FILE SYSTEM SUPPORT FOR ROLLING KEYS
First Claim
1. A method for implementing a background process that re-encrypts a file on a computing device, the method comprising:
- by a processor of the computing device;
decrypting a first portion of a file using a first key, wherein the first portion of the file and a second portion of the file are encrypted with the first key;
encrypting the first portion of the file using a second key that is different than the first key; and
updating metadata associated with the file to indicate that the first portion of the file is encrypted with the second key and the second portion of the file is encrypted with the first key.
1 Assignment
0 Petitions
Accused Products
Abstract
This application relates to a key rolling process for a file system of a computing device. The key rolling process allows for files to be transparently re-encrypted in a background process while still allowing applications to access files being re-encrypted. During re-encryption, a portion of the file is decrypted using a current key for the file and re-encrypted using a new key for the file. During re-encryption, the portion of the file can be relocated to another location in memory. Metadata associated with the file can be updated to include information pertaining to the location of the re-encrypted portion. The metadata can also be updated include information pertaining to how much of the file has been re-encrypted with the new key and how much of the file remains encrypted with the current key.
-
Citations
24 Claims
-
1. A method for implementing a background process that re-encrypts a file on a computing device, the method comprising:
by a processor of the computing device; decrypting a first portion of a file using a first key, wherein the first portion of the file and a second portion of the file are encrypted with the first key; encrypting the first portion of the file using a second key that is different than the first key; and updating metadata associated with the file to indicate that the first portion of the file is encrypted with the second key and the second portion of the file is encrypted with the first key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A computing device, comprising:
-
a memory configured to store a file; a key storage configured to store keys for encrypting the file, wherein a first portion of the file is encrypted with a first key and a second portion of the file is encrypted with a second key; and a processor configured to modify metadata associated with the file to include a first location of the first portion of the file in the memory and a second location of the second portion of the file in the memory. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A machine-readable non-transitory storage medium configured to store instructions that, when executed by a processor included in a computing device, cause the computing device to carry out steps that include:
-
decrypting a first portion of a file using a first key, wherein each of the first portion of the file and a second portion of the file are encrypted with the first key and are stored in a first location in a memory of the computing device; encrypting the first portion of the file using a second key; storing the first portion of the file in a second location that is different than the first location; and updating metadata associated with the file to indicate that the first portion of the file is encrypted with the second key and the second portion of the file is encrypted with the first key. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A method for implementing a background process that re-encrypts a file on a computing device, the method comprising:
by a processor of the computing device; decrypting a first portion of a file using a first key, wherein the first portion of the file and a second portion of the file are encrypted with the first key; encrypting the first portion of the file using a second key that is different than the first key; and permitting, while encrypting the first portion of the file using the second key, an application of the computing device to access the second portion of the file. - View Dependent Claims (22, 23, 24)
Specification