Automatic file encryption
First Claim
1. A method of rotating a client key of a client computing device, the method comprising:
- by a client computing device comprising one or more hardware processors and a storage;
detecting a key rotation trigger associated with updating a first asymmetric key pair for the client computing device, wherein a public key of the first asymmetric key pair was used to encrypt a data encryption key that was used to encrypt a file;
decrypting a first encrypted copy of the data encryption key using a private key of the first asymmetric key pair to obtain a decrypted data encryption key;
discarding the private key of the first asymmetric key pair;
obtaining a second asymmetric key pair that differs from the first asymmetric key pair;
associating the second asymmetric key pair with the client computing device;
encrypting the decrypted data encryption key using a public key of the second asymmetric key pair to obtain a second encrypted copy of the data encryption key that differs from the first encrypted copy of the data encryption key;
discarding the decrypted data encryption key; and
storing the second encrypted copy of the data encryption key.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.
-
Citations
20 Claims
-
1. A method of rotating a client key of a client computing device, the method comprising:
by a client computing device comprising one or more hardware processors and a storage; detecting a key rotation trigger associated with updating a first asymmetric key pair for the client computing device, wherein a public key of the first asymmetric key pair was used to encrypt a data encryption key that was used to encrypt a file; decrypting a first encrypted copy of the data encryption key using a private key of the first asymmetric key pair to obtain a decrypted data encryption key; discarding the private key of the first asymmetric key pair; obtaining a second asymmetric key pair that differs from the first asymmetric key pair; associating the second asymmetric key pair with the client computing device; encrypting the decrypted data encryption key using a public key of the second asymmetric key pair to obtain a second encrypted copy of the data encryption key that differs from the first encrypted copy of the data encryption key; discarding the decrypted data encryption key; and storing the second encrypted copy of the data encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
13. A system for rotating a client key of a computing device, the system comprising:
-
a primary storage device configured to store a set of files; and a computing device comprising one or more hardware processors, the one or more hardware processors configured to; detect a key rotation trigger associated with updating a first asymmetric key pair for the client computing device, wherein a public key of the first asymmetric key pair was used to encrypt a data encryption key that was used to encrypt a file stored on the primary storage device; decrypt a first encrypted copy of the data encryption key using a private key of the first asymmetric key pair to obtain a decrypted data encryption key; discard the private key of the first asymmetric key pair; obtain a second asymmetric key pair that differs from the first asymmetric key pair; associate the second asymmetric key pair with the client computing device; encrypt the decrypted data encryption key using a public key of the second asymmetric key pair to obtain a second encrypted copy of the data encryption key that differs from the first encrypted copy of the data encryption key; discard the decrypted data encryption key; and store the second encrypted copy of the data encryption key. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification