Encrypted key cache
First Claim
1. One or more computer-readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computer, causes the one or more processors to perform the following acts:
- receive a request, corresponding to a user, to access a file;
obtain an access control entry that corresponds to both the user and the file, wherein the access control entry includes an encrypted symmetric key that was used to encrypt the file;
check whether a mapping of the access control entry to the symmetric key exists in an encrypted key cache; and
if the mapping exists, then use the mapped symmetric key from the encrypted key cache to decrypt the file, otherwise decrypt the encrypted symmetric key and use the decrypted symmetric key to decrypt the file.
1 Assignment
0 Petitions
Accused Products
Abstract
A file that has been encrypted using a symmetric key and that has a corresponding access control entry with the symmetric key encrypted using the public key of a public/private key pair can be accessed. An encrypted key cache is also accessed to determine whether an access control entry to symmetric key mapping exists in the cache for the access control entry corresponding to the file. If such a mapping exists in the cache, then the mapped-to symmetric key is obtained form the cache, otherwise the encrypted symmetric key is decrypted using the private key of the public/private key pair. The encrypted key cache itself can also be encrypted and stored as an encrypted file.
-
Citations
18 Claims
-
1. One or more computer-readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computer, causes the one or more processors to perform the following acts:
-
receive a request, corresponding to a user, to access a file;
obtain an access control entry that corresponds to both the user and the file, wherein the access control entry includes an encrypted symmetric key that was used to encrypt the file;
check whether a mapping of the access control entry to the symmetric key exists in an encrypted key cache; and
if the mapping exists, then use the mapped symmetric key from the encrypted key cache to decrypt the file, otherwise decrypt the encrypted symmetric key and use the decrypted symmetric key to decrypt the file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method comprising:
-
accessing an encrypted key cache, corresponding to a user, in encrypted form;
decrypting the encrypted key cache using a private key corresponding to the user; and
using the encrypted key cache to identify, based on access control entries corresponding to other files, symmetric keys used to encrypt the other files. - View Dependent Claims (15, 16, 17)
-
-
18. A method comprising:
-
accessing a key cache that maintains a plurality of access control entry to symmetric key mappings corresponding to a plurality of files accessible to a user in a distributed file system, wherein each of the plurality of mappings identifies a symmetric key that can be used to decrypt a file corresponding to the mapping;
generating an encrypted file that includes the key cache and that is encrypted using a symmetric key;
encrypting the symmetric key using a public key corresponding to the user;
storing the encrypted symmetric key in an access control entry corresponding to the encrypted file; and
storing both the encrypted file and the access control entry corresponding to the encrypted file in the distributed file system.
-
Specification