Dispersed storage network secure hierarchical file directory

US 10,133,609 B2
Filed: 10/26/2017
Issued: 11/20/2018
Est. Priority Date: 12/12/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A method for execution by a processing module to generate a secure hierarchical file directory system, the method comprises:

creating a file directory entry in a directory file of the secure hierarchical file directory system for a file, wherein the file directory entry includes a path name for the file, an encryption access control list, and a source name of the file, wherein the file is encrypted with a key, wherein the key is encrypted with each public key of a set of user devices that is authorized to access the file to produce a set of object content keys, and wherein the encryption access control list includes identities of the set of user devices and the set of object content keys;

encrypting the directory file using a second key to produce an encrypted directory file;

generating a second set of object content keys based on the second key and public keys of a second set of user devices authorized to access the directory file; and

creating a next level directory file entry in a next higher directory file of the secure hierarchical file directory system for the directory file, wherein the next level file directory entry includes a next level path name for the file directory, a second encryption access control list, and a second source name of the file directory, and wherein the second encryption access control list includes the second set of object content keys and identities of the second set of user devices, wherein the second set of user devices includes the first set of user devices.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes creating a file directory entry in a directory file of a secure hierarchical file directory system for a file. The file directory entry includes a path name, an encryption access control list, and a source name. The file is encrypted with a key and the key is encrypted with each public key of user devices authorized to access the file. The encryption access control list includes identities of the set of user devices and the set of object content keys. The method further includes encrypting the directory file using a second key. The method further includes generating second object content keys based on the second key and public keys of second user devices authorized to access the directory file. The method further includes creating a next level directory file entry in a next higher directory file of the secure hierarchical file directory system for the directory file.

97 Citations

View as Search Results

8 Claims

1. A method for execution by a processing module to generate a secure hierarchical file directory system, the method comprises:
- creating a file directory entry in a directory file of the secure hierarchical file directory system for a file, wherein the file directory entry includes a path name for the file, an encryption access control list, and a source name of the file, wherein the file is encrypted with a key, wherein the key is encrypted with each public key of a set of user devices that is authorized to access the file to produce a set of object content keys, and wherein the encryption access control list includes identities of the set of user devices and the set of object content keys;
  
  encrypting the directory file using a second key to produce an encrypted directory file;
  
  generating a second set of object content keys based on the second key and public keys of a second set of user devices authorized to access the directory file; and
  
  creating a next level directory file entry in a next higher directory file of the secure hierarchical file directory system for the directory file, wherein the next level file directory entry includes a next level path name for the file directory, a second encryption access control list, and a second source name of the file directory, and wherein the second encryption access control list includes the second set of object content keys and identities of the second set of user devices, wherein the second set of user devices includes the first set of user devices.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 further comprises:
    - dispersed storage error encoding the encrypted file to produce a plurality of sets of encoded data slices;
      
      generating a plurality of sets of slice names for the plurality of sets of encoded data slices based on the source name of the file; and
      
      sending, based on the plurality of sets of slice names, the plurality of sets of encoded data slices to storage units for storage therein.
  - 3. The method of claim 1 further comprises:
    - dispersed storage error encoding the encrypted directory file to produce a set of encoded data slices;
      
      generating a sets of slice names for the set of encoded data slices based on the source name of the directory file; and
      
      sending, based on the set of slice names, the set of encoded data slices to storage units for storage therein.
  - 4. The method of claim 1 further comprises:
    - encrypting the next level directory file using a third key to produce a second encrypted directory file;
      
      generating a third set of object content keys based on the third key and public keys of a third set of user devices authorized to access the next level directory file; and
      
      creating a subsequent next level directory file entry in a subsequent next higher directory file of the secure hierarchical file directory system for the next level directory file, wherein the subsequent next level file directory entry includes a subsequent next level path name for the next level file directory, a third encryption access control list, and a third source name of the next level file directory, and wherein the third encryption access control list includes identities of the third set of user devices and the third set of object content keys, wherein the third set of user devices includes the second set of user devices.

5. A dispersed storage (DS) module comprises:
- a processing system including a processing module and a memory, wherein the processing system is configured to;
  
  create a file directory entry in a directory file of the secure hierarchical file directory system for a file, wherein the file directory entry includes a path name for the file, an encryption access control list, and a source name of the file, wherein the file is encrypted with a key, wherein the key is encrypted with each public key of a set of user devices that is authorized to access the file to produce a set of object content keys, and wherein the encryption access control list includes identities of the set of user devices and the set of object content keys;
  
  encrypt the directory file using a second key to produce an encrypted directory file;
  
  generate a second set of object content keys based on the second key and public keys of a second set of user devices authorized to access the directory file; and
  
  create a next level directory file entry in a next higher directory file of the secure hierarchical file directory system for the directory file, wherein the next level file directory entry includes a next level path name for the file directory, a second encryption access control list, and a second source name of the file directory, and wherein the second encryption access control list includes the second set of object content keys and identities of the second set of user devices, wherein the second set of user devices includes the first set of user devices.
- View Dependent Claims (6, 7, 8)
- - 6. The DS module of claim 5, wherein the processing system functions to:
    - dispersed storage error encode the encrypted file to produce a plurality of sets of encoded data slices;
      
      generate a plurality of sets of slice names for the plurality of sets of encoded data slices based on the source name of the file; and
      
      send, based on the plurality of sets of slice names, the plurality of sets of encoded data slices to storage units for storage therein.
  - 7. The DS module of claim 5, wherein the processing system functions to:
    - dispersed storage error encode the encrypted directory file to produce a set of encoded data slices;
      
      generate a sets of slice names for the set of encoded data slices based on the source name of the directory file; and
      
      send, based on the set of slice names, the set of encoded data slices to storage units for storage therein.
  - 8. The DS module of claim 5 wherein the processing system is further configured to:
    - encrypt the next level directory file using a third key to produce a second encrypted directory file;
      
      generate a third set of object content keys based on the third key and public keys of a third set of user devices authorized to access the next level directory file; and
      
      create a subsequent next level directory file entry in a subsequent next higher directory file of the secure hierarchical file directory system for the next level directory file, wherein the subsequent next level file directory entry includes a subsequent next level path name for the next level file directory, a third encryption access control list, and a third source name of the next level file directory, and wherein the third encryption access control list includes identities of the third set of user devices and the third set of object content keys, wherein the third set of user devices includes the second set of user devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Leggette, Wesley, Resch, Jason K.
Primary Examiner(s)
Kanaan, Simon P

Application Number

US15/794,865
Publication Number

US 20180046519A1
Time in Patent Office

390 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/1008   in individual solid state d...

G06F 11/1076   Parity data used in redunda...

G06F 11/1092   Rebuilding, e.g. when physi...

G06F 11/1451   by selection of backup cont...

G06F 11/2058   using more than 2 mirrored ...

G06F 11/2069   Management of state, config...

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 2211/1028   Distributed, i.e. distribut...

G06F 3/0619   in relation to data integri...

G06F 3/064   Management of blocks

G06F 3/067   Distributed or networked st...

G06F 9/5077   Logical partitioning of res...

G06F 9/5083   Techniques for rebalancing ...

H03M 13/09   Error detection only, e.g. ...

H03M 13/1515   Reed-Solomon codes

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 67/10 : in which an application is ...

H04L 67/1017 : based on a round robin mech...

H04L 67/1097 : for distributed storage of ...

View All

Dispersed storage network secure hierarchical file directory

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Dispersed storage network secure hierarchical file directory

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links