Systems and methods for proxying encryption key communications between a cloud storage system and a customer security module

Assignee

• Egnyte, Inc. · US

Inventors

• Sachin Shetty · Mumbai, IN
• Amrit Jassal · معلمی نژاد, US
• Krishanu Lahiri · San Jose, US
• Yogesh Rai · Mountain View, US
• Manoj Chauhan · Mountain View, US
• Leszek Jakubowski · Poznań, PL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/062
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.