Entity authentication for pre-authenticated links
US-2024396898-A1 · Nov 28, 2024 · US
Separate cryptographic keys for protecting different operations on data
US9317717B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9317717-B2 |
| Application number | US-201213729370-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 28, 2012 |
| Priority date | Dec 28, 2012 |
| Publication date | Apr 19, 2016 |
| Grant date | Apr 19, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The disclosed embodiments provide a system that processes data. During operation, the system uses a first key to protect a write operation on the data. Next, the system uses a second key to protect a read operation on the data.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for processing data, comprising: using a first key to protect a write operation on the data by encrypting, by computer, the data with a data key and generating a signature associated with the data with the first key; using a second key to protect a read operation on the data by decrypting the data with the data key and verifying the signature associated with the data with the second key; using a third key to protect a write operation on metadata for the data by encrypting the metadata with a metadata key and generating a signature associated with the metadata with the third key; using a fourth key to protect a read operation on the metadata by decrypting the metadata with the metadata key and verifying the signature associated with the metadata with the fourth key; determining an amount of padding by performing a modulo operation on a length of the data with a block size used to encrypt the data and subtracting a result of the modulo operation from the block size; and appending the determined amount of padding to the encrypted data; wherein the write operation is protected prior to performing the write operation with a remote storage mechanism; and wherein the read operation is protected after performing the read operation with the remote storage mechanism. 2. The computer-implemented method of claim 1 , wherein the first and second keys are associated with at least one of a file, a set of files, and a user. 3. The computer-implemented method of claim 1 , wherein the data key is associated with at least one of a block and a file. 4. The computer-implemented method of claim 1 , wherein using the first key to protect the write operation further involves: appending an amount of padding in the encrypted data to the encrypted data. 5. A system for processing data, comprising: a write-management apparatus configured to: use a first key to protect a write operation on the data by encrypting the data with a data key and generating a signature associated with the data with the first key; and use a third key to protect a write operation on metadata for the data by encrypting the metadata with a metadata key and generating a signature associated with the metadata with the third key; and a read-management apparatus configured to: use a second key to protect a read operation on the data by decrypting the data with the data key and verifying the signature associated with the data with the second key; use a fourth key to protect a read operation on the metadata by decrypting the metadata with the metadata key and verifying the signature associated with the metadata with the fourth key; wherein using the first key to protect the write operation further involves: a determination of an amount of padding via a modulo operation performed on a length of the data with a block size used to encrypt the data and a subtraction of a result of the modulo operation from the block size; and the determined amount of padding being appended to the encrypted data; wherein the write operation is protected prior to the write operation being performed with a remote storage mechanism; and wherein the read operation is protected after the read operation is performed with the remote storage mechanism. 6. The system of claim 5 , further comprising: a management apparatus configured to: provide the first key to the write-management apparatus; and provide the second key to the read-management apparatus. 7. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for processing data, the method comprising: using a first key to protect a write operation on the data by encrypting the data with a data key and generating a signature associated with the data with the first key; and using a second key to protect a read operation on the data by decrypting the data with the data key and verifying the signature associated with the data with the second key; using a third key to protect a write operation on metadata for the data by encrypting the metadata with a metadata key and generating a signature associated with the metadata with the third key; and using a fourth key to protect a read operation on the metadata by decrypting the metadata with the metadata key and verifying the signature associated with the metadata with the fourth key; wherein using the first key to protect the write operation further involves: determining an amount of padding by performing a modulo operation on a length of the data with a block size used to encrypt the data and subtracting a result of the modulo operation from the block size; and appending the determined amount of padding to the encrypted data; wherein the write operation is protected prior to performing the write operation with a remote storage mechanism; and wherein the read operation is protected after performing the read operation with the remote storage mechanism. 8. The computer-readable storage medium of claim 7 , wherein the first and second keys are associated with at least one of a file, a set of files, and a user, and wherein the data key is associated with at least one of a block and the file.
Assignees
Inventors
Classifications
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
File encryption · CPC title
- G06F21/6272Primary
by registering files or documents with a third party · CPC title
involving digital signatures · CPC title
Security improvement · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9317717B2 cover?
- The disclosed embodiments provide a system that processes data. During operation, the system uses a first key to protect a write operation on the data. Next, the system uses a second key to protect a read operation on the data.
- Who is the assignee on this patent?
- Open Invention Network Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 19 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).