Encrypting files within a cloud computing environment

US 9,262,643 B2
Filed: 12/26/2012
Issued: 02/16/2016
Est. Priority Date: 02/22/2010
Status: Active Grant

First Claim

Patent Images

1. A method for encrypting a file, the method comprises:

retrieving the file from a storage service;

segmenting the file, by a management server, into multiple file segments;

calculating, by the management server, a file segment signature for each of the multiple file segments to provide multiple file segment signatures;

encrypting, by the management server, each of the multiple file segments to provide multiple encrypted file segments by using encryption keys that are calculated based on the multiple file segment signatures;

wherein the multiple encrypted file segments form an encrypted file; and

sending the multiple encrypted file segments to the storage service;

wherein at least one of the following is true;

(a) the method comprises deleting the file from the storage service and preventing the deletion of the file if the file has been modified by a user of the storage service during a predetermined period from a moment of the retrieving of the file;

(b) retrieving the file from the storage service, wherein the storage service applies a first de-duplication policy;

wherein the segmenting of the file by the management server is executed while applying a second de-duplication policy, wherein the second de-duplication policy is defined independent of the first de-duplication policy;

(c) retrieving the file from the storage service, wherein the storage service applies a first de-duplication policy;

wherein the segmenting of the file by the management server is executed while applying a second de-duplication policy, wherein the second de-duplication policy is defined in response to the first de-duplication policy; and

(d) retrieving the file from the storage service, wherein the storage service applies a first de-duplication policy;

wherein the segmenting of the file by the management server is executed while applying a second de-duplication policy, wherein the second de-duplication policy differs from the first de-duplication policy.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, computer readable medium and a method for encrypting a file, the method may include retrieving the file from a storage service; segmenting the file into multiple file segments; calculating a file segment signature for each of the multiple file segments to provide multiple file segment signatures; encrypting each of the multiple file segments to provide multiple encrypted file segments by using encryption keys that are in response to the multiple file segment signatures; wherein the multiple encrypted file segments form an encrypted file; and sending the multiple encrypted file segments to the storage service.

Citations

32 Claims

1. A method for encrypting a file, the method comprises:
- retrieving the file from a storage service;
  
  segmenting the file, by a management server, into multiple file segments;
  
  calculating, by the management server, a file segment signature for each of the multiple file segments to provide multiple file segment signatures;
  
  encrypting, by the management server, each of the multiple file segments to provide multiple encrypted file segments by using encryption keys that are calculated based on the multiple file segment signatures;
  
  wherein the multiple encrypted file segments form an encrypted file; and
  
  sending the multiple encrypted file segments to the storage service;
  
  wherein at least one of the following is true;
  
  (a) the method comprises deleting the file from the storage service and preventing the deletion of the file if the file has been modified by a user of the storage service during a predetermined period from a moment of the retrieving of the file;
  
  (b) retrieving the file from the storage service, wherein the storage service applies a first de-duplication policy;
  
  wherein the segmenting of the file by the management server is executed while applying a second de-duplication policy, wherein the second de-duplication policy is defined independent of the first de-duplication policy;
  
  (c) retrieving the file from the storage service, wherein the storage service applies a first de-duplication policy;
  
  wherein the segmenting of the file by the management server is executed while applying a second de-duplication policy, wherein the second de-duplication policy is defined in response to the first de-duplication policy; and
  
  (d) retrieving the file from the storage service, wherein the storage service applies a first de-duplication policy;
  
  wherein the segmenting of the file by the management server is executed while applying a second de-duplication policy, wherein the second de-duplication policy differs from the first de-duplication policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 2. The method according to claim 1, wherein at least one of the management server and the storage service belong to a cloud computing environment.
  - 3. The method according to claim 1, comprising calculating each encryption key based on a file segment signature associated with a file segment that is encrypted by the encryption key.
  - 4. The method according to claim 1, further comprising associating with the multiple encrypted file segments the multiple file segment signatures.
  - 5. The method according to claim 1, wherein the management server is located within a cloud computing environment.
  - 6. The method according to claim 5, further comprising flagging the encrypted file as being encrypted.
  - 7. The method according to claim 5, further comprising flagging the encrypted file as being encrypted by altering a file type of the encrypted file.
  - 8. The method according to claim 1, further comprising exposing the encrypted file to a user of the management server through an interface of the storage service.
  - 9. The method according to claim 1, wherein the segmenting comprises separating text content of the file and image content of the file.
  - 10. The method according to claim 1, comprising preventing the segmenting, the calculating and the encrypting of the file if the file has been modified by the user of the storage service during the predetermined period from the moment of the retrieving of the file by the management server.
  - 11. The method according to claim 1, comprising preventing the deletion of the file if the file has been modified by the user of the storage service during the predetermined period from the moment of the retrieving of the file.
  - 12. The method according to claim 11, wherein the finding of the initial file segments comprises applying at least one process out of Rabin fingerprint process and cyclic redundancy code (CRC) process.
  - 13. The method according to claim 1, wherein the segmenting comprising finding initial file segments by applying a first segmentation process;
    - and defining each file segment as comprising multiple initial file segments.
  - 14. The method according to claim 1, wherein the segmenting of the file into multiple file segments is executed independent of a file segmentation scheme applied on the file by the storage service.
  - 15. The method according to claim 1, wherein the segmenting of the file to multiple file segments is executed independent of a file segmentation scheme applied on the file by the storage service for de-duplication purposes.
  - 16. The method according to claim 1, wherein the file is associated with a certain user;
    - wherein the method comprises using different segmentation parameters for segmenting another file that is associated with another user that differs from the certain user.
  - 17. The method according to claim 1, wherein the file is associated with a certain user;
    - wherein the method comprises using different encryption parameters for encrypting another file that is associated with another user that differs from the certain user.
  - 18. The method according to claim 1, wherein the file is associated with a user of certain group of users;
    - wherein the method comprises using different segmentation parameters for segmenting another file that is associated with another user that belongs to another group of users.
  - 19. The method according to claim 1, wherein the file is associated with a user of certain group of user;
    - wherein the method comprises using different encryption parameters for segmenting another file that is associated with another user that belongs to another group of users.
  - 20. The method according to claim 1, comprising adding a user identifier to each file segment;
    - wherein the user identifier identifies a user associated with the file.
  - 21. The method according to claim 1, wherein identical file segments are associated with identical encryption keys.
  - 22. The method according to claim 1, comprising retrieving the file from the storage service, wherein the file is stored in a storage entity in an encrypted form and is decrypted by the storage service to be provided in a decrypted form to the management server;
    - wherein the encrypting by the management server is executed independent of a decryption applied by the storage service.
  - 23. The method according to claim 1 wherein the management server and the storage service are located in a cloud computing environment.
  - 24. The method according to claim 1, comprising retrieving the file from the storage service, wherein the storage service applies the first de-duplication policy;
    - wherein the segmenting of the file by the management server is executed while applying the second de-duplication policy, wherein the second de-duplication policy is defined independent of the first de-duplication policy.
  - 25. The method according to claim 1, comprising retrieving the file from the storage service, wherein the storage service applies the first de-duplication policy;
    - wherein the segmenting of the file by the management server is executed while applying the second de-duplication policy, wherein the second de-duplication policy is defined in response to the first de-duplication policy.
  - 26. The method according to claim 1, comprising retrieving the file from the storage service, wherein the storage service applies the first de-duplication policy;
    - wherein the segmenting of the file by the management server is executed while applying the second de-duplication policy, wherein the second de-duplication policy differs from the first de-duplication policy.
  - 27. The method according to claim 1 comprising sending the file to a cache memory before starting the segmenting, the calculating, and the encrypting actions.
  - 28. The method according to claim 1, comprising retrieving the file from a dedicated folder that is allocated for files to be encrypted.
  - 29. The method according to claim 1, comprising creating a new folder for files to be encrypted, wherein the folder is exposed to the user.
  - 30. The method according to claim 1, comprising retrieving the file from a dedicated folder that is allocated to files to be encrypted.
  - 31. The method according to claim 1, comprising flagging the encrypted file as being encrypted.
  - 32. The method according to claim 1, comprising changing a type of a file to a type that is indicative of the encryption of the file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Barracuda Networks Incorporated
Original Assignee
Sookasa, Inc. (Barracuda Networks Incorporated)
Inventors
Cidon, Asaf, Prabandham, Gopal Madan, Cidon, Israel, Chandrashekhar, Shetty, Gavish, Lior, Srour, Barak
Primary Examiner(s)
LE, UYEN T

Application Number

US13/726,641
Publication Number

US 20140013112A1
Time in Patent Office

1,147 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 16/122   using management policies b...

G06F 16/13   File access structures, e.g...

G06F 16/137   Hash-based content-based in...

G06F 16/182   Distributed file systems

G06F 21/6218   to a system of files or obj...

Encrypting files within a cloud computing environment

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Encrypting files within a cloud computing environment

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links