Upload and download streaming encryption to/from a cloud-based platform

US 9,450,926 B2
Filed: 09/11/2015
Issued: 09/20/2016
Est. Priority Date: 08/29/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented encryption method for recovering from a compromised key included in an encryption key pool in a cloud-based collaborative platform comprising:

identifying a plurality of data files, the plurality of data files encrypted with a first plurality of encryption keys, wherein the first plurality of encryption keys are included in the encryption key pool;

determining a plurality of encryption key files, wherein the plurality of encryption key files are generated by encrypting the first plurality of encryption keys with the compromised key, wherein the compromised key is included in the encryption key pool;

adjusting the encryption key pool by;

removing the compromised key from the key pool andgenerating a new key in the encryption key pool;

adjusting the plurality of encrypted data files by;

decrypting the data files using the compromised key andreencrypting the data files using the new key; and

adjusting the plurality of encryption key files by;

decrypting the plurality of encryption key files using the compromised key andreencrypting the first plurality of encryption keys using the new key,wherein, the plurality of data files are accessed by and/or collaborated upon among multiple users or collaborators in the cloud-based encryption platform.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present disclosure include systems and methods for upload and/or download streaming encryption to/from an online service, or cloud-based platform or environment. The encryption process includes the following parts: Upload encryption, download decryption, and a central piece of infrastructure called the Interval Key Server (IKS). During both upload and download, the encryption and decryption processes are performed while the files are being uploaded/downloaded, (e.g., the files are being encrypted/decrypted as they are being streamed).

579 Citations

15 Claims

1. A computer-implemented encryption method for recovering from a compromised key included in an encryption key pool in a cloud-based collaborative platform comprising:
- identifying a plurality of data files, the plurality of data files encrypted with a first plurality of encryption keys, wherein the first plurality of encryption keys are included in the encryption key pool;
  
  determining a plurality of encryption key files, wherein the plurality of encryption key files are generated by encrypting the first plurality of encryption keys with the compromised key, wherein the compromised key is included in the encryption key pool;
  
  adjusting the encryption key pool by;
  
  removing the compromised key from the key pool andgenerating a new key in the encryption key pool;
  
  adjusting the plurality of encrypted data files by;
  
  decrypting the data files using the compromised key andreencrypting the data files using the new key; and
  
  adjusting the plurality of encryption key files by;
  
  decrypting the plurality of encryption key files using the compromised key andreencrypting the first plurality of encryption keys using the new key,wherein, the plurality of data files are accessed by and/or collaborated upon among multiple users or collaborators in the cloud-based encryption platform.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-implemented method of claim 1, wherein the new key is generated using a method that is different from a method used to generate the compromised key.
  - 3. The computer-implemented method of claim 1, wherein adjusting the encryption key pool includes:
    - looking up a table storing entries that identifies mappings between the plurality of data files and the first plurality of encryption keys.
  - 4. The computer-implemented method of claim 1, wherein the new key includes a bit position set to zero.
  - 5. The computer-implemented method of claim 1, wherein each key in the first plurality of encryption keys includes a bit position set to one.

6. An apparatus for recovering from a compromised key included in an encryption key pool in a cloud-based collaborative platform, wherein the apparatus includes a hardware processor configured to perform the steps of:
- identifying a plurality of data files, the plurality of data files encrypted with a first plurality of encryption keys, wherein the first plurality of encryption keys are included in the encryption key pool;
  
  determining a plurality of encryption key files, wherein the plurality of encryption key files are generated by encrypting the first plurality of encryption keys with a compromised key and one or more keys in the encryption key pool that precede the compromised key, wherein the compromised key and the one or more keys are included in the encryption key pool;
  
  adjusting the encryption key pool by;
  
  removing the compromised key and the one or more keys in the encryption key pool that precede the compromised key andgenerating new keys in the encryption key pool;
  
  identifying one or more encrypted data files that are generated by encrypting one or more data files using the compromised key and the one or more keys that precede the compromised key;
  
  adjusting one or more encrypted data files by;
  
  decrypting the one or more encrypted data files using the compromised key and the one or more keys that precede the compromised key andreencrypting the one or more data files using the new keys; and
  
  adjusting the plurality of encryption key files by;
  
  decrypting the plurality of encryption key files using the compromised key and the one or more keys that precede the compromised key andreencrypting the first plurality of encryption keys using the new keys,wherein, the plurality of data files are accessed by and/or collaborated upon among multiple users or collaborators in the cloud-based encryption platform.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The apparatus of claim 6, wherein the new keys are generated using a method that is different from a method used to generate the compromised key.
  - 8. The apparatus of claim 6, wherein adjusting the encryption key pool includes:
    - looking up a table storing entries that identifies mappings between the plurality of data files and the first plurality of encryption keys.
  - 9. The computer-implemented method of claim 6, wherein each of the new keys includes a bit position set to zero.
  - 10. The computer-implemented method of claim 6, wherein each key in the first plurality of encryption keys includes a bit position set to one.

11. A non-transitory computer-readable storage medium storing a set of instructions which when executed by a computing system causes the computing system to perform a method of recovering from a compromised key included in an encryption key pool in a cloud-based collaborative platform comprising:
- identifying a plurality of data files, the plurality of data files encrypted with a first plurality of encryption keys, wherein the first plurality of encryption keys are included in the encryption key pool;
  
  determining a plurality of encryption key files, wherein the plurality of encryption key files are generated by encrypting the first plurality of encryption keys with a compromised key and one or more keys in the encryption key pool that precede the compromised key, wherein the compromised key and the one or more keys are included in the encryption key pool;
  
  adjusting the encryption key pool by;
  
  removing the compromised key and the one or more keys in the encryption key pool that precede the compromised key andgenerating new keys in the encryption key pool;
  
  identifying one or more encrypted data files that are generated by encrypting one or more data files using the compromised key and the one or more keys that precede the compromised key;
  
  adjusting one or more encrypted data files by;
  
  decrypting the one or more encrypted data files using the compromised key and the one or more keys that precede the compromised key andreencrypting the one or more data files using the new keys; and
  
  adjusting the plurality of encryption key files by;
  
  decrypting the plurality of encryption key files using the compromised key and the one or more keys that precede the compromised key andreencrypting the first plurality of encryption keys using the new keys,wherein, the plurality of data files are accessed by and/or collaborated upon among multiple users or collaborators in the cloud-based encryption platform.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory computer-readable storage medium of claim 11, wherein the new keys are generated using a method that is different from a method used to generate the compromised key.
  - 13. The apparatus of claim 11, wherein adjusting the encryption key pool includes:
    - looking up a table storing entries that identifies mappings between the plurality of data files and the first plurality of encryption keys.
  - 14. The computer-implemented method of claim 11, wherein each of the new keys includes a bit position set to zero.
  - 15. The computer-implemented method of claim 11, wherein each key in the first plurality of encryption keys includes a bit position set to one.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Box Incorporated
Original Assignee
Box Incorporated
Inventors
Scharf, Yuval, Lyons, James P.
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Zarrineh, Shahriar

Application Number

US14/851,798
Publication Number

US 20150381587A1
Time in Patent Office

375 Days
Field of Search

713/165
US Class Current

1/1
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2221/2149   Restricted operating enviro...

H04L 63/0428   wherein the data content is...

H04L 67/06   specially adapted for file ...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0894   Escrow, recovery or storing...

Upload and download streaming encryption to/from a cloud-based platform

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

579 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Upload and download streaming encryption to/from a cloud-based platform

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

579 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links