Exclusive encryption
First Claim
Patent Images
1. A system comprising:
- a source computing device to generate an encrypted directory name based on a plaintext name that conforms to a syntax; and
a recipient computing device, coupled to the source computing device, to receive the encrypted directory name, to verify that the encrypted directory name is an encryption of a plaintext name that conforms to the syntax without decrypting the encrypted directory name, and to verify that the directory name is an encryption of a plaintext name that is not a duplicative name without decrypting the encrypted directory name.
2 Assignments
0 Petitions
Accused Products
Abstract
An exclusive encryption system is established using multiple computing devices. The exclusive encryption system allows for the exclusion of certain plaintext (e.g., by one of the computing devices) and ciphertext (e.g., by another of the computing devices) while at the same time maintaining the privacy created by the encryption (e.g., so the other computing device cannot see the plaintext). The exclusive encryption system may be implemented as part of a serverless distributed file system with directory entries (e.g., file names or folder names) being the plaintext, or alternatively as part of other systems.
116 Citations
87 Claims
-
1. A system comprising:
-
a source computing device to generate an encrypted directory name based on a plaintext name that conforms to a syntax; and
a recipient computing device, coupled to the source computing device, to receive the encrypted directory name, to verify that the encrypted directory name is an encryption of a plaintext name that conforms to the syntax without decrypting the encrypted directory name, and to verify that the directory name is an encryption of a plaintext name that is not a duplicative name without decrypting the encrypted directory name. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
19. A method comprising:
-
receiving an identifier;
generating, based on the identifier, a mapped identifier;
encoding the mapped identifier; and
encrypting the encoded identifier.
-
-
42. A method comprising:
-
receiving an encrypted identifier;
verifying, without decrypting the encrypted identifier, that the encrypted identifier is an encryption of another identifier that conforms to a syntax; and
verifying, without decrypting the encrypted identifier, that the encrypted identifier is not an encryption of the same other identifier as one or more other encrypted identifiers. - View Dependent Claims (43, 44, 45, 48, 49, 50, 51, 52, 53, 54)
-
-
46. A system comprising:
-
a plurality of encrypted identifiers;
a syntax verifier to determine whether a newly received encrypted identifier is an encryption of a legal name without decrypting the newly received encrypted identifier; and
a duplication identifier to determine whether the newly received encrypted identifier is an encryption of the same name as any of the plurality of encrypted identifiers without decrypting either the newly received encrypted identifier or any of the plurality of encrypted identifiers.
-
-
47. One or more computer-readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computer, causes the one or more processors to perform acts including:
-
receiving a plaintext identifier;
generating a ciphertext by encrypting the plaintext identifier only if the plaintext identifier is syntactically legal; and
wherein the encrypting allows another device to verify, without decrypting the ciphertext, that the plaintext identifier is not identical to another plaintext identifier maintained by the other device.
-
-
55. A method comprising:
-
receiving an encrypted identifier;
receiving encrypted case information corresponding to the encrypted identifier;
decrypting the encrypted identifier;
decrypting the case information;
decoding the decrypted identifier;
recasifying, using the decrypted case information, the decrypted identifier; and
demapping the recasified decoded decrypted identifier. - View Dependent Claims (56, 58)
-
-
57. A method implemented at a computing device, the method comprising:
-
receiving a directory entry that is encrypted, wherein the computing device does not have a key needed for decrypting the directory entry;
verifying that the directory entry is an encryption of a syntactically legal name; and
verifying that the directory entry is not an encryption of the same name as any other directory entry maintained by the computer device.
-
-
59. A system comprising:
-
a plurality of encrypted directory entries;
a syntax verifier to determine whether a new encrypted directory entry is an encryption of a legal name without decrypting the new encrypted directory entry; and
a duplication identifier to determine whether the new encrypted directory entry is an encryption of the same name as any of the plurality of encrypted directory entries without decrypting either the new encrypted directory entry or any of the plurality of encrypted directory entries.
-
-
60. One or more computer-readable media having stored thereon a plurality of instructions that, when executed by one or more processors of a computer, causes the one or more processors to perform acts including:
-
receiving a plaintext directory entry;
verifying that the plaintext directory entry is syntactically legal;
encrypting the plaintext directory entry only if the plaintext directory entry is syntactically legal;
communicating the encrypted directory entry to another device; and
wherein the encrypting allows the other device to verify, without decrypting the encrypted directory entry, that the directory entry is not identical to any other directory entry maintained by the other device. - View Dependent Claims (61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81)
-
-
82. A computing device comprising:
-
a client component to encrypt only directory entries that are syntactically legal, and to encrypt the directory entries in a manner that allows another device to verify, without decrypting the encrypted entries, that the directory entries are not identical to any other directory entries maintained by the other device; and
a server component to receive encrypted directory entries, to verify that the received encrypted directory entries are encryptions of syntactically legal directory entries, and to verify that the received encrypted directory entries are not encryptions of directory entries identical to any other directory entries maintained by the device. - View Dependent Claims (83)
-
-
84. A system comprising:
-
a server component;
a client component coupled to the server component; and
wherein the server component and the client component together ensure that multiple entries in a directory cannot have the same name, that all entries in the directory are syntactically legal, and that the server component does not have access to the unencrypted names of entries in the directory. - View Dependent Claims (85, 86)
-
-
87. A system comprising:
-
means for verifying that a plaintext directory entry is syntactically legal;
means for encrypting the plaintext directory entry only if the plaintext directory entry is syntactically legal;
means for communicating the encrypted directory entry to another device; and
wherein the encrypting allows the other device to verify, without decrypting the encrypted directory entry, that the directory entry is not identical to any other directory entry maintained by the other device.
-
Specification