System for ensuring data privacy and user differentiation in a distributed file system
First Claim
Patent Images
1. A method for protecting files on a storage system, comprising:
- assigning at least one read key to a file in response to a creation of said file;
assigning at least one write key to said file;
encrypting said file with said at least one write key; and
restricting access to said encrypted file by distributing said at least one read key to a first plurality of users for read-only access to said encrypted file and distributing said at least one write key to a second plurality of users for read and write access to said encrypted file.
4 Assignments
0 Petitions
Accused Products
Abstract
A security module is configured to provide an owner the capability to differentiate between users. In particular, the security module is configured to generate an asymmetric read/write key pair for respectively decrypting/encrypting data for storage on a disk. The owner of the file may distribute the read key of the asymmetric key pair to a group of users that the owner has assigned read-permission for the encrypted data.
155 Citations
27 Claims
-
1. A method for protecting files on a storage system, comprising:
-
assigning at least one read key to a file in response to a creation of said file; assigning at least one write key to said file; encrypting said file with said at least one write key; and restricting access to said encrypted file by distributing said at least one read key to a first plurality of users for read-only access to said encrypted file and distributing said at least one write key to a second plurality of users for read and write access to said encrypted file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for ensuring data privacy, comprising:
-
dividing a file into a plurality of fragments; generating a set of read-write keys, a write key for read and write access and a read key for read-only access, for each fragment of said plurality of fragments; encrypting each fragment of plurality of fragments with a respective write key of said set of read-write keys; and restricting access to said plurality of file fragments by distributing a plurality of read keys from said plurality of read-write keys to a first plurality of users for read-only access for each fragment of said plurality of fragments and distributing a plurality of said write keys of said plurality of read-write keys to a second plurality of users for read and write access for each fragment of said plurality of fragments. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method of increasing security and efficiency in a distributed file system, said method comprising:
-
specifying a fragment size; fragmenting a file according to said fragment size into at least one fragment in response to a creation of a file; encrypting said at least one fragment with a write key, for read and write access of said file, of an asymmetric read/write key pair; encrypting a read key, for read-only access of said file, of said asymmetric read/write key pair with a long-term key; distributing the read key to a first plurality of users for read-only access to said encrypted at least one fragment; distributing the write key to a second plurality of users for read and write access to said encrypted at least one fragment; and storing said encrypted at least one fragment and said encrypted read key. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A system for ensuring data privacy, comprising:
-
a file system; a user station; and a security module configured to be executable in said user station, wherein said security module is configured to assign a read key to a file in response to a creation of said file, is also configured to assign a write key, the read key for read-only access and the write key for read and write access comprising an asymmetric read-write key pair, to said file, is further configured to encrypt said file with said write key, and is yet further configured to restricting access to said encrypted file by distributing said read key to a first plurality of users and distributing said write key to a second plurality of users. - View Dependent Claims (24, 25, 26, 27)
-
Specification