Secure cloud storage distribution and aggregation
First Claim
1. A method comprising:
- maintaining, by a trusted gateway device logically interposed between an enterprise network and a plurality of third-party cloud storage services, a plurality of cryptographic keys;
receiving, by the trusted gateway device, a local file from a user of the enterprise network that is to be stored across one or more cloud storage services of the plurality of third-party cloud storage services;
partitioning, by the trusted gateway device, the local file into a plurality of chunks of a predefined or configurable size;
causing to be created, by the trusted gateway device, a directory within the one or more cloud storage services, wherein a name attribute of the directory is set based on an encrypted version of a name of the local file;
selecting, by the trusted gateway device, a cryptographic key of the plurality of cryptographic keys based on a policy defined by the enterprise for the user; and
for each chunk of the plurality of chunks;
identifying, by the trusted gateway device, existence of data within the chunk associated with one or more predefined search indices of a plurality of predefined searchable indices;
generating, by the trusted gateway device, searchable encrypted metadata based on the identified data and the selected cryptographic key;
generating, by the trusted gateway device, an encrypted version of the chunk based on the selected cryptographic key; and
causing to be created, by the trusted gateway device, a remote file within the directory, wherein a name attribute of the remote file includes the searchable encrypted metadata and wherein a contents of the remote file includes the encrypted version of the chunk.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for secure cloud storage are provided. According to one embodiment, a gateway maintains multiple cryptographic keys. A file that is to be stored across multiple third-party cloud storage services is received by the gateway from a user of an enterprise network. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) existence of data is identified within the chunk associated with one or more predefined search indices; (ii) searchable encrypted metadata is generated based on the identified data and a selected cryptographic key; (iii) an encrypted version of the chunk is generated; and (iv) a file is created within the directory in which a name attribute includes the searchable encrypted metadata and the file content includes the encrypted chunk.
-
Citations
14 Claims
-
1. A method comprising:
-
maintaining, by a trusted gateway device logically interposed between an enterprise network and a plurality of third-party cloud storage services, a plurality of cryptographic keys; receiving, by the trusted gateway device, a local file from a user of the enterprise network that is to be stored across one or more cloud storage services of the plurality of third-party cloud storage services; partitioning, by the trusted gateway device, the local file into a plurality of chunks of a predefined or configurable size; causing to be created, by the trusted gateway device, a directory within the one or more cloud storage services, wherein a name attribute of the directory is set based on an encrypted version of a name of the local file; selecting, by the trusted gateway device, a cryptographic key of the plurality of cryptographic keys based on a policy defined by the enterprise for the user; and for each chunk of the plurality of chunks; identifying, by the trusted gateway device, existence of data within the chunk associated with one or more predefined search indices of a plurality of predefined searchable indices; generating, by the trusted gateway device, searchable encrypted metadata based on the identified data and the selected cryptographic key; generating, by the trusted gateway device, an encrypted version of the chunk based on the selected cryptographic key; and causing to be created, by the trusted gateway device, a remote file within the directory, wherein a name attribute of the remote file includes the searchable encrypted metadata and wherein a contents of the remote file includes the encrypted version of the chunk. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium embodying a set of instructions, which when executed by one or more processors of a trusted gateway device logically interposed between a plurality of third-party cloud storage services and an enterprise network, cause the one or more processors to perform a method comprising:
-
maintaining a plurality of cryptographic keys; receiving a local file from a user of the enterprise network that is to be stored across one or more cloud storage services of the plurality of third-party cloud storage services; partitioning the local file into a plurality of chunks of a predefined or configurable size; causing to be created a directory within the one or more cloud storage services, wherein a name attribute of the directory is set based on an encrypted version of a name of the local file; selecting a cryptographic key of the plurality of cryptographic keys based on a policy defined by the enterprise for the user; and for each chunk of the plurality of chunks; identifying existence of data within the chunk associated with one or more predefined search indices of a plurality of predefined searchable indices; generating searchable encrypted metadata based on the identified data and the selected cryptographic key; generating an encrypted version of the chunk based on the selected cryptographic key; and causing to be created a remote file within the directory, wherein a name attribute of the remote file includes the searchable encrypted metadata and wherein a contents of the remote file includes the encrypted version of the chunk. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification