Scalable file system configured to make files permanently unreadable
First Claim
1. A method for managing files which facilitates key management for encrypted files, the method comprising:
- maintaining file-class keys at a file manager, wherein each file-class key is associated with a different class of files, wherein every file in the class of files is encrypted and decrypted using a same file-class key, and wherein each file in the class of files is associated with an expiration time;
if a file belongs to a class of files, ensuring that whenever the file is stored or updated in non-volatile storage that the file is encrypted with an associated file-class key for the class of files, wherein the file-class key is stored in encrypted form in non-volatile storage;
wherein storing the file-class key in encrypted form in non-volatile storage involves storing multiple encrypted copies of the file-class key, wherein each copy is encrypted with a different key-manager-file-class key managed by a different key manager, and wherein decrypting a copy of the file-class key involves causing one of the key managers to decrypt the encrypted file-class key using the corresponding key-manager-file-class key; and
causing a class of files to become permanently unreadable by causing an associated file-class key, which can be used to decrypt the class of files, to become permanently unreadable.
2 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention relates to a system for managing files which facilitates making the files permanently unreadable. During operation, the system maintains file-class keys at a file manager, wherein the file-class keys are associated with different classes of files. If a file belongs to a class of files, the system ensures that whenever the file is stored or updated in non-volatile storage that the file is encrypted with an associated key-manager-file-class key for the class of files. The system makes an entire class of files permanently unreadable by causing an associated key-manager-file-class key, which can be used to decrypt the class of files, to become permanently unreadable.
-
Citations
16 Claims
-
1. A method for managing files which facilitates key management for encrypted files, the method comprising:
-
maintaining file-class keys at a file manager, wherein each file-class key is associated with a different class of files, wherein every file in the class of files is encrypted and decrypted using a same file-class key, and wherein each file in the class of files is associated with an expiration time; if a file belongs to a class of files, ensuring that whenever the file is stored or updated in non-volatile storage that the file is encrypted with an associated file-class key for the class of files, wherein the file-class key is stored in encrypted form in non-volatile storage; wherein storing the file-class key in encrypted form in non-volatile storage involves storing multiple encrypted copies of the file-class key, wherein each copy is encrypted with a different key-manager-file-class key managed by a different key manager, and wherein decrypting a copy of the file-class key involves causing one of the key managers to decrypt the encrypted file-class key using the corresponding key-manager-file-class key; and causing a class of files to become permanently unreadable by causing an associated file-class key, which can be used to decrypt the class of files, to become permanently unreadable. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for managing files which facilitates key management for encrypted files, the method comprising:
-
maintaining file-class keys at a file manager, wherein each file-class key is associated with a different class of files, wherein every file in the class of files is encrypted and decrypted using a same file-class key, and wherein each file in the class of files is associated with an expiration time; if a file belongs to a class of files, ensuring that whenever the file is stored or updated in non-volatile storage that the file is encrypted with an associated file-class key for the class of files, wherein the file-class key is stored in encrypted form in non-volatile storage; wherein storing the file-class key in encrypted form in non-volatile storage involves storing multiple encrypted copies of the file-class key, wherein each copy is encrypted with a different key-manager-file-class key managed by a different key manager, wherein decrypting a copy of the file-class key involves causing one of the key managers to decrypt the encrypted file-class key using the corresponding key-manager-file-class key; and causing a class of files to become permanently unreadable by causing an associated file-class key, which can be used to decrypt the class of files, to become permanently unreadable. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus that manages files in a manner that facilitates key management for encrypted files, the apparatus comprising:
-
a file manager; a key-maintenance mechanism within the file manager configured to maintain file-class keys, wherein each file-class key is associated with a different class of files, wherein every file in the class of files is encrypted and decrypted using a same file-class key, wherein each file in the class of files is associated with an expiration;
time, and wherein the file-class keys are stored in unencrypted form in volatile storage, and the file-class keys are stored in encrypted form in non-volatile storage;wherein corresponding key-manager-file-class decryption keys that can be used to decrypt the encrypted file-class keys are maintained by one or more key managers, and are not typically maintained in non-volatile form by the file manager, whereby if the file manager crashes and loses the contents of local volatile storage, the file manager must interact with the one or more key managers to decrypt the encrypted file-class keys; and a storage mechanism within the file manager, wherein if a file belongs to a class of files, the storage mechanism ensures that whenever the file is stored or updated in non-volatile storage that the file is encrypted with an associated file-class key for the class of files; and a deletion mechanism within the file manager, wherein the deletion mechanism is configured to cause a class of files to become permanently unreadable by causing an associated file-class key, which can be used to decrypt the class of files, to become permanently unreadable.
-
-
16. A method for managing files which facilitates key management for encrypted files, the method comprising:
-
maintaining file-class keys at a file manager, wherein the file-class keys are associated with different classes of files, wherein every file in each class of files is encrypted and decrypted using a same file-class key, and wherein each file in a class of files is associated with a same expiration time if a file belongs to a class of files, ensuring that whenever the file is stored or updated in non-volatile storage that the file is encrypted with an associated file-class key for the class of files; and causing a class of files to become permanently unreadable by causing an associated file-class key, which can be used to decrypt the class of files, to become permanently unreadable; wherein a file-class key for a given class of files is made permanently unreadable at the expiration time for the given class of files; and wherein each file-class key which is associated with an expiration time is derivable from a file-class key for a preceding expiration time, whereby if the file manager crashes and loses the contents of local volatile storage, the file manager can interact with a key manager to decrypt a soonest-to-expire file-class key, and can then locally derive file-class keys for successive expiration times without having to interact with the key manager again.
-
Specification