud storage system. - View Dependent Claims (54, 55, 56, 57, 58, 59, 60)
-
-
61. A method in a cloud storage client of a client device for providing a user with access to a cloud file system, wherein the cloud file system resides, at least partially, in a cloud storage system, the method comprising:
-
retrieving an encrypted file system manifest and file system manifest encryption key, wherein the encrypted file system manifest corresponds with a file system manifest that has been shared by another user; decrypting the file system manifest using the file system manifest encryption key, wherein the decrypted file system manifest includes a listing of a set of one or more encrypted file manifests and a set of one or more file manifest keys; decrypting the set of encrypted file manifests using the set of file manifest keys, wherein each decrypted file manifest includes a set of encryption keys and a corresponding set of chunk identifiers of a file, wherein the file was encrypted in a user agnostic manner to allow encrypted file chunks to be deduplicated across multiple users at the cloud storage system; and adding the decrypted file system manifest to a user manifest of the user. - View Dependent Claims (62, 63, 64, 65, 66, 67, 68)
-
-
69. At least one non-transitory machine-readable storage medium that provides instructions that, if executed by a processor of a client device, will cause said processor to perform operations for providing a user with access to a cloud file system that resides, at least partially, in a cloud storage system, the operations comprising:
-
retrieving an encrypted file system manifest and file system manifest encryption key, wherein the encrypted file system manifest corresponds with a file system manifest that has been shared by another user; decrypting the file system manifest using the file system manifest encryption key, wherein the decrypted file system manifest includes a listing of a set of one or more encrypted file manifests and a set of one or more file manifest keys; decrypting the set of encrypted file manifests using the set of file manifest keys, wherein each decrypted file manifest includes a set of encryption keys and a corresponding set of chunk identifiers of a file, wherein the file was encrypted in a user agnostic manner to allow encrypted file chunks to be deduplicated across multiple users at the cloud storage system; and adding the decrypted file system manifest to a user manifest of the user. - View Dependent Claims (70, 71, 72, 73, 74, 75, 76)
-
-
77. A client device configured to provide a user with access to a cloud file system that resides, at least partially, in a cloud storage system, the client device comprising:
-
a processor to execute instructions, and at least one non-transitory machine-readable storage medium coupled with the processor, the medium storing one or more instructions that, when executed, cause the processor to perform operations comprising; retrieving an encrypted file system manifest and file system manifest encryption key, wherein the encrypted file system manifest corresponds with a file system manifest that has been shared by another user; decrypting the file system manifest using the file system manifest encryption key, wherein the decrypted file system manifest includes a listing of a set of one or more encrypted file manifests and a set of one or more file manifest keys; decrypting the set of encrypted file manifests using the set of file manifest keys, wherein each decrypted file manifest includes a set of encryption keys and a corresponding set of chunk identifiers of a file, wherein the file was encrypted in a user agnostic manner to allow encrypted file chunks to be deduplicated across multiple users at the cloud storage system; and adding the decrypted file system manifest to a user manifest of the user. - View Dependent Claims (78, 79, 80, 81, 82, 83, 84)
-
-
85. A method for use of a cloud file system (CFS) on a client device, wherein the CFS resides, at least partially, in a cloud storage system remote from the client device, the method comprising:
-
allocating space, in a local storage system of the client device, for storing data to act as a local cache of the CFS, receiving, in a file browser interface executing in the client device, a designation of a folder stored in the local file system to convert it and a plurality of files beneath it to the CFS, wherein the folder and the plurality of files are stored in the local storage system, and wherein the folder is identified at a location in the local file system, converting the folder, including the plurality of files, from storage in the local storage system to storage in the cloud storage system of the CFS, wherein the plurality of files are stored in the cloud storage system using a plurality of encrypted file chunks encrypted in a user agnostic manner to allow the encrypted file chunks to be deduplicated across multiple users at the cloud storage system, transmitting one or more of the plurality of encrypted file chunks to the cloud storage system, wherein the one or more of the plurality of encrypted file chunks are those of the plurality of encrypted file chunks that are not present in the cloud storage system, storing a file system manifest in the local cache of the CFS, wherein the file system manifest identifies the folder and the plurality of files, maintaining a representation of the folder at the location of the local file system such that each of the plurality of files may be accessed by a logical path at which that file was previously accessible, removing the plurality of files from the location of the local file system, and directing accesses to the folder to a CFS client module executing on the client device to provide access to each of the plurality of files now located in the cloud storage system via the logical path at which that file was previously accessible. - View Dependent Claims (86, 87, 88, 89, 90, 91, 92, 93, 94)
-
-
95. At least one non-transitory machine-readable storage medium that provides instructions that, if executed by a processor of a client device, will cause said processor to perform operations for use of a cloud file system (CFS) that resides, at least partially, in a cloud storage system remote from the client device, the operations comprising:
-
allocating space, in a local storage system of the client device, for storing data to act as a local cache of the CFS, receiving, in a file browser interface executing in the client device, a designation of a folder stored in the local file system to convert it and a plurality of files beneath it to the CFS, wherein the folder and the plurality of files are stored in the local storage system, and wherein the folder is identified at a location in the local file system, converting the folder, including the plurality of files, from storage in the local storage system to storage in the cloud storage system of the CFS, wherein the plurality of files are stored in the cloud storage system using a plurality of encrypted file chunks encrypted in a user agnostic manner to allow the encrypted file chunks to be deduplicated across multiple users at the cloud storage system, transmitting one or more of the plurality of encrypted file chunks to the cloud storage system, wherein the one or more of the plurality of encrypted file chunks are those of the plurality of encrypted file chunks that are not present in the cloud storage system, storing a file system manifest in the local cache of the CFS, wherein the file system manifest identifies the folder and the plurality of files, maintaining a representation of the folder at the location of the local file system such that each of the plurality of files may be accessed by a logical path at which that file was previously accessible, removing the plurality of files from the location of the local file system, and directing accesses to the folder to a CFS client module executing on the client device to provide access to each of the plurality of files now located in the cloud storage system via the logical path at which that file was previously accessible. - View Dependent Claims (96, 97, 98, 99, 100, 101, 102, 103, 104)
-
-
105. A client device configured to use a cloud file system (CFS) that resides, at least partially, in a cloud storage system remote from the client device, the client device comprising:
-
a processor to execute instructions, and at least one non-transitory machine-readable storage medium coupled with the processor, the medium storing one or more instructions that, when executed, cause the processor to perform operations comprising; allocating space, in a local storage system of the client device, for storing data to act as a local cache of the CFS, receiving, in a file browser interface executing in the client device, a designation of a folder stored in the local file system to convert it and a plurality of files beneath it to the CFS, wherein the folder and the plurality of files are stored in the local storage system, and wherein the folder is identified at a location in the local file system, converting the folder, including the plurality of files, from storage in the local storage system to storage in the cloud storage system of the CFS, wherein the plurality of files are stored in the cloud storage system using a plurality of encrypted file chunks encrypted in a user agnostic manner to allow the encrypted file chunks to be deduplicated across multiple users at the cloud storage system, transmitting one or more of the plurality of encrypted file chunks to the cloud storage system, wherein the one or more of the plurality of encrypted file chunks are those of the plurality of encrypted file chunks that are not present in the cloud storage system, storing a file system manifest in the local cache of the CFS, wherein the file system manifest identifies the folder and the plurality of files, maintaining a representation of the folder at the location of the local file system such that each of the plurality of files may be accessed by a logical path at which that file was previously accessible, removing the plurality of files from the location of the local file system, and directing accesses to the folder to a CFS client module executing on the client device to provide access to each of the plurality of files now located in the cloud storage system via the logical path at which that file was previously accessible. - View Dependent Claims (106, 107, 108, 109, 110, 111, 112, 113, 114)
-
-
115. A method in a cloud storage system that includes a cloud storage gateway and a set of one or more cloud storage pools, the cloud storage system providing at least part of a cloud file system for a plurality of client devices, the method comprising:
-
storing in a user agnostic deduplicated manner, a plurality of encrypted file chunks and a plurality of file chunk identifiers, wherein each of the encrypted file chunks is deduplicated in a user agnostic manner such that the presence of identical unencrypted file chunks is recognized through identical file chunk identifiers; responding to retrieval requests from one of the plurality of client devices by transmitting one or more of the plurality of encrypted file chunks identified in the retrieval requests; and responding to prefetch commands from the one of the plurality of client devices by, at least temporarily, storing encrypted file chunks in a remote cache of the cloud file system at the cloud storage gateway, wherein the cloud storage gateway is closer to the one of the plurality of client devices than the set of cloud storage pools. - View Dependent Claims (116, 117, 118)
-
-
119. At least one non-transitory machine-readable storage medium that provides instructions that, if executed by a processor of a cloud storage system that includes a cloud storage gateway and a set of one or more cloud storage pools, will cause said processor to perform operations comprising:
-
storing in a user agnostic deduplicated manner, a plurality of encrypted file chunks and a plurality of file chunk identifiers, wherein each of the encrypted file chunks is deduplicated in a user agnostic manner such that the presence of identical unencrypted file chunks is recognized through identical file chunk identifiers; responding to retrieval requests from one of a plurality of client devices by transmitting one or more of the plurality of encrypted file chunks identified in the retrieval requests; and responding to prefetch commands from the one of the plurality of client devices by, at least temporarily, storing encrypted file chunks in a remote cache of a cloud file system at the cloud storage gateway, wherein the cloud storage gateway is closer to the one of the plurality of client devices than the set of cloud storage pools. - View Dependent Claims (120, 121, 122)
-
-
123. A cloud storage system that provides access to a plurality of files stored in the cloud storage system as part of a plurality of cloud file systems (CFSs), wherein the cloud storage system comprises:
-
a cloud storage gateway configured to perform the following; receive data corresponding to CFS to store in the cloud storage system, respond to prefetch commands from a client device by, at least, temporarily storing one or more encrypted file chunks in a cache of the cloud storage gateway to reduce latency in responding to retrieval requests for those encrypted file chunks identified in the prefetch commands, and respond to retrieval requests from a client device by transmitting one or more encrypted files chunks identified in each retrieval requests; and a cloud storage pool configured to store the plurality of encrypted file chunks and a corresponding plurality of chunk identifiers, wherein each encrypted file chunk includes at least a portion of one or more of the plurality of files stored in the cloud storage system, wherein each of the plurality of encrypted file chunks is deduplicated in a user agnostic manner such the presence of identical unencrypted file chunks is recognized through identical file chunk identifiers, and wherein the cloud storage pool is further configured to retrieve each of the plurality of encrypted file chunks and transmit each of the plurality of encrypted file chunks to the cloud storage gateway. - View Dependent Claims (124, 125, 126)
-
-
127. A method for a content provider to distribute content to subscribers that are users of a cloud storage system, wherein the cloud storage system is coupled via a wide area network to a plurality of computing devices acting as client devices of the cloud storage system, the method comprising:
-
generating for each of the subscribers, by a computing device of the content provider, a cloud file system (CFS) containing their content, wherein the cloud storage system acts as a primary storage of data for the cloud file systems (CFSs), wherein each of the plurality of computing devices is configured to run a cloud file system (CFS) module that manages a local cache of the CFSs utilized by that client device, wherein files of the CFSs are encrypted using user agnostic encryption such that two files with the same data encrypted by different users will produce files with identical encrypted data, wherein the user agnostic file encryption requires for a CFS; for each file to the CFS performing the following; splitting the file into chunks, generating an encryption key for each chunk from the data within that chunk, encrypting each chunk with its the respective encryption key, generating a chunk identifier for each chunk, and generating a file manifest for each file, wherein the file manifest for each file includes the chunk identifiers and decryption keys for each of the encrypted chunks of the file, generating an encryption key for each the file manifest from the data within that file manifest, generating a file manifest identifier for each the file manifest, encrypting the file manifest with the encryption key generated for the file manifest; uploading any of the encrypted chunks and the encrypted file manifest not already stored in the cloud storage system; generating a file system manifest with the file manifest identifiers and the encryption keys generated for the file manifest; and encrypting the file system manifest with an encryption key; and sharing the CFSs with the respective users. - View Dependent Claims (128, 129, 130)
-
-
131. At least one non-transitory machine-readable storage medium that provides instructions that, if executed by a processor of a cloud storage system, will cause said processor to perform operations for distributing content to subscribers that are users of the cloud storage system, wherein the cloud storage system is coupled via a wide area network to a plurality of computing devices acting as client devices of the cloud storage system, the operations comprising:
-
generating for each of the subscribers, by a computing device of the content provider, a cloud file system (CFS) containing their content, wherein the cloud storage system acts as a primary storage of data for the cloud file systems (CFSs), wherein each of the plurality of computing devices is configured to run a cloud file system (CFS) module that manages a local cache of the CFSs utilized by that client device, wherein files of the CFSs are encrypted using user agnostic encryption such that two files with the same data encrypted by different users will produce files with identical encrypted data, wherein the user agnostic file encryption requires for a CFS; for each file to the CFS performing the following; splitting the file into chunks, generating an encryption key for each chunk from the data within that chunk, encrypting each chunk with its the respective encryption key, generating a chunk identifier for each chunk, and generating a file manifest for each file, wherein the file manifest for each file includes the chunk identifiers and decryption keys for each of the encrypted chunks of the file, generating an encryption key for each the file manifest from the data within that file manifest, generating a file manifest identifier for each the file manifest, encrypting the file manifest with the encryption key generated for the file manifest; uploading any of the encrypted chunks and the encrypted file manifest not already stored in the cloud storage system; generating a file system manifest with the file manifest identifiers and the encryption keys generated for the file manifest; and encrypting the file system manifest with an encryption key; and sharing the CFSs with the respective users. - View Dependent Claims (132, 133, 134)
-
-
135. A cloud storage system comprising:
-
a processor to execute instructions, and at least one non-transitory machine-readable storage medium coupled with the processor, the medium storing one or more instructions that, when executed, cause the processor to perform operations for distributing content to subscribers that are users of the cloud storage system, wherein the cloud storage system is coupled via a wide area network to a plurality of computing devices acting as client devices of the cloud storage system, the operations comprising; generating for each of the subscribers, by a computing device of the content provider, a cloud file system (CFS) containing their content, wherein the cloud storage system acts as a primary storage of data for the cloud file systems (CFSs), wherein each of the plurality of computing devices is configured to run a cloud file system (CFS) module that manages a local cache of the CFSs utilized by that client device, wherein files of the CFSs are encrypted using user agnostic encryption such that two files with the same data encrypted by different users will produce files with identical encrypted data, wherein the user agnostic file encryption requires for a CFS; for each file to the CFS performing the following; splitting the file into chunks, generating an encryption key for each chunk from the data within that chunk, encrypting each chunk with its the respective encryption key, generating a chunk identifier for each chunk, and generating a file manifest for each file, wherein the file manifest for each file includes the chunk identifiers and decryption keys for each of the encrypted chunks of the file, generating an encryption key for each the file manifest from the data within that file manifest, generating a file manifest identifier for each the file manifest, encrypting the file manifest with the encryption key generated for the file manifest; uploading any of the encrypted chunks and the encrypted file manifest not already stored in the cloud storage system; generating a file system manifest with the file manifest identifiers and the encryption keys generated for the file manifest; and encrypting the file system manifest with an encryption key; and sharing the CFSs with the respective users. - View Dependent Claims (136, 137, 138)
-
-
139. A cloud storage system coupled via a wide area network to a plurality of computing devices acting as client devices of the cloud storage system, each of the plurality of computing devices is configured to run a cloud file system (CFS) module that manages a local cache of the CFSs utilized by that client device, wherein the cloud storage system acts as a primary storage of data for the cloud file systems (CFSs), wherein the cloud storage system includes:
-
a cloud storage pool that stores CFSs generated by a content provider to distribute content to subscribers by generating the CFS containing their content and sharing the CFSs with the respective subscribers, for each of the CFSs; an encrypted file system manifest; a plurality of encrypted file manifests; and a plurality of encrypted file chunks, wherein the encrypted file system manifest identifies each of the plurality of file manifest, and each of the file manifest represents one file of the CFS and identifiers those of the encrypted file chunks FSM that comprise that file, wherein the plurality of encrypted file manifests and encrypted file chunks were encrypted by the CFS modules using user agnostic encryption, wherein use agnostic encryption requires, an encryption key be generated from the data to be encrypted, that data to be encrypted by the generated key, and an identifier be generated for that data; and a cloud storage gateway coupled to wide area network and the cloud storage pool to translate requests from the client devices to cloud storage system application programming interface (“
API”
) calls for the cloud storage pool. - View Dependent Claims (140, 141)
-
-
142. A method for providing cloud storage, the method comprising:
-
storing, in a cloud storage system, user-agnostic encrypted user data of a plurality of files of a plurality of cloud file systems of a plurality of client devices of a plurality of users that has been deduplicated across the users, wherein the user-agnostic encrypted data was generated using the same user agnostic encryption function such that the same data encrypted for different ones of the users will produce identical encrypted data, wherein the user-agnostic encrypted data of each of the files of the cloud file systems of the client devices of the users includes one or more encrypted keys to decrypt that user-agnostic encrypted data, those one or more encrypted keys being encrypted with an encryption key unique to that user; wherein each of the cloud file systems stored by the cloud storage system includes a path at which each file should be displayed by the corresponding client device, wherein each client device includes a root file system that comprises a file system hierarchy for accessing files and folders on the client device, wherein each cloud file system is mounted as one of a drive and a folder at a mount point in the folder hierarchy of the client device'"'"'s storage system, wherein the cloud storage system acts as a primary storage of data for the cloud file systems, wherein the cloud storage system has substantially larger capacity than the client devices, and wherein the amount of storage space available to the users is based on the amount of storage in the cloud storage system. - View Dependent Claims (143, 144, 145, 146, 147, 148, 149, 150)
-
-
151. An apparatus, comprising:
a cloud storage system that provides a plurality of users online storage and retrieval of their data, wherein the amount of storage space available to the users is based on the amount of storage of the cloud storage system, and wherein the cloud storage system is configured to perform the following; store encrypted user data of the plurality of users in a user agnostic deduplicated manner, wherein the user data is encrypted using a same user agnostic encryption function such that the same data of different users produces identical encrypted data, store, for each of the users, one or more encrypted keys to decrypt the encrypted user data of at least that user, wherein the one or more encrypted keys to decrypt the encrypted user data of that user have been encrypted with an encryption key that is unique to that user, and wherein each piece of encrypted user data and the one or more encrypted keys to decrypt that piece of user data are stored in association with an identifier that has been generated such that the identifier would be the same regardless of which user that piece of encrypted user data belongs; receive requests for different pieces of the stored encrypted user data from client devices of the users, wherein each request indicates an identifier for a piece of the stored encrypted user data; and in response to receipt of each of the requests, access the stored encrypted user data that corresponds to the identifier indicated in that request, and transmit the accessed stored encrypted user data to that client device. - View Dependent Claims (152, 153, 154, 155, 156, 157, 158)
-
159. A method in a client device, comprising:
-
encrypting data of a file of a user of the client device with a user agnostic file encryption function, wherein the user agnostic file encryption function performs the following; generating a user agnostic encryption key from the data; encrypting the data with the encryption key; and generating an identifier (ID) for the encrypted data based on the encrypted data; encrypting the generated user agnostic encryption key with an encryption key that is unique to the user of the client device; transmitting the encrypted data, the encrypted user agnostic encryption key, and the identifier to a cloud storage system that is to store the encrypted data in a user-agnostic deduplicated manner such that the encrypted data is deduplicated across a plurality of users; receiving an instruction from an operating system of the client device to read the file that corresponds with the encrypted data; transmitting a request for the encrypted data to the cloud storage system, wherein the request indicates the identifier for the encrypted data; receiving the encrypted data and the encrypted user agnostic encryption key from the cloud storage system; decrypting the encrypted user agnostic encryption key using the encryption key that is unique to the user of the client device; and decrypting the received encrypted data using the decrypted user agnostic encryption key. - View Dependent Claims (160, 161, 162)
-
Specification