Method and system for providing a rotating key encrypted file system
First Claim
1. A computing system implemented method for providing a rotating key encrypted file system comprising the following, which when executed individually or collectively by any set of one or more processors perform a process including:
- obtaining access to a file system containing file system data;
designating three or more data blocks within the file system, each of the three or more data blocks including part of the file system data;
determining a number of encryption keys greater than the number of designated data blocks;
assigning an encryption key of the determined encryption keys to each data block of the three or more data blocks, the encryption key assigned to each data block being distinct from other encryption keys used to encrypt the other data blocks of the three or more data blocks within the file system;
initially encrypting each of the three or more data blocks within the file system using the distinct encryption key assigned to that data block;
selecting one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key that is distinct from the previously assigned encryption key and is also distinct from any other encryption key assigned to any of the three or more data blocks; and
repeating the selection of one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key of the determined encryption keys that is distinct from any encryption key currently assigned to any of the data blocks and is also distinct from the previously assigned encryption key on a cyclic and rotating basis such that at any given time only one data block of the three or more data blocks within the file system is being encrypted using a new encryption key that is distinct from the previously assigned encryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
A file system data is divided into two or more data blocks. A unique encryption key is assigned to each data block with the encryption key assigned to each data block being distinct from other encryption keys used to encrypt the other data blocks and each of the data blocks is encrypted using its assigned encryption key. One of the data blocks within the file system is then selected and decrypted using the distinct encryption key assigned to the selected data block and a new encryption key, distinct for the previously assigned encryption key, is assigned to the selected data block and the selected data block is re-encrypted using the new encryption key. This process is then repeated for each data block on a sequential/cyclic and continually rotating basis.
48 Citations
24 Claims
-
1. A computing system implemented method for providing a rotating key encrypted file system comprising the following, which when executed individually or collectively by any set of one or more processors perform a process including:
-
obtaining access to a file system containing file system data; designating three or more data blocks within the file system, each of the three or more data blocks including part of the file system data; determining a number of encryption keys greater than the number of designated data blocks; assigning an encryption key of the determined encryption keys to each data block of the three or more data blocks, the encryption key assigned to each data block being distinct from other encryption keys used to encrypt the other data blocks of the three or more data blocks within the file system; initially encrypting each of the three or more data blocks within the file system using the distinct encryption key assigned to that data block; selecting one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key that is distinct from the previously assigned encryption key and is also distinct from any other encryption key assigned to any of the three or more data blocks; and repeating the selection of one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key of the determined encryption keys that is distinct from any encryption key currently assigned to any of the data blocks and is also distinct from the previously assigned encryption key on a cyclic and rotating basis such that at any given time only one data block of the three or more data blocks within the file system is being encrypted using a new encryption key that is distinct from the previously assigned encryption key. - View Dependent Claims (2, 3, 4)
-
-
5. A computing system implemented method for providing a rotating key encrypted file system comprising the following, which when executed individually or collectively by any set of one or more processors perform a process including:
-
obtaining access to a file system containing file system data; designating “
N”
data blocks within the file system, where “
N”
represents a number greater than two, and each data block includes part of the file system data;providing “
N+1”
different encryption keys;assigning a unique one of the “
N+1”
encryption keys to each data block of the “
N”
data blocks within the file system;initially encrypting each data block within the file system using the unique one of the “
N+1”
encryption keys assigned to that data block;selecting one of the “
N”
data blocks within the file system and decrypting the selected data block using the unique one of the “
N+1”
encryption keys assigned to the selected data block and then re-encrypting the selected data block using a new one of the “
N+1”
encryption keys that is distinct from the unique one of the “
N+1”
encryption keys previously assigned to the selected data block and is also distinct from any other encryption key assigned to any of the three or more data blocks;repeating the selection of one of the “
N”
data blocks within the file system and decrypting the selected data block using the unique one of the “
N+1”
encryption keys assigned to the selected data block and then re-encrypting the selected data block using a new one of the “
N+1”
encryption keys that is distinct from any encryption key currently assigned to any of the data blocks and is also distinct from the unique one of the “
N+1”
encryption keys previously assigned to the selected data block on a cyclic and rotating basis such that at any given time only one data block of the “
N”
data blocks within the file system is being encrypted using a new one of the “
N+1”
encryption keys. - View Dependent Claims (6, 7, 8)
-
-
9. A system for providing a rotating key encrypted file system comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for providing a rotating key encrypted file system, the process for providing a rotating key encrypted file system including; obtaining access to a file system containing file system data; designating three or more data blocks within the file system, each of the three or more data blocks including part of the file system data; determining a number of encryption keys greater than the number of designated data blocks; assigning an encryption key of the determined encryption keys to each data block of the three or more data blocks, the encryption key assigned to each data block being distinct from other encryption keys used to encrypt the other data blocks of the three or more data blocks within the file system; initially encrypting each of the three or more data blocks within the file system using the distinct encryption key assigned to that data block; selecting one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key that is distinct from the previously assigned encryption key and is also distinct from any other encryption key assigned to any of the three or more data blocks; and repeating the selection of one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key of the determined encryption keys that is distinct from any encryption key currently assigned to any of the data blocks and is also distinct from the previously assigned encryption key on a cyclic and rotating basis such that at any given time only one data block of the three or more data blocks within the file system is being encrypted using a new encryption key that is distinct from the previously assigned encryption key. - View Dependent Claims (10, 11, 12)
-
-
13. A system for providing a rotating key encrypted file system comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for providing a rotating key encrypted file system, the process for providing a rotating key encrypted file system including; obtaining access to a file system containing file system data; designating “
N”
data blocks within the file system, where “
N”
represents a number greater than two, and each data block includes part of the file system data;providing “
N+1”
different encryption keys;assigning a unique one of the “
N+1”
encryption keys to each data block of the “
N”
data blocks within the file system;initially encrypting each data block within the file system using the unique one of the “
N+1”
encryption keys assigned to that data block;selecting one of the “
N”
data blocks within the file system and decrypting the selected data block using the unique one of the “
N+1”
encryption keys assigned to the selected data block and then re-encrypting the selected data block using a new one of the “
N+1”
encryption keys that is distinct from the unique one of the “
N+1”
encryption keys previously assigned to the selected data block and is also distinct from any other encryption key assigned to any of the three or more data blocks;repeating the selection of one of the “
N”
data blocks within the file system and decrypting the selected data block using the unique one of the “
N+1”
encryption keys assigned to the selected data block and then re-encrypting the selected data block using a new one of the “
N+1”
encryption keys that is distinct from any encryption key currently assigned to any of the data blocks and is also distinct from the unique one of the “
N+1”
encryption keys previously assigned to the selected data block on a cyclic and rotating basis such that at any given time only one data block of the “
N”
data blocks within the file system is being encrypted using a new one of the “
N+1”
encryption keys. - View Dependent Claims (14, 15, 16)
-
-
17. A computer program product for providing a rotating key encrypted file system comprising:
-
a nontransitory computer readable medium; and computer program code, encoded on the computer readable medium, comprising computer readable instructions which, when executed via any set of one or more processors, perform the following; obtaining access to a file system containing file system data; designating three or more data blocks within the file system, each of the three or more data blocks including part of the file system data; determining a number of encryption keys greater than the number of designated data blocks; assigning an encryption key of the determined encryption keys to each data block of the three or more data blocks, the encryption key assigned to each data block being distinct from other encryption keys used to encrypt the other data blocks of the three or more data blocks within the file system; initially encrypting each of the three or more data blocks within the file system using the distinct encryption key assigned to that data block; selecting one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key that is distinct from the previously assigned encryption key and is also distinct from any other encryption key assigned to any of the three or more data blocks; and repeating the selection of one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key of the determined encryption keys that is distinct from any encryption key currently assigned to any of the data blocks and is also distinct from the previously assigned encryption key on a cyclic and rotating basis such that at any given time only one data block of the three or more data blocks within the file system is being encrypted using a new encryption key that is distinct from the previously assigned encryption key. - View Dependent Claims (18, 19, 20)
-
-
21. A computer program product for providing a rotating key encrypted file system comprising:
-
a nontransitory computer readable medium; and computer program code, encoded on the computer readable medium, comprising computer readable instructions which, when executed via any set of one or more processors, perform the following; obtaining access to a file system containing file system data; designating “
N”
data blocks within the file system, where “
N”
represents a number greater than one, and each data block includes part of the file system data;providing “
N+1”
different encryption keys;assigning a unique one of the “
N+1”
encryption keys to each data block of the “
N”
data blocks within the file system;initially encrypting each data block within the file system using the unique one of the “
N+1”
encryption keys assigned to that data block;selecting one of the “
N”
data blocks within the file system and decrypting the selected data block using the unique one of the “
N+1”
encryption keys assigned to the selected data block and then re-encrypting the selected data block using a new one of the “
N+1”
encryption keys that is distinct from the unique one of the “
N+1”
encryption keys previously assigned to the selected data block and is also distinct from any other encryption key assigned to any of the three or more data blocks;repeating the selection of one of the “
N”
data blocks within the file system and decrypting the selected data block using the unique one of the “
N+1”
encryption keys assigned to the selected data block and then re-encrypting the selected data block using a new one of the “
N+1”
encryption keys that is distinct from any encryption key currently assigned to any of the data blocks and is also distinct from the unique one of the “
N+1”
encryption keys previously assigned to the selected data block on a cyclic and rotating basis such that at any given time only one data block of the “
N”
data blocks within the file system is being encrypted using a new one of the “
N+1”
encryption keys. - View Dependent Claims (22, 23, 24)
-
Specification