System for optimized key management with file groups
First Claim
1. A method of implementing a file system, comprising:
- creating a plurality of file encryption groups from a plurality of files based on common attributes of said plurality of files;
associating each file encryption group of said plurality of file encryption groups with a respective key; and
accessing one file encryption group by utilizing one respective key.
2 Assignments
0 Petitions
Accused Products
Abstract
A group manager module may provide the capability to segregate or associate files into file encryption groups. A file may be placed into a file encryption group based on the attributes of the file. The attributes may be characteristics/parameters that describe who has access to a file such as UNIX permission/mode bits (group-read/write/executable bit, owner-read/write/executable bits, users-read/write/executable bits) or other system for access control lists (ACLs). Once associated with a file encryption group, the file may be encrypted with the encryption (or write) key of the selected file encryption group, and thus, decrypted with the decryption (or read) key of the file encryption group. A user may have membership into multiple file encryption groups as long as the user possesses the appropriate read/write key pairs. Membership of a file in a file encryption group is determined automatically by the system based on the permission attributes assigned by the system—groups are not explicitly created by administrators or other centralized authority. It is not users that belong to groups based on their access rights, but files which belong to groups based on their permission attributes.
125 Citations
21 Claims
-
1. A method of implementing a file system, comprising:
-
creating a plurality of file encryption groups from a plurality of files based on common attributes of said plurality of files;
associating each file encryption group of said plurality of file encryption groups with a respective key; and
accessing one file encryption group by utilizing one respective key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 13, 14, 15)
-
-
11. A system for implementing a file system, comprising:
-
at least one processor;
a memory coupled to said at least one processor; and
a group manager module residing in said memory and executed by said at least one processor, wherein said group manager module is configured to create a plurality of file encryption groups from a plurality of files based on common attributes of said plurality of files, is also configured to associate each file encryption group of said plurality of file encryption groups with a respective key, and is further configured to access one file encryption group by utilizing one respective key. - View Dependent Claims (12, 16, 17)
-
-
18. An apparatus for implementing a file system, comprising:
-
an interface configured to communicate with a storage device;
an encryption/decryption module; and
a manager module configured to associate a subplurality of files of a plurality of files stored on said storage device into a file group based on common attributes of said subplurality of files and encrypting said subplurality of files with one encryption key of said plurality of encryption keys by utilizing said encryption/decryption module. - View Dependent Claims (19, 20, 21)
-
Specification