Dispersed storage network secure hierarchical file directory
First Claim
1. A method for execution by a processing module to generate a secure hierarchical file directory system, the method comprises:
- creating a file directory entry in a directory file of the secure hierarchical file directory system for a file, wherein the file directory entry includes a path name for the file, an encryption access control list, and a source name of the file, wherein the file is encrypted with a key, wherein the key is encrypted with each public key of a set of user devices that is authorized to access the file to produce a set of object content keys, and wherein the encryption access control list includes identities of the set of user devices and the set of object content keys;
encrypting the directory file using a second key to produce an encrypted directory file;
generating a second set of object content keys based on the second key and public keys of a second set of user devices authorized to access the directory file; and
creating a next level directory file entry in a next higher directory file of the secure hierarchical file directory system for the directory file, wherein the next level file directory entry includes a next level path name for the file directory, a second encryption access control list, and a second source name of the file directory, and wherein the second encryption access control list includes the second set of object content keys and identities of the second set of user devices, wherein the second set of user devices includes the first set of user devices.
5 Assignments
0 Petitions
Accused Products
Abstract
A method includes creating a file directory entry in a directory file of a secure hierarchical file directory system for a file. The file directory entry includes a path name, an encryption access control list, and a source name. The file is encrypted with a key and the key is encrypted with each public key of user devices authorized to access the file. The encryption access control list includes identities of the set of user devices and the set of object content keys. The method further includes encrypting the directory file using a second key. The method further includes generating second object content keys based on the second key and public keys of second user devices authorized to access the directory file. The method further includes creating a next level directory file entry in a next higher directory file of the secure hierarchical file directory system for the directory file.
97 Citations
8 Claims
-
1. A method for execution by a processing module to generate a secure hierarchical file directory system, the method comprises:
-
creating a file directory entry in a directory file of the secure hierarchical file directory system for a file, wherein the file directory entry includes a path name for the file, an encryption access control list, and a source name of the file, wherein the file is encrypted with a key, wherein the key is encrypted with each public key of a set of user devices that is authorized to access the file to produce a set of object content keys, and wherein the encryption access control list includes identities of the set of user devices and the set of object content keys; encrypting the directory file using a second key to produce an encrypted directory file; generating a second set of object content keys based on the second key and public keys of a second set of user devices authorized to access the directory file; and creating a next level directory file entry in a next higher directory file of the secure hierarchical file directory system for the directory file, wherein the next level file directory entry includes a next level path name for the file directory, a second encryption access control list, and a second source name of the file directory, and wherein the second encryption access control list includes the second set of object content keys and identities of the second set of user devices, wherein the second set of user devices includes the first set of user devices. - View Dependent Claims (2, 3, 4)
-
-
5. A dispersed storage (DS) module comprises:
a processing system including a processing module and a memory, wherein the processing system is configured to; create a file directory entry in a directory file of the secure hierarchical file directory system for a file, wherein the file directory entry includes a path name for the file, an encryption access control list, and a source name of the file, wherein the file is encrypted with a key, wherein the key is encrypted with each public key of a set of user devices that is authorized to access the file to produce a set of object content keys, and wherein the encryption access control list includes identities of the set of user devices and the set of object content keys; encrypt the directory file using a second key to produce an encrypted directory file; generate a second set of object content keys based on the second key and public keys of a second set of user devices authorized to access the directory file; and create a next level directory file entry in a next higher directory file of the secure hierarchical file directory system for the directory file, wherein the next level file directory entry includes a next level path name for the file directory, a second encryption access control list, and a second source name of the file directory, and wherein the second encryption access control list includes the second set of object content keys and identities of the second set of user devices, wherein the second set of user devices includes the first set of user devices. - View Dependent Claims (6, 7, 8)
Specification