IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
UP-0985201
(2004-11-10)
|
등록번호 |
US-7685415
(2010-04-21)
|
발명자
/ 주소 |
- Douceur, John R.
- Benaloh, Josh D.
- Yuval, Gideon A.
- Adya, Atul
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
3 인용 특허 :
117 |
초록
▼
An exclusive encryption system is established using multiple computing devices. The exclusive encryption system allows for the exclusion of certain plaintext (e.g., by one of the computing devices) and ciphertext (e.g., by another of the computing devices) while at the same time maintaining the priv
An exclusive encryption system is established using multiple computing devices. The exclusive encryption system allows for the exclusion of certain plaintext (e.g., by one of the computing devices) and ciphertext (e.g., by another of the computing devices) while at the same time maintaining the privacy created by the encryption (e.g., so the other computing device cannot see the plaintext). The exclusive encryption system may be implemented as part of a serverless distributed file system with directory entries (e.g., file names or folder names) being the plaintext, or alternatively as part of other systems.
대표청구항
▼
The invention claimed is: 1. A method implemented by one or more computing devices, the method comprising: receiving an encrypted identifier, wherein a syntactical correctness of a plaintext name, encoded and mapped within the identifier that is encrypted, is verifiable, by the one or more computin
The invention claimed is: 1. A method implemented by one or more computing devices, the method comprising: receiving an encrypted identifier, wherein a syntactical correctness of a plaintext name, encoded and mapped within the identifier that is encrypted, is verifiable, by the one or more computing devices, by checking a part of the encrypted identifier without decrypting the encrypted identifier; decrypting the encrypted identifier; decoding the decrypted identifier, the decoding comprising: initializing a string to null; counting a number of leading one bits that precede the first zero bit in the decrypted identifier; and for each group of sixteen bits following the first zero bit that follows the leading one bits: checking whether a leading eight bits of the group of sixteen bits are all zero bits; if the leading eight bits are not all zero bits, then appending the group of sixteen bits to the string; if the leading eight bits are all zero bits, then generating a decoded character by decoding the next eight bits after the leading eight bits using a coding table, and checking whether the decoded character is a particular character; if the decoded character is not the particular character, then appending the decoded character to the string; if the decoded character is the particular character, then checking whether any more one bits remain in the encoded identifier; if any more one bits remain in the encoded identifier then appending the decoded character to the string; and if no more one bits remain in the encoded identifier, then: appending a series of particular characters to the string, wherein the series of particular characters includes a number of particular characters equal to the number of counted leading one bits; and reversing the order of characters in the string, wherein after the reversing the string comprises the decoded decrypted identifier; demapping the decoded decrypted identifier into the plaintext name; and outputting, by the one or more computing devices, the plaintext name. 2. A method as recited in claim 1, further comprising: receiving encrypted case information corresponding to the encrypted identifier; decrypting the case information; recasifying, using the decrypted case information and prior to demapping the decoded decrypted identifier, the decrypted identifier; and wherein the demapping comprises demapping the recasified decoded decrypted identifier. 3. A method as recited in claim 2, wherein recasifying the decoded decrypted identifier comprises: for each character in the decoded decrypted identifier that has both an upper-case and a lower-case form, obtaining the character in upper-case form from the decoded decrypted identifier, and determining from the case information whether the character should be included in the recasified decoded decrypted identifier in upper-case form or lower-case form. 4. A method as recited in claim 2, wherein the case information comprises a set of bits, each bit identifying the appropriate case for a character in the decoded decrypted identifier. 5. A method as recited in claim 1, wherein each of the particular characters is an underscore. 6. A method as recited in claim 1, wherein the coding table comprises a Huffman coding table. 7. A method as recited in claim 1, wherein a first coding table is used for the first group of sixteen bits following the first zero bit that follows the leading one bits, and a second coding table is used for the subsequent groups of sixteen bits after the first group of sixteen bits. 8. A method as recited in claim 7, wherein each coding in the first coding table is the same as a corresponding coding in the second coding table, but the second coding table codes additional characters not coded by the first coding table. 9. A method as recited in claim 1, wherein demapping the decoded decrypted identifier comprises: checking whether the decoded decrypted identifier is equal to one of a plurality of illegal identifiers followed by one or more particular characters; if the decoded decrypted identifier is not equal to one of the plurality of illegal identifiers followed by the one or more particular characters, then using the decoded decrypted identifier as the demapped identifier; and if the decoded decrypted identifier is equal to one of the plurality of illegal identifiers followed by the one or more particular characters, then using as the demapped identifier the decoded decrypted identifier with one of the particular characters appended to the decoded decrypted identifier. 10. A method as recited in claim 9, wherein each of the one or more particular characters comprises an underscore. 11. A method as recited in claim 1, wherein decrypting the encrypted identifier comprises using a block cipher to decrypt the encrypted identifier. 12. A method as recited in claim 1, wherein decrypting the encrypted identifier comprises using cipher block chaining to decrypt the encrypted identifier. 13. A method as recited in claim 1, wherein the identifier comprises one of: a file name, a folder name, and a directory name. 14. One or more computer readable media having stored thereon a plurality of instructions that, when executed by one or more processors, causes the one or more processors to perform acts including: receiving an encrypted directory entry, wherein a syntactical correctness of a plaintext name referenced by the directory entry that is encrypted is verifiable by checking the encrypted directory entry without decrypting the encrypted directory entry; decrypting the encrypted directory entry; decoding the decrypted directory entry, the decoding comprising: initializing a string; counting a number of leading one bits that precede the first zero bit in the decrypted directory entry; and for each group of sixteen bits following the first zero bit that follows the leading one bits: checking whether a leading eight bits of the group of sixteen bits are all zero bits; if the leading eight bits are not all zero bits, then appending the group of sixteen bits to the string; if the leading eight bits are all zero bits, then generating a decoded character by decoding the next eight bits after the leading eight bits using a coding table, and checking whether the decoded character is a particular character; and demapping the decoded decrypted directory entry into the plaintext name. 15. One or more computer readable media as recited in claim 14, the acts further comprising: receiving encrypted case information corresponding to the encrypted directory entry; decrypting the case information; recasifying, using the decrypted case information and prior to demapping the decoded decrypted directory entry, the decrypted directory entry; and wherein the demapping comprises demapping the recasified decoded decrypted directory entry. 16. One or more computer readable media as recited in claim 15, wherein the case information comprises a set of bits, each bit identifying the appropriate case for a character in the decoded decrypted directory entry. 17. One or more computer readable media as recited in claim 14, wherein decoding the decrypted directory entry further comprises: if the decoded character is not the particular character, then appending the decoded character to the string; and if the decoded character is the particular character, then checking whether any more one bits remain in the encoded directory entry, if any more one bits remain in the encoded directory entry then appending the decoded character to the string, and if no more one bits remain in the encoded directory entry, then: appending a series of particular characters to the string, wherein the series of particular characters includes a number of particular characters equal to the number of counted leading one bits; and reversing the order of characters in the string, wherein after the reversing the string comprises the decoded decrypted directory entry. 18. One or more computer readable media as recited in claim 17, wherein each of the particular characters is an underscore. 19. One or more computer readable media as recited in claim 14, wherein demapping the decoded decrypted directory entry comprises: checking whether the decoded decrypted directory entry is equal to one of a plurality of illegal directory entries followed by one or more particular characters; if the directory entry is not equal to one of the plurality of illegal directory entries followed by the one or more particular characters, then using the decoded decrypted directory entry as the demapped identifier; and if the directory entry is equal to one of the plurality of illegal directory entries followed by the one or more particular characters, then using as the demapped directory entry the decoded decrypted directory entry with one of the particular characters appended to the decoded decrypted directory entry. 20. One or more computer readable media as recited in claim 14, wherein decrypting the encrypted directory entry comprises using a block cipher to decrypt the encrypted directory entry. 21. One or more computer readable media as recited in claim 14, wherein decrypting the encrypted directory entry comprises using cipher block chaining to decrypt the encrypted directory entry. 22. One or more computer readable media as recited in claim 14, wherein the directory entry comprises one of: a file name, a folder name, and a directory entry. 23. A system comprising: at least one memory; at least one processor; instructions stored in the at least one memory and executed by the at least one processor, the instructions facilitating: means for receiving an encrypted identifier, wherein a syntactical correctness of a plaintext name referenced by the identifier that is encrypted is verifiable by checking the encrypted identifier without decrypting the encrypted identifier; means for decrypting the encrypted identifier; means for decoding the decrypted identifier, the means for decoding comprising: means for initializing a string; means for counting a number of leading one bits that precede the first zero bit in the decrypted identifier; and means for, for each group of sixteen bits following the first zero bit that follows the leading one bits: checking whether a leading eight bits of the group of sixteen bits are all zero bits; if the leading eight bits are not all zero bits, then appending the group of sixteen bits to the string; if the leading eight bits are all zero bits, then generating a decoded character by decoding the next eight bits after the leading eight bits using a coding table, and checking whether the decoded character is a particular character; and means for demapping the decoded decrypted identifier into the plaintext name. 24. A system as recited in claim 23, further comprising: means for receiving encrypted case information corresponding to the encrypted identifier; means for decrypting the case information; means for recasifying, using the decrypted case information and prior to demapping the decoded decrypted identifier, the decrypted identifier; and wherein the means for demapping comprises means for demapping the recasified decoded decrypted identifier. 25. A system as recited in claim 24, wherein the case information comprises a set of bits, each bit identifying the appropriate case for a character in the decoded decrypted identifier. 26. A system as recited in claim 23, wherein the means for decoding the decrypted identifier further comprises: if the decoded character is not the particular character, then appending the decoded character to the string; and if the decoded character is the particular character, then checking whether any more one bits remain in the encoded identifier, if any more one bits remain in the encoded identifier then appending the decoded character to the string, and if no more one bits remain in the encoded identifier, then: appending a series of particular characters to the string, wherein the series of particular characters includes a number of particular characters equal to the number of counted leading one bits; and reversing the order of characters in the string, wherein after the reversing the string comprises the decoded decrypted identifier. 27. A system as recited in claim 26, wherein each of the particular characters is an underscore. 28. A system as recited in claim 23, wherein the means for demapping the decoded decrypted identifier comprises: means for checking whether the decoded decrypted identifier is equal to one of a plurality of illegal identifiers followed by one or more particular characters; means for, if the decoded decrypted identifier is not equal to one of the plurality of illegal identifiers followed by the one or more particular characters, using the decoded decrypted identifier as the demapped identifier; and means for, if the decoded decrypted identifier is equal to one of the plurality of illegal identifiers followed by the one or more particular characters, using as the demapped identifier the decoded decrypted identifier with one of the particular characters appended to the decoded decrypted identifier. 29. A system as recited in claim 23, wherein the means for decrypting the encrypted identifier comprises means for using a block cipher to decrypt the encrypted identifier. 30. A system as recited in claim 23, wherein the means for decrypting the encrypted identifier comprises means for using cipher block chaining to decrypt the encrypted identifier. 31. A system as recited in claim 23, wherein the identifier comprises one of: a file name, a folder name, and a directory name. 32. A system comprising: at least one memory; at least one processor; instructions stored in the at least one memory and executed by the at least one processor, the instructions facilitating: an interface to receive an encrypted identifier, wherein a syntactical correctness of a plaintext name referenced by the identifier that is encrypted is verifiable by checking the encrypted identifier without decrypting the encrypted identifier; a decryption module, coupled to the interface, to decrypt the encrypted identifier; a decoding module, coupled to the decryption module, to decode the decrypted identifier, wherein the decoding module is to decode the decrypted identifier by: initializing a string; counting a number of leading one bits that precede the first zero bit in the decrypted identifier; and for each group of sixteen bits following the first zero bit that follows the leading one bits: checking whether a leading eight bits of the group of sixteen bits are all zero bits; in an event that the leading eight bits are not all zero bits, then appending the group of sixteen bits to the string; and a demapping module, coupled to the decoding module, to demap the decoded decrypted identifier into the plaintext name. 33. A system as recited in claim 32, wherein the interface is further to receive encrypted case information corresponding to the encrypted identifier, wherein the decryption module is further to decrypt the case information, and further comprising: a recasifying module to recasify, using the decrypted case information, the decrypted identifier; and wherein the demapping module is to demap the recasified decoded decrypted identifier. 34. A system as recited in claim 32, wherein the decoding module is to decode the decrypted identifier further by: checking whether the leading eight bits of the group of sixteen bits are all zero bits; if the leading eight bits are all zero bits, then generating a decoded character by decoding the next eight bits after the leading eight bits using a coding table, and checking whether the decoded character is a particular character; if the decoded character is not the particular character, then appending the decoded character to the string; and if the decoded character is the particular character, then checking whether any more one bits remain in the encoded identifier, if any more one bits remain in the encoded identifier then appending the decoded character to the string, and if no more one bits remain in the encoded identifier, then: appending a series of particular characters to the string, wherein the series of particular characters includes a number of particular characters equal to the number of counted leading one bits; and reversing the order of characters in the string, wherein after the reversing the string comprises the decoded decrypted identifier. 35. A system as recited in claim 32, wherein the demapping module is to demap the decoded decrypted identifier by: checking whether the decoded decrypted identifier is equal to one of a plurality of illegal identifiers followed by one or more particular characters; if the decoded decrypted identifier is not equal to one of the plurality of illegal identifiers followed by the one or more particular characters, then using the decoded decrypted identifier as the demapped identifier; and if the decoded decrypted identifier is equal to one of the plurality of illegal identifiers followed by the one or more particular characters, then using as the demapped identifier the decoded decrypted identifier with one of the particular characters appended to the decoded decrypted identifier. 36. A system as recited in claim 32, wherein the identifier comprises one of: a file name, a folder name, and a directory name.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.