Method and system for providing a rotating key encrypted file system

US 9,037,870 B1
Filed: 08/16/2013
Issued: 05/19/2015
Est. Priority Date: 08/16/2013
Status: Active Grant

First Claim

Patent Images

1. A computing system implemented method for providing a rotating key encrypted file system comprising the following, which when executed individually or collectively by any set of one or more processors perform a process including:

obtaining access to a file system containing file system data;

designating three or more data blocks within the file system, each of the three or more data blocks including part of the file system data;

determining a number of encryption keys greater than the number of designated data blocks;

assigning an encryption key of the determined encryption keys to each data block of the three or more data blocks, the encryption key assigned to each data block being distinct from other encryption keys used to encrypt the other data blocks of the three or more data blocks within the file system;

initially encrypting each of the three or more data blocks within the file system using the distinct encryption key assigned to that data block;

selecting one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key that is distinct from the previously assigned encryption key and is also distinct from any other encryption key assigned to any of the three or more data blocks; and

repeating the selection of one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key of the determined encryption keys that is distinct from any encryption key currently assigned to any of the data blocks and is also distinct from the previously assigned encryption key on a cyclic and rotating basis such that at any given time only one data block of the three or more data blocks within the file system is being encrypted using a new encryption key that is distinct from the previously assigned encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A file system data is divided into two or more data blocks. A unique encryption key is assigned to each data block with the encryption key assigned to each data block being distinct from other encryption keys used to encrypt the other data blocks and each of the data blocks is encrypted using its assigned encryption key. One of the data blocks within the file system is then selected and decrypted using the distinct encryption key assigned to the selected data block and a new encryption key, distinct for the previously assigned encryption key, is assigned to the selected data block and the selected data block is re-encrypted using the new encryption key. This process is then repeated for each data block on a sequential/cyclic and continually rotating basis.

48 Citations

View as Search Results

24 Claims

1. A computing system implemented method for providing a rotating key encrypted file system comprising the following, which when executed individually or collectively by any set of one or more processors perform a process including:
- obtaining access to a file system containing file system data;
  
  designating three or more data blocks within the file system, each of the three or more data blocks including part of the file system data;
  
  determining a number of encryption keys greater than the number of designated data blocks;
  
  assigning an encryption key of the determined encryption keys to each data block of the three or more data blocks, the encryption key assigned to each data block being distinct from other encryption keys used to encrypt the other data blocks of the three or more data blocks within the file system;
  
  initially encrypting each of the three or more data blocks within the file system using the distinct encryption key assigned to that data block;
  
  selecting one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key that is distinct from the previously assigned encryption key and is also distinct from any other encryption key assigned to any of the three or more data blocks; and
  
  repeating the selection of one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key of the determined encryption keys that is distinct from any encryption key currently assigned to any of the data blocks and is also distinct from the previously assigned encryption key on a cyclic and rotating basis such that at any given time only one data block of the three or more data blocks within the file system is being encrypted using a new encryption key that is distinct from the previously assigned encryption key.
- View Dependent Claims (2, 3, 4)
- - 2. The computing system implemented method for providing a rotating key encrypted file system of claim 1 wherein the computing system implemented method for providing a rotating key encrypted file system is implemented in a Linux environment.
  - 3. The computing system implemented method for providing a rotating key encrypted file system of claim 1 wherein the file system is an Amazon Web Services (AWS) file system.
  - 4. The computing system implemented method for providing a rotating key encrypted file system of claim 1 wherein repeating the selection of one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key that is distinct from the previously assigned encryption key on a cyclic and rotating basis such that at any given time only one data block of the three or more data blocks within the file system is being encrypted using a new encryption key that is distinct from the previously assigned encryption key is performed using an automatic rekeying daemon.

5. A computing system implemented method for providing a rotating key encrypted file system comprising the following, which when executed individually or collectively by any set of one or more processors perform a process including:
- obtaining access to a file system containing file system data;
  
  designating “
  
  N”
  
  data blocks within the file system, where “
  
  N”
  
  represents a number greater than two, and each data block includes part of the file system data;
  
  providing “
  
  N+1”
  
  different encryption keys;
  
  assigning a unique one of the “
  
  N+1”
  
  encryption keys to each data block of the “
  
  N”
  
  data blocks within the file system;
  
  initially encrypting each data block within the file system using the unique one of the “
  
  N+1”
  
  encryption keys assigned to that data block;
  
  selecting one of the “
  
  N”
  
  data blocks within the file system and decrypting the selected data block using the unique one of the “
  
  N+1”
  
  encryption keys assigned to the selected data block and then re-encrypting the selected data block using a new one of the “
  
  N+1”
  
  encryption keys that is distinct from the unique one of the “
  
  N+1”
  
  encryption keys previously assigned to the selected data block and is also distinct from any other encryption key assigned to any of the three or more data blocks;
  
  repeating the selection of one of the “
  
  N”
  
  data blocks within the file system and decrypting the selected data block using the unique one of the “
  
  N+1”
  
  encryption keys assigned to the selected data block and then re-encrypting the selected data block using a new one of the “
  
  N+1”
  
  encryption keys that is distinct from any encryption key currently assigned to any of the data blocks and is also distinct from the unique one of the “
  
  N+1”
  
  encryption keys previously assigned to the selected data block on a cyclic and rotating basis such that at any given time only one data block of the “
  
  N”
  
  data blocks within the file system is being encrypted using a new one of the “
  
  N+1”
  
  encryption keys.
- View Dependent Claims (6, 7, 8)
- - 6. The computing system implemented method for providing a rotating key encrypted file system of claim 5 wherein the computing system implemented method for providing a rotating key encrypted file system is implemented in a Linux environment.
  - 7. The computing system implemented method for providing a rotating key encrypted file system of claim 5 wherein the file system is an Amazon Web Services (AWS) file system.
  - 8. The computing system implemented method for providing a rotating key encrypted file system of claim 5 wherein repeating the selection of one of the “
    - N”
      
      data blocks within the file system and decrypting the selected data block using the unique one of the “
      
      N+1”
      
      encryption keys assigned to the selected data block and then re-encrypting the selected data block using a new one of the “
      
      N+1”
      
      encryption keys that is distinct from the unique one of the “
      
      N+1”
      
      encryption keys previously assigned to the selected data block on a cyclic and rotating basis such that at any given time only one data block of the “
      
      N”
      
      data blocks within the file system is being encrypted using a new one of the “
      
      N+1”
      
      encryption keys is performed using an automatic rekeying daemon.

9. A system for providing a rotating key encrypted file system comprising:
- at least one processor; and
  
  at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for providing a rotating key encrypted file system, the process for providing a rotating key encrypted file system including;
  
  obtaining access to a file system containing file system data;
  
  designating three or more data blocks within the file system, each of the three or more data blocks including part of the file system data;
  
  determining a number of encryption keys greater than the number of designated data blocks;
  
  assigning an encryption key of the determined encryption keys to each data block of the three or more data blocks, the encryption key assigned to each data block being distinct from other encryption keys used to encrypt the other data blocks of the three or more data blocks within the file system;
  
  initially encrypting each of the three or more data blocks within the file system using the distinct encryption key assigned to that data block;
  
  selecting one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key that is distinct from the previously assigned encryption key and is also distinct from any other encryption key assigned to any of the three or more data blocks; and
  
  repeating the selection of one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key of the determined encryption keys that is distinct from any encryption key currently assigned to any of the data blocks and is also distinct from the previously assigned encryption key on a cyclic and rotating basis such that at any given time only one data block of the three or more data blocks within the file system is being encrypted using a new encryption key that is distinct from the previously assigned encryption key.
- View Dependent Claims (10, 11, 12)
- - 10. The system for providing a rotating key encrypted file system of claim 9 wherein the process for providing a rotating key encrypted file system is implemented in a Linux environment.
  - 11. The system for providing a rotating key encrypted file system of claim 9 wherein the file system is an Amazon Web Services (AWS) file system.
  - 12. The system for providing a rotating key encrypted file system of claim 9 wherein repeating the selection of one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key that is distinct from the previously assigned encryption key on a cyclic and rotating basis such that at any given time only one data block of the three or more data blocks within the file system is being encrypted using a new encryption key that is distinct from the previously assigned encryption key is performed using an automatic rekeying daemon.

13. A system for providing a rotating key encrypted file system comprising:
- at least one processor; and
  
  at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for providing a rotating key encrypted file system, the process for providing a rotating key encrypted file system including;
  
  obtaining access to a file system containing file system data;
  
  designating “
  
  N”
  
  data blocks within the file system, where “
  
  N”
  
  represents a number greater than two, and each data block includes part of the file system data;
  
  providing “
  
  N+1”
  
  different encryption keys;
  
  assigning a unique one of the “
  
  N+1”
  
  encryption keys to each data block of the “
  
  N”
  
  data blocks within the file system;
  
  initially encrypting each data block within the file system using the unique one of the “
  
  N+1”
  
  encryption keys assigned to that data block;
  
  selecting one of the “
  
  N”
  
  data blocks within the file system and decrypting the selected data block using the unique one of the “
  
  N+1”
  
  encryption keys assigned to the selected data block and then re-encrypting the selected data block using a new one of the “
  
  N+1”
  
  encryption keys that is distinct from the unique one of the “
  
  N+1”
  
  encryption keys previously assigned to the selected data block and is also distinct from any other encryption key assigned to any of the three or more data blocks;
  
  repeating the selection of one of the “
  
  N”
  
  data blocks within the file system and decrypting the selected data block using the unique one of the “
  
  N+1”
  
  encryption keys assigned to the selected data block and then re-encrypting the selected data block using a new one of the “
  
  N+1”
  
  encryption keys that is distinct from any encryption key currently assigned to any of the data blocks and is also distinct from the unique one of the “
  
  N+1”
  
  encryption keys previously assigned to the selected data block on a cyclic and rotating basis such that at any given time only one data block of the “
  
  N”
  
  data blocks within the file system is being encrypted using a new one of the “
  
  N+1”
  
  encryption keys.
- View Dependent Claims (14, 15, 16)
- - 14. The system for providing a rotating key encrypted file system of claim 13 wherein the process for providing a rotating key encrypted file system is implemented in a Linux environment.
  - 15. The system for providing a rotating key encrypted file system of claim 13 wherein the file system is an Amazon Web Services (AWS) file system.
  - 16. The system for providing a rotating key encrypted file system of claim 13 wherein repeating the selection of one of the “
    - N”
      
      data blocks within the file system and decrypting the selected data block using the unique one of the “
      
      N+1”
      
      encryption keys assigned to the selected data block and then re-encrypting the selected data block using a new one of the “
      
      N+1”
      
      encryption keys that is distinct from the unique one of the “
      
      N+1”
      
      encryption keys previously assigned to the selected data block on a cyclic and rotating basis such that at any given time only one data block of the “
      
      N”
      
      data blocks within the file system is being encrypted using a new one of the “
      
      N+1”
      
      encryption keys is performed using an automatic rekeying daemon.

17. A computer program product for providing a rotating key encrypted file system comprising:
- a nontransitory computer readable medium;
  
  and computer program code, encoded on the computer readable medium, comprising computer readable instructions which, when executed via any set of one or more processors, perform the following;
  
  obtaining access to a file system containing file system data;
  
  designating three or more data blocks within the file system, each of the three or more data blocks including part of the file system data;
  
  determining a number of encryption keys greater than the number of designated data blocks;
  
  assigning an encryption key of the determined encryption keys to each data block of the three or more data blocks, the encryption key assigned to each data block being distinct from other encryption keys used to encrypt the other data blocks of the three or more data blocks within the file system;
  
  initially encrypting each of the three or more data blocks within the file system using the distinct encryption key assigned to that data block;
  
  selecting one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key that is distinct from the previously assigned encryption key and is also distinct from any other encryption key assigned to any of the three or more data blocks; and
  
  repeating the selection of one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key of the determined encryption keys that is distinct from any encryption key currently assigned to any of the data blocks and is also distinct from the previously assigned encryption key on a cyclic and rotating basis such that at any given time only one data block of the three or more data blocks within the file system is being encrypted using a new encryption key that is distinct from the previously assigned encryption key.
- View Dependent Claims (18, 19, 20)
- - 18. The computer program product for providing a rotating key encrypted file system of claim 17 wherein the computer program product for providing a rotating key encrypted file system is implemented in a Linux environment.
  - 19. The computer program product for providing a rotating key encrypted file system of claim 17 wherein the file system is an Amazon Web Services (AWS) file system.
  - 20. The computer program product for providing a rotating key encrypted file system of claim 17 wherein repeating the selection of one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key that is distinct from the previously assigned encryption key on a cyclic and rotating basis such that at any given time only one data block of the three or more data blocks within the file system is being encrypted using a new encryption key that is distinct from the previously assigned encryption key is performed using an automatic rekeying daemon.

21. A computer program product for providing a rotating key encrypted file system comprising:
- a nontransitory computer readable medium;
  
  and computer program code, encoded on the computer readable medium, comprising computer readable instructions which, when executed via any set of one or more processors, perform the following;
  
  obtaining access to a file system containing file system data;
  
  designating “
  
  N”
  
  data blocks within the file system, where “
  
  N”
  
  represents a number greater than one, and each data block includes part of the file system data;
  
  providing “
  
  N+1”
  
  different encryption keys;
  
  assigning a unique one of the “
  
  N+1”
  
  encryption keys to each data block of the “
  
  N”
  
  data blocks within the file system;
  
  initially encrypting each data block within the file system using the unique one of the “
  
  N+1”
  
  encryption keys assigned to that data block;
  
  selecting one of the “
  
  N”
  
  data blocks within the file system and decrypting the selected data block using the unique one of the “
  
  N+1”
  
  encryption keys assigned to the selected data block and then re-encrypting the selected data block using a new one of the “
  
  N+1”
  
  encryption keys that is distinct from the unique one of the “
  
  N+1”
  
  encryption keys previously assigned to the selected data block and is also distinct from any other encryption key assigned to any of the three or more data blocks;
  
  repeating the selection of one of the “
  
  N”
  
  data blocks within the file system and decrypting the selected data block using the unique one of the “
  
  N+1”
  
  encryption keys assigned to the selected data block and then re-encrypting the selected data block using a new one of the “
  
  N+1”
  
  encryption keys that is distinct from any encryption key currently assigned to any of the data blocks and is also distinct from the unique one of the “
  
  N+1”
  
  encryption keys previously assigned to the selected data block on a cyclic and rotating basis such that at any given time only one data block of the “
  
  N”
  
  data blocks within the file system is being encrypted using a new one of the “
  
  N+1”
  
  encryption keys.
- View Dependent Claims (22, 23, 24)
- - 22. The computer program product for providing a rotating key encrypted file system of claim 21 wherein the computer program product for providing a rotating key encrypted file system is implemented in a Linux environment.
  - 23. The computer program product for providing a rotating key encrypted file system of claim 21 wherein the file system is an Amazon Web Services (AWS) file system.
  - 24. The computer program product for providing a rotating key encrypted file system of claim 21 wherein repeating the selection of one of the “
    - N”
      
      data blocks within the file system and decrypting the selected data block using the unique one of the “
      
      N+1”
      
      encryption keys assigned to the selected data block and then re-encrypting the selected data block using a new one of the “
      
      N+1”
      
      encryption keys that is distinct from the unique one of the “
      
      N+1”
      
      encryption keys previously assigned to the selected data block on a cyclic and rotating basis such that at any given time only one data block of the “
      
      N”
      
      data blocks within the file system is being encrypted using a new one of the “
      
      N+1”
      
      encryption keys is performed using an automatic rekeying daemon.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intuit, Inc.
Original Assignee
Intuit, Inc.
Inventors
Zheng, Peter Xiaohu, Huynh, Toan
Primary Examiner(s)
Traore, Fatoumata

Application Number

US13/969,351
Time in Patent Office

641 Days
Field of Search

None
US Class Current

713/189
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 12/1466   Key-lock mechanism

G06F 21/6218   to a system of files or obj...

G06F 2221/2137   Time limited access, e.g. t...

H04L 9/08   Key distribution or managem...

H04L 9/0891   Revocation or update of sec...

H04L 9/16   the keys or algorithms bein...

Method and system for providing a rotating key encrypted file system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

48 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Method and system for providing a rotating key encrypted file system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others