Abstract: A method and system of enforcing file authorization access. The method may include generating an authorization combination at a metadata server and encrypting the authorization combination. The authorization combination may include a block combination including a block list for accessing user requested data from a storage server system and an authorization prefix. The authorization prefix may indicate at least one operation which the user requesting data access is authorized to perform. The method may further include receiving the encrypted authorization combination at the storage server, and decrypting the encrypted authorization combination to recover the block list for retrieving the user requested data.

Abstract: A method and apparatus for unique and secure identification of a computing service node. The service node is coupled to an administrative node and to a certificate authority node via a computer network. The administrative and certificate authority nodes have respective public and private keys. A shared key is established between the certificate authority node and the administrative node, and while booting the service node, the service node generates its public key and private key. The administrative node double encrypts a selected value, first using the shared key and second using the public key of the service node, whereby a double encrypted value is generated. The double encrypted value is decrypted at the service node, whereby a single encrypted value is generated. Whether the certificate authority node is able to successfully decrypt the single encrypted value using the shared key determines whether the administrative node is authentic.

Abstract: A method and system of enforcing file authorization access. The method may include generating an authorization combination at a metadata server and encrypting the authorization combination. The authorization combination may include a block combination including a block list for accessing user requested data from a storage server system and an authorization prefix. The authorization prefix may indicate at least one operation which the user requesting data access is authorized to perform. The method may further include receiving the encrypted authorization combination at the storage server, and decrypting the encrypted authorization combination to recover the block list for retrieving the user requested data.

Abstract: A method and apparatus for unique and secure identification of a computing service node. The service node is coupled to an administrative node and to a certificate authority node via a computer network. The administrative and certificate authority nodes have respective public and private keys. A shared key is established between the certificate authority node and the administrative node, and while booting the service node, the service node generates its public key and private key. The administrative node double encrypts a selected value, first using the shared key and second using the public key of the service node, whereby a double encrypted value is generated. The double encrypted value is decrypted at the service node, whereby a single encrypted value is generated. Whether the certificate authority node is able to successfully decrypt the single encrypted value using the shared key determines whether the administrative node is authentic.