公开(公告)号：US20170286696A1

公开(公告)日：2017-10-05

申请号：US15476376

申请日：2017-03-31

Applicant: Egnyte, Inc.

Inventor： Sachin Shetty ,  Amrit Jassal ,  Krishanu Lahiri ,  Yogesh Rai ,  Manoj Chauhan ,  Leszek Jakubowski ,  Shishir Sharma

IPC: G06F21/60 ,  H04L9/06 ,  H04L29/06 ,  H04L9/14 ,  H04L9/08

Abstract: Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

公开(公告)号：US20170286695A1

公开(公告)日：2017-10-05

申请号：US15476223

申请日：2017-03-31

Applicant: Egnyte, Inc.

Inventor： Sachin Shetty ,  Amrit Jassal ,  Krishanu Lahiri ,  Yogesh Rai ,  Manoj Chauhan ,  Leszek Jakubowski ,  Shishir Sharma

IPC: G06F21/60 ,  H04L29/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/06

Abstract: Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.