On-disk file format for serverless distributed file system with signed manifest of file modifications
First Claim
1. In a distributed file system that stores encrypted files across multiple computers, a method comprising:
- modifying one or more of the encrypted files;
computing a hash value of each modified encrypted file, one or more of the modified encrypted files comprising file data and a metadata stream that comprises a header and an indexing structure, the indexing structure comprising one or more hashes of the file and a structure to access the one or more hashes of the file;
collecting the hash values into a group;
computing a hash value of the group; and
digitally signing the hash value of the group of hash values.
2 Assignments
0 Petitions
Accused Products
Abstract
In a serverless distributed file system, the writer of a file can provide file authentication information to a verifying machine without having to compute a new digital signature every time a written file is closed. Periodically, the writer compiles a list of the hash values of all files that have been written over a recent interval, computes a hash of the list, and signs the hash. This signed list of hash values is known as a manifest, akin to a shipping manifest that enumerates the items in a shipment. The advantage of using a signed manifest is that the writer need only perform a single signature computation in order to authenticate the writes to multiple files, rather than having to compute a separate signature for each file, as it would if a signature were embedded in each file.
-
Citations
7 Claims
-
1. In a distributed file system that stores encrypted files across multiple computers, a method comprising:
-
modifying one or more of the encrypted files; computing a hash value of each modified encrypted file, one or more of the modified encrypted files comprising file data and a metadata stream that comprises a header and an indexing structure, the indexing structure comprising one or more hashes of the file and a structure to access the one or more hashes of the file; collecting the hash values into a group; computing a hash value of the group; and digitally signing the hash value of the group of hash values. - View Dependent Claims (2, 3, 4)
-
-
5. One or more computer readable storage media comprising computer-executable instructions that, when executed, direct a computing device to:
-
modify individual files stored in a serverless distributed file system; divide one or more of the files into a plurality of data blocks; compute a hash value of each of the data blocks, one or more of the modified files comprising file data that includes the data blocks and a metadata stream that comprises a header and an indexing structure, the indexing structure comprising one or more hashes of the data blocks and a structure to access the one or more hashes of the data blocks; collect the hash values into a group; and digitally signing the group of hash values. - View Dependent Claims (6, 7)
-
Specification
-
- Resources
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsBolosky, William J., Douceur, John R., Adya, Atul
-
Primary Examiner(s)Vu; Kim
-
Assistant Examiner(s)GYORFI, THOMAS A
-
Application NumberUS09/814,337Publication NumberTime in Patent Office2,855 DaysField of Search713/181, 713/189, 713/176, 707/200, 707/203, 717169-170US Class Current713/181CPC Class CodesG06F 21/64 Protecting data integrity, ...G06F 2221/2101 Auditing as a secondary aspectH04L 2209/20 Manipulating the length of ...H04L 2209/60 Digital content management,...H04L 2209/80 WirelessH04L 9/3236 using cryptographic hash fu...H04L 9/3247 involving digital signatures
