Protecting data in insecure cloud storage
First Claim
Patent Images
1. A system for processing data, comprising:
- a first client configured to;
encrypt a first set of data;
upload the encrypted first set of data to a volume on a cloud storage system; and
create a commit record of the upload, wherein the commit record comprises;
a hash-based message authentication code (HMAC) of a path associated with the data;
a previous state of the data;
a current state of the data;
metadata for the data;
a digital signature from the first client; and
a timestamp; and
a synchronization server configured to;
verify access to the volume by the first client;
include the commit record in a change set comprising a set of commit records associated with the volume;
sign the change set; and
provide the change set for use in synchronizing the upload with a second client.
2 Assignments
0 Petitions
Accused Products
Abstract
The disclosed embodiments provide a system that processes data. The system includes a first client that encrypts a first set of data, uploads the encrypted first set of data to a volume on a cloud storage system, and creates a commit record of the upload. The system also includes a synchronization server that verifies access to the volume by the first client and includes the commit record in a change set containing a set of commit records associated with the volume. The synchronization server also signs the change set and provides the change set for use in synchronizing the upload with a second client.
18 Citations
23 Claims
-
1. A system for processing data, comprising:
-
a first client configured to; encrypt a first set of data; upload the encrypted first set of data to a volume on a cloud storage system; and create a commit record of the upload, wherein the commit record comprises; a hash-based message authentication code (HMAC) of a path associated with the data; a previous state of the data; a current state of the data; metadata for the data; a digital signature from the first client; and a timestamp; and a synchronization server configured to; verify access to the volume by the first client; include the commit record in a change set comprising a set of commit records associated with the volume; sign the change set; and provide the change set for use in synchronizing the upload with a second client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method for processing data, comprising:
-
encrypting a first set of data on a first client; uploading the encrypted first set of data from the first client to a volume on a cloud storage system; creating a commit record of the upload, wherein the commit record comprises; a hash-based message authentication code (HMAC) of a path associated with the data; a previous state of the data; a current state of the data; metadata for the data; a digital signature from the first client; and a timestamp; and providing the commit record to a synchronization server, wherein the commit record is used by the synchronization server to synchronize the upload with a second client associated with the volume. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer-implemented method for synchronizing data, comprising:
obtaining, from a first client, a commit record of data uploaded to a volume on a cloud storage system, wherein the commit record comprises; a hash-based message authentication code (HMAC) of a path associated with the data, a previous state of the data; a current state of the data; metadata for the data; a digital signature from the first client; and a timestamp; using the digital signature in the commit record to verify access to the volume by the first client; including the commit record in a change set; signing the change set; and providing the change set for use in synchronizing the upload with a second client associated with the volume. - View Dependent Claims (17, 18)
-
19. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for processing data, the method comprising:
-
encrypting a first set of data on a first client; uploading the encrypted first set of data from the first client to a volume on a cloud storage system; creating a commit record of the upload, wherein the commit record comprises; a hash-based message authentication code (HMAC) of a path associated with the data, a previous state of the data; a current state of the data; metadata for the data; a digital signature from the first client; and a timestamp; and providing the commit record to a synchronization server, wherein the commit record is used by the synchronization server to synchronize the upload with a second client associated with the volume. - View Dependent Claims (20, 21, 22, 23)
-
Specification