Separate cryptographic keys for protecting different operations on data

US 9,317,717 B2
Filed: 12/28/2012
Issued: 04/19/2016
Est. Priority Date: 12/28/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for processing data, comprising:

using a first key to protect a write operation on the data by encrypting, by computer, the data with a data key and generating a signature associated with the data with the first key;

using a second key to protect a read operation on the data by decrypting the data with the data key and verifying the signature associated with the data with the second key;

using a third key to protect a write operation on metadata for the data by encrypting the metadata with a metadata key and generating a signature associated with the metadata with the third key;

using a fourth key to protect a read operation on the metadata by decrypting the metadata with the metadata key and verifying the signature associated with the metadata with the fourth key;

determining an amount of padding by performing a modulo operation on a length of the data with a block size used to encrypt the data and subtracting a result of the modulo operation from the block size; and

appending the determined amount of padding to the encrypted data;

wherein the write operation is protected prior to performing the write operation with a remote storage mechanism; and

wherein the read operation is protected after performing the read operation with the remote storage mechanism.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed embodiments provide a system that processes data. During operation, the system uses a first key to protect a write operation on the data. Next, the system uses a second key to protect a read operation on the data.

12 Citations

8 Claims

1. A computer-implemented method for processing data, comprising:
- using a first key to protect a write operation on the data by encrypting, by computer, the data with a data key and generating a signature associated with the data with the first key;
  
  using a second key to protect a read operation on the data by decrypting the data with the data key and verifying the signature associated with the data with the second key;
  
  using a third key to protect a write operation on metadata for the data by encrypting the metadata with a metadata key and generating a signature associated with the metadata with the third key;
  
  using a fourth key to protect a read operation on the metadata by decrypting the metadata with the metadata key and verifying the signature associated with the metadata with the fourth key;
  
  determining an amount of padding by performing a modulo operation on a length of the data with a block size used to encrypt the data and subtracting a result of the modulo operation from the block size; and
  
  appending the determined amount of padding to the encrypted data;
  
  wherein the write operation is protected prior to performing the write operation with a remote storage mechanism; and
  
  wherein the read operation is protected after performing the read operation with the remote storage mechanism.
- View Dependent Claims (2, 3, 4)
- - 2. The computer-implemented method of claim 1, wherein the first and second keys are associated with at least one of a file, a set of files, and a user.
  - 3. The computer-implemented method of claim 1, wherein the data key is associated with at least one of a block and a file.
  - 4. The computer-implemented method of claim 1, wherein using the first key to protect the write operation further involves:
    - appending an amount of padding in the encrypted data to the encrypted data.

5. A system for processing data, comprising:
- a write-management apparatus configured to;
  
  use a first key to protect a write operation on the data by encrypting the data with a data key and generating a signature associated with the data with the first key; and
  
  use a third key to protect a write operation on metadata for the data by encrypting the metadata with a metadata key and generating a signature associated with the metadata with the third key; and
  
  a read-management apparatus configured to;
  
  use a second key to protect a read operation on the data by decrypting the data with the data key and verifying the signature associated with the data with the second key;
  
  use a fourth key to protect a read operation on the metadata by decrypting the metadata with the metadata key and verifying the signature associated with the metadata with the fourth key;
  
  wherein using the first key to protect the write operation further involves;
  
  a determination of an amount of padding via a modulo operation performed on a length of the data with a block size used to encrypt the data and a subtraction of a result of the modulo operation from the block size; and
  
  the determined amount of padding being appended to the encrypted data;
  
  wherein the write operation is protected prior to the write operation being performed with a remote storage mechanism; and
  
  wherein the read operation is protected after the read operation is performed with the remote storage mechanism.
- View Dependent Claims (6)
- - 6. The system of claim 5, further comprising:
    - a management apparatus configured to;
      
      provide the first key to the write-management apparatus; and
      
      provide the second key to the read-management apparatus.

7. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for processing data, the method comprising:
- using a first key to protect a write operation on the data by encrypting the data with a data key and generating a signature associated with the data with the first key; and
  
  using a second key to protect a read operation on the data by decrypting the data with the data key and verifying the signature associated with the data with the second key;
  
  using a third key to protect a write operation on metadata for the data by encrypting the metadata with a metadata key and generating a signature associated with the metadata with the third key; and
  
  using a fourth key to protect a read operation on the metadata by decrypting the metadata with the metadata key and verifying the signature associated with the metadata with the fourth key;
  
  wherein using the first key to protect the write operation further involves;
  
  determining an amount of padding by performing a modulo operation on a length of the data with a block size used to encrypt the data and subtracting a result of the modulo operation from the block size; and
  
  appending the determined amount of padding to the encrypted data;
  
  wherein the write operation is protected prior to performing the write operation with a remote storage mechanism; and
  
  wherein the read operation is protected after performing the read operation with the remote storage mechanism.
- View Dependent Claims (8)
- - 8. The computer-readable storage medium of claim 7,wherein the first and second keys are associated with at least one of a file, a set of files, and a user, andwherein the data key is associated with at least one of a block and the file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Open Invention Network LLC
Original Assignee
Open Invention Network LLC
Inventors
Thomas, Geoffrey G., Whaley, John, Purtell, Thomas Joseph II
Primary Examiner(s)
Le, Chau
Assistant Examiner(s)
CHAUDHRY, MUHAMMAD U

Application Number

US13/729,370
Publication Number

US 20140189363A1
Time in Patent Office

1,208 Days
Field of Search

713/171, 713/190, 713/191, 713/189, 726/20, 726/26, 380/223, 380/226, 380/228, 380/259, 380/260, 380/264, 380/43, 380277-286
US Class Current

1/1
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 12/1466   Key-lock mechanism

G06F 21/6218   to a system of files or obj...

G06F 21/6272   by registering files or doc...

G06F 2212/1052   Security improvement

G06F 2212/402   Encrypted data

G06F 2221/2107   File encryption

H04L 9/14   using a plurality of keys o...

H04L 9/3247   involving digital signatures

Separate cryptographic keys for protecting different operations on data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Separate cryptographic keys for protecting different operations on data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links