Secure cloud storage distribution and aggregation

US 9,280,678 B2
Filed: 12/02/2013
Issued: 03/08/2016
Est. Priority Date: 12/02/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

assigning to one or more users, by a gateway device, a policy for managing access to and processing a file to be stored on one or more cloud platforms, wherein the policy defines access rights of the one or more users;

encrypting, by the gateway device, using cryptographic key information defined by the policy, content of the file to produce a searchable encrypted file by;

dividing the file into a plurality of chunks;

creating namespaces for one or more of the plurality of chunks; and

configuring the namespaces of the one or more chunks such that content of the file is encrypted in a manner that makes it searchable;

storing, by the gateway device, the searchable encrypted file on the one or more cloud platforms based on the policy; and

managing access to the searchable encrypted file by the one or more users based on the policy.

View all claims

1 Assignment

Timeline View

Assignment View

1 Petition

Accused Products

Abstract

Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user, which defines access rights, storage diversity requirements and a type of encryption to be applied to files. Responsive to receiving a request to store a file, (i) searchable encrypted data is created relating to content and/or metadata of the file based on the assigned file storage policy; and (ii) the searchable encrypted data is distributed among the third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy.

Citations

27 Claims

1. A method comprising:
- assigning to one or more users, by a gateway device, a policy for managing access to and processing a file to be stored on one or more cloud platforms, wherein the policy defines access rights of the one or more users;
  
  encrypting, by the gateway device, using cryptographic key information defined by the policy, content of the file to produce a searchable encrypted file by;
  
  dividing the file into a plurality of chunks;
  
  creating namespaces for one or more of the plurality of chunks; and
  
  configuring the namespaces of the one or more chunks such that content of the file is encrypted in a manner that makes it searchable;
  
  storing, by the gateway device, the searchable encrypted file on the one or more cloud platforms based on the policy; and
  
  managing access to the searchable encrypted file by the one or more users based on the policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the step of managing comprises allowing the one or more users to download the searchable encrypted file to a local device.
  - 3. The method of claim 2, wherein the local device comprises a mobile computing device.
  - 4. The method of claim 2, wherein the downloaded encrypted file is searchable by the one or more users using the cryptographic key information.
  - 5. The method of claim 1, wherein a set of chunks from the plurality of chunks is searchable.
  - 6. The method of claim 1, wherein the step of configuring the namespaces comprises storing content of the file as filenames.
  - 7. The method of claim 1, wherein the step of encrypting further comprises the step of randomly creating empty files.
  - 8. The method of claim 1, wherein the step of encrypting the file is carried out independent of the service provider of the one or more cloud platforms.
  - 9. The method of claim 1, wherein the policy is implemented for a group of users.
  - 10. The method of claim 1, wherein the policy defines the manner in which the file is stored, accessed, and processed.
  - 11. The method of claim 1, wherein the file is stored across two or more cloud platforms.
  - 12. The method of claim 1, wherein said storing the searchable encrypted file on the one or more cloud platforms is carried out independent of the service provider of the one or more cloud platforms.
  - 13. The method of claim 1, wherein the policy is selected from a plurality of policies stored in a database, wherein the database is operatively coupled with the gateway device.
  - 14. The method of claim 1, wherein the policy defines one or more of a set of encryption keys, a set of decryption keys, search indices, a type of encryption and one or more authorized locations to which the file may be stored.
  - 15. The method of claim 1, wherein said encrypting further comprises encrypting one or more of filename and search indices.

16. A secure cloud storage system comprising:
- one or more processors;
  
  a communication interface mechanism;
  
  one or more internal data storage devices operatively coupled to the one or more processors and storing;
  
  a policy assignment module, which, when executed by the one or more processors, implements a policy selected from a group of policies for a user, wherein the policy defines and manages access to and processing of a file to be uploaded on a cloud, wherein the policy defines access rights of the user;
  
  an encryption module, which, when executed by the one or more processors;
  
  using cryptographic key information defined by the policy, produces a searchable encrypted file by encrypting content of the file to be stored across one or more cloud platforms;
  
  divides the file into a plurality of chunks;
  
  creates namespaces for one or more of the plurality of chunks; and
  
  configures the namespaces of the one or more chunks such that content of the file is encrypted in a manner that makes it searchable;
  
  a storage module, which, when executed by the one or more processors, stores the searchable encrypted file on the one or more cloud platforms based on the policy; and
  
  a management module, which, when executed by the one or more processors manages and controls access to the searchable encrypted file by the user based on the policy.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 17. The system of claim 16, wherein the management module further allows the user to download the searchable encrypted file to a local device.
  - 18. The system of claim 17, wherein the downloaded encrypted file is searchable by the user using the cryptographic key information defined by the policy.
  - 19. The system of claim 16, wherein a set of chunks from the plurality of chunks is searchable.
  - 20. The system of claim 16, wherein the encryption module further randomly creates empty files.
  - 21. The system of claim 16, wherein one or more of the policy assignment module, the encryption module, the storage module, and the management module are implemented on different devices, wherein the devices are selected from one or more of access management devices, proxy devices, gateway devices, and network controllers.
  - 22. The system of claim 16, further comprising a mediation module, which, when executed by the one or more processors makes implementation of one or more of the policy assignment module, the encryption module, the storage module, and the policy management module independent of the service provider of the one or more cloud platforms.
  - 23. The system of claim 16, wherein the policy is implemented for a group of users.
  - 24. The system of claim 16, wherein the policy defines the manner in which the file is stored and processed.
  - 25. The system of claim 16, wherein the file is stored across two or more cloud storage platforms.
  - 26. The system of claim 16, wherein the group of policies are stored in a database operatively coupled with the system.
  - 27. The system of claim 16, wherein the policy defines and manages one or more of encryption keys, decryption keys, search indices, type of encryption, and location of the file.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
Redberg, David A.
Primary Examiner(s)
LEWIS, LISA C

Application Number

US14/094,484
Publication Number

US 20150154418A1
Time in Patent Office

827 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/148   File search processing

G06F 16/164   File meta data generation

G06F 16/182   Distributed file systems

G06F 21/60   Protecting data

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 21/6272   by registering files or doc...

H04L 63/02   for separating internal fro...

H04L 63/06   for supporting key manageme...

H04L 63/20   for managing network securi...

H04L 9/0631   Substitution permutation ne...

Secure cloud storage distribution and aggregation

First Claim

1 Assignment

1 Petition

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Secure cloud storage distribution and aggregation

First Claim

1 Assignment

Subscription Required

Subscription Required

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links