What technology area does this patent fall under?

Primary CPC classification G06F21/6218. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Sep 20 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Upload and download streaming encryption to/from a cloud-based platform

US9450926B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9450926-B2
Application number	US-201514851798-A
Country	US
Kind code	B2
Filing date	Sep 11, 2015
Priority date	Aug 29, 2012
Publication date	Sep 20, 2016
Grant date	Sep 20, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Embodiments of the present disclosure include systems and methods for upload and/or download streaming encryption to/from an online service, or cloud-based platform or environment. The encryption process includes the following parts: Upload encryption, download decryption, and a central piece of infrastructure called the Interval Key Server (IKS). During both upload and download, the encryption and decryption processes are performed while the files are being uploaded/downloaded, (e.g., the files are being encrypted/decrypted as they are being streamed).

First claim

Opening claim text (preview).

What is claimed is: 1. A computer-implemented encryption method for recovering from a compromised key included in an encryption key pool in a cloud-based collaborative platform comprising: identifying a plurality of data files, the plurality of data files encrypted with a first plurality of encryption keys, wherein the first plurality of encryption keys are included in the encryption key pool; determining a plurality of encryption key files, wherein the plurality of encryption key files are generated by encrypting the first plurality of encryption keys with the compromised key, wherein the compromised key is included in the encryption key pool; adjusting the encryption key pool by: removing the compromised key from the key pool and generating a new key in the encryption key pool; adjusting the plurality of encrypted data files by: decrypting the data files using the compromised key and reencrypting the data files using the new key; and adjusting the plurality of encryption key files by: decrypting the plurality of encryption key files using the compromised key and reencrypting the first plurality of encryption keys using the new key, wherein, the plurality of data files are accessed by and/or collaborated upon among multiple users or collaborators in the cloud-based encryption platform. 2. The computer-implemented method of claim 1 , wherein the new key is generated using a method that is different from a method used to generate the compromised key. 3. The computer-implemented method of claim 1 , wherein adjusting the encryption key pool includes: looking up a table storing entries that identifies mappings between the plurality of data files and the first plurality of encryption keys. 4. The computer-implemented method of claim 1 , wherein the new key includes a bit position set to zero. 5. The computer-implemented method of claim 1 , wherein each key in the first plurality of encryption keys includes a bit position set to one. 6. An apparatus for recovering from a compromised key included in an encryption key pool in a cloud-based collaborative platform, wherein the apparatus includes a hardware processor configured to perform the steps of: identifying a plurality of data files, the plurality of data files encrypted with a first plurality of encryption keys, wherein the first plurality of encryption keys are included in the encryption key pool; determining a plurality of encryption key files, wherein the plurality of encryption key files are generated by encrypting the first plurality of encryption keys with a compromised key and one or more keys in the encryption key pool that precede the compromised key, wherein the compromised key and the one or more keys are included in the encryption key pool; adjusting the encryption key pool by: removing the compromised key and the one or more keys in the encryption key pool that precede the compromised key and generating new keys in the encryption key pool; identifying one or more encrypted data files that are generated by encrypting one or more data files using the compromised key and the one or more keys that precede the compromised key; adjusting one or more encrypted data files by: decrypting the one or more encrypted data files using the compromised key and the one or more keys that precede the compromised key and reencrypting the one or more data files using the new keys; and adjusting the plurality of encryption key files by: decrypting the plurality of encryption key files using the compromised key and the one or more keys that precede the compromised key and reencrypting the first plurality of encryption keys using the new keys, wherein, the plurality of data files are accessed by and/or collaborated upon among multiple users or collaborators in the cloud-based encryption platform. 7. The apparatus of claim 6 , wherein the new keys are generated using a method that is different from a method used to generate the compromised key. 8. The apparatus of claim 6 , wherein adjusting the encryption key pool includes: looking up a table storing entries that identifies mappings between the plurality of data files and the first plurality of encryption keys. 9. The computer-implemented method of claim 6 , wherein each of the new keys includes a bit position set to zero. 10. The computer-implemented method of claim 6 , wherein each key in the first plurality of encryption keys includes a bit position set to one. 11. A non-transitory computer-readable storage medium storing a set of instructions which when executed by a computing system causes the computing system to perform a method of recovering from a compromised key included in an encryption key pool in a cloud-based collaborative platform comprising: identifying a plurality of data files, the plurality of data files encrypted with a first plurality of encryption keys, wherein the first plurality of encryption keys are included in the encryption key pool; determining a plurality of encryption key files, wherein the plurality of encryption key files are generated by encrypting the first plurality of encryption keys with a compromised key and one or more keys in the encryption key pool that precede the compromised key, wherein the compromised key and the one or more keys are included in the encryption key pool; adjusting the encryption key pool by: removing the compromised key and the one or more keys in the encryption key pool that precede the compromised key and generating new keys in the encryption key pool; identifying one or more encrypted data files that are generated by encrypting one or more data files using the compromised key and the one or more keys that precede the compromised key; adjusting one or more encrypted data files by: decrypting the one or more encrypted data files using the compromised key and the one or more keys that precede the compromised key and reencrypting the one or more data files using the new keys; and adjusting the plurality of encryption key files by: decrypting the plurality of encryption key files using the compromised key and the one or more keys that precede the compromised key and reencrypting the first plurality of encryption keys using the new keys, wherein, the plurality of data files are accessed by and/or collaborated upon among multiple users or collaborators in the cloud-based encryption platform. 12. The non-transitory computer-readable storage medium of claim 11 , wherein the new keys are generated using a method that is different from a method used to generate the compromised key. 13. The apparatus of claim 11 , wherein adjusting the encryption key pool includes: looking up a table storing entries that identifies mappings between the plurality of data files and the first plurality of encryption keys. 14. The computer-implemented method of claim 11 , wherein each of the new keys includes a bit position set to zero. 15. The computer-implemented method of claim 11 , wherein each key in the first plurality of encryption keys includes a bit position set to one.

Assignees

Box Inc

Inventors

Classifications

G06F2221/2149
Restricted operating environment · CPC title
G06F21/6209
to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself · CPC title
H04L9/0838
Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these (network architectures or network communication protocols for key exchange in a packet data network H04L63/061) · CPC title
G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
H04L67/06
specially adapted for file transfer, e.g. file transfer protocol [FTP] · CPC title

Patent family

Related publications grouped by family.

View patent family 50189150

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9450926B2 cover?: Embodiments of the present disclosure include systems and methods for upload and/or download streaming encryption to/from an online service, or cloud-based platform or environment. The encryption process includes the following parts: Upload encryption, download decryption, and a central piece of infrastructure called the Interval Key Server (IKS). During both upload and download, the encryption…
Who is the assignee on this patent?: Box Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Sep 20 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).