US20140372750A1 - Client-side encryption - Google Patents

Client-side encryption Download PDF

Info

Publication number
US20140372750A1
US20140372750A1 US14/271,918 US201414271918A US2014372750A1 US 20140372750 A1 US20140372750 A1 US 20140372750A1 US 201414271918 A US201414271918 A US 201414271918A US 2014372750 A1 US2014372750 A1 US 2014372750A1
Authority
US
United States
Prior art keywords
key
organization
encrypted
file
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/271,918
Inventor
Leonid Antonenkov
Sergey Romanovskiy
Nikita Uraltsev
Alexander Prokofiev
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intermedia net Inc
Original Assignee
Intermedia net Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intermedia net Inc filed Critical Intermedia net Inc
Priority to US14/271,918 priority Critical patent/US20140372750A1/en
Assigned to INTERMEDIA.NET, INC. reassignment INTERMEDIA.NET, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ANTONENKOV, LEONID, ROMANOVSKIY, SERGEY, PROKOFIEV, ALEXANDER, URALTSEV, NIKITA
Publication of US20140372750A1 publication Critical patent/US20140372750A1/en
Assigned to SUNTRUST BANK, AS ADMINISTRATIVE AGENT reassignment SUNTRUST BANK, AS ADMINISTRATIVE AGENT FIRST LIEN PATENT SECURITY AGREEMENT Assignors: INTERMEDIA.NET, INC.
Assigned to SUNTRUST BANK, AS ADMINISTRATIVE AGENT reassignment SUNTRUST BANK, AS ADMINISTRATIVE AGENT SECOND LIEN PATENT SECURITY AGREEMENT Assignors: INTERMEDIA.NET, INC.
Assigned to TORONTO DOMINION (TEXAS) LLC reassignment TORONTO DOMINION (TEXAS) LLC INTELLECTUAL PROPERTY SECURITY INTEREST ASSIGNMENT AGREEMENT REEL/FRAME 041590/0122 Assignors: SUNTRUST BANK
Assigned to INTERMEDIA.NET, INC. reassignment INTERMEDIA.NET, INC. TERMINATION AND RELEASE OF SECOND LIEN SECURITY INTEREST IN PATENTS, RECORDED AT REEL 014590, FRAME 0192 Assignors: SUNTRUST BANK
Assigned to ACCESSLINE COMMUNICATIONS CORPORATION, INTERMEDIA.NET, INC. reassignment ACCESSLINE COMMUNICATIONS CORPORATION TERMINATION AND RELEASE OF SECOND LIEN SECURITY INTEREST IN PATENTS Assignors: SUNTRUST BANK
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • G06F16/164File meta data generation
    • G06F16/166File name conversion
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/178Techniques for file synchronisation in file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/182Distributed file systems
    • G06F16/1824Distributed file systems implemented using Network-attached Storage [NAS] architecture
    • G06F16/183Provision of network file services by network file servers, e.g. by using NFS, CIFS
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/42

Definitions

  • This application relates generally to cloud-based file storage. More particularly, this application relates to client-side encryption in a cloud-based file storage.
  • FIG. 1 is a block diagram illustrating a system, in accordance with an example embodiment, of securely synchronizing files.
  • FIG. 2 is a block diagram illustrating a client device, in accordance with an example embodiment, in more detail.
  • FIG. 3 is a block diagram illustrating another client device, in accordance with an example embodiment, in more detail.
  • FIG. 4 is a block diagram illustrating a backend, in accordance with an example embodiment, in more detail.
  • FIG. 5 is a process flow diagram depicting a method, in accordance with an example embodiment, of client-side encryption prior to upload of a file.
  • FIG. 6 is a process flow diagram depicting a method, in accordance with an example embodiment, of client-side decryption subsequent to download of a file.
  • FIG. 7 is a flow diagram illustrating a method, in accordance with an example embodiment, of encrypting files at a client in a cloud-based file system.
  • FIG. 8 is a flow diagram illustrating a method, in accordance with an example embodiment, of decrypting files at a client in a cloud-based file system.
  • FIG. 9 is a block diagram illustrating a mobile device, according to an example embodiment.
  • FIG. 10 is a block diagram of machine in the example form of a computer system within which instructions, for causing the machine to perform any one or more of the methodologies discussed herein, can be executed.
  • various techniques are utilized in order to allow for efficient, accurate, and secure synchronization of files across multiple devices even in cases where a large number of events are occurring concurrently. This may include using an events-based technique to improve reliability during periods of file modifications being performed concurrently.
  • name conflicts between different files may be resolved automatically.
  • FIG. 1 is a block diagram illustrating a system 100 , in accordance with an example embodiment, of securely synchronizing files.
  • files may be synchronized between one or more servers 102 and one or more client devices 104 A- 104 D.
  • the client devices 104 A- 104 D may include various types of devices running various types of platforms with various types of operating systems and applications.
  • client device 104 A may be a mobile device running proprietary mobile applications 106 .
  • Client device 104 B may be a personal computer running a MacintoshTM operating system from Apple Inc. of Cupertino, Calif. This may include a file system known as Finder 108 , which may include a specialized plug-in 110 to allow Finder 108 to be altered in order to better operate with a proprietary application 112 .
  • Client device 104 C may be a personal computer running a WindowsTM operating system from Microsoft Corp. of Redmond, Wash. This may include a file system known as Windows Explorer 114 , which may include a specialized plug-in 116 to allow Windows Explorer 114 to be altered in order to better operate with a proprietary application 118 . Additionally, applications such as Microsoft OfficeTM 120 and Microsoft OutlookTM 122 may also include their own specialized plug-ins 124 , 126 , respectively, which allow them to better operate with the proprietary application 118 . Client device 104 D may be a web-based device that may operate a web browser 128 instead of a traditional operating system.
  • Each of the client devices 104 A- 104 D may communicate with a back-end 130 hosted by the one or more servers 102 . This communication may either take place directly between the back-end 130 and the proprietary applications 106 , 112 , 118 , or indirectly through a web application 132 .
  • a provisioning service such as HostPilotTM 134 may also be present, and may coordinate with a directory service such as Active Directories 136 .
  • FIG. 2 is a block diagram illustrating a client device, in accordance with an example embodiment, in more detail.
  • the client device in this figure corresponds to client device 104 C of FIG. 1 , although in some example embodiments this diagram corresponds to a different client device.
  • the various components in FIG. 2 are labeled as those components are labeled in FIG. 1 . In some embodiments, however, the components may not be identical.
  • Proprietary application 116 may be a desktop application, and may store files in a local database 200 .
  • the proprietary application 118 may also communicate with specialized plug-ins 116 , 124 , 126 in Windows Explorer 114 , Microsoft Office 120 and Microsoft OutlookTM 122 , respectively. This communication may take place, for example, using Thrift over TCP.
  • the proprietary application 118 may communicate with a storage service 202 on the server 102 .
  • FIG. 3 is a block diagram illustrating another client device, in accordance with an example embodiment, in more detail.
  • the client device in this figure corresponds to client device 104 B of FIG. 1 , although in some example embodiments this diagram corresponds to a different client device.
  • the various components in FIG. 3 are labeled as those components are labeled in FIG. 1 . In some embodiments, however, the components may not be identical.
  • Proprietary application 112 may be a desktop application, and may store files in a local database 300 .
  • the proprietary application 112 may also communicate with a specialized plugin 108 in Finder 110 . This communication may take place, for example, using Thrift over TCP.
  • the proprietary application 118 may communicate with a storage device 302 on the server 102 .
  • FIG. 4 is a block diagram illustrating a backend, in accordance with an example embodiment, in more detail.
  • the backend in this figure corresponds to backend 130 of FIG. 1 , although in some example embodiments this diagram corresponds to a different backend.
  • the various components in FIG. 4 are labeled as those components are labeled in FIG. 1 . In some embodiments, however, the components may not be identical.
  • the backend 130 may include a front-end server 400 , which acts to perform much of the server-side storage functions described in this disclosure, as well as interfacing with the various devices. These functions will be discussed in more detail later in this document.
  • the front-end server 400 may interface with client devices 104 A- 104 D through a firewall 402 .
  • the front-end server 400 may also interface with a database server 404 , which may control access to a database 406 .
  • the database 406 may be of many different types of formats.
  • the database 406 is a relational database, such as one operated using Structured Query Language (SQL).
  • SQL Structured Query Language
  • Other formats of database are envisioned, however, as well, including flat-file and multidimensional databases.
  • the database may store not just files and folders, but also metadata about the files and folders, including, but not limited to, information about which files and folders are shared, and with whom.
  • a central server 408 performs internal tasks such as cleanup, provisioning, and other backend services.
  • a key management server 410 provides access for keys created for each user. When a user is created on the central server 408 , a key may be issued by the key server 410 . These keys are also used by an encryption server 412 to encrypt and decrypt files and folders. This is accomplished through the use of the front end server 400 , which understands which organization the keys belong and submits file or folder content to the encryption server 412 for encryption.
  • Active Directories 414 is used for integration with ExchangeTM
  • server-based encryption in a cloud storage environment is risky in that if one organization's key is cracked, access to the server puts all organizations at risk.
  • client-side encryption of data is performed. Each organization may have its own key. In this way, if the server is cracked, then no data is at risk because accessing the encrypted data on the server will not allow a malicious user to view the data.
  • FIG. 5 is a process flow diagram depicting a method 500 , in accordance with an example embodiment, of client-side encryption prior to upload of a file.
  • a client 502 encrypts data using a key 504 distributed by a key management system (KMS) 506 .
  • KMS key management system
  • the KMS may be, for example, an external server whose job it is to manage and distribute keys to organizations of the cloud-based service.
  • the encrypted data is uploaded through a secure channel 508 to a storage service 510 , which stores the encrypted data in storage 512 via another secure channel 514 .
  • a secure channel may be any means of electronic communication that utilizes a mechanism to prevent users not intended to be a recipient of a message from viewing or reading a message. This may include any type of transmission medium, such as wired or wireless.
  • HTTPS HyperText Transfer Protocol Secure
  • Each organization may have a single key created especially for it, and unique to that organization.
  • an organization may have more than one key to allow for even greater security (e.g., the quarantining of sensitive information within the organization, so a hacker obtaining or cracking a key from one division of the organization cannot view or modify information from another division of the organization). If a key is compromised, then that would only affect the one organization—other organizations that share the storage 512 would not have their own files at risk.
  • the storage service 510 has no access to the key management service 506 and vice-versa, so if one system is cracked, the data of other organizations cannot be decrypted.
  • FIG. 6 is a process flow diagram depicting a method 600 , in accordance with an example embodiment, of client-side decryption subsequent to download of a file.
  • the client 602 requests data via a secure channel 604 from the storage service 606 , which retrieves encrypted data via secure channel 608 from the storage 610 .
  • the encrypted data may contain a key identifier, which the client 602 uses to obtain a key 612 from the key management system 614 , and then uses the key to decrypt the encrypted data locally.
  • one or more of the components 602 - 614 may be identical to components described in FIG. 5 .
  • client 602 may be the same client as client 502 .
  • Secure channel 604 may be the same channel as secure channel 508 .
  • Storage service 606 may be the same service as storage service 510 .
  • Secure channel 608 may be the same channel as secure channel 514 .
  • Storage 610 may be the same storage as storage 512 .
  • Key management system 614 may be the same system as key management system 506 .
  • each organization may have its own key. This key may be obtained by or shared with various members of the organization, allowing these members to decrypt files stored on the server.
  • a unique key may be created for the combination of organizations that allows access to just those cross-organizationally shared documents. For example, a key for organization A may allow members of organization A to access files of organization A.
  • a key for organization B may allow members of organization B to access files of organization B.
  • a key for the combination of organization A and organization B may allow members of organization A and members of organization B to access files that are shared between the organizations.
  • the key management system is located in a low-risk area, not generally accessible to the Internet, to prevent security breaches. This also allows a system administrator to easily remove compromised keys and reallocate new keys without disrupting services.
  • a single “key” assigned to an organization may actually itself comprise a number of different keys.
  • the key assigned to an organization may include an encryption key and a decryption key. These keys may be related to each such that the decryption key is used to decrypt files encrypted using the encryption key. Thus, these may be described as using a single key, despite the fact that the decryption key is different than the encryption key.
  • FIG. 7 is a flow diagram illustrating a method 700 , in accordance with an example embodiment, of encrypting files at a client in a cloud-based file system.
  • a first key corresponding to an organization to which the client belongs is obtained.
  • a file is encrypted using the first key.
  • the encrypted file is transmitted to a server via a secure channel, for storage in a storage device shared among multiple organizations, the storage device containing one or more files encrypted using keys different than the first key.
  • FIG. 8 is a flow diagram illustrating a method 800 , in accordance with an example embodiment, of decrypting files at a client in a cloud-based file system.
  • an encrypted file is downloaded from a storage device via a secure channel.
  • a key corresponding to an organization to which the client belongs is obtained.
  • the encrypted file is decrypted using the key.
  • FIG. 9 is a block diagram illustrating a mobile device 900 , according to an example embodiment.
  • the mobile device 900 can include a processor 902 .
  • the processor 902 can be any of a variety of different types of commercially available processors suitable for mobile devices 900 (for example, an XScale architecture microprocessor, a Microprocessor without Interlocked Pipeline Stages (MIPS) architecture processor, or another type of processor).
  • a memory 904 such as a random access memory (RAM), a Flash memory, or other type of memory, is typically accessible to the processor 902 .
  • the memory 904 can be adapted to store an operating system (OS) 906 , as well as application programs 908 , such as a mobile location enabled application that can provide LBSs to a user.
  • OS operating system
  • application programs 908 such as a mobile location enabled application that can provide LBSs to a user.
  • the processor 902 can be coupled, either directly or via appropriate intermediary hardware, to a display 910 and to one or more input/output (I/O) devices 912 , such as a keypad, a touch panel sensor, a microphone, and the like.
  • the processor 902 can be coupled to a transceiver 914 that interfaces with an antenna 916 .
  • the transceiver 914 can be configured to both transmit and receive cellular network signals, wireless data signals, or other types of signals via the antenna 916 , depending on the nature of the mobile device 900 .
  • a GPS receiver 918 can also make use of the antenna 916 to receive GPS signals.
  • Modules can constitute either software modules (e.g., code embodied (1) on a non-transitory machine-readable medium or (2) in a transmission signal) or hardware-implemented modules.
  • a hardware-implemented module is tangible unit capable of performing certain operations and can be configured or arranged in a certain manner.
  • one or more computer systems e.g., a standalone, client or server computer system
  • one or more processors can be configured by software (e.g., an application or application portion) as a hardware-implemented module that operates to perform certain operations as described herein.
  • a hardware-implemented module can be implemented mechanically or electronically.
  • a hardware-implemented module can comprise dedicated circuitry or logic that is permanently configured (e.g., as a special-purpose processor, such as a field programmable gate array (FPGA) or an application-specific integrated circuit (ASIC)) to perform certain operations.
  • a hardware-implemented module can also comprise programmable logic or circuitry (e.g., as encompassed within a general-purpose processor or other programmable processor) that is temporarily configured by software to perform certain operations. It will be appreciated that the decision to implement a hardware-implemented module mechanically, in dedicated and permanently configured circuitry, or in temporarily configured circuitry (e.g., configured by software) can be driven by cost and time considerations.
  • the term “hardware-implemented module” should be understood to encompass a tangible entity, be that an entity that is physically constructed, permanently configured (e.g., hardwired) or temporarily or transitorily configured (e.g., programmed) to operate in a certain manner and/or to perform certain operations described herein.
  • hardware-implemented modules are temporarily configured (e.g., programmed)
  • each of the hardware-implemented modules need not be configured or instantiated at any one instance in time.
  • the hardware-implemented modules comprise a general-purpose processor configured using software
  • the general-purpose processor can be configured as respective different hardware-implemented modules at different times.
  • Software can accordingly configure a processor, for example, to constitute a particular hardware-implemented module at one instance of time and to constitute a different hardware-implemented module at a different instance of time.
  • Hardware-implemented modules can provide information to, and receive information from, other hardware-implemented modules. Accordingly, the described hardware-implemented modules can be regarded as being communicatively coupled. Where multiple such hardware-implemented modules exist contemporaneously, communications can be achieved through signal transmission (e.g., over appropriate circuits and buses) that connect the hardware-implemented modules. In embodiments in which multiple hardware-implemented modules are configured or instantiated at different times, communications between such hardware-implemented modules can be achieved, for example, through the storage and retrieval of information in memory structures to which the multiple hardware-implemented modules have access. For example, one hardware-implemented module can perform an operation and store the output of that operation in a memory device to which it is communicatively coupled.
  • a further hardware-implemented module can then, at a later time, access the memory device to retrieve and process the stored output.
  • Hardware-implemented modules can also initiate communications with input or output devices, and can operate on a resource (e.g., a collection of information).
  • processors that are temporarily configured (e.g., by software) or permanently configured to perform the relevant operations.
  • processors can constitute processor-implemented modules that operate to perform one or more operations or functions.
  • the modules referred to herein can, in some example embodiments, comprise processor-implemented modules.
  • the methods described herein can be at least partially processor-implemented. For example, at least some of the operations of a method can be performed by one of processors or processor-implemented modules. The performance of certain of the operations can be distributed among the one or more processors, not only residing within a single machine, but deployed across a number of machines. In some example embodiments, the processor or processors can be located in a single location (e.g., within a home environment, an office environment or as a server farm), while in other embodiments the processors can be distributed across a number of locations.
  • the one or more processors can also operate to support performance of the relevant operations in a “cloud computing” environment or as a “software as a service” (SaaS). For example, at least some of the operations can be performed by a group of computers (as examples of machines including processors), these operations being accessible via a network (e.g., the Internet) and via one or more appropriate interfaces (e.g., application program interfaces (APIs).)
  • SaaS software as a service
  • Example embodiments can be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or in combinations of them.
  • Example embodiments can be implemented using a computer program product, e.g., a computer program tangibly embodied in an information carrier, e.g., in a machine-readable medium for execution by, or to control the operation of, data processing apparatus, e.g., a programmable processor, a computer, or multiple computers.
  • a computer program can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand-alone program or as a module, subroutine, or other unit suitable for use in a computing environment.
  • a computer program can be deployed to be executed on one computer or on multiple computers at one site or distributed across multiple sites and interconnected by a communication network.
  • operations can be performed by one or more programmable processors executing a computer program to perform functions by operating on input data and generating output.
  • Method operations can also be performed by, and apparatus of example embodiments can be implemented as, special purpose logic circuitry, e.g., a FPGA or an ASIC.
  • the computing system can include clients and servers.
  • a client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
  • both hardware and software architectures require consideration.
  • the choice of whether to implement certain functionality in permanently configured hardware e.g., an ASIC
  • temporarily configured hardware e.g., a combination of software and a programmable processor
  • a combination of permanently and temporarily configured hardware can be a design choice.
  • hardware e.g., machine
  • software architectures that can be deployed, in various example embodiments.
  • FIG. 10 is a block diagram of machine in the example form of a computer system 1000 within which instructions, for causing the machine to perform any one or more of the methodologies discussed herein, can be executed.
  • the machine operates as a standalone device or can be connected (e.g., networked) to other machines.
  • the machine can operate in the capacity of a server or a client machine in server-client network environment, or as a peer machine in a peer-to-peer (or distributed) network environment.
  • the machine can be a personal computer (PC), a tablet PC, a set-top box (STB), a personal digital assistant (PDA), a cellular telephone, a web appliance, a network router, switch or bridge, or any machine capable of executing instructions (sequential or otherwise) that specify actions to be taken by that machine.
  • PC personal computer
  • PDA personal digital assistant
  • STB set-top box
  • web appliance web appliance
  • network router switch or bridge
  • machine any machine capable of executing instructions (sequential or otherwise) that specify actions to be taken by that machine.
  • machine shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.
  • the example computer system 1000 includes a processor 1002 (e.g., a central processing unit (CPU), a graphics processing unit (GPU), or both), a main memory 1004 and a static memory 1006 , which communicate with each other via a bus 1008 .
  • the computer system 1000 can further include a video display unit 1010 (e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT)).
  • the computer system 1000 also includes an alpha-numeric input device 1012 (e.g., a keyboard or a touch-sensitive display screen), a user interface (UI) navigation device 1014 (e.g., a mouse), a disk drive unit 1016 , a signal generation device 1018 (e.g., a speaker), and a network interface device 1020 .
  • an alpha-numeric input device 1012 e.g., a keyboard or a touch-sensitive display screen
  • UI user interface
  • disk drive unit 1016 e.g., a disk drive unit 1016
  • signal generation device 1018 e.g., a speaker
  • network interface device 1020 e.g., a network interface device
  • the disk drive unit 1016 includes a machine-readable medium 1022 on which is stored one or more sets of instructions and data structures (e.g., software) 1024 embodying or utilized by any one or more of the methodologies or functions described herein.
  • the instructions 1024 can also reside, completely or at least partially, within the main memory 1004 and/or within the processor 1002 during execution thereof by the computer system 1000 , with the main memory 1004 and the processor 1002 also constituting machine-readable media 1022 .
  • machine-readable medium 1022 is shown in an example embodiment to be a single medium, the term “machine-readable medium” can include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more instructions or data structures 1024 .
  • the term “machine-readable medium” shall also be taken to include any tangible medium that is capable of storing, encoding or carrying instructions 1024 for execution by the machine and that cause the machine to perform any one or more of the methodologies of the present disclosure, or that is capable of storing, encoding or carrying data structures utilized by or associated with such instructions 1024 .
  • the term “machine-readable medium” shall accordingly be taken to include, but not be limited to, solid-state memories, and optical and magnetic media.
  • machine-readable media 1022 include non-volatile memory, including by way of example semiconductor memory devices, e.g., erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), and flash memory devices; magnetic disks such as internal hard disks and removable disks; magneto-optical disks; and CD-ROM and DVD-ROM disks.
  • semiconductor memory devices e.g., erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), and flash memory devices
  • EPROM erasable programmable read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • flash memory devices e.g., electrically erasable programmable read-only memory (EEPROM), and flash memory devices
  • magnetic disks such as internal hard disks and removable disks
  • magneto-optical disks e.g., magneto-optical disks
  • the instructions 1024 can further be transmitted or received over a communications network 1026 using a transmission medium.
  • the instructions 1024 can be transmitted using the network interface device 1020 and any one of a number of well-known transfer protocols (e.g., HTTP).
  • Examples of communication networks include a local area network (LAN), a wide area network (WAN), the Internet, mobile telephone networks, plain old telephone (POTS) networks, and wireless data networks (e.g., WiFi and WiMax networks).
  • POTS plain old telephone
  • wireless data networks e.g., WiFi and WiMax networks.
  • transmission medium shall be taken to include any intangible medium that is capable of storing, encoding, or carrying instructions 1024 for execution by the machine, and includes digital or analog communications signals or other intangible media to facilitate communication of such software.
  • inventive subject matter can be referred to herein, individually and/or collectively, by the term “invention” merely for convenience and without intending to voluntarily limit the scope of this application to any single invention or inventive concept if more than one is in fact disclosed.
  • inventive concept merely for convenience and without intending to voluntarily limit the scope of this application to any single invention or inventive concept if more than one is in fact disclosed.

Abstract

Methods and systems of encrypting files at a client in a cloud-based file system are provided. A first key corresponding to an organization to which the client belongs is obtained. Then a first file is encrypted using the first key. Then the encrypted first file is transmitted to a server via a secure channel, for storage in a storage device shared among multiple organizations, the storage device containing one or more files encrypted using keys different than the first key.

Description

    CROSS-RELATION TO RELATED APPLICATIONS
  • This application claims priority to U.S. Provisional Application No. 61/820,793 filed May 8, 2013, which is hereby incorporated herein by reference in its entirety.
  • TECHNICAL FIELD
  • This application relates generally to cloud-based file storage. More particularly, this application relates to client-side encryption in a cloud-based file storage.
  • BACKGROUND
  • With the dramatic increase in use of mobile devices in recent years, it has become more important now than ever before that a user's files be synchronized between multiple devices. A single user may operate on a desktop computer, laptop computer, tablet computer, and mobile phone, editing the same document at different times on different devices. This issue is only going to become even more important as additional mobile devices, such as wearable computers and vehicle-based computers become popular mechanisms for editing files.
  • Problems, however, may be encountered as the synchronization of files across devices become more complex. Typically, encryption of objects in a cloud-based storage system is performed on the server-side. Such a system allows for the sharing of documents among multiple users, who each can utilize a key, certificate, or other security object to access a file, folder, or other object in a shared folder on the server. The key, certificate, or other security object may be managed and distributed by the server. The problem is that if one system is cracked, then all the data is potentially at risk. Thus, for example, if hackers obtain access to the server, then all files across all organizations can be cracked.
  • BRIEF DESCRIPTION OF DRAWINGS
  • The present disclosure is illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like references indicate similar elements and in which:
  • FIG. 1 is a block diagram illustrating a system, in accordance with an example embodiment, of securely synchronizing files.
  • FIG. 2 is a block diagram illustrating a client device, in accordance with an example embodiment, in more detail.
  • FIG. 3 is a block diagram illustrating another client device, in accordance with an example embodiment, in more detail.
  • FIG. 4 is a block diagram illustrating a backend, in accordance with an example embodiment, in more detail.
  • FIG. 5 is a process flow diagram depicting a method, in accordance with an example embodiment, of client-side encryption prior to upload of a file.
  • FIG. 6 is a process flow diagram depicting a method, in accordance with an example embodiment, of client-side decryption subsequent to download of a file.
  • FIG. 7 is a flow diagram illustrating a method, in accordance with an example embodiment, of encrypting files at a client in a cloud-based file system.
  • FIG. 8 is a flow diagram illustrating a method, in accordance with an example embodiment, of decrypting files at a client in a cloud-based file system.
  • FIG. 9 is a block diagram illustrating a mobile device, according to an example embodiment.
  • FIG. 10 is a block diagram of machine in the example form of a computer system within which instructions, for causing the machine to perform any one or more of the methodologies discussed herein, can be executed.
  • DETAILED DESCRIPTION Overview
  • The description that follows includes illustrative systems, methods, techniques, instruction sequences, and machine-readable media (e.g., computing machine program products) that embody illustrative embodiments. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide an understanding of various embodiments of the inventive subject matter. It will be evident, however, to those skilled in the art that embodiments of the inventive subject matter may be practiced without these specific details. In general, well-known instruction instances, protocols, structures, and techniques have not been shown in detail.
  • In an example embodiment, various techniques are utilized in order to allow for efficient, accurate, and secure synchronization of files across multiple devices even in cases where a large number of events are occurring concurrently. This may include using an events-based technique to improve reliability during periods of file modifications being performed concurrently. In another example embodiment, name conflicts between different files may be resolved automatically.
  • FIG. 1 is a block diagram illustrating a system 100, in accordance with an example embodiment, of securely synchronizing files. In the system 100, files may be synchronized between one or more servers 102 and one or more client devices 104A-104D. The client devices 104A-104D may include various types of devices running various types of platforms with various types of operating systems and applications. For example, client device 104A may be a mobile device running proprietary mobile applications 106. Client device 104B may be a personal computer running a Macintosh™ operating system from Apple Inc. of Cupertino, Calif. This may include a file system known as Finder 108, which may include a specialized plug-in 110 to allow Finder 108 to be altered in order to better operate with a proprietary application 112.
  • Client device 104C may be a personal computer running a Windows™ operating system from Microsoft Corp. of Redmond, Wash. This may include a file system known as Windows Explorer 114, which may include a specialized plug-in 116 to allow Windows Explorer 114 to be altered in order to better operate with a proprietary application 118. Additionally, applications such as Microsoft Office™ 120 and Microsoft Outlook™ 122 may also include their own specialized plug- ins 124, 126, respectively, which allow them to better operate with the proprietary application 118. Client device 104D may be a web-based device that may operate a web browser 128 instead of a traditional operating system.
  • Each of the client devices 104A-104D may communicate with a back-end 130 hosted by the one or more servers 102. This communication may either take place directly between the back-end 130 and the proprietary applications 106, 112, 118, or indirectly through a web application 132. A provisioning service, such as HostPilot™ 134 may also be present, and may coordinate with a directory service such as Active Directories 136.
  • FIG. 2 is a block diagram illustrating a client device, in accordance with an example embodiment, in more detail. In an example embodiment, the client device in this figure corresponds to client device 104C of FIG. 1, although in some example embodiments this diagram corresponds to a different client device. Additionally, the various components in FIG. 2 are labeled as those components are labeled in FIG. 1. In some embodiments, however, the components may not be identical. Proprietary application 116 may be a desktop application, and may store files in a local database 200. The proprietary application 118 may also communicate with specialized plug- ins 116, 124, 126 in Windows Explorer 114, Microsoft Office 120 and Microsoft Outlook™ 122, respectively. This communication may take place, for example, using Thrift over TCP. The proprietary application 118 may communicate with a storage service 202 on the server 102.
  • FIG. 3 is a block diagram illustrating another client device, in accordance with an example embodiment, in more detail. In an example embodiment, the client device in this figure corresponds to client device 104B of FIG. 1, although in some example embodiments this diagram corresponds to a different client device. Additionally, the various components in FIG. 3 are labeled as those components are labeled in FIG. 1. In some embodiments, however, the components may not be identical. Proprietary application 112 may be a desktop application, and may store files in a local database 300. The proprietary application 112 may also communicate with a specialized plugin 108 in Finder 110. This communication may take place, for example, using Thrift over TCP. The proprietary application 118 may communicate with a storage device 302 on the server 102.
  • FIG. 4 is a block diagram illustrating a backend, in accordance with an example embodiment, in more detail. In an example embodiment, the backend in this figure corresponds to backend 130 of FIG. 1, although in some example embodiments this diagram corresponds to a different backend. Additionally, the various components in FIG. 4 are labeled as those components are labeled in FIG. 1. In some embodiments, however, the components may not be identical. The backend 130 may include a front-end server 400, which acts to perform much of the server-side storage functions described in this disclosure, as well as interfacing with the various devices. These functions will be discussed in more detail later in this document. The front-end server 400 may interface with client devices 104A-104D through a firewall 402. The front-end server 400 may also interface with a database server 404, which may control access to a database 406. The database 406 may be of many different types of formats. In one example embodiment, the database 406 is a relational database, such as one operated using Structured Query Language (SQL). Other formats of database are envisioned, however, as well, including flat-file and multidimensional databases. The database may store not just files and folders, but also metadata about the files and folders, including, but not limited to, information about which files and folders are shared, and with whom.
  • A central server 408 performs internal tasks such as cleanup, provisioning, and other backend services. A key management server 410 provides access for keys created for each user. When a user is created on the central server 408, a key may be issued by the key server 410. These keys are also used by an encryption server 412 to encrypt and decrypt files and folders. This is accomplished through the use of the front end server 400, which understands which organization the keys belong and submits file or folder content to the encryption server 412 for encryption. Active Directories 414 is used for integration with Exchange™
  • Client-Side Encryption
  • As described earlier, server-based encryption in a cloud storage environment is risky in that if one organization's key is cracked, access to the server puts all organizations at risk. In an example embodiment, client-side encryption of data is performed. Each organization may have its own key. In this way, if the server is cracked, then no data is at risk because accessing the encrypted data on the server will not allow a malicious user to view the data.
  • FIG. 5 is a process flow diagram depicting a method 500, in accordance with an example embodiment, of client-side encryption prior to upload of a file. A client 502 encrypts data using a key 504 distributed by a key management system (KMS) 506. The KMS may be, for example, an external server whose job it is to manage and distribute keys to organizations of the cloud-based service. The encrypted data is uploaded through a secure channel 508 to a storage service 510, which stores the encrypted data in storage 512 via another secure channel 514. For purposes of this disclosure, a secure channel may be any means of electronic communication that utilizes a mechanism to prevent users not intended to be a recipient of a message from viewing or reading a message. This may include any type of transmission medium, such as wired or wireless. One example secure channel is HyperText Transfer Protocol Secure (HTTPS), although this is merely one example and is not intended to be limiting.
  • Each organization may have a single key created especially for it, and unique to that organization. In some example embodiments, an organization may have more than one key to allow for even greater security (e.g., the quarantining of sensitive information within the organization, so a hacker obtaining or cracking a key from one division of the organization cannot view or modify information from another division of the organization). If a key is compromised, then that would only affect the one organization—other organizations that share the storage 512 would not have their own files at risk. In an example embodiment, the storage service 510 has no access to the key management service 506 and vice-versa, so if one system is cracked, the data of other organizations cannot be decrypted.
  • FIG. 6 is a process flow diagram depicting a method 600, in accordance with an example embodiment, of client-side decryption subsequent to download of a file. Here, the client 602 requests data via a secure channel 604 from the storage service 606, which retrieves encrypted data via secure channel 608 from the storage 610. The encrypted data may contain a key identifier, which the client 602 uses to obtain a key 612 from the key management system 614, and then uses the key to decrypt the encrypted data locally. In one or more example embodiments, one or more of the components 602-614 may be identical to components described in FIG. 5. For example, client 602 may be the same client as client 502. Secure channel 604 may be the same channel as secure channel 508. Storage service 606 may be the same service as storage service 510. Secure channel 608 may be the same channel as secure channel 514. Storage 610 may be the same storage as storage 512. Key management system 614 may be the same system as key management system 506.
  • As described above, each organization may have its own key. This key may be obtained by or shared with various members of the organization, allowing these members to decrypt files stored on the server. In the event that a file needs to be shared among members of two (or more) different organizations, a unique key may be created for the combination of organizations that allows access to just those cross-organizationally shared documents. For example, a key for organization A may allow members of organization A to access files of organization A. A key for organization B may allow members of organization B to access files of organization B. A key for the combination of organization A and organization B may allow members of organization A and members of organization B to access files that are shared between the organizations.
  • In an example embodiment, the key management system is located in a low-risk area, not generally accessible to the Internet, to prevent security breaches. This also allows a system administrator to easily remove compromised keys and reallocate new keys without disrupting services.
  • It should be noted that, based on the type of encryption used, a single “key” assigned to an organization may actually itself comprise a number of different keys. For example, in some example embodiments, the key assigned to an organization may include an encryption key and a decryption key. These keys may be related to each such that the decryption key is used to decrypt files encrypted using the encryption key. Thus, these may be described as using a single key, despite the fact that the decryption key is different than the encryption key.
  • FIG. 7 is a flow diagram illustrating a method 700, in accordance with an example embodiment, of encrypting files at a client in a cloud-based file system. At operation 702, a first key corresponding to an organization to which the client belongs is obtained. At operation 704, a file is encrypted using the first key. At operation 706, the encrypted file is transmitted to a server via a secure channel, for storage in a storage device shared among multiple organizations, the storage device containing one or more files encrypted using keys different than the first key.
  • FIG. 8 is a flow diagram illustrating a method 800, in accordance with an example embodiment, of decrypting files at a client in a cloud-based file system. At operation 802, an encrypted file is downloaded from a storage device via a secure channel. At operation 804, a key corresponding to an organization to which the client belongs is obtained. At operation 806, the encrypted file is decrypted using the key.
  • Example Mobile Device
  • FIG. 9 is a block diagram illustrating a mobile device 900, according to an example embodiment. The mobile device 900 can include a processor 902. The processor 902 can be any of a variety of different types of commercially available processors suitable for mobile devices 900 (for example, an XScale architecture microprocessor, a Microprocessor without Interlocked Pipeline Stages (MIPS) architecture processor, or another type of processor). A memory 904, such as a random access memory (RAM), a Flash memory, or other type of memory, is typically accessible to the processor 902. The memory 904 can be adapted to store an operating system (OS) 906, as well as application programs 908, such as a mobile location enabled application that can provide LBSs to a user. The processor 902 can be coupled, either directly or via appropriate intermediary hardware, to a display 910 and to one or more input/output (I/O) devices 912, such as a keypad, a touch panel sensor, a microphone, and the like. Similarly, in some embodiments, the processor 902 can be coupled to a transceiver 914 that interfaces with an antenna 916. The transceiver 914 can be configured to both transmit and receive cellular network signals, wireless data signals, or other types of signals via the antenna 916, depending on the nature of the mobile device 900. Further, in some configurations, a GPS receiver 918 can also make use of the antenna 916 to receive GPS signals.
  • Modules, Components and Logic
  • Certain embodiments are described herein as including logic or a number of components, modules, or mechanisms. Modules can constitute either software modules (e.g., code embodied (1) on a non-transitory machine-readable medium or (2) in a transmission signal) or hardware-implemented modules. A hardware-implemented module is tangible unit capable of performing certain operations and can be configured or arranged in a certain manner. In example embodiments, one or more computer systems (e.g., a standalone, client or server computer system) or one or more processors can be configured by software (e.g., an application or application portion) as a hardware-implemented module that operates to perform certain operations as described herein.
  • In various embodiments, a hardware-implemented module can be implemented mechanically or electronically. For example, a hardware-implemented module can comprise dedicated circuitry or logic that is permanently configured (e.g., as a special-purpose processor, such as a field programmable gate array (FPGA) or an application-specific integrated circuit (ASIC)) to perform certain operations. A hardware-implemented module can also comprise programmable logic or circuitry (e.g., as encompassed within a general-purpose processor or other programmable processor) that is temporarily configured by software to perform certain operations. It will be appreciated that the decision to implement a hardware-implemented module mechanically, in dedicated and permanently configured circuitry, or in temporarily configured circuitry (e.g., configured by software) can be driven by cost and time considerations.
  • Accordingly, the term “hardware-implemented module” should be understood to encompass a tangible entity, be that an entity that is physically constructed, permanently configured (e.g., hardwired) or temporarily or transitorily configured (e.g., programmed) to operate in a certain manner and/or to perform certain operations described herein. Considering embodiments in which hardware-implemented modules are temporarily configured (e.g., programmed), each of the hardware-implemented modules need not be configured or instantiated at any one instance in time. For example, where the hardware-implemented modules comprise a general-purpose processor configured using software, the general-purpose processor can be configured as respective different hardware-implemented modules at different times. Software can accordingly configure a processor, for example, to constitute a particular hardware-implemented module at one instance of time and to constitute a different hardware-implemented module at a different instance of time.
  • Hardware-implemented modules can provide information to, and receive information from, other hardware-implemented modules. Accordingly, the described hardware-implemented modules can be regarded as being communicatively coupled. Where multiple such hardware-implemented modules exist contemporaneously, communications can be achieved through signal transmission (e.g., over appropriate circuits and buses) that connect the hardware-implemented modules. In embodiments in which multiple hardware-implemented modules are configured or instantiated at different times, communications between such hardware-implemented modules can be achieved, for example, through the storage and retrieval of information in memory structures to which the multiple hardware-implemented modules have access. For example, one hardware-implemented module can perform an operation and store the output of that operation in a memory device to which it is communicatively coupled. A further hardware-implemented module can then, at a later time, access the memory device to retrieve and process the stored output. Hardware-implemented modules can also initiate communications with input or output devices, and can operate on a resource (e.g., a collection of information).
  • The various operations of example methods described herein can be performed, at least partially, by one or more processors that are temporarily configured (e.g., by software) or permanently configured to perform the relevant operations. Whether temporarily or permanently configured, such processors can constitute processor-implemented modules that operate to perform one or more operations or functions. The modules referred to herein can, in some example embodiments, comprise processor-implemented modules.
  • Similarly, the methods described herein can be at least partially processor-implemented. For example, at least some of the operations of a method can be performed by one of processors or processor-implemented modules. The performance of certain of the operations can be distributed among the one or more processors, not only residing within a single machine, but deployed across a number of machines. In some example embodiments, the processor or processors can be located in a single location (e.g., within a home environment, an office environment or as a server farm), while in other embodiments the processors can be distributed across a number of locations.
  • The one or more processors can also operate to support performance of the relevant operations in a “cloud computing” environment or as a “software as a service” (SaaS). For example, at least some of the operations can be performed by a group of computers (as examples of machines including processors), these operations being accessible via a network (e.g., the Internet) and via one or more appropriate interfaces (e.g., application program interfaces (APIs).)
  • Electronic Apparatus and System
  • Example embodiments can be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or in combinations of them. Example embodiments can be implemented using a computer program product, e.g., a computer program tangibly embodied in an information carrier, e.g., in a machine-readable medium for execution by, or to control the operation of, data processing apparatus, e.g., a programmable processor, a computer, or multiple computers.
  • A computer program can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand-alone program or as a module, subroutine, or other unit suitable for use in a computing environment. A computer program can be deployed to be executed on one computer or on multiple computers at one site or distributed across multiple sites and interconnected by a communication network.
  • In example embodiments, operations can be performed by one or more programmable processors executing a computer program to perform functions by operating on input data and generating output. Method operations can also be performed by, and apparatus of example embodiments can be implemented as, special purpose logic circuitry, e.g., a FPGA or an ASIC.
  • The computing system can include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. In embodiments deploying a programmable computing system, it will be appreciated that both hardware and software architectures require consideration. Specifically, it will be appreciated that the choice of whether to implement certain functionality in permanently configured hardware (e.g., an ASIC), in temporarily configured hardware (e.g., a combination of software and a programmable processor), or a combination of permanently and temporarily configured hardware can be a design choice. Below are set out hardware (e.g., machine) and software architectures that can be deployed, in various example embodiments.
  • Example Machine Architecture and Machine-Readable Medium
  • FIG. 10 is a block diagram of machine in the example form of a computer system 1000 within which instructions, for causing the machine to perform any one or more of the methodologies discussed herein, can be executed. In alternative embodiments, the machine operates as a standalone device or can be connected (e.g., networked) to other machines. In a networked deployment, the machine can operate in the capacity of a server or a client machine in server-client network environment, or as a peer machine in a peer-to-peer (or distributed) network environment. The machine can be a personal computer (PC), a tablet PC, a set-top box (STB), a personal digital assistant (PDA), a cellular telephone, a web appliance, a network router, switch or bridge, or any machine capable of executing instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while only a single machine is illustrated, the term “machine” shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.
  • The example computer system 1000 includes a processor 1002 (e.g., a central processing unit (CPU), a graphics processing unit (GPU), or both), a main memory 1004 and a static memory 1006, which communicate with each other via a bus 1008. The computer system 1000 can further include a video display unit 1010 (e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT)). The computer system 1000 also includes an alpha-numeric input device 1012 (e.g., a keyboard or a touch-sensitive display screen), a user interface (UI) navigation device 1014 (e.g., a mouse), a disk drive unit 1016, a signal generation device 1018 (e.g., a speaker), and a network interface device 1020.
  • Machine-Readable Medium
  • The disk drive unit 1016 includes a machine-readable medium 1022 on which is stored one or more sets of instructions and data structures (e.g., software) 1024 embodying or utilized by any one or more of the methodologies or functions described herein. The instructions 1024 can also reside, completely or at least partially, within the main memory 1004 and/or within the processor 1002 during execution thereof by the computer system 1000, with the main memory 1004 and the processor 1002 also constituting machine-readable media 1022.
  • While the machine-readable medium 1022 is shown in an example embodiment to be a single medium, the term “machine-readable medium” can include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more instructions or data structures 1024. The term “machine-readable medium” shall also be taken to include any tangible medium that is capable of storing, encoding or carrying instructions 1024 for execution by the machine and that cause the machine to perform any one or more of the methodologies of the present disclosure, or that is capable of storing, encoding or carrying data structures utilized by or associated with such instructions 1024. The term “machine-readable medium” shall accordingly be taken to include, but not be limited to, solid-state memories, and optical and magnetic media. Specific examples of machine-readable media 1022 include non-volatile memory, including by way of example semiconductor memory devices, e.g., erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), and flash memory devices; magnetic disks such as internal hard disks and removable disks; magneto-optical disks; and CD-ROM and DVD-ROM disks.
  • Transmission Medium
  • The instructions 1024 can further be transmitted or received over a communications network 1026 using a transmission medium. The instructions 1024 can be transmitted using the network interface device 1020 and any one of a number of well-known transfer protocols (e.g., HTTP). Examples of communication networks include a local area network (LAN), a wide area network (WAN), the Internet, mobile telephone networks, plain old telephone (POTS) networks, and wireless data networks (e.g., WiFi and WiMax networks). The term “transmission medium” shall be taken to include any intangible medium that is capable of storing, encoding, or carrying instructions 1024 for execution by the machine, and includes digital or analog communications signals or other intangible media to facilitate communication of such software.
  • Although an embodiment has been described with reference to specific example embodiments, it will be evident that various modifications and changes can be made to these embodiments without departing from the broader spirit and scope of the disclosure. Accordingly, the specification and drawings are to be regarded in an illustrative rather than a restrictive sense. The accompanying drawings that form a part hereof, show by way of illustration, and not of limitation, specific embodiments in which the subject matter can be practiced. The embodiments illustrated are described in sufficient detail to enable those skilled in the art to practice the teachings disclosed herein. Other embodiments can be utilized and derived therefrom, such that structural and logical substitutions and changes can be made without departing from the scope of this disclosure. This Detailed Description, therefore, is not to be taken in a limiting sense, and the scope of various embodiments is defined only by the appended claims, along with the full range of equivalents to which such claims are entitled.
  • Such embodiments of the inventive subject matter can be referred to herein, individually and/or collectively, by the term “invention” merely for convenience and without intending to voluntarily limit the scope of this application to any single invention or inventive concept if more than one is in fact disclosed. Thus, although specific embodiments have been illustrated and described herein, it should be appreciated that any arrangement calculated to achieve the same purpose can be substituted for the specific embodiments shown. This disclosure is intended to cover any and all adaptations or variations of various embodiments. Combinations of the above embodiments, and other embodiments not specifically described herein, will be apparent to those of skill in the art upon reviewing the above description.

Claims (20)

1. A method of encrypting files at a client in a cloud-based file system, comprising:
obtaining a first key corresponding to an organization to which the client belongs;
encrypting a first file using the first key; and
transmitting the encrypted first file to a server via a secure channel, for storage in a storage device shared among multiple organizations, the storage device containing one or more files encrypted using keys different than the first key.
2. The method of claim 1, further comprising:
downloading an encrypted second file from the storage device via the secure channel;
obtaining a second key related to the first key and corresponding to the organization to which the client belongs; and
decrypting the encrypted second file using the second key.
3. The method of claim 1, wherein the first key is obtaining from a key management system used to assign keys to a plurality of different organizations.
4. The method of claim 2, further comprising:
obtaining access to the storage device and locating one or more encrypted files belonging to organizations other than the organization to which the client belongs;
attempting to decrypt the one or more encrypted files belonging to organizations other than the organization to which the client belongs, using the first key; and
receiving an indication that the attempt to decrypt the one or more encrypted files belonging to organizations other than the organization to which the client belongs, using the first key, has failed.
5. The method of claim 1, wherein no other keys than the first key correspond to the organization.
6. The method of claim 1, wherein the organization is a company.
7. The method of claim 1, wherein the organization is a division of a company.
8. A system comprising:
a client device comprising:
one or more processors;
a memory;
a client application executable by the one or more processors and configured to:
obtain a first key corresponding to an organization to which the client belongs;
encrypt a first file using the first key; and
transmit the encrypted first file to a server via a secure channel, for storage in a storage device shared among multiple organizations, the storage device containing one or more files encrypted using keys different than the first key.
9. The system of claim 8, wherein the client application is further configured to:
download an encrypted second file from the storage device via the secure channel;
obtain a second key related to the first key and corresponding to the organization to which the client belongs; and
decrypt the encrypted second file using the second key.
10. The system of claim 8, wherein the first key is obtaining from a key management system used to assign keys to a plurality of different organizations.
11. The system of claim 9, wherein the client application is further configured to:
obtain access to the storage device and locating one or more encrypted files belonging to organizations other than the organization to which the client belongs;
attempt to decrypt the one or more encrypted files belonging to organizations other than the organization to which the client belongs, using the first key; and
receive an indication that the attempt to decrypt the one or more encrypted files belonging to organizations other than the organization to which the client belongs, using the first key, has failed.
12. The system of claim 8, wherein no other keys than the first key correspond to the organization.
13. The system of claim 8, wherein the organization is a company.
14. The system of claim 8, wherein the organization is a division of a company.
15. A non-transitory machine-readable storage medium comprising instructions, which when implemented by one or more machines, cause the one or more machines to perform operations comprising:
obtaining a first key corresponding to an organization to which the client belongs;
encrypting a first file using the first key; and
transmitting the encrypted first file to a server via a secure channel, for storage in a storage device shared among multiple organizations, the storage device containing one or more files encrypted using keys different than the first key.
16. The non-transitory machine-readable storage medium of claim 15, further comprising:
downloading an encrypted second file from the storage device via the secure channel;
obtaining a second key related to the first key and corresponding to the organization to which the client belongs; and
decrypting the encrypted second file using the second key.
17. The non-transitory machine-readable storage medium of claim 15, wherein the first key is obtaining from a key management system used to assign keys to a plurality of different organizations.
18. The non-transitory machine-readable storage medium of claim 16, further comprising:
obtaining access to the storage device and locating one or more encrypted files belonging to organizations other than the organization to which the client belongs;
attempting to decrypt the one or more encrypted files belonging to organizations other than the organization to which the client belongs, using the first key; and
receiving an indication that the attempt to decrypt the one or more encrypted files belonging to organizations other than the organization to which the client belongs, using the first key, has failed.
19. The non-transitory machine-readable storage medium of claim 15, wherein no other keys than the first key correspond to the organization.
20. The non-transitory machine-readable storage medium of claim 15, wherein the organization is a company.
US14/271,918 2013-05-08 2014-05-07 Client-side encryption Abandoned US20140372750A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/271,918 US20140372750A1 (en) 2013-05-08 2014-05-07 Client-side encryption

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201361820793P 2013-05-08 2013-05-08
US14/271,918 US20140372750A1 (en) 2013-05-08 2014-05-07 Client-side encryption

Publications (1)

Publication Number Publication Date
US20140372750A1 true US20140372750A1 (en) 2014-12-18

Family

ID=51865582

Family Applications (4)

Application Number Title Priority Date Filing Date
US14/271,846 Active 2037-04-06 US10248803B2 (en) 2013-05-08 2014-05-07 Internal folder sharing
US14/271,918 Abandoned US20140372750A1 (en) 2013-05-08 2014-05-07 Client-side encryption
US14/271,798 Abandoned US20140337290A1 (en) 2013-05-08 2014-05-07 Secure synchronization of files
US16/278,321 Pending US20190180044A1 (en) 2013-05-08 2019-02-18 Internal folder sharing

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US14/271,846 Active 2037-04-06 US10248803B2 (en) 2013-05-08 2014-05-07 Internal folder sharing

Family Applications After (2)

Application Number Title Priority Date Filing Date
US14/271,798 Abandoned US20140337290A1 (en) 2013-05-08 2014-05-07 Secure synchronization of files
US16/278,321 Pending US20190180044A1 (en) 2013-05-08 2019-02-18 Internal folder sharing

Country Status (2)

Country Link
US (4) US10248803B2 (en)
WO (1) WO2015171846A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104579690A (en) * 2015-01-23 2015-04-29 济南同智伟业软件股份有限公司 Cloud terminal KEY system and using method
CN107395612A (en) * 2017-08-08 2017-11-24 四川长虹电器股份有限公司 Realize the System and method for of network disk data safety
US10248803B2 (en) 2013-05-08 2019-04-02 Intermedia.Net, Inc. Internal folder sharing
US11088829B2 (en) * 2018-09-04 2021-08-10 International Business Machines Corporation Securing a path at a node
US11444754B1 (en) * 2021-12-30 2022-09-13 Monday.com Ltd. Tenant level encryption
US11563588B2 (en) 2018-09-04 2023-01-24 International Business Machines Corporation Securing a path at a selected node
US11610012B1 (en) * 2019-11-26 2023-03-21 Gobeep, Inc. Systems and processes for providing secure client controlled and managed exchange of data between parties

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160140139A1 (en) * 2014-11-17 2016-05-19 Microsoft Technology Licensing, Llc Local representation of shared files in disparate locations
US10277601B1 (en) 2015-05-11 2019-04-30 Google Llc System and method for recursive propagating application access control
US11470131B2 (en) * 2017-07-07 2022-10-11 Box, Inc. User device processing of information from a network-accessible collaboration system
US11055261B2 (en) * 2018-02-28 2021-07-06 Microsoft Technology Licensing, Llc In-application support for topological changes to files during remote synchronization

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120166818A1 (en) * 2010-08-11 2012-06-28 Orsini Rick L Systems and methods for secure multi-tenant data storage
US20120265976A1 (en) * 2011-04-18 2012-10-18 Bank Of America Corporation Secure Network Cloud Architecture

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6324587B1 (en) * 1997-12-23 2001-11-27 Microsoft Corporation Method, computer program product, and data structure for publishing a data object over a store and forward transport
US6564369B1 (en) * 1998-08-20 2003-05-13 Pearson Technical Software, Inc. Conflict checking using configuration images
US6401079B1 (en) * 1999-10-01 2002-06-04 Inleague, Inc. System for web-based payroll and benefits administration
US8793374B2 (en) * 1999-12-02 2014-07-29 Western Digital Technologies, Inc. Managed peer-to-peer applications, systems and methods for distributed data access and storage
US7761497B1 (en) 2001-07-13 2010-07-20 Vignette Software, LLC Storage medium having a manageable file directory structure
JP2005078612A (en) * 2003-09-04 2005-03-24 Hitachi Ltd File sharing system, and file transfer method between file sharing systems
US20070130143A1 (en) * 2005-12-05 2007-06-07 Wenbing Zhang System and Method for File Sharing and Collaboration on the Internet
US7860825B2 (en) * 2006-05-08 2010-12-28 Palm, Inc. Method for synchronizing software application and user data for asynchronous client-server and peer to peer computer networks
US8099605B1 (en) * 2006-06-05 2012-01-17 InventSec AB Intelligent storage device for backup system
US20080005195A1 (en) * 2006-06-30 2008-01-03 Microsoft Corporation Versioning synchronization for mass p2p file sharing
US20080163743A1 (en) * 2007-01-07 2008-07-10 Freedman Gordon J Synchronization methods and systems
US8204856B2 (en) * 2007-03-15 2012-06-19 Google Inc. Database replication
US9401957B2 (en) * 2007-09-14 2016-07-26 International Business Machines Corporation System and method for synchronization between servers
WO2012070930A1 (en) * 2010-11-24 2012-05-31 Greenflower Intercode Holding B.V. User -friendly method and system for compiling a unique sample code for a digital sample with the help of a user - interface
US20120180073A1 (en) * 2011-01-06 2012-07-12 Hung Hin Leung Mobile Device Application Framework
EP2729877A4 (en) * 2011-07-08 2015-06-17 Box Inc Desktop application for access and interaction with workspaces in a cloud-based content management system and synchronization mechanisms thereof
US9307006B2 (en) 2012-04-11 2016-04-05 Salesforce.Com, Inc. System and method for synchronizing data objects in a cloud based social networking environment
US20130282830A1 (en) 2012-04-23 2013-10-24 Google, Inc. Sharing and synchronizing electronically stored files
US8862561B1 (en) * 2012-08-30 2014-10-14 Google Inc. Detecting read/write conflicts
US9400800B2 (en) * 2012-11-19 2016-07-26 Palo Alto Research Center Incorporated Data transport by named content synchronization
US10248803B2 (en) 2013-05-08 2019-04-02 Intermedia.Net, Inc. Internal folder sharing

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120166818A1 (en) * 2010-08-11 2012-06-28 Orsini Rick L Systems and methods for secure multi-tenant data storage
US20120265976A1 (en) * 2011-04-18 2012-10-18 Bank Of America Corporation Secure Network Cloud Architecture

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10248803B2 (en) 2013-05-08 2019-04-02 Intermedia.Net, Inc. Internal folder sharing
CN104579690A (en) * 2015-01-23 2015-04-29 济南同智伟业软件股份有限公司 Cloud terminal KEY system and using method
CN107395612A (en) * 2017-08-08 2017-11-24 四川长虹电器股份有限公司 Realize the System and method for of network disk data safety
US11088829B2 (en) * 2018-09-04 2021-08-10 International Business Machines Corporation Securing a path at a node
US11522681B2 (en) 2018-09-04 2022-12-06 International Business Machines Corporation Securing a path at a node
US11563588B2 (en) 2018-09-04 2023-01-24 International Business Machines Corporation Securing a path at a selected node
US11610012B1 (en) * 2019-11-26 2023-03-21 Gobeep, Inc. Systems and processes for providing secure client controlled and managed exchange of data between parties
US11841960B1 (en) * 2019-11-26 2023-12-12 Gobeep, Inc. Systems and processes for providing secure client controlled and managed exchange of data between parties
US11444754B1 (en) * 2021-12-30 2022-09-13 Monday.com Ltd. Tenant level encryption

Also Published As

Publication number Publication date
US20190180044A1 (en) 2019-06-13
US20140337386A1 (en) 2014-11-13
WO2015171846A1 (en) 2015-11-12
US20140337290A1 (en) 2014-11-13
US10248803B2 (en) 2019-04-02

Similar Documents

Publication Publication Date Title
US20140372750A1 (en) Client-side encryption
US20220376910A1 (en) Encrypted file storage
US10762229B2 (en) Secure searchable and shareable remote storage system and method
US11374749B2 (en) Key encryption key (KEK) rotation for multi-tenant (MT) system
US9647836B2 (en) Secure storage for shared documents
US9137222B2 (en) Crypto proxy for cloud storage services
US9430211B2 (en) System and method for sharing information in a private ecosystem
US9141647B2 (en) Configuration protection for providing security to configuration files
US9129112B2 (en) Methods, systems and machine-readable media for providing security services
US20140115327A1 (en) Trust services data encryption for multiple parties
KR20190103159A (en) System and method for streaming media
US20170279720A1 (en) Real-Time Logs
US10142100B2 (en) Managing user-controlled security keys in cloud-based scenarios
US9954828B1 (en) Protection of data stored in the cloud
AU2023219920A1 (en) Utilizing encryption key exchange and rotation to share passwords via a shared folder
US10540522B2 (en) Storing data securely in a database
US11455103B2 (en) Cloud secured storage system utilizing multiple cloud servers with processes of file segmentation, encryption and generation of data chunks
WO2022240728A1 (en) Location-key encryption system
TW201315191A (en) Re-encryption method based on full row matrix

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERMEDIA.NET, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ANTONENKOV, LEONID;ROMANOVSKIY, SERGEY;URALTSEV, NIKITA;AND OTHERS;SIGNING DATES FROM 20140502 TO 20140505;REEL/FRAME:032841/0798

AS Assignment

Owner name: SUNTRUST BANK, AS ADMINISTRATIVE AGENT, GEORGIA

Free format text: FIRST LIEN PATENT SECURITY AGREEMENT;ASSIGNOR:INTERMEDIA.NET, INC.;REEL/FRAME:041590/0122

Effective date: 20170201

Owner name: SUNTRUST BANK, AS ADMINISTRATIVE AGENT, GEORGIA

Free format text: SECOND LIEN PATENT SECURITY AGREEMENT;ASSIGNOR:INTERMEDIA.NET, INC.;REEL/FRAME:041590/0158

Effective date: 20170201

AS Assignment

Owner name: TORONTO DOMINION (TEXAS) LLC, CANADA

Free format text: INTELLECTUAL PROPERTY SECURITY INTEREST ASSIGNMENT AGREEMENT REEL/FRAME 041590/0122;ASSIGNOR:SUNTRUST BANK;REEL/FRAME:047411/0415

Effective date: 20180719

AS Assignment

Owner name: INTERMEDIA.NET, INC., CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECOND LIEN SECURITY INTEREST IN PATENTS, RECORDED AT REEL 014590, FRAME 0192;ASSIGNOR:SUNTRUST BANK;REEL/FRAME:046610/0041

Effective date: 20180719

Owner name: INTERMEDIA.NET, INC., CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECOND LIEN SECURITY INTEREST IN PATENTS;ASSIGNOR:SUNTRUST BANK;REEL/FRAME:046619/0417

Effective date: 20180723

Owner name: ACCESSLINE COMMUNICATIONS CORPORATION, CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECOND LIEN SECURITY INTEREST IN PATENTS;ASSIGNOR:SUNTRUST BANK;REEL/FRAME:046619/0417

Effective date: 20180723

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STCV Information on status: appeal procedure

Free format text: NOTICE OF APPEAL FILED

STCV Information on status: appeal procedure

Free format text: APPEAL BRIEF (OR SUPPLEMENTAL BRIEF) ENTERED AND FORWARDED TO EXAMINER

STCV Information on status: appeal procedure

Free format text: EXAMINER'S ANSWER TO APPEAL BRIEF MAILED

STCV Information on status: appeal procedure

Free format text: ON APPEAL -- AWAITING DECISION BY THE BOARD OF APPEALS

STCV Information on status: appeal procedure

Free format text: BOARD OF APPEALS DECISION RENDERED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION