An End-to-End Encryption Solution for Enterprise Content Applications

The content host services (like Dropbox, OneDrive, and Google Drive) used by enterprise customers are deployed either on premise or in cloud. Because users may store business-sensitive data (contents) in these hosting services, they may want to protect their data from disclosure to anyone else, even IT administrators. Unfortunately, even contents (files) are encrypted in the hosting services, they sometimes are still accessible to IT administrators today. The sensitive data could be exposed to public if the IT administrator turns malicious (like disgruntled employee) or his account is compromised by hackers. We propose an end-to-end encryption (E2EE) solution to address this challenge. The user data is encrypted at client side (mobile device) and remains encrypted in transit and at rest on server. Specifically, we design a new method to allow master secret recover and escrow, while protecting them from being accessed by malicious administrators. In addition, we present a content (file) encryption scheme that achieves privacy, and granular access control. And it can be seamlessly integrated with major content host services used by business users today.