Exclusive encryption

US 7,770,023 B2
Filed: 12/16/2005
Issued: 08/03/2010
Est. Priority Date: 01/17/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method comprising:

under control of one or more processors;

receiving a plaintext directory entry;

verifying that the plaintext directory entry is syntactically legal;

encrypting the plaintext directory entry only if the plaintext directory entry is syntactically legal, the encrypting comprising;

generating, based on the plaintext directory entry, a mapped identifier;

generating, based on the mapped identifier, a decasified identifier and corresponding case information;

encoding the mapped identifier and the decasified identifier; and

encrypting the encoded mapped identifier, the encrypting comprises encrypting both the encoded decasified identifier and the case information; and

communicating the encrypted directory entry to another device,wherein the encrypting allows the other device to verify, without decrypting the encrypted directory entry, that the directory entry is not identical to any other directory entry maintained by the other device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An exclusive encryption system is established using multiple computing devices. The exclusive encryption system allows for the exclusion of certain plaintext (e.g., by one of the computing devices) and ciphertext (e.g., by another of the computing devices) while at the same time maintaining the privacy created by the encryption (e.g., so the other computing device cannot see the plaintext). The exclusive encryption system may be implemented as part of a serverless distributed file system with directory entries (e.g., file names or folder names) being the plaintext, or alternatively as part of other systems.

Citations

17 Claims

1. A computer-implemented method comprising:
- under control of one or more processors;
  
  receiving a plaintext directory entry;
  
  verifying that the plaintext directory entry is syntactically legal;
  
  encrypting the plaintext directory entry only if the plaintext directory entry is syntactically legal, the encrypting comprising;
  
  generating, based on the plaintext directory entry, a mapped identifier;
  
  generating, based on the mapped identifier, a decasified identifier and corresponding case information;
  
  encoding the mapped identifier and the decasified identifier; and
  
  encrypting the encoded mapped identifier, the encrypting comprises encrypting both the encoded decasified identifier and the case information; and
  
  communicating the encrypted directory entry to another device,wherein the encrypting allows the other device to verify, without decrypting the encrypted directory entry, that the directory entry is not identical to any other directory entry maintained by the other device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A computer-implemented method as recited in claim 1, wherein generating the decasified identifier and corresponding case information comprises:
    - for each character that has both an upper-case and a lower-case form, recording in the case information whether the character was in upper-case form or lower-case form.
  - 3. A computer-implemented method as recited in claim 2, further comprising:
    - storing the character in upper-case form only if the character is one of a particular set of characters; and
      
      storing the character without altering its case if the character is not one of the particular set of characters.
  - 4. A computer-implemented method as recited in claim 1, wherein the generating comprises generating the mapped identifier only if the received identifier is syntactically legal.
  - 5. A computer-implemented method as recited in claim 1, wherein encoding comprises encoding the mapped identifier only if the received identifier is syntactically legal.
  - 6. A computer-implemented method as recited in claim 1, wherein generating the mapped identifier comprises:
    - checking whether the identifier is equal to one of a plurality of illegal identifiers;
      
      if the identifier is not equal to one of the plurality of illegal identifiers, then checking whether the identifier is equal to one of the plurality of illegal identifiers followed by one or more particular characters;
      
      if the identifier is not equal to one of the plurality of illegal identifiers followed by one or more particular characters, then using the identifier as the mapped identifier; and
      
      if the identifier is equal to one of the plurality of illegal identifiers followed by one or more particular characters, then using as the mapped identifier the identifier with one of the particular characters removed.
  - 7. A computer-implemented method as recited in claim 6, wherein the particular character comprises an underscore.
  - 8. A computer-implemented method as recited in claim 1, wherein encrypting the encoded mapped identifier comprises using cipher block chaining to encrypt the encoded identifier.
  - 9. A computer-implemented method as recited in claim 1, wherein the encrypting comprises encrypting the encoded mapped identifier to generate, using a block cipher, a ciphertext having a fixed size.

10. One or more non-transitory computer-readable storage media having stored thereon a plurality of instructions that, when executed by one or more processors of a computer, causes the one or more processors to perform acts including:
- receiving a plaintext identifier; and
  
  generating a ciphertext by encrypting the plaintext identifier only if the plaintext identifier is syntactically legal, the generating comprises generating, based on the plaintext identifier, a mapped identifier, wherein generating the mapped identifier comprises;
  
  checking whether the plaintext identifier is equal to one of a plurality of illegal identifiers;
  
  if the plaintext identifier is not equal to one of the plurality of illegal identifiers, then checking whether the plaintext identifier is equal to one of the plurality of illegal identifiers followed by one or more particular characters;
  
  if the plaintext identifier is not equal to one of the plurality of illegal identifiers followed by one or more particular characters, then using the plaintext identifier as the mapped identifier; and
  
  if the plaintext identifier is equal to one of the plurality of illegal identifiers followed by one or more particular characters, then using as the mapped identifier the plaintext identifier with one of the particular characters removed,wherein;
  
  the encrypting allows another device to verify, without decrypting the ciphertext, that the plaintext identifier is not identical to another plaintext identifier maintained by the other device.
- View Dependent Claims (11)
- - 11. One or more non-transitory computer-readable storage media as recited in claim 10, wherein generating the ciphertext further comprises:
    - encoding the mapped identifier; and
      
      encrypting the encoded mapped identifier.

12. One or more non-transitory computer-readable storage media having stored thereon a plurality of instructions that, when executed by one or more processors of a computer, causes the one or more processors to perform acts including:
- receiving a plaintext directory entry;
  
  verifying that the plaintext directory entry is syntactically legal;
  
  encrypting the plaintext directory entry only if the plaintext directory entry is syntactically legal, the encrypting comprises generating, based on the plaintext directory entry, a mapped identifier, wherein generating the mapped identifier comprises;
  
  checking whether the plaintext directory entry is equal to one of a plurality of illegal identifiers;
  
  if the plaintext directory entry is not equal to one of the plurality of illegal identifiers, then checking whether the plaintext directory entry is equal to one of the plurality of illegal identifiers followed by one or more particular characters;
  
  if the plaintext directory entry is not equal to one of the plurality of illegal identifiers followed by one or more particular characters, then using the plaintext directory entry as the mapped identifier; and
  
  if the plaintext directory entry is equal to one of the plurality of illegal identifiers followed by one or more particular characters, then using as the mapped identifier the plaintext directory entry with one of the particular characters removed; and
  
  communicating the encrypted directory entry to another device; and
  
  wherein the encrypting allows the other device to verify, without decrypting the encrypted directory entry, that the directory entry is not identical to any other directory entry maintained by the other device.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. One or more non-transitory computer-readable storage media as recited in claim 12, wherein the plaintext directory entry comprises a file name.
  - 14. One or more non-transitory computer-readable storage media as recited in claim 12, wherein the plaintext directory entry comprises a directory name.
  - 15. One or more non-transitory computer-readable storage media as recited in claim 12, wherein the plaintext directory entry comprises a folder name.
  - 16. One or more non-transitory computer-readable storage media as recited in claim 12, wherein encrypting the plaintext directory entry further comprises:
    - encoding the mapped identifier; and
      
      encrypting the encoded mapped identifier.
  - 17. One or more non-transitory computer-readable storage media as recited in claim 16, wherein encrypting the plaintext directory entry further comprises:
    - generating, based on the mapped identifier, a decasified identifier and corresponding case information;
      
      wherein the encoding comprises encoding the decasified identifier; and
      
      wherein the encrypting comprises encrypting both the encoded decasified identifier and the case information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Douceur, John R., Adya, Atul, Benaloh, Josh D., Yuval, Gideon A.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
POLTORAK, PIOTR

Application Number

US11/275,186
Publication Number

US 20070076881A1
Time in Patent Office

1,691 Days
Field of Search

713189-190
US Class Current

713/189
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2221/2107   File encryption

H04L 63/0428   wherein the data content is...

Exclusive encryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Exclusive encryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links