Secure kerberized access of encrypted file system
First Claim
1. A method comprising:
- receiving a request from a client at a file server for the client to mount a file system located at the file server;
determining, at the file server, that the requested file system is encrypted;
sending a message from the file server to the client that informs the client that the requested file system is encrypted;
receiving a session ticket from the client that includes a security protocol mounting selection;
decrypting an encrypted private key at the file server that corresponds to a user, the decrypting resulting in a private key;
decrypting the file system at the file server using the private key;
andsending the decrypted file system from the file server to the client over a secure channel corresponding to the security protocol mounting selection.
0 Assignments
0 Petitions
Accused Products
Abstract
A file server receives a request from a client to mount an encrypted file system. The file server informs the client that the requested file system is encrypted and, in turn, receives a session ticket from the client that includes a security protocol mounting selection. The file server decrypts the client'"'"'s user'"'"'s encrypted private key, and then decrypts the requested encrypted file system using the private key. In turn, the file server sends the decrypted file system to the client over a secure channel, which is based upon the security protocol mounting selection. In one embodiment, a key distribution center server receives a request from the client for the client'"'"'s user to access the encrypted file system at the file server. The key distribution center server retrieves an intermediate key; includes the intermediate key in a session ticket; and sends the session ticket to the client.
24 Citations
9 Claims
-
1. A method comprising:
-
receiving a request from a client at a file server for the client to mount a file system located at the file server; determining, at the file server, that the requested file system is encrypted; sending a message from the file server to the client that informs the client that the requested file system is encrypted; receiving a session ticket from the client that includes a security protocol mounting selection; decrypting an encrypted private key at the file server that corresponds to a user, the decrypting resulting in a private key; decrypting the file system at the file server using the private key; and sending the decrypted file system from the file server to the client over a secure channel corresponding to the security protocol mounting selection. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method comprising:
-
receiving a request at a key distribution center server from a client, the requesting identifying a user and a file server; retrieving an intermediate key that corresponds to both the file server and the user, wherein the intermediate key is adapted to decrypt an encrypted private key utilized by the file server for decrypting encrypted file systems; including the intermediate key in a session ticket; and sending the session ticket to the client. - View Dependent Claims (9)
-
-
8. The method of 7 further comprising:
-
identifying, at the key distribution center server, an internet protocol address that corresponds to the file server; extracting a user name from the request that corresponds to the user; and locating the intermediate key in an intermediate storage area managed by the file server using the internet protocol address and the user name.
-
Specification