System and method to make file handles opaque to clients

US 7,603,553 B1
Filed: 04/25/2003
Issued: 10/13/2009
Est. Priority Date: 04/25/2003
Status: Active Grant

First Claim

Patent Images

1. A method for making file handles opaque to devices connected to the network, the method comprising:

maintaining a hash table, the hash table including one or more hash key entries, one or more encrypted file handle entries, and one or more decrypted file handle entries;

generating a file handle associated with a specific file;

encrypting the file handle by a file server to create an encrypted file handle, thereby preventing access to the file handle;

returning the encrypted file handle to a device that requested access to the specific file;

transmitting to the file server, by the device, the encrypted file handle and a file operation;

generating a hash key from the encrypted file handle to locate a hash key entry in the hash table;

in response to determining that the hash key entry exists, comparing the encrypted file handle to the one or more encrypted file handle entries associated with the hash key entry to find a matching encrypted file handle entry, the matching encrypted file handle entry having a corresponding decrypted file handle entry in the hash table; and

processing, by the file server, the file operation upon the specific file obtained from the corresponding decrypted file handle entry.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method to make file handles opaque to other network devices is provided. The system and method encrypts a file handle after it is generated and returns the encrypted file handle to a requesting client. The system and method may also generate a hash table storing hash key, a copy of the encrypted file handle and a copy of the unencrypted file handle. Upon a later receipt of an encrypted file handle, the system and method may hash the encrypted file handle to identify an appropriate hash table entry and it'"'"'s associated unencrypted hash key. Alternately, the system may decrypt every received encrypted file handle and not utilize a hash table.

Citations

29 Claims

1. A method for making file handles opaque to devices connected to the network, the method comprising:
- maintaining a hash table, the hash table including one or more hash key entries, one or more encrypted file handle entries, and one or more decrypted file handle entries;
  
  generating a file handle associated with a specific file;
  
  encrypting the file handle by a file server to create an encrypted file handle, thereby preventing access to the file handle;
  
  returning the encrypted file handle to a device that requested access to the specific file;
  
  transmitting to the file server, by the device, the encrypted file handle and a file operation;
  
  generating a hash key from the encrypted file handle to locate a hash key entry in the hash table;
  
  in response to determining that the hash key entry exists, comparing the encrypted file handle to the one or more encrypted file handle entries associated with the hash key entry to find a matching encrypted file handle entry, the matching encrypted file handle entry having a corresponding decrypted file handle entry in the hash table; and
  
  processing, by the file server, the file operation upon the specific file obtained from the corresponding decrypted file handle entry.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the step of encrypting the file handle further comprises encrypting the file handle using a private key encryption algorithm.
  - 3. The method of claim 1 wherein the step of encrypting the file handle further comprises encrypting the file handle using a public key encryption algorithm.
  - 4. The method of claim 1 further comprising creating a new entry, in the hash table, associated with the encrypted file handle in response to determining that no hash key entry associated with the encrypted file handle exists in the hash table.
  - 5. The method of claim 4 wherein the step of creating further comprises:
    - selecting a new hash key and inserting the new hash key into the new entry; and
      
      placing an unencrypted file handle in the hash table as a decrypted file handle entry, whereby the new hash key, encrypted file handle and the unencrypted file handle are associated as a single entry in the hash table.
  - 6. The method of claim 5 wherein the hash key further comprises a subset of the encrypted file handle.
  - 7. The method of claim 1, further comprising:
    - using a 32-byte value as the file handle that uniquely identifies the specific file.
  - 8. The method of claim 1, further comprising:
    - including an export point and an inode number of the specific file associated with the file handle in the file handle.

9. A fie server for use with one or more clients in a network environment, the file server comprising:
- means for generating a file handle of a file;
  
  means for encrypting the file handle by the file server to create an encrypted file handle, thereby preventing access to the file handle;
  
  means for creating a new entry in a hash table associated with the encrypted file handle, the hash table including one or more hash key entries, one or more encrypted file handle entries, and one or more decrypted file handle entries;
  
  means for returning the encrypted file handle to a client that requested access to the file;
  
  means for receiving from the client the encrypted file handle and a file operation;
  
  means for generating a hash key from the encrypted file handle to locate a hash key entry in the hash table;
  
  in response to determining that the hash key entry exists, means for comparing the encrypted file handle to the one or more encrypted file handle entries associated with the hash key entry to find a matching encrypted file handle entry, the matching encrypted file handle entry having a corresponding decrypted file handle entry in the hash table; and
  
  means for processing, by the file server, the file operation upon the file obtained from the corresponding decrypted file handle entry.
- View Dependent Claims (10)
- - 10. The file server of claim 9 wherein the means for creating a new entry in a hash table associated with the encrypted file handle further comprises:
    - means for selecting a new hash key and inserting the new hash key into the new entry;
      
      means for placing the encrypted file handle as an encrypted file handle entry in the hash table; and
      
      means for associating a hash key entry, an encrypted file handle entry and a decrypted file handle entry as a single entry in the hash table.

11. A computer readable medium, including program instructions executing on a computer, the program instructions including instructions for performing the steps of:
- maintaining a hash table, the hash table including one or more hash key entries, one or more encrypted file handle entries, and one or more decrypted file handle entries;
  
  generating a file handle associated with a specific file;
  
  encrypting the file handle by a file serer to create an encrypted file handle, thereby preventing access to the file handle;
  
  returning the encrypted file handle to a device that requested access to the specific file;
  
  transmitting to the file server, by the device, the encrypted file handle and a file operation;
  
  generating a hash key from the encrypted file handle to locate a hash key entry in the hash table;
  
  in response to determining that the hash key entry exists, comparing the encrypted file handle to the one or more encrypted file handle entries associated with the hash key entry to find a matching encrypted file handle entry, the matching encrypted file handle entry having a corresponding decrypted file handle entry in the hash table; and
  
  processing, by the file server, the file operation upon the specific file obtained from the corresponding decrypted file handle entry.
- View Dependent Claims (12)
- - 12. The computer readable medium of claim 11 including further instructions for performing the steps of:
    - creating a new entry, in the hash table, associated with the encrypted file handle in response to determining that the hash key entry associated with the encrypted file handle does not exist in the has table;
      
      selecting a new hash key and inserting the new hash key into the new entry; and
      
      placing an unencrypted file handle in the hash table in a decrypted file handle entry, whereby the new hash key, encrypted file handle and the unencrypted file handle are associated as a single entry in the hash table.

13. A method for making file handles opaque to devices connected to the network, the method comprising:
- maintaining a hash table, the hash table including one or more hash key entries, one or more encrypted file handle entries, and one or more decrypted file handle entries;
  
  receiving a request from a client to open a specific file;
  
  generating, by a file server, a file handle associated with the specific file;
  
  encrypting the file handle by the file server to create an encrypted file handle, thereby preventing access to the file handle;
  
  sending the encrypted file handle to the client;
  
  transmitting to the file server, by the client, the encrypted file handle and a file operation;
  
  generating a hash key from the encrypted file handle to locate a hash key entry in the hash table;
  
  in response to determining that the hash key entry exists, comparing the encrypted file handle to one or more encrypted file handle entries associated with the hash key entry to find a matching encrypted file handle entry, the matching encrypted file handle entry having a corresponding decrypted file handle entry in the hash table; and
  
  processing, by the file server, the file operation upon the specific file associated with the corresponding decrypted file handle entry.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13, wherein the step of encrypting the file handle further comprises encrypting the file handle using a private key encryption algorithm.
  - 15. The method of claim 13, wherein the step of encrypting the file handle further comprises encrypting the file handle using a public key encryption algorithm.
  - 16. The method of claim 13, further comprising creating a new entry, in the hash table, associated with the encrypted file handle in response to determining the hash key entry associated with the encrypted file handle does not exist in the hash table.
  - 17. The method of claim 16, wherein the step of creating an entry, in the hash table, associated with the encrypted file handle further comprises:
    - selecting a new hash key and inserting the new hash key into the new entry; and
      
      placing the unencrypted file handle in the hash table in a decrypted file handle entry, whereby the new hash key, encrypted file handle and the unencrypted file handle are associated as a single entry in the hash table.
  - 18. The method of claim 17, wherein the hash key further comprises a subset of the encrypted file handle.

19. A method comprising:
- maintaining a hash table, the hash table including one or more hash key entries, one or more encrypted file handle entries, and one or more decrypted file handle entries;
  
  sending an open request to a file server from a client for a file, the file identified by a file handle;
  
  encrypting the file handle by the file server to create an encrypted file handle, thereby preventing access to the file handle;
  
  returning the encrypted file handle to the client;
  
  transmitting to the file server, by the client, the encrypted file handle and file operation;
  
  generating a hash key from the encrypted file handle to locate a hash key entry in the hash table;
  
  in response to determining that the hash key entry exists, comparing the encrypted file handle to the one or more encrypted file handle entries associated with the hash key entry to find a matching encrypted file handle entry, the matching encrypted file handle entry having a corresponding decrypted file handle entry in the hash table; and
  
  processing, by the file server, the file operation upon the file associated with the corresponding decrypted file handle entry.
- View Dependent Claims (20, 21)
- - 20. The method of claim 19 wherein the step of encrypting the file handle further comprises encrypting the file handle using a private key encryption algorithm.
  - 21. The method of claim 19 wherein the step of encrypting the file handle further comprises encrypting the file handle using a public key encryption algorithm.

22. A server, comprising:
- a file handle associated with a specific file;
  
  a processor to encrypt the file handle to create an encrypted file handle;
  
  the server configured to maintain a hash table that includes one or more hash key entries, one or more encrypted file handle entries, and one or more decrypted file handle entries;
  
  the server configured to return the encrypted file handle to a device that requested access to the specific file;
  
  the server configured to receive the encrypted file handle and file operation sent by the device;
  
  the server configured to generate a hash key from the encrypted file to locate a hash key entry in the hash table;
  
  the server configured to determine that the hash key entry exists in the hash table and to compare the encrypted file handle to the one or more encrypted file handle entries associated with the hash key entry to find a matching encrypted file handle entry, the matching encrypted file handle entry having a corresponding decrypted file handle entry in the hash table; and
  
  the server configured to process the file operation upon the specific file obtained from the corresponding file handle entry.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The server of claim 22, further comprising:
    - the file handle encrypted using a private key encryption algorithm.
  - 24. The server of claim 22, further comprising:
    - the file handle encrypted using a public key encryption algorithm.
  - 25. The server of claim 22, further comprising:
    - a new entry of the hash table created when it is determined that no hash key entry associated with the encrypted file handle exists in the hash table.
  - 26. The server of claim 25 further comprises:
    - a new hash key inserted into the new entry; and
      
      an unencrypted file handle placed in the hash table in a decrypted file handle entry, whereby the new hash key, the encrypted file handle, and the unencrypted file handle are associated as a single entry in the hash table.
  - 27. The server of claim 26, further comprising:
    - the hash key is a subset of the encrypted file handle.
  - 28. The system of claim 22, further comprising:
    - the file handle is a 32-byte value that uniquely identifies the specific file, when the specific file is opened.
  - 29. The system of claim 22, further comprising:
    - the file handle contains an export point and an inode number of the specific file associated with the file handle.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
NetApp, Inc.
Inventors
Corbett, Peter F., Noveck, David B.
Primary Examiner(s)
Pich; Ponnoreay

Application Number

US10/423,591
Time in Patent Office

2,363 Days
Field of Search

713/165
US Class Current

713/165
CPC Class Codes

G06F 16/1824   implemented using Network-a...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3236   using cryptographic hash fu...

Y10S 707/99931   Database or file accessing

System and method to make file handles opaque to clients

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to make file handles opaque to clients

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links