| CPC H04L 9/14 (2013.01) [H04L 9/0877 (2013.01)] | 14 Claims |
|
1. A method comprising:
receiving a request to access a plurality of blocks making up an object by a service of a content management system;
determining whether a user account requesting the plurality of blocks making up the object possesses a namespace encryption key, wherein an encrypted version of the namespace encryption key is stored at the content management system, the encrypted version of the namespace encryption key is encrypted using a top-level encryption key;
sending the encrypted version of the namespace encryption key to a key management service;
in response to sending the encrypted version of the namespace encryption key, receiving, by the service associated with the content management system, a decrypted version of the namespace encryption key from the key management service;
storing the decrypted version of the namespace encryption key in a namespace encryption key database at the content management system;
requesting, by the service associated with the content management system, the decrypted version of the namespace encryption key from the namespace encryption key database;
receiving, by the service associated with the content management system, the decrypted version of the namespace encryption key from the namespace encryption key database;
when the user account requesting the plurality of blocks making up the object also possesses access permissions for the object associated with the namespace encryption key, accessing the plurality of blocks making up the object from a storage system at the content management system and respective block encryption keys encrypting the plurality of blocks, wherein the respective block encryption keys are encrypted using the namespace encryption key;
decrypting the respective block encryption keys using the decrypted version of the namespace encryption key; and
decrypting the plurality of blocks using the respective block encryption keys.
|