Automatic file encryption
First Claim
Patent Images
1. A method of rotating a client key of a client computing device, the method comprising:
- by a client computing device comprising one or more hardware processors and a storage;
detecting a key rotation trigger associated with updating a first asymmetric key pair for the client computing device, wherein a public key of the first asymmetric key pair was used to encrypt a data encryption key that was used to encrypt a file;
decrypting a first encrypted copy of the data encryption key using a private key of the first asymmetric key pair to obtain a decrypted data encryption key;
discarding the private key of the first asymmetric key pair;
obtaining a second asymmetric key pair that differs from the first asymmetric key pair;
associating the second asymmetric key pair with the client computing device;
encrypting the decrypted data encryption key using a public key of the second asymmetric key pair to obtain a second encrypted copy of the data encryption key that differs from the first encrypted copy of the data encryption key;
discarding the decrypted data encryption key; and
storing the second encrypted copy of the data encryption key.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.
-
Citations
20 Claims
-
1. A method of rotating a client key of a client computing device, the method comprising:
by a client computing device comprising one or more hardware processors and a storage; detecting a key rotation trigger associated with updating a first asymmetric key pair for the client computing device, wherein a public key of the first asymmetric key pair was used to encrypt a data encryption key that was used to encrypt a file; decrypting a first encrypted copy of the data encryption key using a private key of the first asymmetric key pair to obtain a decrypted data encryption key; discarding the private key of the first asymmetric key pair; obtaining a second asymmetric key pair that differs from the first asymmetric key pair; associating the second asymmetric key pair with the client computing device; encrypting the decrypted data encryption key using a public key of the second asymmetric key pair to obtain a second encrypted copy of the data encryption key that differs from the first encrypted copy of the data encryption key; discarding the decrypted data encryption key; and storing the second encrypted copy of the data encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
13. A system for rotating a client key of a computing device, the system comprising:
-
a primary storage device configured to store a set of files; and a computing device comprising one or more hardware processors, the one or more hardware processors configured to; detect a key rotation trigger associated with updating a first asymmetric key pair for the client computing device, wherein a public key of the first asymmetric key pair was used to encrypt a data encryption key that was used to encrypt a file stored on the primary storage device; decrypt a first encrypted copy of the data encryption key using a private key of the first asymmetric key pair to obtain a decrypted data encryption key; discard the private key of the first asymmetric key pair; obtain a second asymmetric key pair that differs from the first asymmetric key pair; associate the second asymmetric key pair with the client computing device; encrypt the decrypted data encryption key using a public key of the second asymmetric key pair to obtain a second encrypted copy of the data encryption key that differs from the first encrypted copy of the data encryption key; discard the decrypted data encryption key; and store the second encrypted copy of the data encryption key. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCommVault Systems Incorporated
-
Original AssigneeCommVault Systems Incorporated
-
InventorsErofeev, Andrei, Pawar, Rahul S.
-
Primary Examiner(s)Zaidi, Syed A
-
Application NumberUS15/670,848Publication NumberTime in Patent Office799 DaysField of Search713165US Class CurrentCPC Class CodesG06F 11/1402 Saving, restoring, recoveri...G06F 11/1458 Management of the backup or...G06F 21/60 Protecting dataG06F 21/602 Providing cryptographic fac...G06F 21/62 Protecting access to data v...G06F 21/6209 to a single file or object,...G06F 21/6218 to a system of files or obj...G06F 21/70 Protecting specific interna...G06F 21/78 to assure secure storage of...G06F 2201/84 Using snapshots, i.e. a log...G06F 2221/2107 File encryptionH04L 9/0822 using key encryption keyH04L 9/0825 using asymmetric-key encryp...H04L 9/088 Usage controlling of secret...H04L 9/0891 Revocation or update of sec...H04L 9/0897 involving additional device...H04L 9/14 using a plurality of keys o...
