Securing files under the semi-trusted user threat model using per-file key encryption
US10298555B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | May 31, 2016 |
| Grant date | May 21, 2019 |
| Priority date | — |
| Expiry date | Dec 7, 2036 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/062
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A computer system and methods for securing files in a file system with storage resources accessible to an authenticable user using an untrusted client device in a semi-trusted client threat model. Each file is secured in the file system in one or more ciphertext blocks along with the file metadata. Each file is assigned a unique file key FK to encrypt the file. A wrapping key WK assigned to the file is used for encrypting the file key FK to produce a wrapped file key WFK. The file is encrypted block by block to produce corresponding ciphertext blocks and corresponding authentication tags. The authentication tags are stored in the file metadata, along with an ID of the wrapping key WK, wrapped file key WFK, last key rotation time, an Access Control List (ACL), etc. The integrity of ciphertext blocks is ensured by authentication tags and the integrity of the metadata is ensured by a message authentication code (MAC).
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.