Secure cloud storage distribution and aggregation
First Claim
1. A method comprising:
- assigning to one or more users, by a gateway device, a policy for managing access to and processing a file to be stored on one or more cloud platforms, wherein the policy defines access rights of the one or more users;
encrypting, by the gateway device, using cryptographic key information defined by the policy, content of the file to produce a searchable encrypted file by;
dividing the file into a plurality of chunks;
creating namespaces for one or more of the plurality of chunks; and
configuring the namespaces of the one or more chunks such that content of the file is encrypted in a manner that makes it searchable;
storing, by the gateway device, the searchable encrypted file on the one or more cloud platforms based on the policy; and
managing access to the searchable encrypted file by the one or more users based on the policy.
1 Assignment
1 Petition
Accused Products
Abstract
Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user, which defines access rights, storage diversity requirements and a type of encryption to be applied to files. Responsive to receiving a request to store a file, (i) searchable encrypted data is created relating to content and/or metadata of the file based on the assigned file storage policy; and (ii) the searchable encrypted data is distributed among the third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy.
-
Citations
27 Claims
-
1. A method comprising:
-
assigning to one or more users, by a gateway device, a policy for managing access to and processing a file to be stored on one or more cloud platforms, wherein the policy defines access rights of the one or more users; encrypting, by the gateway device, using cryptographic key information defined by the policy, content of the file to produce a searchable encrypted file by; dividing the file into a plurality of chunks; creating namespaces for one or more of the plurality of chunks; and configuring the namespaces of the one or more chunks such that content of the file is encrypted in a manner that makes it searchable; storing, by the gateway device, the searchable encrypted file on the one or more cloud platforms based on the policy; and managing access to the searchable encrypted file by the one or more users based on the policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A secure cloud storage system comprising:
-
one or more processors; a communication interface mechanism; one or more internal data storage devices operatively coupled to the one or more processors and storing; a policy assignment module, which, when executed by the one or more processors, implements a policy selected from a group of policies for a user, wherein the policy defines and manages access to and processing of a file to be uploaded on a cloud, wherein the policy defines access rights of the user; an encryption module, which, when executed by the one or more processors; using cryptographic key information defined by the policy, produces a searchable encrypted file by encrypting content of the file to be stored across one or more cloud platforms; divides the file into a plurality of chunks; creates namespaces for one or more of the plurality of chunks; and configures the namespaces of the one or more chunks such that content of the file is encrypted in a manner that makes it searchable; a storage module, which, when executed by the one or more processors, stores the searchable encrypted file on the one or more cloud platforms based on the policy; and a management module, which, when executed by the one or more processors manages and controls access to the searchable encrypted file by the user based on the policy. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification