GENERAL PURPOSE DISTRIBUTED ENCRYPTED FILE SYSTEM

US 20120185691A1
Filed: 03/17/2012
Published: 07/19/2012
Est. Priority Date: 09/17/2010
Status: Active Grant

First Claim

Patent Images

1. A method, which comprises:

generating a block key on a first client machine;

encrypting a data block on said first client machine with said block key;

encrypting said block key on said first client machine with a public key associated with a user;

associating said encrypted block key with said encrypted data block as crypto metadata;

caching said encrypted data block and said crypto metadata on said first client machine;

sending said encrypted data block and said crypto metadata from said first client machine to a network file system server; and

,clearing said cached encrypted data block and said crypto metadata upon receipt of a return code indicating successful writes of said encrypted data block and said crypto metadata by said network file system server.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A general purpose distributed encrypted file system generates a block key on a client machine. The client machine encrypts a file using the block key. Then, the client encrypts the block key on the first client machine with a public key of a keystore associated with a user and associates the encrypted block key with the encrypted data block as crypto metadata. The client machine caches the encrypted data block and the crypto metadata and sends the encrypted data block and the crypto metadata to a network file system server. When the client machine receives a return code from the network file system server indicating successful writes of the encrypted data block and the crypto metadata, the client machine clears the cached encrypted data block and the crypto metadata.

39 Citations

View as Search Results

10 Claims

1. A method, which comprises:
- generating a block key on a first client machine;
  
  encrypting a data block on said first client machine with said block key;
  
  encrypting said block key on said first client machine with a public key associated with a user;
  
  associating said encrypted block key with said encrypted data block as crypto metadata;
  
  caching said encrypted data block and said crypto metadata on said first client machine;
  
  sending said encrypted data block and said crypto metadata from said first client machine to a network file system server; and
  
  ,clearing said cached encrypted data block and said crypto metadata upon receipt of a return code indicating successful writes of said encrypted data block and said crypto metadata by said network file system server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as claimed in claim 1, wherein said wherein said public key is part of keystore associated with said user.
  - 3. The method as claimed in claim 2, wherein said keystore is stored on a remote server.
  - 4. The method as claimed in claim 3, wherein said remote server comprises a lightweight directory access protocol (LDAP) server.
  - 5. The method as claimed in claim 1, wherein said crypto metadata is associated with said encrypted data block as extended attributes.
  - 6. The method as claimed in claim 1, further comprising:
    - receiving said encrypted data block and said crypto metadata from said network file system server at a receiving client machine;
      
      decrypting said crypto metadata using a private key to obtain said block key; and
      
      ,decrypting said encrypted data block with said block key.
  - 7. The method as claimed in claim 6, wherein said receiving client machine is said first client machine.
  - 8. The method as claimed in claim 6, wherein said private key is part of keystore associated with said user.
  - 9. The method as claimed in claim 8, wherein said keystore is stored on a remote server.
  - 10. The method as claimed in claim 9, wherein said remote server comprises a lightweight directory access protocol (LDAP) server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Begum, Hussaina N., Mullen, Shawn P., Pattanshetti, Manjunath A.

Granted Patent

US 8,788,806 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 63/0442   wherein the sending and rec...

H04L 9/0822   using key encryption key

H04L 9/0894   Escrow, recovery or storing...

GENERAL PURPOSE DISTRIBUTED ENCRYPTED FILE SYSTEM

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

GENERAL PURPOSE DISTRIBUTED ENCRYPTED FILE SYSTEM

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links