Method and system for encrypting files and storing the encrypted files in a storage file system

Method and system of encrypting, authenticating and storing file names and contents, and controlling file access by allocating different encryption keys to different groups or portions of files. A software encryption layer 108 sits between a caller application 106 and storage file system 102 to prov...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Conrad Jakob, Ron Steinfeld, Linus Chang
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Method and system of encrypting, authenticating and storing file names and contents, and controlling file access by allocating different encryption keys to different groups or portions of files. A software encryption layer 108 sits between a caller application 106 and storage file system 102 to provide these functions. The storage system may be a cloud system. A master key may be used to derive subordinate keys, the latter being distributed to allow selective access to predetermined subsets of files. There may be a dedicated set of keys for each directory. Different types of key may be used for different levels of access, the levels may include listing path names of a directory, or access to parts of or all of a file, or to all files of a directory, or of a directory and its children. The encryption may be symmetric, and may further be resistant to an attack from a quantum computing device. The file content may be split into blocks which are encrypted separately and have an authentication tag calculated independently. Also provided is a computer program product.