Exclusive encryption
First Claim
Patent Images
1. A completely computer-implemented method comprising:
- receiving an encrypted identifier;
checking a part of the encrypted identifier to verify, without decrypting the encrypted identifier, that the encrypted identifier is an encryption of an identifier that conforms to a specified syntax, wherein verifying that the encrypted identifier is an encryption of the identifier that conforms to the specified syntax comprises;
checking whether a first block of the encrypted identifier is zero;
determining that the encrypted identifier conforms to the syntax when the first block is not equal to zero; and
determining that the encrypted identifier does not conform to the syntax when the first block is equal to zero;
accessing one or more other encrypted identifiers that are each an encryption of an associated other identifier;
verifying, without decrypting the encrypted identifier, that the encrypted identifier is not an encryption that matches any of the associated other identifiers of the one or more other encrypted identifiers; and
determining, in the event that the verifying indicates that the encrypted identifier is an encryption of an identifier that conforms to the specified syntax and the verifying indicates that the encrypted identifier is not an encryption that matches any of the associated other identifiers, that the encrypted identifier is an encryption of a valid identifier,wherein in the event the encrypted identifier is an encryption of a valid identifier, the encrypted identifier is processed, the processing comprising;
storing the encrypted identifier;
orforwarding the encrypted identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
An exclusive encryption system is established using multiple computing devices. The exclusive encryption system allows for the exclusion of certain plaintext (e.g., by one of the computing devices) and ciphertext (e.g., by another of the computing devices) while at the same time maintaining the privacy created by the encryption (e.g., so the other computing device cannot see the plaintext). The exclusive encryption system may be implemented as part of a serverless distributed file system with directory entries (e.g., file names or folder names) being the plaintext, or alternatively as part of other systems.
142 Citations
22 Claims
-
1. A completely computer-implemented method comprising:
-
receiving an encrypted identifier; checking a part of the encrypted identifier to verify, without decrypting the encrypted identifier, that the encrypted identifier is an encryption of an identifier that conforms to a specified syntax, wherein verifying that the encrypted identifier is an encryption of the identifier that conforms to the specified syntax comprises; checking whether a first block of the encrypted identifier is zero; determining that the encrypted identifier conforms to the syntax when the first block is not equal to zero; and determining that the encrypted identifier does not conform to the syntax when the first block is equal to zero; accessing one or more other encrypted identifiers that are each an encryption of an associated other identifier; verifying, without decrypting the encrypted identifier, that the encrypted identifier is not an encryption that matches any of the associated other identifiers of the one or more other encrypted identifiers; and determining, in the event that the verifying indicates that the encrypted identifier is an encryption of an identifier that conforms to the specified syntax and the verifying indicates that the encrypted identifier is not an encryption that matches any of the associated other identifiers, that the encrypted identifier is an encryption of a valid identifier, wherein in the event the encrypted identifier is an encryption of a valid identifier, the encrypted identifier is processed, the processing comprising; storing the encrypted identifier;
orforwarding the encrypted identifier. - View Dependent Claims (2, 3)
-
-
4. One or more computer storage media having stored thereon a plurality of instructions that, when executed by one or more processors, causes the one or more processors to perform a method, the method comprising:
-
receiving an encrypted identifier; checking a part of the encrypted identifier to verify, without decrypting the encrypted identifier, that the encrypted identifier is an encryption of an identifier that conforms to a specified syntax, wherein to verify that the encrypted identifier is an encryption of the identifier that conforms to the specified syntax comprises; checking whether a first block of the encrypted identifier is zero; determining that the encrypted identifier conforms to the syntax when the first block is not equal to zero; and determining that the encrypted identifier does not conform to the syntax when the first block is equal to zero; accessing one or more other encrypted identifiers that are each an encryption of an associated other identifier; and verifying, without decrypting the encrypted identifier, that the encrypted identifier is not an encryption that matches any of the associated other identifiers of the one or more other encrypted identifiers; processing the encrypted identifier based on the verifying, wherein the processing comprises; storing the encrypted identifier; forwarding the encrypted identifier;
ordetermining that the encrypted identifier is invalid. - View Dependent Claims (5, 6)
-
-
7. A system comprising:
-
a memory; a processor; means for receiving an encrypted identifier; means for checking a part of the encrypted identifier to verify, without decrypting the encrypted identifier, that the encrypted identifier is an encryption of an identifier that conforms to a specific syntax, wherein the means for verifying that the encrypted identifier is an encryption of the identifier that conforms to the specific syntax comprises; means for checking whether a first block of the encrypted identifier is zero; and means for determining that the encrypted identifier conforms to the syntax when the first block is not equal to zero, and determining that the encrypted identifier does not conform to the syntax when the first block is equal to zero; and means for verifying, without decrypting the encrypted identifier, that the encrypted identifier is not an encryption that matches any other identifier associated with one or more other encrypted identifiers; means for processing the encrypted identifier based on the verifying. - View Dependent Claims (8, 9)
-
-
10. A system comprising:
-
a processor; a memory; a plurality of encrypted identifiers; a syntax verifier to determine whether a newly received encrypted identifier is an encryption of a legal name without decrypting the newly received encrypted identifier, wherein the determination comprises; checking a part of the newly received encrypted identifier; checking whether a first block of the newly received encrypted identifier is zero; determining that the newly received encrypted identifier is an encryption of a legal name when the first block is not equal to zero; and determining that the newly received encrypted identifier is not an encryption of a legal name when the first block is equal to zero; and a duplication identifier to determine whether the newly received encrypted identifier is an encryption of the same name as any of the plurality of encrypted identifiers without decrypting either the newly received encrypted identifier or any of the plurality of encrypted identifiers, whereby the newly received encrypted identifier is processed based on the determination made by the syntax verifier and the determination made by the duplication identifier. - View Dependent Claims (11, 12)
-
-
13. A method implemented completely by an electronic computing device, the method comprising:
-
receiving a directory entry that is encrypted, wherein the electronic computing device does not have a key needed for decrypting the encrypted directory entry; checking a part of the encrypted directory entry to verify, without decrypting the encrypted directory entry, that the encrypted directory entry is an encryption of a name that is a syntactically legal name, wherein verifying that the encrypted directory entry is an encryption of a syntactically legal name comprises; checking whether a first block of the directory entry is zero; determining that the name is syntactically legal if the first block is not equal to zero; and determining that the name is not syntactically legal if the first block is equal to zero; accessing one or more other encrypted directory entries that are each an encryption of an associated other name; verifying, without decrypting the encrypted directory entry, that the encrypted directory entry is not an encryption that matches any of the associated other names of any of the other encrypted directory entries maintained by the electronic computing device; and processing the encrypted directory entry based on the verifying, wherein the electronic computing device comprises a memory and a processor. - View Dependent Claims (14, 15)
-
-
16. One or more computer storage media having stored thereon a plurality of instructions that, when executed by one or more processors of a computing device, causes the one or more processors to:
-
receive a directory entry that is encrypted, wherein the computing device does not have a key needed for decrypting the directory entry; check a part of the encrypted directory entry to verify that the directory entry is an encryption of a name that is a syntactically legal name, wherein to verify that the directory entry is an encryption of a syntactically legal name is to; check whether a first block of the directory entry is zero; determine that the name is syntactically legal if the first block is not equal to zero; and determine that the name is not syntactically legal if the first block is equal to zero; verify that the directory entry is not an encryption of a same name as any other directory entry maintained by the computing device; and process the directory entry based on the verifying. - View Dependent Claims (17, 18, 19)
-
-
20. A system comprising:
-
a processor; a memory; a plurality of encrypted directory entries; a syntax verifier to determine whether a new encrypted directory entry is an encryption of a legal name without decrypting the new encrypted directory entry, wherein the determination comprises; checking a part of the new encrypted directory entry; checking whether a first block of the new encrypted directory entry is zero; determining that the new encrypted directory entry is an encryption of a legal name when the first block is not equal to zero; and determining that the new encrypted directory entry is not an encryption of a legal name when the first block is equal to zero; and a duplication identifier to determine whether the new encrypted directory entry is an encryption of the same name as any of the plurality of encrypted directory entries without decrypting either the new encrypted directory entry or any of the plurality of encrypted directory entries, whereby the new encrypted directory entry is processed based on the determination made by the syntax verifier and the determination made by the duplication identifier. - View Dependent Claims (21, 22)
-
Specification