Separate cryptographic keys for protecting different operations on data
First Claim
Patent Images
1. A computer-implemented method for processing data, comprising:
- using a first key to protect a write operation on the data by encrypting, by computer, the data with a data key and generating a signature associated with the data with the first key;
using a second key to protect a read operation on the data by decrypting the data with the data key and verifying the signature associated with the data with the second key;
using a third key to protect a write operation on metadata for the data by encrypting the metadata with a metadata key and generating a signature associated with the metadata with the third key;
using a fourth key to protect a read operation on the metadata by decrypting the metadata with the metadata key and verifying the signature associated with the metadata with the fourth key;
determining an amount of padding by performing a modulo operation on a length of the data with a block size used to encrypt the data and subtracting a result of the modulo operation from the block size; and
appending the determined amount of padding to the encrypted data;
wherein the write operation is protected prior to performing the write operation with a remote storage mechanism; and
wherein the read operation is protected after performing the read operation with the remote storage mechanism.
2 Assignments
0 Petitions
Accused Products
Abstract
The disclosed embodiments provide a system that processes data. During operation, the system uses a first key to protect a write operation on the data. Next, the system uses a second key to protect a read operation on the data.
12 Citations
8 Claims
-
1. A computer-implemented method for processing data, comprising:
-
using a first key to protect a write operation on the data by encrypting, by computer, the data with a data key and generating a signature associated with the data with the first key; using a second key to protect a read operation on the data by decrypting the data with the data key and verifying the signature associated with the data with the second key; using a third key to protect a write operation on metadata for the data by encrypting the metadata with a metadata key and generating a signature associated with the metadata with the third key; using a fourth key to protect a read operation on the metadata by decrypting the metadata with the metadata key and verifying the signature associated with the metadata with the fourth key; determining an amount of padding by performing a modulo operation on a length of the data with a block size used to encrypt the data and subtracting a result of the modulo operation from the block size; and appending the determined amount of padding to the encrypted data; wherein the write operation is protected prior to performing the write operation with a remote storage mechanism; and wherein the read operation is protected after performing the read operation with the remote storage mechanism. - View Dependent Claims (2, 3, 4)
-
-
5. A system for processing data, comprising:
-
a write-management apparatus configured to; use a first key to protect a write operation on the data by encrypting the data with a data key and generating a signature associated with the data with the first key; and use a third key to protect a write operation on metadata for the data by encrypting the metadata with a metadata key and generating a signature associated with the metadata with the third key; and a read-management apparatus configured to; use a second key to protect a read operation on the data by decrypting the data with the data key and verifying the signature associated with the data with the second key; use a fourth key to protect a read operation on the metadata by decrypting the metadata with the metadata key and verifying the signature associated with the metadata with the fourth key; wherein using the first key to protect the write operation further involves; a determination of an amount of padding via a modulo operation performed on a length of the data with a block size used to encrypt the data and a subtraction of a result of the modulo operation from the block size; and the determined amount of padding being appended to the encrypted data; wherein the write operation is protected prior to the write operation being performed with a remote storage mechanism; and wherein the read operation is protected after the read operation is performed with the remote storage mechanism. - View Dependent Claims (6)
-
-
7. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for processing data, the method comprising:
-
using a first key to protect a write operation on the data by encrypting the data with a data key and generating a signature associated with the data with the first key; and using a second key to protect a read operation on the data by decrypting the data with the data key and verifying the signature associated with the data with the second key; using a third key to protect a write operation on metadata for the data by encrypting the metadata with a metadata key and generating a signature associated with the metadata with the third key; and using a fourth key to protect a read operation on the metadata by decrypting the metadata with the metadata key and verifying the signature associated with the metadata with the fourth key; wherein using the first key to protect the write operation further involves; determining an amount of padding by performing a modulo operation on a length of the data with a block size used to encrypt the data and subtracting a result of the modulo operation from the block size; and appending the determined amount of padding to the encrypted data; wherein the write operation is protected prior to performing the write operation with a remote storage mechanism; and wherein the read operation is protected after performing the read operation with the remote storage mechanism. - View Dependent Claims (8)
-
Specification