Exclusive encryption
First Claim
Patent Images
1. A system comprising:
- a source processor;
a source memory;
a source computing device component to generate an encrypted directory name based on a plaintext name that conforms to a syntax,wherein the source computing component generates the encrypted directory name by a method, the method comprising;
receiving a plaintext name;
generating, based on the plaintext name, a mapped name;
encoding the mapped name; and
encrypting the encoded name; and
a recipient processor;
a recipient memory; and
a recipient computing component, electronically coupled to the source computing component, to perform a method, the method comprising;
receiving the encrypted directory name;
verifying that the encrypted directory name is an encryption of a plaintext name that conforms to the syntax without decrypting the encrypted directory name;
verifying that the encrypted directory name is an encryption of a plaintext name that is not a duplicative name without decrypting the encrypted directory name; and
processing the encrypted directory name based on the verifying,wherein the processing comprises storing the encrypted directory name, forwarding the encrypted directory name, or determining that the encrypted directory name is invalid.
1 Assignment
0 Petitions
Accused Products
Abstract
An exclusive encryption system is established using multiple computing devices. The exclusive encryption system allows for the exclusion of certain plaintext (e.g., by one of the computing devices) and ciphertext (e.g., by another of the computing devices) while at the same time maintaining the privacy created by the encryption (e.g., so the other computing device cannot see the plaintext). The exclusive encryption system may be implemented as part of a serverless distributed file system with directory entries (e.g., file names or folder names) being the plaintext, or alternatively as part of other systems.
145 Citations
32 Claims
-
1. A system comprising:
-
a source processor; a source memory; a source computing device component to generate an encrypted directory name based on a plaintext name that conforms to a syntax, wherein the source computing component generates the encrypted directory name by a method, the method comprising; receiving a plaintext name; generating, based on the plaintext name, a mapped name; encoding the mapped name; and encrypting the encoded name; and a recipient processor; a recipient memory; and a recipient computing component, electronically coupled to the source computing component, to perform a method, the method comprising; receiving the encrypted directory name; verifying that the encrypted directory name is an encryption of a plaintext name that conforms to the syntax without decrypting the encrypted directory name; verifying that the encrypted directory name is an encryption of a plaintext name that is not a duplicative name without decrypting the encrypted directory name; and processing the encrypted directory name based on the verifying, wherein the processing comprises storing the encrypted directory name, forwarding the encrypted directory name, or determining that the encrypted directory name is invalid. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computing device comprising:
-
a processor; a memory; a client component configured to encrypt only directory entries that are syntactically legal, and to encrypt the directory entries in a manner that allows another device to verify, without decrypting the encrypted entries, that the directory entries are not identical to any other directory entries maintained by the other device, wherein to encrypt the directory entries is to; receive a plaintext name of the directory entry; generate, based on the plaintext name, a mapped name; encode the mapped name; and encrypt the encoded name; and a server component configured to receive encrypted directory entries, to verify that the received encrypted directory entries are encryptions of syntactically legal directory entries, arid to verify that the received encrypted directory entries are not encryptions of directory entries identical to any other directory entries maintained by the device, and to process the encrypted directory entries based on the verifying. - View Dependent Claims (20, 21)
-
-
22. One or more computer storage media having stored thereon a plurality of instructions that, when executed by one or more processors of a device, causes the one or more processors to perform a method, the method comprising:
-
encrypting only directory entries that are syntactically legal in a manner that allows another device to verify, without decrypting the encrypted directory entries, that the directory entries are not identical to any other directory entries maintained by the other device, wherein encrypting one of the directory entries further comprises; receiving a plaintext name of the one directory entry; generating, based on the plaintext name, a mapped name; encoding the mapped name; and encrypting the encoded name; receiving additional encrypted directory entries; verifying that the received additional encrypted directory entries are encryptions of syntactically legal directory entries; verifying that the received additional encrypted directory entries are not encryptions of directory entries identical to any other directory entries maintained by the device; and processing each of the received additional encrypted directory entries based on the verifying. - View Dependent Claims (23, 24)
-
-
25. A method, implemented in a device, the method comprising:
-
encrypting only directory entries that are syntactically legal; in a manner that allows each of one or more other devices to verify, without decrypting the encrypted directory entries, that the directory entries are not identical to any other directory entries maintained by the other device, wherein encrypting the directory entries comprises, for each directory entry; receiving a plaintext name of the directory entry; generating, based on the plaintext name, a mapped name; encoding the mapped name; and encrypting the encoded name; receiving additional encrypted directory entries; verifying that the received additional encrypted directory entries are encryptions of syntactically legal directory entries; verifying that the received additional encrypted directory entries are not encryptions of directory entries identical to any other directory entries maintained by the device; and processing the received additional encrypted directory entries based on the verifying, wherein a device comprises a memory and a processor. - View Dependent Claims (26, 27, 28)
-
-
29. A system comprising:
-
a processor; a memory; means for encrypting only directory entries that are syntactically legal, and for encrypting the directory entries in a manner that allows each of one or more other systems to verify, without decrypting the encrypted directory entries, that the directory entries are not identical to any other directory entries maintained by the other system, wherein the means for encrypting comprises means for, for each directory entry; receiving a plaintext name of the directory entry; generating, based on the plaintext name, a mapped name; encoding the mapped name; and encrypting the encoded name; means for receiving additional encrypted directory entries; means for verifying that the received additional encrypted directory entries are encryptions of syntactically legal directory entries; and means for verifying that the received additional encrypted directory entries are not encryptions of directory entries identical to any other directory entries maintained by the system; and means for processing the received additional encrypted directory entries based of the verifying. - View Dependent Claims (30, 31, 32)
-
Specification