On-disk file format for a serverless distributed file system

US 7,415,608 B2
Filed: 12/16/2004
Issued: 08/19/2008
Est. Priority Date: 03/21/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

creating a primary data stream containing an encrypted file that is encrypted using at least one hash of some contents of the file as an encryption key; and

creating a metadata stream containing information pertaining to the encrypted file, the information including an indexing structure to index portions of the encrypted file, the indexing structure comprises a plurality of leaf nodes for corresponding portions of the file and a root having a single hash value of an array of the leaf nodes, wherein a leaf node contains an access value used to decrypt the corresponding encrypted portion and a verification value used to verify the corresponding encrypted portion.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A file format for a serverless distributed file system is composed of two parts: a primary data stream and a metadata stream. The data stream contains a file that is divided into multiple blocks. Each block is encrypted using a hash of the block as the encryption key. The metadata stream contains a header, a structure for indexing the encrypted blocks in the primary data stream, and some user information. The indexing structure defines leaf nodes for each of the blocks. Each leaf node consists of an access value used for decryption of the associated block and a verification value used to verify the encrypted block independently of other blocks. In one implementation, the access value is formed by hashing the file block and encrypting the resultant hash value using a randomly generated key. The key is then encrypted using the user'"'"'s key as the encryption key. The verification value is formed by hashing the associated encrypted block using a one-way hash function. The file format supports verification of individual file blocks without knowledge of the randomly generated key or any user keys. To verify a block of the file, the file system traverses the tree to the appropriate leaf node associated with a target block to be verified. The file system hashes the target block and if the hash matches the access value contained in the leaf node, the block is authentic.

198 Citations

10 Claims

1. A method comprising:
- creating a primary data stream containing an encrypted file that is encrypted using at least one hash of some contents of the file as an encryption key; and
  
  creating a metadata stream containing information pertaining to the encrypted file, the information including an indexing structure to index portions of the encrypted file, the indexing structure comprises a plurality of leaf nodes for corresponding portions of the file and a root having a single hash value of an array of the leaf nodes, wherein a leaf node contains an access value used to decrypt the corresponding encrypted portion and a verification value used to verify the corresponding encrypted portion.

2. A distributed file system comprising:
- means for creating a primary data stream containing an encrypted file that is encrypted using at least one hash of some contents of the file as an encryption key; and
  
  means for creating a metadata stream containing information pertaining to the encrypted file, including means for constructing leaf nodes for corresponding blocks of the encrypted file, a leaf node containing an access value used to decrypt the corresponding block and a verification value used to verify the corresponding block.
- View Dependent Claims (3, 4, 5)
- - 3. A distributed file system as recited in claim 2, wherein each block is hashed and encrypted using a hash value of the block as an encryption key.
  - 4. A distributed file system as recited in claim 2,wherein the means for creating the metadata stream further comprises means for hashing an array of the leaf nodes to produce a single hash value for a root.
  - 5. A distributed file system as recited in claim 2, wherein the means for creating the metadata stream further comprises:
    - means for grouping leaf nodes into multiple groups;
      
      means for hashing each group of leaf nodes to form intermediate nodes; and
      
      means for hashing an array of the intermediate nodes to produce a root.

6. One or more computer readable media, having computer-executable instructions that, when executed by a computer, perform a method, the method comprising:
- creating a primary data stream containing an encrypted file composed of multiple encrypted blocks, each block being separately encrypted by a symmetric cipher that uses a hash of the block as an encryption key; and
  
  creating a metadata stream containing information pertaining to the encrypted file, the information comprising an indexing structure to index individual encrypted blocks, the indexing structure including leaf nodes for corresponding blocks, the leaf node containing an access value used to decrypt the corresponding encrypted block and a verification value used to verify the corresponding encrypted block.
- View Dependent Claims (7, 8, 9, 10)
- - 7. One or more computer readable media as recited in claim 6, wherein the indexing structure, created by the creating of the metadata stream, further comprises a root containing a single hash value of an array of the leaf nodes.
  - 8. One or more computer readable media as recited in claim 6, wherein the indexing structure, created by the creating of the metadata stream, further comprises intermediate nodes, an intermediate node contains a single hash value of an array, of the leaf nodes.
  - 9. One or more computer readable media as recited in claim 6, wherein the metadata stream further comprises a header with one or more fields that describe the encrypted file.
  - 10. One or more computer readable media as recited in claim 8, wherein the indexing structure, created by the creating of the metadata stream, further comprises a root containing a single hash value of an array of the intermediate nodes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Bolosky, William J., Douceur, John R., Adya, Atul, Cermak, Gerald
Primary Examiner(s)
Smithers; Matthew B

Application Number

US11/014,262
Publication Number

US 20050097313A1
Time in Patent Office

1,342 Days
Field of Search

713/165
US Class Current

713/165
CPC Class Codes

G06F 16/137   Hash-based content-based in...

H04L 2209/20   Manipulating the length of ...

H04L 2209/60   Digital content management,...

H04L 9/0656   Pseudorandom key sequence c...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3249   using RSA or related signat...

H04L 9/50   using hash chains, e.g. blo...

On-disk file format for a serverless distributed file system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

198 Citations

10 Claims

Specification

Use Cases

Quick Links

Others

On-disk file format for a serverless distributed file system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

198 Citations

10 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others