Cloud storage encryption
US10043029B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Nov 15, 2017 |
| Grant date | Aug 7, 2018 |
| Priority date | — |
| Expiry date | Nov 15, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/062
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Techniques are disclosed for securing data in a cloud storage. Plaintext files are stored as secured, encrypted files in the cloud. The ciphering scheme employs per-block authenticated encryption and decryption. A unique file-key is used to encrypt each file. The file-key is wrapped by authenticated encryption in a wrapping-key that may be shared between files. A centralized security policy contains policy definitions which determine which files will share the wrapping-key. Wrapping-keys are stored in a KMIP compliant key manager which may be backed by a hardware security module (HSM). File metadata is further protected by a keyed-hash message authentication code (HMAC). A policy engine along with administrative tools enforce the security policy which also remains encrypted in the system.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.