公开(公告)号：US20170359175A1

公开(公告)日：2017-12-14

申请号：US15274724

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Eric B. TAMURA ,  Kelly B. YANCEY

IPC: H04L9/16 ,  G06F17/30 ,  G06F21/62

CPC classification number: G06F21/6209 ,  H04L9/088 ,  H04L9/0891 ,  H04L9/0894

Abstract: Representative embodiments set forth herein disclose techniques for modifying encryption classes of files. According to some embodiments, a technique can include receiving a request to update an encryption configuration of a file from a current encryption class to an updated encryption class. In response, the technique involves obtaining (i) a first class key associated with the current encryption class, and (ii) a second class key associated with the updated encryption class. Next, the technique involves identifying file extents of the file, where each file extent is encrypted by a respective extent key that is encrypted by the first class key. Finally, the technique involves, for each file extent of the file: (i) decrypting the respective extent key using the first class key to produce a decrypted respective extent key, and (ii) encrypting the decrypted respective extent key using the second class key to produce an updated respective extent key.

公开(公告)号：US20200265157A1

公开(公告)日：2020-08-20

申请号：US16853608

申请日：2020-04-20

Applicant: Apple Inc.

Inventor： Andrew S. TERRY ,  Kelly B. YANCEY ,  Pierre-Olivier J. MARTEL ,  Richard L. HAGY ,  Timothy P. HANNON ,  Alastair K. FETTES

IPC: G06F21/62 ,  G06F16/18

Abstract: Some embodiments provide a method for a device having multiple users. The method identifies a process installed on the device that requires an isolated storage in a file system of the device. For each of a set of the users of the electronic device, the method assigns at least one container for use by the process within a user-specific section of the file system. The containers assigned to the process in a section of the file system specific to a particular user are only accessible by the process when the particular user is logged into the device. The method assigns at least one container for use by the process within a non-user-specific section of the file system. The containers assigned to the process within the non-user-specific section of the file system are accessible by the process irrespective of which user is logged into the device.

公开(公告)号：US20170359174A1

公开(公告)日：2017-12-14

申请号：US15274706

申请日：2016-09-23

Applicant: Apple Inc.

Inventor： Eric B. TAMURA ,  Dominic B. GIAMPAOLO ,  Kelly B. YANCEY

IPC: H04L9/16 ,  G06F21/60 ,  G06F17/30 ,  G06F21/62

CPC classification number: H04L9/16 ,  G06F16/164 ,  G06F21/602 ,  G06F21/6218 ,  H04L9/0891

Abstract: This application sets forth a key rolling technique for a file system of a computing device. The key rolling technique allows for files to be transparently re-encrypted in a background process while still allowing applications to access the files being re-encrypted. During re-encryption, at least one file extent of a file is decrypted using a current key for the file extent and re-encrypted using a new key for the file extent. Moreover, the file extent can be relocated to another location in memory during re-encryption to enhance accessibility and crash protection features. Metadata associated with the file can be updated to include information pertaining to both the location of the re-encrypted file extent as well as the new key that can be used to decrypt the re-encrypted file extent. In this manner, the metadata can be used to properly construct a complete file when the file needs to be accessed.