Cloud storage encryption with variable block sizes
US10873454B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 3, 2018 |
| Grant date | Dec 22, 2020 |
| Priority date | — |
| Expiry date | Jul 19, 2039 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Techniques are disclosed for securing data in a cloud storage. Plaintext files are stored as secured, encrypted files in the cloud. The ciphering scheme employs per-block authenticated encryption and decryption. A unique file-key is used to encrypt each file. The file-key is wrapped by authenticated encryption in a wrapping-key that may be shared between files. A centralized security policy contains policy definitions which determine which files will share the wrapping-key. Wrapping-keys are stored in a KMIP compliant key manager which may be backed by a hardware security module (HSM). File metadata is protected by a keyed-hash message authentication code (HMAC). A policy engine along with administrative tools enforce the security policy which also remains encrypted in the system. Various embodiments support blocks of fixed as well as variable sizes read/written from/to the cloud storage.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.