Network encrypted data object stored on an encrypted file system
First Claim
Patent Images
1. A method, comprising:
- receiving, by a target machine, an encrypted first data object from a build machine via a network in an encrypted file system;
determining the encrypted first data object was encrypted by the build machine with a first encryption key;
determining that the encrypted first data object is to be stored in the encrypted file system;
conserving the target machine resources by bypassing a decryption/re-encryption process for the file;
encrypting the first encryption key with a second encryption key, in response to the determining that the encrypted first data object is to be stored in the encrypted file system;
attaching the encrypted first encryption key to the encrypted first data object as metadata, in response to the determining that the encrypted first data object is to be stored in the encrypted file system;
storing the encrypted first data object in the encrypted file system, wherein the encrypted first data object is associated with the encrypted first encryption key as metadata;
receiving a command to use the encrypted first data object;
decrypting the encrypted first encryption key with the second encryption key; and
decrypting the encrypted first data object with the decrypted first encryption keys;
receiving an unencrypted second data object;
determining that the unencrypted second data object is to be stored in the encrypted file system;
encrypting the unencrypted second data object with a third encryption key, in response to the determining that the second data object is to be stored in the encrypted file system;
encrypting the third encryption key with the second encryption key, in response to the determining that the second data object is to be stored in the encrypted file system;
attaching the encrypted third encryption key to the encrypted second data object; and
storing the encrypted second data object in the encrypted file system, wherein the encrypted second data object is associated with the encrypted third encryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of storing a data object received from a network is described. An encrypted data object encrypted with a first encryption key is received. It is determined whether the encrypted data object is to be stored in an encrypted file system that requires encryption of a data object with a second encryption key. The first encryption key is encrypted with a third encryption key when it is determined the encrypted data object is to be stored in the encrypted file system. The first encryption key is attached to the encrypted data object. The data object encrypted by the first encryption key is stored in the encrypted file system.
24 Citations
20 Claims
-
1. A method, comprising:
-
receiving, by a target machine, an encrypted first data object from a build machine via a network in an encrypted file system; determining the encrypted first data object was encrypted by the build machine with a first encryption key; determining that the encrypted first data object is to be stored in the encrypted file system; conserving the target machine resources by bypassing a decryption/re-encryption process for the file; encrypting the first encryption key with a second encryption key, in response to the determining that the encrypted first data object is to be stored in the encrypted file system; attaching the encrypted first encryption key to the encrypted first data object as metadata, in response to the determining that the encrypted first data object is to be stored in the encrypted file system; storing the encrypted first data object in the encrypted file system, wherein the encrypted first data object is associated with the encrypted first encryption key as metadata; receiving a command to use the encrypted first data object; decrypting the encrypted first encryption key with the second encryption key; and decrypting the encrypted first data object with the decrypted first encryption keys; receiving an unencrypted second data object; determining that the unencrypted second data object is to be stored in the encrypted file system; encrypting the unencrypted second data object with a third encryption key, in response to the determining that the second data object is to be stored in the encrypted file system; encrypting the third encryption key with the second encryption key, in response to the determining that the second data object is to be stored in the encrypted file system; attaching the encrypted third encryption key to the encrypted second data object; and storing the encrypted second data object in the encrypted file system, wherein the encrypted second data object is associated with the encrypted third encryption key. - View Dependent Claims (2, 3, 4, 5, 15, 19, 20)
-
-
6. A computer system for storing a data, comprising:
-
a processor; an encrypted file system communicatively coupled to the processor; and memory communicatively coupled to the processor and encrypted file system, wherein the memory is encoded with instructions, and wherein the instructions when executed by the processor include; receiving an encrypted first data object from a build machine via a network in an encrypted file system; determining the encrypted first data object was encrypted by the build machine with a first encryption key; determining that the encrypted first data object is to be stored in the encrypted file system; conserving system resources by bypassing a decryption/re-encryption process for the file; encrypting the first encryption key with a second encryption key, in response to the determining that the first data object is to be stored in the encrypted file system; attaching the encrypted first encryption key to the encrypted first data object as metadata, in response to the determining that the first data object is to be stored in the encrypted file system; storing the encrypted first data object in the encrypted file system, wherein the encrypted first data object is associated with the encrypted first encryption key using metadata; receiving a command to use the encrypted first data object; decrypting the encrypted first encryption key with the second encryption key; decrypting the encrypted first data object with the decrypted first encryption key; receiving an unencrypted second data object; determining that the unencrypted second data object is to be stored in the encrypted file system; encrypting the unencrypted second data object with a third encryption key, in response to the determining that the second data object is to be stored in the encrypted file system; encrypting the third encryption key with the second encryption key, in response to the determining that the second data object is to be stored in the encrypted file system; attaching the encrypted third encryption key to the encrypted second data object; and storing the encrypted second data object in the encrypted file system, wherein the encrypted second data object is associated with the encrypted third encryption key. - View Dependent Claims (7, 8, 9, 10, 16, 18)
-
-
11. A computer program product storing a data object received from a network in an encrypted file system that requires encryption of the data object with an encryption key, the computer program product comprising a computer readable storage device having program code embodied therewith, the program code executable by a computer system configured to:
-
receive an encrypted first data object from a build machine via a network in an encrypted file system; determine the encrypted first data object was encrypted by the build machine with a first encryption key; determine that the encrypted first data object is to be stored in the encrypted file system; conserve system resources by bypassing a decryption/re-encryption process for the file; encrypt the first encryption key with a second encryption key, in response to the determining that the first data object is to be stored in the encrypted file system; attach the encrypted first encryption key to the encrypted first data object as metadata, in response to the determining that the first data object is to be stored in the encrypted file system; store the encrypted first data object in the encrypted file system, wherein the encrypted first data object is associated with the encrypted first encryption key using metadata; receive a command to use the encrypted first data object; decrypt the encrypted first encryption key with the second encryption key; and decrypt the encrypted first data object with the decrypted first encryption key; receive an unencrypted second data object; determine that the unencrypted second data object is to be stored in the encrypted file system; encrypt the unencrypted second data object with a third encryption key, in response to the determining that the second data object is to be stored in the encrypted file system; encrypt the third encryption key with the second encryption key, in response to the determining that the second data object is to be stored in the encrypted file system; attach the encrypted third encryption key to the encrypted second data object; and store the encrypted second data object in the encrypted file system, wherein the encrypted second data object is associated with the encrypted third encryption key. - View Dependent Claims (12, 13, 14, 17)
-
Specification