UPLOAD AND DOWNLOAD STREAMING ENCRYPTION TO/FROM A CLOUD-BASED PLATFORM

US 20140068254A1
Filed: 08/26/2013
Published: 03/06/2014
Est. Priority Date: 08/29/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of a cloud-based collaboration platform, the method, comprising:

receiving a data file, the data file being encrypted with a first key;

receiving the first key encrypted with a second key;

decrypting the first key with the second key;

determining an index into an encryption key pool based on the value of the second key, the key encryption pool comprising a plurality of indexed keys;

selecting a third key corresponding to the determined index from the key encryption pool;

encrypting the first key with the third key to generate an encrypted key file;

storing the encrypted key file and the encrypted data file in a storage location;

creating a record associating the data file with the encrypted data file and the encrypted key file; and

storing a record of the correspondence between the third key and the encrypted data file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present disclosure include systems and methods for upload and/or download streaming encryption to/from an online service, or cloud-based platform or environment. The encryption process includes the following parts: Upload encryption, download decryption, and a central piece of infrastructure called the Interval Key Server (IKS). During both upload and download, the encryption and decryption processes are performed while the files are being uploaded/downloaded, (e.g., the files are being encrypted/decrypted as they are being streamed).

Citations

23 Claims

1. A computer-implemented method of a cloud-based collaboration platform, the method, comprising:
- receiving a data file, the data file being encrypted with a first key;
  
  receiving the first key encrypted with a second key;
  
  decrypting the first key with the second key;
  
  determining an index into an encryption key pool based on the value of the second key, the key encryption pool comprising a plurality of indexed keys;
  
  selecting a third key corresponding to the determined index from the key encryption pool;
  
  encrypting the first key with the third key to generate an encrypted key file;
  
  storing the encrypted key file and the encrypted data file in a storage location;
  
  creating a record associating the data file with the encrypted data file and the encrypted key file; and
  
  storing a record of the correspondence between the third key and the encrypted data file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer-implemented method of claim 1, wherein determining an index comprises calculating a checksum of the second key and selecting the index corresponding to the checksum modulo the number of encryption pool keys.
  - 3. The computer-implemented method of claim 1, wherein the third key comprises more bits than the second key.
  - 4. The computer-implemented method of claim 1, wherein the encryption key pool comprises at least one key generated using a different method from another key in the key pool.
  - 5. The computer-implemented method of claim 1, wherein creating a record further comprises inserting a version identifier into the encrypted data file.
  - 6. The computer-implemented method of claim 1, wherein the encrypted key file comprises a version number and a key id, the key id associated with the third key.
  - 7. The computer-implemented method of claim 1, wherein the encrypted data file is received from a client device via a POST action.
  - 8. The computer-implemented method of claim 1, wherein the encrypted data file is received from a client device via a GET action, and the response comprises a response to the GET action.
  - 9. The computer-implemented method of claim 1, wherein the encrypted data file is received from a client device, the method further comprising providing a response to the client device.
  - 10. The computer-implemented method of claim 1, further comprising:
    - receiving a request for the data file;
      
      responding to the request with a first header entry indicating the location of the encryption key file; and
      
      responding to the request with a second header entry indicating the location of the encrypted data file.
  - 11. The computer-implemented method of claim 10, further comprising retrieving at least one of the encryption key file and the encrypted data file from the file storage.
  - 12. The computer-implemented method of claim 11, further comprising streaming at least one of the encryption key file and the encrypted data file to a client device;
    - wherein, during streaming, decryption of the encrypted data file simultaneously occurs such that the client device receives an unencrypted version of the data file.

13. A system comprising:
- a key server having at least one processor;
  
  a memory, the memory comprising instructions executable by the at least one processor, to;
  
  receive an encrypted data file, the data file encrypted with a first key;
  
  receive the first key encrypted with a second key;
  
  decrypt the first key with the second key;
  
  determine an index into an encryption key pool based on the value of the second key, the key encryption pool comprising a plurality of indexed keys;
  
  select a third key corresponding to the determined index from the key encryption pool;
  
  encrypt the first key with the third key to generate an encrypted key file;
  
  store the encrypted key file and the encrypted data file to a storage location;
  
  create a record associating the data file with the encrypted data file and the encrypted key file; and
  
  store a record of the correspondence between the third key and the encrypted data file.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, further comprising host server of a cloud-based environment,wherein, the host server includes the key server or is coupled to the key server;
    - wherein the host server hosts the data file that is encrypted, andwherein, the encrypted data file is collaborated upon or shared among collaborators in the cloud-based environment.
  - 15. The system of claim 14, wherein, the encrypted data file was encrypted while simultaneously being uploaded via streaming encryption from a client device to the host server.
  - 16. The system of claim 14, wherein, the encrypted data file is decrypted while simultaneously being downloaded via streaming decryption from host server to a client device.
  - 17. The system of claim 13, wherein the key server is in communication with a filer, the filer configured to store encrypted data files and encrypted key files.
  - 18. The system of claim 13, wherein the key server further comprises the encryption key pool.

19. A computer-implemented encryption method for recovering from a compromised key from an encryption key pool in a cloud-based collaborative platform comprising:
- identifying a plurality of data files, the data files encrypted with a first plurality of encryption keys;
  
  determining a plurality of encryption key files, wherein the plurality of encryption key files comprise the first plurality of encryption keys encrypted with the compromised key;
  
  determining a first plurality of corrective action criteria for an encryption key pool;
  
  determining a second plurality of corrective action criteria for the plurality of encrypted data files;
  
  determining a third plurality of corrective action criteria for the plurality of encryption key files;
  
  adjusting the encryption key pool based on the first plurality of corrective action criteria;
  
  adjusting the plurality of encrypted data files based on the second plurality of corrective action criteria; and
  
  adjusting the plurality of encryption key files based on the third plurality of corrective action criteria;
  
  wherein, the data files are accessed by and/or collaborated upon among multiple users or collaborators in the cloud-based encryption platform.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The computer-implemented method of claim 19, wherein adjusting the encryption key pool compromises removing the compromised key from the key pool and generating a new key in the encryption key pool.
  - 21. The computer-implemented method of claim 20, wherein the new key is generated using a different method from the method used to generate the compromised key.
  - 22. The computer-implemented method of claim 19, wherein adjusting the plurality of encrypted data files comprises decrypting the data files and reencrypting the data files with a new key.
  - 23. The computer-implemented method of claim 20, wherein adjusting the plurality of encryption key files comprises decrypting the encryption key files using the comprised key and reencrypting the key files using the new key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Box Incorporated
Original Assignee
Box Incorporated
Inventors
Lyons, James P., Scharf, Yuval

Granted Patent

US 9,135,462 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2221/2149   Restricted operating enviro...

H04L 63/0428   wherein the data content is...

H04L 67/06   specially adapted for file ...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0894   Escrow, recovery or storing...

UPLOAD AND DOWNLOAD STREAMING ENCRYPTION TO/FROM A CLOUD-BASED PLATFORM

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

UPLOAD AND DOWNLOAD STREAMING ENCRYPTION TO/FROM A CLOUD-BASED PLATFORM

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links