Encrypted key cache
First Claim
Patent Images
1. A system comprising:
- means for obtaining an access control entry corresponding to a file to be accessed by the system, wherein the access control entry includes a symmetric key encrypted with a public key of a public/private key pair;
means for maintaining a plurality of mappings each of which maps an access control entry to a symmetric key;
means for comparing, communicatively coupled to the control module, for checking whether one of the plurality of mappings corresponds to the received access control entry; and
a cryptographic means, communicatively coupled to the control module, for;
using, if one of the plurality of mappings corresponds to the received access control entry, the symmetric key to which the received access control entry maps to decrypt the file, andusing, if one of the plurality of mappings does not correspond to the received access control entry, the private key of the public/private key pair to decrypt the symmetric key, and then use the decrypted symmetric key to decrypt the file.
1 Assignment
0 Petitions
Accused Products
Abstract
A file that has been encrypted using a symmetric key and that has a corresponding access control entry with the symmetric key encrypted using the public key of a public/private key pair can be accessed. An encrypted key cache is also accessed to determine whether an access control entry to symmetric key mapping exists in the cache for the access control entry corresponding to the file. If such a mapping exists in the cache, then the mapped-to symmetric key is obtained form the cache, otherwise the encrypted symmetric key is decrypted using the private key of the public/private key pair. The encrypted key cache itself can also be encrypted and stored as an encrypted file.
-
Citations
8 Claims
-
1. A system comprising:
-
means for obtaining an access control entry corresponding to a file to be accessed by the system, wherein the access control entry includes a symmetric key encrypted with a public key of a public/private key pair; means for maintaining a plurality of mappings each of which maps an access control entry to a symmetric key; means for comparing, communicatively coupled to the control module, for checking whether one of the plurality of mappings corresponds to the received access control entry; and a cryptographic means, communicatively coupled to the control module, for; using, if one of the plurality of mappings corresponds to the received access control entry, the symmetric key to which the received access control entry maps to decrypt the file, and using, if one of the plurality of mappings does not correspond to the received access control entry, the private key of the public/private key pair to decrypt the symmetric key, and then use the decrypted symmetric key to decrypt the file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification