Some content of this application is unavailable at the moment.
If this situation persist, please contact us atFeedback&Contact
1. (WO2013148052) SYSTEMS AND METHODS FOR SECURE THIRD-PARTY DATA STORAGE
Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

WHAT IS CLAIMED IS:

1. A computer-implemented method for secure third-party data storage, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

identifying, at the server-side computing device, a request from a client system to access an encrypted file stored under a user account, wherein the requested access requires decryption of the encrypted file;

identifying, in response to the request, an asymmetric key pair designated for the user account, the asymmetric key pair comprising an encryption key and a decryption key that has been encrypted with a client-side key;

receiving, from the client system, the client-side key;

decrypting the decryption key with the client-side key;

using the decryption key to access an unencrypted version of the encrypted file.

2. The computer-implemented method of claim 1 , wherein using the decryption key to access the encrypted file comprises:

identifying a file key used to encrypt the encrypted file, wherein the file key is encrypted with the encryption key;

decrypting the file key with the decryption key;

decrypting the encrypted file with the file key.

3. The computer-implemented method of claim 1 , wherein:

accessing the encrypted file comprises providing access to the unencrypted version of the encrypted file to an additional user account;

an additional asymmetric key pair is designated for the additional user account, the additional asymmetric key pair comprising an additional encryption key and an additional decryption key that has been encrypted with an additional client-side key.

4. The computer-implemented method of claim 3, wherein providing access to the unencrypted version of the encrypted file to the additional user account comprises:

identifying a file key used to encrypt the encrypted file, wherein the file key is encrypted with the encryption key;

decrypting the file key with the decryption key;

encrypting a copy of the file key with the additional encryption key.

5. The computer-implemented method of claim 1 , wherein accessing the encrypted file comprises transmitting the unencrypted version of the encrypted file to the client system.

6. The computer-implemented method of claim 1 , wherein using the decryption key to access the unencrypted version of the encrypted file comprises generating metadata describing the unencrypted version of the encrypted file.

7. The computer-implemented method of claim 6, wherein generating the metadata describing the unencrypted version of the encrypted file comprises at least one of:

performing a security scan on the unencrypted version of the encrypted file; indexing the unencrypted version of the encrypted file based on content within the unencrypted version of the encrypted file;

generating a preview of the unencrypted version of the encrypted file based on content within the unencrypted version of the encrypted file.

8. The computer-implemented method of claim 1 , further comprising: receiving the unencrypted version of the encrypted file from the client system;

generating the encrypted file by:

generating a file key based on at least one characteristic of the unencrypted version of the encrypted file;

encrypting the unencrypted version of the encrypted file with the file key;

encrypting the file key with the encryption key.

9. The computer-implemented method of claim 8, further comprising deduplicating the encrypted file with an additional encrypted file that is encrypted with the file key.

10. The computer-implemented method of claim 1 , wherein receiving the client-side key comprises storing the client-side key in volatile memory without storing the client-side key in non-volatile memory.

1 1. The computer-implemented method of claim 1 , further comprising: identifying an additional user account designated to access the unencrypted version of the encrypted file, wherein an additional asymmetric key pair is designated for the additional user account, the additional asymmetric key pair comprising an additional encryption key and an additional decryption key that has been encrypted with an additional client-side key;

encrypting the decryption key with the additional encryption key.

12. The computer-implemented method of claim 11 , further comprising: identifying an additional request from an additional client system to further access the encrypted file via the additional user account, wherein the additional requested access requires decryption of the encrypted file;

decrypting the decryption key with the additional decryption key;

using the decryption key to access the unencrypted version of the encrypted file via the additional user account.

13. The computer-implemented method of claim 1 , wherein using the decryption key to access the unencrypted version of the encrypted file comprises: identifying an additional asymmetric key pair designated for a plurality of user accounts comprising the user account, the additional asymmetric key pair comprising an additional encryption key and an additional decryption key that has been encrypted with the encryption key;

decrypting the additional decryption key with the decryption key;

identifying a file key used to encrypt the encrypted file, wherein the file key is encrypted with the additional encryption key;

decrypting the file key with the additional decryption key;

decrypting the encrypted file with the file key.

14. A system for secure third-party data storage, the system comprising: an identification module programmed to identify, at the server-side computing device, a request from a client system to access an encrypted file stored under a user account, wherein the requested access requires decryption of the encrypted file; a key module programmed to identify, in response to the request, an asymmetric key pair designated for the user account, the asymmetric key pair comprising an encryption key and a decryption key that has been encrypted with a client-side key;

a receiving module programmed to receive, from the client system, the client-side key;

a decryption module programmed to decrypt the decryption key with the client-side key;

an access module programmed to use the decryption key to access an unencrypted version of the encrypted file;

at least one processor configured to execute the identification module, the key module, the receiving module, the decryption module, and the access module.

15. The system of claim 14, wherein the access module is programmed to use the decryption key to access the encrypted file by:

identifying a file key used to encrypt the encrypted file, wherein the file key is encrypted with the encryption key;

decrypting the file key with the decryption key;

decrypting the encrypted file with the file key.

16. The system of claim 14, wherein:

the access module is programmed to access the encrypted file by providing access to the unencrypted version of the encrypted file to an additional user account; an additional asymmetric key pair is designated for the additional user account, the additional asymmetric key pair comprising an additional encryption key and an additional decryption key that has been encrypted with an additional client-side key.

17. The system of claim 16, wherein the access module is programmed to provide access to the unencrypted version of the encrypted file to the additional user account by:

identifying a file key used to encrypt the encrypted file, wherein the file key is encrypted with the encryption key;

decrypting the file key with the decryption key;

encrypting a copy of the file key with the additional encryption key.

18. The system of claim 14, wherein the access module is programmed to access the encrypted file by transmitting the unencrypted version of the encrypted file to the client system.

19. The system of claim 14, wherein the access module is programmed to use the decryption key to access the unencrypted version of the encrypted file by generating metadata describing the unencrypted version of the encrypted file.

20. A computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:

identify, at the server-side computing device, a request from a client system to access an encrypted file, wherein the requested access requires decryption of the encrypted file;

identify, in response to the request, an asymmetric key pair comprising an encryption key and a decryption key that has been encrypted with a client-side key; receive, from the client system, the client-side key;

decrypt the decryption key with the client-side key;

use the decryption key to access an unencrypted version of the encrypted file.