| 发明名称 | Method and system for providing a rotating key encrypted file system | ||
| 摘要 | A file system data is divided into two or more data blocks. A unique encryption key is assigned to each data block with the encryption key assigned to each data block being distinct from other encryption keys used to encrypt the other data blocks and each of the data blocks is encrypted using its assigned encryption key. One of the data blocks within the file system is then selected and decrypted using the distinct encryption key assigned to the selected data block and a new encryption key, distinct for the previously assigned encryption key, is assigned to the selected data block and the selected data block is re-encrypted using the new encryption key. This process is then repeated for each data block on a sequential/cyclic and continually rotating basis. | ||
| 申请公布号 | US9037870(B1) | 申请公布日期 | 2015.05.19 |
| 申请号 | US201313969351 | 申请日期 | 2013.08.16 |
| 申请人 | Intuit Inc. | 发明人 | Zheng Peter Xiaohu;Huynh Toan |
| 分类号 | G06F21/00;G06F12/14;H04L9/00;G06F21/60;H04L9/08 | 主分类号 | G06F21/00 |
| 代理机构 | Hawley Troxell Ennis & Hawley LLP | 代理人 | Hawley Troxell Ennis & Hawley LLP ;McKay Philip |
| 主权项 | 1. A computing system implemented method for providing a rotating key encrypted file system comprising the following, which when executed individually or collectively by any set of one or more processors perform a process including: obtaining access to a file system containing file system data; designating three or more data blocks within the file system, each of the three or more data blocks including part of the file system data; determining a number of encryption keys greater than the number of designated data blocks; assigning an encryption key of the determined encryption keys to each data block of the three or more data blocks, the encryption key assigned to each data block being distinct from other encryption keys used to encrypt the other data blocks of the three or more data blocks within the file system; initially encrypting each of the three or more data blocks within the file system using the distinct encryption key assigned to that data block; selecting one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key that is distinct from the previously assigned encryption key and is also distinct from any other encryption key assigned to any of the three or more data blocks; and repeating the selection of one of the three or more data blocks within the file system and decrypting the selected data block using the distinct encryption key assigned to the selected data block and then re-encrypting the selected data block using a new encryption key of the determined encryption keys that is distinct from any encryption key currently assigned to any of the data blocks and is also distinct from the previously assigned encryption key on a cyclic and rotating basis such that at any given time only one data block of the three or more data blocks within the file system is being encrypted using a new encryption key that is distinct from the previously assigned encryption key. | ||
| 地址 | Mountain View CA US | ||