Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted tile key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

Abstract: Methods and apparatuses that maintain an access history of a file allocated with allocation blocks in storage devices are described. In response to receiving a usage request to allocate additional space for the file, an allocation block size may be adjusted or adapted based on the access history. The storage devices may be allocated with one or more allocation blocks using the adapted allocation block size to provide requested space for the file.

Abstract: Systems and methods are disclosed for secure relocation of encrypted files for a system having non-volatile memory (“NVM”). A system can include an encryption module that is configured to use a temporary encryption seed (e.g., a randomly generated key and a corresponding initialization vector) to decrypt and encrypt data files in an NVM. These data files may have originally been encrypted with different encryption seeds. Using such an approach, data files can be securely relocated even if the system does not have access to the original encryption seeds. In addition, the temporary encryption seed allows the system to bypass a default key scheme.

Abstract: Embodiments of the invention receive a search query from a user. In response to the search query, a snapshot of the file system in its current state is taken. A coherent search of the snapshot is performed using the search query. Results of the search are presented to a user. In other embodiments, a subsequent snapshot of the file system is taken after the first search is finished. A difference between the first snapshot and the subsequent snapshot is computed, and this difference is searched using the search query. Results of both searches are merged and results are presented to a user.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key.

Abstract: Methods and apparatuses that search tree representations of a bitmap for available blocks to allocate in storage devices are described. An allocation request for a file may be received to initiate the search. In one embodiment, the bitmap may include an array of bits corresponding to blocks in the storage devices. Each bit may indicate whether one of the blocks is available. The tree representations may include at least one red-black tree having nodes corresponding to one or more consecutive bits in the bitmap indicating an extent of available blocks. One of the tree representations may be selected according to a file associated with an allocation request to identify an extent of available block matching the allocation request. The tree representations may be synchronized as the bitmap is updated with changes of block allocations in the storage devices.

Abstract: Systems and methods are disclosed for secure relocation of encrypted files for a system having non-volatile memory (“NVM”). A system can include an encryption module that is configured to use a temporary encryption seed (e.g., a randomly generated key and a corresponding initialization vector) to decrypt and encrypt data files in an NVM. These data files may have originally been encrypted with different encryption seeds. Using such an approach, data files can be securely relocated even if the system does not have access to the original encryption seeds. In addition, the temporary encryption seed allows the system to bypass a default key scheme.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key.

Abstract: Methods and apparatuses that maintain an access history of a file allocated with allocation blocks in storage devices are described. In response to receiving a usage request to allocate additional space for the file, an allocation block size may be adjusted or adapted based on the access history. The storage devices may be allocated with one or more allocation blocks using the adapted allocation block size to provide requested space for the file.

Abstract: Methods and apparatuses that search tree representations of a bitmap for available blocks to allocate in storage devices are described. An allocation request for a file may be received to initiate the search. In one embodiment, the bitmap may include an array of bits corresponding to blocks in the storage devices. Each bit may indicate whether one of the blocks is available. The tree representations may include at least one red-black tree having nodes corresponding to one or more consecutive bits in the bitmap indicating an extent of available blocks. One of the tree representations may be selected according to a file associated with an allocation request to identify an extent of available block matching the allocation request. The tree representations may be synchronized as the bitmap is updated with changes of block allocations in the storage devices.

Abstract: Embodiments of the invention receive a search query from a user. In response to the search query, a snapshot of the file system in its current state is taken. A coherent search of the snapshot is performed using the search query. Results of the search are presented to a user. In other embodiments, a subsequent snapshot of the file system is taken after the first search is finished. A difference between the first snapshot and the subsequent snapshot is computed, and this difference is searched using the search query. Results of both searches are merged and results are presented to a user.