Method, system, and program for encrypting files in a computer system
First Claim
1. A method for encrypting data in a computer in communication with a volatile memory and non-volatile storage device, comprising:
- encrypting pages in the volatile memory to move to a swap file in the non-volatile storage device as part of a virtual addressing system;
moving the encrypted pages from the volatile memory to the swap file;
decrypting pages in the swap file to move back into the volatile memory; and
moving the decrypted pages in the swap file back into the volatile memory.
2 Assignments
0 Petitions
Accused Products
Abstract
Provided is a method, system, and program for encrypting files in a computer in communication with a volatile memory and non-volatile storage device. An encryption code is generated to encrypt a file and a decryption code is generated to decrypt one file encrypted with the encryption code. The decryption code is loaded into the volatile memory, wherein the decryption code is erased from the volatile memory when the computer reboots. Files written to the non-volatile storage device are encrypted using the encryption code and the decryption code in the non-volatile memory is used to decrypt files encrypted with the encryption code to transfer from the non-volatile storage device to the volatile memory.
-
Citations
48 Claims
-
1. A method for encrypting data in a computer in communication with a volatile memory and non-volatile storage device, comprising:
-
encrypting pages in the volatile memory to move to a swap file in the non-volatile storage device as part of a virtual addressing system;
moving the encrypted pages from the volatile memory to the swap file;
decrypting pages in the swap file to move back into the volatile memory; and
moving the decrypted pages in the swap file back into the volatile memory. - View Dependent Claims (2, 3, 4, 5, 12)
-
-
6. A method for encrypting files in a computer file system in communication with a volatile memory and a non-volatile storage device, wherein files in the file system are associated with groups, comprising:
-
providing, for each group, a group identifier, a list of user identifiers of users allowed to access files in the group, and a first encryption code;
receiving a second encryption code for one user identifier;
receiving an input/output (I/O) request from a requesting user identifier with respect to a target file, wherein one second encryption code has been received for the user identifier;
determining the group associated with the target file and the first encryption code for the group;
if the I/O request is a write operation, then using the determined first encryption code to encrypt the target file to write the target file to the non-volatile storage device; and
if the I/O request is a read operation to read the target file from the non-volatile storage device, then performing;
(i) determining whether the requesting user identifier is in the list for the determined group; and
(ii) if the requesting user identifier is in the list, then using the second encryption code for the user identifier to decrypt the target file. - View Dependent Claims (7, 8, 9, 10, 11, 14, 15, 16, 18, 19, 20, 21)
-
-
13. A method for encrypting files in a computer in communication with a volatile memory and non-volatile storage device, comprising:
-
generating an encryption code to encrypt a file and a decryption code to decrypt one file encrypted with the encryption code;
loading the decryption code into the volatile memory, wherein the decryption code is erased from the volatile memory when the computer reboots;
encrypting files with the encryption code to transfer from the volatile memory to the non-volatile storage device; and
decrypting files with the decryption code maintained in the volatile memory to transfer from the non-volatile storage device to the volatile memory.
-
-
17. A system for encrypting data, comprising:
-
a volatile memory;
a non-volatile storage device, wherein data is capable of being transferred between the volatile memory and non-volatile storage device;
means for encrypting pages in the volatile memory to move to a swap file in the nonvolatile storage device as part of a virtual addressing system;
means for moving the encrypted pages from the volatile memory to the swap file;
means for decrypting pages in the swap file to move back into the volatile memory; and
means for moving the decrypted pages in the swap file back into the volatile memory.
-
-
22. A system for encrypting files, comprising:
-
a non-volatile storage device, wherein the non-volatile storage device includes a computer file system, wherein files in the file system are associated with groups;
means for providing, for each group, a group identifier, a list of user identifiers of users allowed to access files in the group, and a first encryption code;
means for receiving a second encryption code for one user identifier;
means for receiving an input/output (I/O) request from a requesting user identifier with respect to a target file, wherein one second encryption code has been received for the user identifier;
means for determining the group associated with the target file and the first encryption code for the group;
means for using the determined first encryption code to encrypt the target file to write the target file to the non-volatile storage device if the I/0 request is a write operation; and
means for performing if the I/O request is a read operation to read the target file from the non-volatile storage device;
(i) determining whether the requesting user identifier is in the list for the determined group; and
(ii) if the requesting user identifier is in the list, then using the second encryption code for the user identifier to decrypt the target file. - View Dependent Claims (23, 24, 25, 26, 27, 28, 30, 31, 32)
-
-
29. A system for encrypting files, comprising:
-
a volatile memory;
a non-volatile storage device, wherein data is capable of being transferred between the volatile memory and non-volatile storage device;
means for generating an encryption code to encrypt a file and a decryption code to decrypt one file encrypted with the encryption code;
means for loading the decryption code into the volatile memory, wherein the decryption code is erased from the volatile memory when the computer reboots;
means for encrypting files with the encryption code to transfer from the volatile memory to the non-volatile storage device; and
means for decrypting files with the decryption code maintained in the volatile memory to transfer from the non-volatile storage device to the volatile memory.
-
-
33. An article of manufacture including program logic for encrypting data in a computer in communication with a volatile memory and non-volatile storage device, by:
-
encrypting pages in the volatile memory to move to a swap file in the non-volatile storage device as part of a virtual addressing system;
moving the encrypted pages from the volatile memory to the swap file;
decrypting pages in the swap file to move back into the volatile memory; and
moving the decrypted pages in the swap file back into the volatile memory. - View Dependent Claims (34, 35, 36, 37, 39, 40, 41, 42, 43, 44, 46, 47, 48)
-
-
38. An article of manufacture including program logic for encrypting files in a computer file system in communication with a volatile memory and a non-volatile storage device, wherein files in the file system are associated with groups by:
-
providing, for each group, a group identifier, a list of user identifiers of users allowed to access files in the group, and a first encryption code;
receiving a second encryption code for one user identifier, receiving an input/output (I/O) request from a requesting user identifier with respect to a target file, wherein one second encryption code has been received for the user identifier;
determining the group associated with the target file and the first encryption code for the group;
if the I/O request is a write operation, then using the determined first encryption code to encrypt the target file to write the target file to the non-volatile storage device; and
if the I/O request is a read operation to read the target file from the non-volatile storage device, then performing;
(i) determining whether the requesting user identifier is in the list for the determined group; and
(ii) if the requesting user identifier is in the list, then using the second encryption code for the user identifier to decrypt the target file.
-
-
45. An article of manufacture including program logic for encrypting files in a computer in communication with a volatile memory and non-volatile storage device by:
- generating an encryption code to encrypt a file and a decryption code to decrypt one file encrypted with the encryption code;
loading the decryption code into the volatile memory, wherein the decryption code is erased from the volatile memory when the computer reboots;
encrypting files with the encryption code to transfer from the volatile memory to the non-volatile storage device; and
decrypting files with the decryption code maintained in the volatile memory to transfer from the non-volatile storage device to the volatile memory.
- generating an encryption code to encrypt a file and a decryption code to decrypt one file encrypted with the encryption code;
Specification