Scalable file system configured to make files permanently unreadable

US 7,814,318 B1
Filed: 09/27/2005
Issued: 10/12/2010
Est. Priority Date: 09/27/2005
Status: Active Grant

First Claim

Patent Images

1. A method for managing files which facilitates key management for encrypted files, the method comprising:

maintaining file-class keys at a file manager, wherein each file-class key is associated with a different class of files, wherein every file in the class of files is encrypted and decrypted using a same file-class key, and wherein each file in the class of files is associated with an expiration time;

if a file belongs to a class of files, ensuring that whenever the file is stored or updated in non-volatile storage that the file is encrypted with an associated file-class key for the class of files, wherein the file-class key is stored in encrypted form in non-volatile storage;

wherein storing the file-class key in encrypted form in non-volatile storage involves storing multiple encrypted copies of the file-class key, wherein each copy is encrypted with a different key-manager-file-class key managed by a different key manager, and wherein decrypting a copy of the file-class key involves causing one of the key managers to decrypt the encrypted file-class key using the corresponding key-manager-file-class key; and

causing a class of files to become permanently unreadable by causing an associated file-class key, which can be used to decrypt the class of files, to become permanently unreadable.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention relates to a system for managing files which facilitates making the files permanently unreadable. During operation, the system maintains file-class keys at a file manager, wherein the file-class keys are associated with different classes of files. If a file belongs to a class of files, the system ensures that whenever the file is stored or updated in non-volatile storage that the file is encrypted with an associated key-manager-file-class key for the class of files. The system makes an entire class of files permanently unreadable by causing an associated key-manager-file-class key, which can be used to decrypt the class of files, to become permanently unreadable.

Citations

16 Claims

1. A method for managing files which facilitates key management for encrypted files, the method comprising:
- maintaining file-class keys at a file manager, wherein each file-class key is associated with a different class of files, wherein every file in the class of files is encrypted and decrypted using a same file-class key, and wherein each file in the class of files is associated with an expiration time;
  
  if a file belongs to a class of files, ensuring that whenever the file is stored or updated in non-volatile storage that the file is encrypted with an associated file-class key for the class of files, wherein the file-class key is stored in encrypted form in non-volatile storage;
  
  wherein storing the file-class key in encrypted form in non-volatile storage involves storing multiple encrypted copies of the file-class key, wherein each copy is encrypted with a different key-manager-file-class key managed by a different key manager, and wherein decrypting a copy of the file-class key involves causing one of the key managers to decrypt the encrypted file-class key using the corresponding key-manager-file-class key; and
  
  causing a class of files to become permanently unreadable by causing an associated file-class key, which can be used to decrypt the class of files, to become permanently unreadable.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein maintaining the file-class keys as the file manager involves:
    - storing the file-class keys in unencrypted form in volatile storage;
      
      wherein corresponding key-manager-file-class decryption keys are not typically maintained in non-volatile form by the file manager, whereby if the file manager crashes and loses the contents of local volatile storage, the file manager must interact with the one or more key managers to decrypt the encrypted file class keys.
  - 3. The method of claim 2, further comprising encrypting/decrypting a file by:
    - examining state information for the file to obtain references to one or more file-class keys for the file;
      
      using the references to lookup the one or more file-class keys for the file in volatile storage; and
      
      using the one or more file-class keys to perform the encryption/decryption operation.
  - 4. The method of claim 3, wherein if during the lookup process a file-class key is not present in volatile storage, the method further comprises:
    - retrieving an encrypted version of the file-class key from non-volatile storage;
      
      communicating with one or more key managers to decrypt the encrypted version of the file-class key; and
      
      storing the file-class key in volatile storage.
  - 5. The method of claim 1,wherein each file-class key which is associated with an expiration time is derivable from a file-class key for a preceding expiration time;
    - whereby if the file manager crashes and loses the contents of local volatile storage, the file manager can interact with a key manager to decrypt a soonest-to-expire file-class key, and can then locally derive file-class keys for successive expiration times without having to interact with the key manager again.
  - 6. The method of claim 1,wherein corresponding key-manager-file-class decryption keys, maintained by the one or more key managers, are also associated with expiration times;
    - andwherein the key managers forget the corresponding key-manager-file-class decryption keys after the associated expiration times.
  - 7. The method of claim 1, wherein storing a given file-class key in encrypted form in non-volatile storage involves:
    - partitioning the given file-class key into n shares, such that the given file-class key can be reconstructed from any k of the n shares; and
      
      encrypting each share with a key managed by a different key manager, whereby if the file manager crashes and loses the contents of local non-volatile storage, as long as k key managers remain available, the given file-class key can be decrypted.

8. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for managing files which facilitates key management for encrypted files, the method comprising:
- maintaining file-class keys at a file manager, wherein each file-class key is associated with a different class of files, wherein every file in the class of files is encrypted and decrypted using a same file-class key, and wherein each file in the class of files is associated with an expiration time;
  
  if a file belongs to a class of files, ensuring that whenever the file is stored or updated in non-volatile storage that the file is encrypted with an associated file-class key for the class of files, wherein the file-class key is stored in encrypted form in non-volatile storage;
  
  wherein storing the file-class key in encrypted form in non-volatile storage involves storing multiple encrypted copies of the file-class key, wherein each copy is encrypted with a different key-manager-file-class key managed by a different key manager, wherein decrypting a copy of the file-class key involves causing one of the key managers to decrypt the encrypted file-class key using the corresponding key-manager-file-class key; and
  
  causing a class of files to become permanently unreadable by causing an associated file-class key, which can be used to decrypt the class of files, to become permanently unreadable.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable storage medium of claim 8, wherein maintaining the file-class keys as the file manager involves:
    - storing the file-class keys in unencrypted form in volatile storage;
      
      wherein corresponding key-manager-file-class decryption keys are not typically maintained in non-volatile form by the file manager, whereby if the file manager crashes and loses the contents of local volatile storage, the file manager must interact with the one or more key managers to decrypt the encrypted file class keys.
  - 10. The computer-readable storage medium of claim 9, wherein the method further comprises encrypting/decrypting a file by:
    - examining state information for the file to obtain references to one or more file-class keys for the file;
      
      using the references to lookup the one or more file-class keys for the file in volatile storage; and
      
      using the one or more file-class keys to perform the encryption/decryption operation.
  - 11. The computer-readable storage medium of claim 10, wherein if during the lookup process a file-class key is not present in volatile storage, the method further comprises:
    - retrieving an encrypted version of the file-class key from non-volatile storage;
      
      communicating with one or more key managers to decrypt the encrypted version of the file-class key; and
      
      storing the file-class key in volatile storage.
  - 12. The computer-readable storage medium of claim 8,wherein each file-class key which is associated with an expiration time is derivable from a file-class key for a preceding expiration time;
    - whereby if the file manager crashes and loses the contents of local volatile storage, the file manager can interact with a key manager to decrypt a soonest-to-expire file-class key, and can then locally derive file-class keys for successive expiration times without having to interact with the key manager again.
  - 13. The computer-readable storage medium of claim 8,wherein corresponding key-manager-file-class decryption keys, maintained by the one or more key managers, are also associated with expiration times;
    - andwherein the key managers forget the corresponding key-manager-file-class decryption keys after the associated expiration times.
  - 14. The computer-readable storage medium of claim 8, wherein storing a given file-class key in encrypted form in non-volatile storage involves:
    - partitioning the given file-class key into n shares, such that the given file-class key can be reconstructed from any k of the n shares; and
      
      encrypting each share with a key managed by a different key manager, whereby if the file manager crashes and loses the contents of local non-volatile storage, as long as k key managers remain available, the given file-class key can be decrypted.

15. An apparatus that manages files in a manner that facilitates key management for encrypted files, the apparatus comprising:
- a file manager;
  
  a key-maintenance mechanism within the file manager configured to maintain file-class keys, wherein each file-class key is associated with a different class of files, wherein every file in the class of files is encrypted and decrypted using a same file-class key, wherein each file in the class of files is associated with an expiration;
  
  time, and wherein the file-class keys are stored in unencrypted form in volatile storage, and the file-class keys are stored in encrypted form in non-volatile storage;
  
  wherein corresponding key-manager-file-class decryption keys that can be used to decrypt the encrypted file-class keys are maintained by one or more key managers, and are not typically maintained in non-volatile form by the file manager, whereby if the file manager crashes and loses the contents of local volatile storage, the file manager must interact with the one or more key managers to decrypt the encrypted file-class keys; and
  
  a storage mechanism within the file manager, wherein if a file belongs to a class of files, the storage mechanism ensures that whenever the file is stored or updated in non-volatile storage that the file is encrypted with an associated file-class key for the class of files; and
  
  a deletion mechanism within the file manager, wherein the deletion mechanism is configured to cause a class of files to become permanently unreadable by causing an associated file-class key, which can be used to decrypt the class of files, to become permanently unreadable.

16. A method for managing files which facilitates key management for encrypted files, the method comprising:
- maintaining file-class keys at a file manager, wherein the file-class keys are associated with different classes of files, wherein every file in each class of files is encrypted and decrypted using a same file-class key, and wherein each file in a class of files is associated with a same expiration timeif a file belongs to a class of files, ensuring that whenever the file is stored or updated in non-volatile storage that the file is encrypted with an associated file-class key for the class of files; and
  
  causing a class of files to become permanently unreadable by causing an associated file-class key, which can be used to decrypt the class of files, to become permanently unreadable;
  
  wherein a file-class key for a given class of files is made permanently unreadable at the expiration time for the given class of files; and
  
  wherein each file-class key which is associated with an expiration time is derivable from a file-class key for a preceding expiration time, whereby if the file manager crashes and loses the contents of local volatile storage, the file manager can interact with a key manager to decrypt a soonest-to-expire file-class key, and can then locally derive file-class keys for successive expiration times without having to interact with the key manager again.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Oracle America, Inc. (Oracle Corporation)
Inventors
Crouse, Donald D., Perlman, Radia J.
Primary Examiner(s)
Parthasarathy; Pramila

Application Number

US11/237,478
Time in Patent Office

1,841 Days
Field of Search

380/201, 380/278, 380/4, 380/9, 380/21, 380/23, 380/25, 380/30, 380/49, 380/50, 380/59, 380/200, 380/255, 380277-287, 713/193, 713/189, 713/157, 713/150, 713/155, 713/168, 713/229, 713/201
US Class Current

713/165
CPC Class Codes

G06F 21/6209 to a single file or object,...

Scalable file system configured to make files permanently unreadable

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Scalable file system configured to make files permanently unreadable

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links