-
公开(公告)号:US20180089033A1
公开(公告)日:2018-03-29
申请号:US15275144
申请日:2016-09-23
Applicant: Apple Inc.
Inventor: Eric B. TAMURA , Dominic B. GIAMPAOLO
Abstract: The embodiments set forth a technique for carrying out a backup of data managed at a computing device. According to some embodiments, the technique can include the steps of (1) receiving a request to carry out the backup of the data, (2) in response to the request, generating a current snapshot of the data, (3) identifying, in accordance with the current snapshot of the data, block data of at least one data block to be reflected in the backup of the data, wherein the at least one data block is tagged with an identifier of a file node to which the at least one data block corresponds, and (4) providing information to a storage to cause the block data to be reflected in the backup of the data.
-
公开(公告)号:US20160321460A1
公开(公告)日:2016-11-03
申请号:US14700070
申请日:2015-04-29
Applicant: Apple Inc.
Inventor: Christopher J. SUTER , Eric B. TAMURA , George K. COLLEY , Mark S. DAY
CPC classification number: G06F21/6209 , G06F21/602 , H04L9/14
Abstract: This application relates to a key rolling process for a file system of a computing device. The key rolling process allows for files to be transparently re-encrypted in a background process while still allowing applications to access files being re-encrypted. During re-encryption, a portion of the file is decrypted using a current key for the file and re-encrypted using a new key for the file. During re-encryption, the portion of the file can be relocated to another location in memory. Metadata associated with the file can be updated to include information pertaining to the location of the re-encrypted portion. The metadata can also be updated include information pertaining to how much of the file has been re-encrypted with the new key and how much of the file remains encrypted with the current key.
Abstract translation: 本申请涉及计算设备的文件系统的关键滚动过程。 关键滚动过程允许在后台进程中透明地重新加密文件,同时仍允许应用程序访问要重新加密的文件。 在重新加密期间,文件的一部分将使用文件的当前密钥进行解密,并使用该文件的新密钥重新加密。 在重新加密期间,文件的一部分可以重定位到内存中的另一个位置。 可以更新与文件相关联的元数据,以包括与再加密部分的位置有关的信息。 还可以更新元数据,包括关于用新密钥重新加密了多少文件的信息以及使用当前密钥保存多少文件。
-
公开(公告)号:US20250086141A1
公开(公告)日:2025-03-13
申请号:US18540699
申请日:2023-12-14
Applicant: Apple Inc.
Inventor: Meha N. DESAI , Eric B. TAMURA , Cameron S. BIRSE , Jason R. THORPE , Madhuree DAYANAND , Yair SCHIFF , Oded SHOSHANI , Idan FISCHMAN
Abstract: Disclosed herein are techniques for tracking file system (FS) utilization by a plurality of applications. According to some embodiments, a technique can be implemented by a computing device on which the FS is implemented, and includes the steps of (1) receiving, from an application among the plurality of applications, a request to perform an input/output (I/O) operation pertaining to a first FS object, where the request includes a unique identifier (ID) associated with the application, (2) creating or locating, within the FS, the first FS object, (3) performing the I/O operation against the first FS object, (4) creating or locating, within the FS, a second FS object associated with the unique ID, and (5) updating the second FS object to reflect the I/O operation. Other techniques include observing, analyzing, etc., FS utilization by the plurality of applications.
-
公开(公告)号:US20170359174A1
公开(公告)日:2017-12-14
申请号:US15274706
申请日:2016-09-23
Applicant: Apple Inc.
Inventor: Eric B. TAMURA , Dominic B. GIAMPAOLO , Kelly B. YANCEY
CPC classification number: H04L9/16 , G06F16/164 , G06F21/602 , G06F21/6218 , H04L9/0891
Abstract: This application sets forth a key rolling technique for a file system of a computing device. The key rolling technique allows for files to be transparently re-encrypted in a background process while still allowing applications to access the files being re-encrypted. During re-encryption, at least one file extent of a file is decrypted using a current key for the file extent and re-encrypted using a new key for the file extent. Moreover, the file extent can be relocated to another location in memory during re-encryption to enhance accessibility and crash protection features. Metadata associated with the file can be updated to include information pertaining to both the location of the re-encrypted file extent as well as the new key that can be used to decrypt the re-encrypted file extent. In this manner, the metadata can be used to properly construct a complete file when the file needs to be accessed.
-
公开(公告)号:US20230099057A1
公开(公告)日:2023-03-30
申请号:US17664206
申请日:2022-05-19
Applicant: Apple Inc.
Inventor: Geoffrey McCORMACK , Damien P. SORRESSO , Eric B. TAMURA , Robert J. KENDALL-KUPPE
Abstract: Enclosed herein are techniques for securely executing an application. A method can be implemented by an operating system of a computing device, where the computing device includes a file system volume that includes a first data structure, and the method includes the steps of (1) receiving a request to launch the application, where the request references an application archive file that includes a second data structure that: (i) defines an organization of a plurality of files associated with the application, and (ii) includes cryptographic information for verifying the plurality of files and the second data structure; (2) in response to receiving the request: determining whether the second data structure, the plurality of files, or both, are valid using the cryptographic information; and (3) in response to determining that the second data structure, the plurality of files, or both, are valid: associating the second data structure with the first data structure.
-
Patent Agency Ranking
6.发明申请公开(公告)号:US20200379662A1
公开(公告)日:2020-12-03
申请号:US16879432
申请日:2020-05-20
Applicant: Apple Inc.
Inventor: Vivek VERMA , Damien P. SORRESSO , Pavel SOKOLOV , Pierre-Olivier J. MARTEL , Eric B. TAMURA , Yoni BARON
IPC: G06F3/06
Abstract: Representative embodiments set forth herein disclose techniques for implementing improved links between paths of one or more file systems. According to some embodiments, techniques are disclosed for establishing a system volume and a data volume within a container. According to other embodiments, techniques are disclosed for establishing a link from a source path of a system volume within a container to a target path of a data volume within the container. According to yet other embodiments, techniques are disclosed for determining whether to allow a file system operation on a data volume of a container based on at least determining whether a target path is associated with a reference to a source path.
-
公开(公告)号:US20200233839A1
公开(公告)日:2020-07-23
申请号:US16673820
申请日:2019-11-04
Applicant: Apple Inc.
Inventor: Meha N. DESAI , Eric B. TAMURA
Abstract: A device implementing a system for defragmenting metadata of a filesystem includes a processor configured to, in response to receiving a trigger from a server remote from the device, obtain the metadata from a first data structure, the first data structure comprising a first set of one or more nodes and a second set of one or more nodes, and insert the metadata obtained from the first data structure into a third set of one or more nodes of a second data structure, wherein the third set of one or more nodes omits one or more entries from the second set of nodes. The at least one processor is further configured to, in accordance with a determination that the metadata was successfully inserted into the second data structure, provide the second data structure as a replacement of the first data structure for the filesystem.
-
公开(公告)号:US20190196732A1
公开(公告)日:2019-06-27
申请号:US16124147
申请日:2018-09-06
Applicant: Apple Inc.
Inventor: Meha N. DESAI , Eric B. TAMURA
CPC classification number: G06F3/0631 , G06F3/0604 , G06F3/0643 , G06F3/0679 , G06F16/122
Abstract: The embodiments set forth a technique for over-provisioning storage space within a solid-state storage device (SSD). In particular, a file system can (1) receive a first request to create a file, where the first request includes a size for the file, (2) identifying at least one extent that corresponds to storage space within the SSD that satisfies the size for the file, and associating the file with the at least one extent to indicate that the storage space is occupied, (3) receive a second request to cause (i) the file to remain established within the file system, and (ii) the storage space to be marked free within the SSD, and (4) carrying out the second request by causing the storage space to be marked free within the SSD.
-
公开(公告)号:US20180089206A1
公开(公告)日:2018-03-29
申请号:US15275099
申请日:2016-09-23
Applicant: Apple Inc.
Inventor: Eric B. TAMURA , Eric S. BROWN
IPC: G06F17/30
Abstract: The described embodiments set forth techniques for performing live updates to file system volumes (e.g., operating system (OS) file system volumes) of computing devices through the utilization of snapshots. In particular, the techniques enable a computing device to remain active while a majority of an update process is performed, which eliminates the considerable functional downtime that is normally imposed when implementing conventional update techniques. Moreover, the overall robustness of the update process is enhanced as the techniques described herein reduce the amount of time that is required for the computing device to remain in the above-described specialized update mode.
-
公开(公告)号:US20170359175A1
公开(公告)日:2017-12-14
申请号:US15274724
申请日:2016-09-23
Applicant: Apple Inc.
Inventor: Eric B. TAMURA , Kelly B. YANCEY
CPC classification number: G06F21/6209 , H04L9/088 , H04L9/0891 , H04L9/0894
Abstract: Representative embodiments set forth herein disclose techniques for modifying encryption classes of files. According to some embodiments, a technique can include receiving a request to update an encryption configuration of a file from a current encryption class to an updated encryption class. In response, the technique involves obtaining (i) a first class key associated with the current encryption class, and (ii) a second class key associated with the updated encryption class. Next, the technique involves identifying file extents of the file, where each file extent is encrypted by a respective extent key that is encrypted by the first class key. Finally, the technique involves, for each file extent of the file: (i) decrypting the respective extent key using the first class key to produce a decrypted respective extent key, and (ii) encrypting the decrypted respective extent key using the second class key to produce an updated respective extent key.
-
-
-
-
-
-
-
-
-
Search Results
10
records
(took 0.022 seconds)
