General purpose distributed encrypted file system
First Claim
1. A system, which comprises:
- a computer, said computer including at least one processor and memory coupled to said at least one processor, said memory storing instructions, which when executed on said at least one processor, causes said at least one processor to perform operations including;
generating an initialization vector;
generating a file key, wherein the file key is new and unique;
generating a first block key by combining said initialization vector with said file key;
encrypting a first data block with said first block key;
encrypting said first block key with a public key associated with a user;
associating said first encrypted block key with said encrypted first data block as crypto metadata;
caching said encrypted first data block and said crypto metadata in a local encryption cache;
sending said encrypted first data block and said crypto metadata to a network file system server wherein said cached encrypted data block and said crypto metadata remain on one of a client or said network file system server until receipt of a return code indicating successful writes of said encrypted first data block and said crypto metadata by said network file system server; and
,generating a second block key by combining said encrypted first data block with said file key and clearing said cached encrypted data block and said crypto metadata upon receipt of the return code indicating successful writes of said encrypted first data block and said crypto metadata by said network file system server.
1 Assignment
0 Petitions
Accused Products
Abstract
A general purpose distributed encrypted file system generates a block key on a client machine. The client machine encrypts a file using the block key. Then, the client encrypts the block key on the first client machine with a public key of a keystore associated with a user and associates the encrypted block key with the encrypted data block as crypto metadata. The client machine caches the encrypted data block and the crypto metadata and sends the encrypted data block and the crypto metadata to a network file system server. When the client machine receives a return code from the network file system server indicating successful writes of the encrypted data block and the crypto metadata, the client machine clears the cached encrypted data block and the crypto metadata.
33 Citations
11 Claims
-
1. A system, which comprises:
-
a computer, said computer including at least one processor and memory coupled to said at least one processor, said memory storing instructions, which when executed on said at least one processor, causes said at least one processor to perform operations including; generating an initialization vector; generating a file key, wherein the file key is new and unique; generating a first block key by combining said initialization vector with said file key; encrypting a first data block with said first block key; encrypting said first block key with a public key associated with a user; associating said first encrypted block key with said encrypted first data block as crypto metadata; caching said encrypted first data block and said crypto metadata in a local encryption cache; sending said encrypted first data block and said crypto metadata to a network file system server wherein said cached encrypted data block and said crypto metadata remain on one of a client or said network file system server until receipt of a return code indicating successful writes of said encrypted first data block and said crypto metadata by said network file system server; and
,generating a second block key by combining said encrypted first data block with said file key and clearing said cached encrypted data block and said crypto metadata upon receipt of the return code indicating successful writes of said encrypted first data block and said crypto metadata by said network file system server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product having instructions stored in a computer readable storage device, for execution by a computer, said computer program product comprising:
-
instructions stored in said computer readable storage device for generating an initialization vector; instructions stored in said computer readable storage device for generating a file key, wherein the file key is new and unique; instructions stored in said computer readable storage device for generating a first block key by combining said initialization vector with said file key; instructions stored in said computer readable storage device for encrypting a first data block with said first block key; instructions stored in said computer readable storage device for encrypting said first block key with a public key associated with a user; instructions stored in said computer readable storage device for associating said encrypted first block key with said encrypted first data block as crypto metadata; instructions stored in said computer readable storage device for caching said encrypted first data block and said crypto metadata in a local encryption cache; instructions stored in said computer readable storage device for sending said encrypted first data block and said crypto metadata to a network file system server wherein said cached encrypted data block and said crypto metadata remain on one of a client or said network file system server until receipt of a return code indicating successful writes of said encrypted first data block and said crypto metadata by said network file system server; and
,instructions stored in said computer readable storage device for generating a second block key by combining said encrypted first data block with said file key and clearing said cached encrypted first data block and said crypto metadata upon receipt of the return code indicating successful writes of said encrypted first data block and said crypto metadata by said network file system server. - View Dependent Claims (11)
-
Specification