SECURE CLOUD STORAGE DISTRIBUTION AND AGGREGATION
First Claim
1. A method comprising:
- providing, by a cloud storage gateway device logically interposed between one or more third-party cloud storage platforms and a plurality of users of an enterprise, a generalized application programming interface (API) through which the plurality of users can store files to the one or more third-party cloud storage platforms, issue search requests against the files and retrieve content of the files;
assigning, by the cloud storage gateway device, a file storage policy of a plurality of file storage policies to each user of the plurality of users, the plurality of file storage policies defining access rights, storage diversity requirements and a type of encryption to be applied to the files; and
responsive to receiving, via the generalized API, a request to store a file;
creating, by the cloud storage gateway device, searchable encrypted data corresponding to one or more of (i) content of the file and (ii) metadata associated with the file, wherein the storage request is associated with a first user of the plurality of users and the searchable encrypted data is based on the type of encryption defined by the file storage policy assigned to the first user; and
distributing, by the cloud storage gateway device, the searchable encrypted data among the one or more third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy by uploading a subset of the searchable encrypted data to each of the one or more third-party cloud storage platforms.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user, which defines access rights, storage diversity requirements and a type of encryption to be applied to files. Responsive to receiving a request to store a file, (i) searchable encrypted data is created relating to content and/or metadata of the file based on the assigned file storage policy; and (ii) the searchable encrypted data is distributed among the third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy.
260 Citations
32 Claims
-
1. A method comprising:
-
providing, by a cloud storage gateway device logically interposed between one or more third-party cloud storage platforms and a plurality of users of an enterprise, a generalized application programming interface (API) through which the plurality of users can store files to the one or more third-party cloud storage platforms, issue search requests against the files and retrieve content of the files; assigning, by the cloud storage gateway device, a file storage policy of a plurality of file storage policies to each user of the plurality of users, the plurality of file storage policies defining access rights, storage diversity requirements and a type of encryption to be applied to the files; and responsive to receiving, via the generalized API, a request to store a file; creating, by the cloud storage gateway device, searchable encrypted data corresponding to one or more of (i) content of the file and (ii) metadata associated with the file, wherein the storage request is associated with a first user of the plurality of users and the searchable encrypted data is based on the type of encryption defined by the file storage policy assigned to the first user; and distributing, by the cloud storage gateway device, the searchable encrypted data among the one or more third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy by uploading a subset of the searchable encrypted data to each of the one or more third-party cloud storage platforms. - View Dependent Claims (2, 3)
-
-
4. A method comprising:
-
assigning to one or more users, by a gateway device, a policy for managing access to and processing a file to be stored on one or more cloud platforms, wherein the policy defines access rights of the one or more users; encrypting, by the gateway device, using cryptographic key information defined by the policy, content of the file to produce a searchable encrypted file; storing, by the gateway device, the searchable encrypted file on the one or more cloud platforms based on the policy; and managing access to the searchable encrypted file by the one or more users based on the policy. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A secure cloud storage system comprising:
-
one or more processors; a communication interface mechanism; one or more internal data storage devices operatively coupled to the one or more processors and storing; a policy assignment module configured to implement a policy selected from a group of policies for a user, wherein the policy defines and manages access to and processing of a file to be uploaded on a cloud, wherein the policy defines access rights of the user; an encryption module configured to, using cryptographic key information defined by the policy, produce a searchable encrypted file by encrypting content of the file to be stored across one or more cloud platforms; a storage module configured to store the searchable encrypted file on the one or more cloud platforms based on the policy; and a management module configured to manage and control access to the searchable encrypted file by the user based on the policy. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification