公开(公告)号：US09817981B2

公开(公告)日：2017-11-14

申请号：US15350038

申请日：2016-11-12

Applicant: Fortinet, Inc.

Inventor： David A. Redberg

IPC: H04L29/06 ,  G06F21/00 ,  G06F21/60 ,  G06F17/30 ,  G06F21/62 ,  H04L9/06

CPC classification number: G06F21/6227 ,  G06F17/30106 ,  G06F17/3012 ,  G06F17/30194 ,  G06F21/60 ,  G06F21/602 ,  G06F21/6218 ,  G06F21/6272 ,  H04L9/0631 ,  H04L63/02 ,  H04L63/06 ,  H04L63/20

Abstract: Methods and systems for secure cloud storage are provided. According to one embodiment, a gateway maintains multiple cryptographic keys. A file that is to be stored across multiple third-party cloud storage services is received by the gateway from a user of an enterprise network. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) existence of data is identified within the chunk associated with one or more predefined search indices; (ii) searchable encrypted metadata is generated based on the identified data and a selected cryptographic key; (iii) an encrypted version of the chunk is generated; and (iv) a file is created within the directory in which a name attribute includes the searchable encrypted metadata and the file content includes the encrypted chunk.

公开(公告)号：US10009340B2

公开(公告)日：2018-06-26

申请号：US15080963

申请日：2016-03-25

Applicant: Fortinet, Inc.

Inventor： David A. Redberg

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06

CPC classification number: H04L63/0838 ,  H04L63/0861 ,  H04L63/10 ,  H04L2463/082

Abstract: A network-based multi-factor authentication approach is provided. A request to access a protected network resource and user credentials are received from a client by an application server hosting the resource. Attributes associated with the request are obtained. After determining the credentials are valid, the access attributes are provided to an authentication server. A first OTP is generated by the authentication server. The client is caused to seek confirmation from the user regarding the request and the associated attributes, by sending a push notification to the client. Responsive to authentication of the user to an OTP generator application running on the client via a biometric sensor or a PIN associated with the client: (i) a second OTP is generated by the OTP generator; and (ii) the application server is caused to grant the request by the OTP generator sending the second OTP to the application server or to the authentication server.

公开(公告)号：US20170279795A1

公开(公告)日：2017-09-28

申请号：US15080963

申请日：2016-03-25

Applicant: Fortinet, Inc.

Inventor： David A. Redberg

IPC: H04L29/06

CPC classification number: H04L63/0838 ,  H04L63/0861 ,  H04L63/10 ,  H04L2463/082

Abstract: A network-based multi-factor authentication approach is provided. A request to access a protected network resource and user credentials are received from a client by an application server hosting the resource. Attributes associated with the request are obtained. After determining the credentials are valid, the access attributes are provided to an authentication server. A first OTP is generated by the authentication server. The client is caused to seek confirmation from the user regarding the request and the associated attributes, by sending a push notification to the client. Responsive to authentication of the user to an OTP generator application running on the client via a biometric sensor or a PIN associated with the client: (i) a second OTP is generated by the OTP generator; and (ii) the application server is caused to grant the request by the OTP generator sending the second OTP to the application server or to the authentication server.

公开(公告)号：US10083309B2

公开(公告)日：2018-09-25

申请号：US15810871

申请日：2017-11-13

Applicant: Fortinet, Inc.

Inventor： David A. Redberg

IPC: H04L29/06 ,  G06F21/00 ,  G06F21/60 ,  G06F17/30 ,  G06F21/62 ,  H04L9/06

CPC classification number: G06F21/602 ,  G06F16/148 ,  G06F16/164 ,  G06F16/182 ,  G06F21/60 ,  G06F21/6218 ,  G06F21/6227 ,  G06F21/6272 ,  H04L9/0631 ,  H04L63/02 ,  H04L63/06 ,  H04L63/20 ,  H05K999/99

Abstract: Methods and systems for secure cloud storage are provided. According to one embodiment, file storage policies are maintained for users of an enterprise network by a trusted gateway device interposed between the network and multiple third-party cloud storage services. Responsive to receiving a request to store a local file from a user: (i) searchable encrypted data is created by the gateway corresponding to one or more of (a) content of the local file and (b) metadata associated with the local file and (ii) the searchable encrypted data is distributed by the gateway among the cloud storage services based on a storage diversity requirement defined by the user's file storage policy by uploading a subset of the searchable encrypted data to each of the cloud storage services.

公开(公告)号：US10007804B2

公开(公告)日：2018-06-26

申请号：US15379348

申请日：2016-12-14

Applicant: Fortinet, Inc.

Inventor： David A. Redberg

IPC: H04L29/06 ,  G06F21/00 ,  G06F21/62 ,  G06F21/60 ,  G06F17/30

CPC classification number: G06F21/602 ,  G06F16/148 ,  G06F16/164 ,  G06F16/182 ,  G06F21/60 ,  G06F21/6218 ,  G06F21/6227 ,  G06F21/6272 ,  H04L9/0631 ,  H04L63/02 ,  H04L63/06 ,  H04L63/20 ,  H05K999/99

Abstract: Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user, which defines access rights, storage diversity requirements and a type of encryption to be applied to files. Responsive to receiving a request to store a file, (i) searchable encrypted data is created relating to content and/or metadata of the file based on the assigned file storage policy; and (ii) the searchable encrypted data is distributed among the third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy.

公开(公告)号：US20170061141A1

公开(公告)日：2017-03-02

申请号：US15350038

申请日：2016-11-12

Applicant: Fortinet, Inc.

Inventor： David A. Redberg

IPC: G06F21/60 ,  G06F17/30 ,  G06F21/62 ,  H04L9/06 ,  H04L29/06

CPC classification number: G06F21/6227 ,  G06F17/30106 ,  G06F17/3012 ,  G06F17/30194 ,  G06F21/60 ,  G06F21/602 ,  G06F21/6218 ,  G06F21/6272 ,  H04L9/0631 ,  H04L63/02 ,  H04L63/06 ,  H04L63/20

Abstract: Methods and systems for secure cloud storage are provided. According to one embodiment, a gateway maintains multiple cryptographic keys. A file that is to be stored across multiple third-party cloud storage services is received by the gateway from a user of an enterprise network. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) existence of data is identified within the chunk associated with one or more predefined search indices; (ii) searchable encrypted metadata is generated based on the identified data and a selected cryptographic key; (iii) an encrypted version of the chunk is generated; and (iv) a file is created within the directory in which a name attribute includes the searchable encrypted metadata and the file content includes the encrypted chunk.

Abstract translation: 提供了用于安全云存储的方法和系统。 根据一个实施例，网关维护多个加密密钥。 要从多个第三方云存储服务中存储的文件由网关从企业网络的用户接收。 该文件被分区成块。 在具有基于文件名称的加密版本的名称属性的云存储服务中创建目录。 对于每个块：（i）在与一个或多个预定义的搜索索引相关联的块内识别数据的存在; （ii）基于所识别的数据和所选择的加密密钥生成可搜索的加密元数据; （iii）生成块的加密版本; 以及（iv）在名称属性包括可搜索的加密元数据的目录中创建文件，并且文件内容包括加密的块。

公开(公告)号：US09280678B2

公开(公告)日：2016-03-08

申请号：US14094484

申请日：2013-12-02

Applicant: Fortinet, Inc.

Inventor： David A. Redberg

IPC: H04L29/06 ,  G06F21/00 ,  G06F21/62 ,  G06F21/60 ,  G06F17/30

CPC classification number: G06F21/6227 ,  G06F17/30106 ,  G06F17/3012 ,  G06F17/30194 ,  G06F21/60 ,  G06F21/602 ,  G06F21/6218 ,  G06F21/6272 ,  H04L9/0631 ,  H04L63/02 ,  H04L63/06 ,  H04L63/20

Abstract: Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user, which defines access rights, storage diversity requirements and a type of encryption to be applied to files. Responsive to receiving a request to store a file, (i) searchable encrypted data is created relating to content and/or metadata of the file based on the assigned file storage policy; and (ii) the searchable encrypted data is distributed among the third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy.

Abstract translation: 提供了供应商独立和安全的云存储分配和聚合的方法和系统。 根据一个实施例，应用编程接口（API）由逻辑上介于第三方云存储平台和企业用户之间的云存储网关设备提供。 API有助于存储文件，发出针对文件的搜索请求以及检索文件的内容。 文件存储策略被分配给每个用户，其定义访问权限，存储分集要求以及要应用于文件的加密类型。 响应于接收到存储文件的请求，（i）基于所分配的文件存储策略来创建与所述文件的内容和/或元数据有关的可搜索的加密数据; 和（ii）可搜索的加密数据基于由分配的文件存储策略定义的存储分集要求在第三方云存储平台之间分发。

公开(公告)号：US20150363611A1

公开(公告)日：2015-12-17

申请号：US14824769

申请日：2015-08-12

Applicant: Fortinet, Inc.

Inventor： David A. Redberg

IPC: G06F21/62 ,  G06F21/60 ,  H04L29/06

CPC classification number: G06F21/6227 ,  G06F17/30106 ,  G06F17/3012 ,  G06F17/30194 ,  G06F21/60 ,  G06F21/602 ,  G06F21/6218 ,  G06F21/6272 ,  H04L9/0631 ,  H04L63/02 ,  H04L63/06 ,  H04L63/20

Abstract: Methods and systems for secure cloud storage are provided. According to one embodiment, a trusted gateway device establishes and maintains multiple cryptographic keys. A request is received by the gateway from a user of an enterprise network to store a file. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) a cryptographic key is selected; (ii) existence of data is identified within the chunk associated with one or more predefined search indices; (iii) searchable encrypted metadata is generated based on the identified data and the selected cryptographic key; (iv) an encrypted version of the chunk is generated; and (v) a file is created within the directory in which a name attribute includes the searchable encrypted metadata and the file content includes the encrypted chunk.

Abstract translation: 提供了用于安全云存储的方法和系统。 根据一个实施例，可信网关设备建立并维护多个加密密钥。 网关从企业网络的用户接收请求以存储文件。 该文件被分区成块。 在具有基于文件名称的加密版本的名称属性的云存储服务中创建目录。 对于每个块：（i）选择密码密钥; （ii）在与一个或多个预定义的搜索索引相关联的块内识别出数据的存在; （iii）基于所识别的数据和所选择的密码密钥生成可搜索的加密元数据; （iv）生成块的加密版本; 和（v）在名称属性包括可搜索加密的元数据的目录中创建文件，并且文件内容包括加密的块。

公开(公告)号：US10057763B2

公开(公告)日：2018-08-21

申请号：US15154977

申请日：2016-05-14

Applicant: Fortinet, Inc.

Inventor： David A. Redberg ,  Jun Li

IPC: H04W8/24 ,  H04L29/06 ,  H04W12/04 ,  H04W12/06 ,  H04L9/14 ,  H04L9/30 ,  H04L9/32 ,  H04W88/02

CPC classification number: H04W8/245 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3242 ,  H04L63/0272 ,  H04L63/0442 ,  H04L63/06 ,  H04L63/067 ,  H04L63/083 ,  H04L63/0838 ,  H04L63/0876 ,  H04L63/10 ,  H04L2209/80 ,  H04W12/00512 ,  H04W12/04 ,  H04W12/06 ,  H04W88/02

Abstract: Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment, a user of a mobile device is prompted to input an activation code previously provided to the user by an authentication server, which authenticates credentials provided by users of a secure network resource that is accessible via an IP-based network. A unique device ID of the mobile device is obtained via an API of an operating system of the mobile device. A seed is requested from a provisioning server. The seed is received in encrypted form based on a combination of a secret key, the unique device ID and a hardcoded-pre-shared key. The seed is bound to the mobile device by encrypting the seed based on the unique device ID. When a token is requested by the user it is generated based on the bound seed.

公开(公告)号：US20180068125A1

公开(公告)日：2018-03-08

申请号：US15810871

申请日：2017-11-13

Applicant: Fortinet, Inc.

Inventor： David A. Redberg

IPC: G06F21/60 ,  H04L29/06 ,  H04L9/06 ,  G06F21/62 ,  G06F17/30

CPC classification number: G06F21/6227 ,  G06F17/30106 ,  G06F17/3012 ,  G06F17/30194 ,  G06F21/60 ,  G06F21/602 ,  G06F21/6218 ,  G06F21/6272 ,  H04L9/0631 ,  H04L63/02 ,  H04L63/06 ,  H04L63/20

Abstract: Methods and systems for secure cloud storage are provided. According to one embodiment, file storage policies are maintained for users of an enterprise network by a trusted gateway device interposed between the network and multiple third-party cloud storage services. Responsive to receiving a request to store a local file from a user: (i) searchable encrypted data is created by the gateway corresponding to one or more of (a) content of the local file and (b) metadata associated with the local file and (ii) the searchable encrypted data is distributed by the gateway among the cloud storage services based on a storage diversity requirement defined by the user's file storage policy by uploading a subset of the searchable encrypted data to each of the cloud storage services.