Exclusive encryption
First Claim
Patent Images
1. A computer-implemented method comprising:
- under control of one or more processors;
receiving a plaintext directory entry;
verifying that the plaintext directory entry is syntactically legal;
encrypting the plaintext directory entry only if the plaintext directory entry is syntactically legal, the encrypting comprising;
generating, based on the plaintext directory entry, a mapped identifier;
generating, based on the mapped identifier, a decasified identifier and corresponding case information;
encoding the mapped identifier and the decasified identifier; and
encrypting the encoded mapped identifier, the encrypting comprises encrypting both the encoded decasified identifier and the case information; and
communicating the encrypted directory entry to another device,wherein the encrypting allows the other device to verify, without decrypting the encrypted directory entry, that the directory entry is not identical to any other directory entry maintained by the other device.
1 Assignment
0 Petitions
Accused Products
Abstract
An exclusive encryption system is established using multiple computing devices. The exclusive encryption system allows for the exclusion of certain plaintext (e.g., by one of the computing devices) and ciphertext (e.g., by another of the computing devices) while at the same time maintaining the privacy created by the encryption (e.g., so the other computing device cannot see the plaintext). The exclusive encryption system may be implemented as part of a serverless distributed file system with directory entries (e.g., file names or folder names) being the plaintext, or alternatively as part of other systems.
-
Citations
17 Claims
-
1. A computer-implemented method comprising:
-
under control of one or more processors; receiving a plaintext directory entry; verifying that the plaintext directory entry is syntactically legal; encrypting the plaintext directory entry only if the plaintext directory entry is syntactically legal, the encrypting comprising; generating, based on the plaintext directory entry, a mapped identifier; generating, based on the mapped identifier, a decasified identifier and corresponding case information; encoding the mapped identifier and the decasified identifier; and encrypting the encoded mapped identifier, the encrypting comprises encrypting both the encoded decasified identifier and the case information; and communicating the encrypted directory entry to another device, wherein the encrypting allows the other device to verify, without decrypting the encrypted directory entry, that the directory entry is not identical to any other directory entry maintained by the other device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. One or more non-transitory computer-readable storage media having stored thereon a plurality of instructions that, when executed by one or more processors of a computer, causes the one or more processors to perform acts including:
-
receiving a plaintext identifier; and generating a ciphertext by encrypting the plaintext identifier only if the plaintext identifier is syntactically legal, the generating comprises generating, based on the plaintext identifier, a mapped identifier, wherein generating the mapped identifier comprises; checking whether the plaintext identifier is equal to one of a plurality of illegal identifiers; if the plaintext identifier is not equal to one of the plurality of illegal identifiers, then checking whether the plaintext identifier is equal to one of the plurality of illegal identifiers followed by one or more particular characters; if the plaintext identifier is not equal to one of the plurality of illegal identifiers followed by one or more particular characters, then using the plaintext identifier as the mapped identifier; and if the plaintext identifier is equal to one of the plurality of illegal identifiers followed by one or more particular characters, then using as the mapped identifier the plaintext identifier with one of the particular characters removed, wherein; the encrypting allows another device to verify, without decrypting the ciphertext, that the plaintext identifier is not identical to another plaintext identifier maintained by the other device. - View Dependent Claims (11)
-
-
12. One or more non-transitory computer-readable storage media having stored thereon a plurality of instructions that, when executed by one or more processors of a computer, causes the one or more processors to perform acts including:
-
receiving a plaintext directory entry; verifying that the plaintext directory entry is syntactically legal; encrypting the plaintext directory entry only if the plaintext directory entry is syntactically legal, the encrypting comprises generating, based on the plaintext directory entry, a mapped identifier, wherein generating the mapped identifier comprises; checking whether the plaintext directory entry is equal to one of a plurality of illegal identifiers; if the plaintext directory entry is not equal to one of the plurality of illegal identifiers, then checking whether the plaintext directory entry is equal to one of the plurality of illegal identifiers followed by one or more particular characters; if the plaintext directory entry is not equal to one of the plurality of illegal identifiers followed by one or more particular characters, then using the plaintext directory entry as the mapped identifier; and if the plaintext directory entry is equal to one of the plurality of illegal identifiers followed by one or more particular characters, then using as the mapped identifier the plaintext directory entry with one of the particular characters removed; and communicating the encrypted directory entry to another device; and wherein the encrypting allows the other device to verify, without decrypting the encrypted directory entry, that the directory entry is not identical to any other directory entry maintained by the other device. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification