Method and apparatus for a transaction-based secure storage file system

US 7,320,076 B2
Filed: 03/05/2003
Issued: 01/15/2008
Est. Priority Date: 03/05/2003
Status: Active Grant

First Claim

Patent Images

1. A method for generating a secure storage file system, comprising:

encrypting data using a symmetric key to obtain encrypted data;

encrypting the symmetric key using a public key to obtain an encrypted symmetric key;

storing the encrypted data and the encrypted symmetric key as part of the secure storage file system if the public key is associated with a user who only has read permission;

generating an encrypted hashed data if the public key is associated with a user who has write permission; and

storing the encrypted data, the encrypted symmetric key, and the encrypted hashed data as part of the secure storage file system if the public key is associated with the user who has write permission.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for generating a secure storage file system, including encrypting data using a symmetric key to obtain encrypted data, encrypting the symmetric key using a public key to obtain an encrypted symmetric key, storing the encrypted data and the encrypted symmetric key if the public key is associated with a user who only has read permission, generating an encrypted hashed data if the public key is associated with a user who has write permission, and storing the encrypted data, the encrypted symmetric key, and the encrypted hash data if the public key is associated with the user who has write permission.

Citations

35 Claims

1. A method for generating a secure storage file system, comprising:
- encrypting data using a symmetric key to obtain encrypted data;
  
  encrypting the symmetric key using a public key to obtain an encrypted symmetric key;
  
  storing the encrypted data and the encrypted symmetric key as part of the secure storage file system if the public key is associated with a user who only has read permission;
  
  generating an encrypted hashed data if the public key is associated with a user who has write permission; and
  
  storing the encrypted data, the encrypted symmetric key, and the encrypted hashed data as part of the secure storage file system if the public key is associated with the user who has write permission.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - requesting the encrypted data, the encrypted symmetric key, the encrypted hashed data, and a transaction list associated with the encrypted data from a storage provider, wherein the storage provider stores the encrypted data using the secure storage file system;
      
      decrypting the encrypted symmetric key associated with the encrypted data using a private key associated with the public key to obtain the symmetric key;
      
      decrypting the encrypted data using the symmetric key to obtain a data view;
      
      verifying a transaction within the transaction list to determine if an author of the transaction had write permission at the time of the transaction, wherein verifying the transaction comprises determining whether the encrypted hashed data is correct; and
      
      updating the data view according to the transaction if the transaction is verified.
  - 3. The method of claim 1, wherein generating the encrypted hashed data comprises hashing the data to obtain hashed data and encrypting the hashed data using the public key to obtain the encrypted hashed data.
  - 4. The method of claim 1, wherein the data is selected from a group consisting of a file and a file-tree.
  - 5. The method of claim 1, wherein the write permission comprises at least one sub-division.
  - 6. The method of claim 5, wherein the sub-division is selected from a group consisting of insert, append, truncate, and delete.
  - 7. The method of claim 1, wherein the secure storage file system is implemented using a preloaded shared library.
  - 8. The method of claim 7, wherein the preloaded shared library translates read/write/file name accesses into different read/write/file name accesses.
  - 9. The method of claim 1, wherein the secure storage file system is implemented using a shared library that includes functionality to map read/write/file name accesses to a custom-implemented file system.

10. A computer system generating a secure storage file system, comprising:
- a processor;
  
  a memory;
  
  a storage device;
  
  a computer display; and
  
  software instructions stored in the memory for enabling the computer system under control of the processor, to perform;
  
  encrypting data using a symmetric key to obtain encrypted data;
  
  encrypting the symmetric key using a public key to obtain an encrypted symmetric key;
  
  storing the encrypted data and the encrypted symmetric key as part of the secure storage file system if the public key is associated with a user who only has read permission;
  
  generating an encrypted hashed data if the public key is associated with a user who has write permission; and
  
  storing the encrypted data, the encrypted symmetric key, and the encrypted hashed data as part of the secure storage file system if the public key is associated with the user who has write permission.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The computer system of claim 10, wherein generating the encrypted hashed data comprises hashing the data to obtain hashed data and encrypting the hashed data using the public key to obtain the encrypted hashed data.
  - 12. The computer system of claim 10, wherein the data is selected from a group consisting of a file and a file-tree.
  - 13. The computer system of claim 10, wherein the write permission comprises at least one sub-division.
  - 14. The computer system of claim 13, wherein the sub-division is selected from a group consisting of insert, append, truncate, and delete.
  - 15. The computer system of claim 10, wherein the secure storage file system is implemented using a preloaded shared library.
  - 16. The computer system of claim 15, wherein the preloaded shared library translates read/write/file name accesses into different read/write/file name accesses.
  - 17. The computer system of claim 10, wherein the secure storage file system is implemented using a shared library that includes functionality to map read/write/file name accesses to a custom-implemented file system.

18. A secure storage file system comprising:
- a storage provider storing encrypted data, wherein storing the encrypted data comprises;
  
  encrypting data using a symmetric key to obtain encrypted data;
  
  encrypting the symmetric key using a public key to obtain an encrypted symmetric key;
  
  storing the encrypted data and the encrypted symmetric key as part of the secure storage file system if the public key is associated with a user who only has read permission;
  
  generating an encrypted hashed data if the public key is associated with a user who has write permission; and
  
  storing the encrypted data, the encrypted symmetric key, and the encrypted hashed data as part of the secure storage file system if the public key is associated with the user who has write permission; and
  
  a client device, wherein the client device comprises a client kernel for encrypting and decrypting the encrypted data, and a client application using the encrypted data.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The system of claim 18, wherein using the encrypted data by the client application comprises:
    - requesting the encrypted data, the encrypted symmetric key, the encrypted hashed data, and a transaction list associated with the encrypted data from a storage provider, wherein the storage provider stores the encrypted data using the secure storage file system;
      
      decrypting the encrypted symmetric key associated with the encrypted data using a private key associated with the public key to obtain the symmetric key;
      
      decrypting the encrypted data using the symmetric key to obtain a data view;
      
      verifying a transaction within the transaction list to determine if an author of the transaction had write permission at the time of the transaction, wherein verifying the transaction comprises determining whether the encrypted hashed data is correct; and
      
      updating the data view according to the transaction if the transaction is verified.
  - 20. The system of claim 18, wherein generating the encrypted hashed data comprises hashing the data to obtain hashed data and encrypting the hashed data using the public key to obtain the encrypted hashed data.
  - 21. The system of claim 18, wherein the data selected from a group consisting of a file and a file-tree.
  - 22. The system of claim 18, wherein the write permission comprises at least one sub-division.
  - 23. The system of claim 22, wherein the sub-division is selected from a group consisting of append, truncate, and delete.
  - 24. The system of claim 18, wherein the secure storage file system is implemented using a preloaded shared library.
  - 25. The system of claim 24, wherein the preloaded shared library translates read/write/file name accesses into different read/write/file name accesses.
  - 26. The system of claim 18, wherein the secure storage file system is implemented using a shared library that includes functionality to map read/write/file name accesses to a custom-implemented file system.

27. A method for updating a data view in a secure storage file system, comprising:
- requesting an encrypted data, an encrypted symmetric key, an encrypted hashed data, and a transaction list associated with the encrypted data from a storage provider, wherein the storage provider stores the encrypted data using the secure storage file systemswherein the data is encrypted using the symmetric key, andwherein the symmetric key is encrypted using a public key;
  
  decrypting the encrypted symmetric key associated with the encrypted data using a private key associated with the public key to obtain the symmetric key;
  
  decrypting the encrypted data using the symmetric key to obtain a data view;
  
  verifying a transaction within the transaction list to determine if an author of the transaction had write permission at the time of the transaction, wherein verifying the transaction comprises determining whether the encrypted hashed data is correct; and
  
  updating the data view according to the transaction if the transaction is verified.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34)
- - 28. The method of claim 27, wherein the encrypted hashed data comprises hashed data encrypted using the public key.
  - 29. The method of claim 27, wherein the data is selected from a group consisting of a file and a file-tree.
  - 30. The method of claim 27, wherein the write permission comprises at least one sub-division.
  - 31. The method of claim 30, wherein the sub-division is selected from a group consisting of insert, append, truncate, and delete.
  - 32. The method of claim 27, wherein the secure storage file system is implemented using a preloaded shared library.
  - 33. The method of claim 32, wherein the preloaded shared library translates read/write/file name accesses into different read/write/file name accesses.
  - 34. The method of claim 27, wherein the secure storage file system is implemented using a shared library that includes functionality to map read/write/file name accesses to a custom-implemented file system.

35. An apparatus for generating a secure storage file system, comprising:
- means for encrypting data using a symmetric key to obtain encrypted data;
  
  means for encrypting the symmetric key using a public key to obtain an encrypted symmetric key;
  
  means for storing the encrypted data and the encrypted symmetric key as part of the secure storage file system if the public key is associated with a user who only has read permission;
  
  means for generating an encrypted hashed data if the public key is associated with a user who has write permission; and
  
  means for storing the encrypted data, the encrypted symmetric key, and the encrypted hash data as part of the secure storage file system if the public key is associated with the user who has write permission.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Caronni, Germano
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Homayounmehr; Farid

Application Number

US10/382,245
Publication Number

US 20040175000A1
Time in Patent Office

1,777 Days
Field of Search

713/193
US Class Current

713/193
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Method and apparatus for a transaction-based secure storage file system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for a transaction-based secure storage file system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links