公开(公告)号：US20160321460A1

公开(公告)日：2016-11-03

申请号：US14700070

申请日：2015-04-29

Applicant: Apple Inc.

Inventor： Christopher J. SUTER ,  Eric B. TAMURA ,  George K. COLLEY ,  Mark S. DAY

IPC: G06F21/62 ,  G06F21/60 ,  G06F21/79 ,  H04L9/14

CPC classification number: G06F21/6209 ,  G06F21/602 ,  H04L9/14

Abstract: This application relates to a key rolling process for a file system of a computing device. The key rolling process allows for files to be transparently re-encrypted in a background process while still allowing applications to access files being re-encrypted. During re-encryption, a portion of the file is decrypted using a current key for the file and re-encrypted using a new key for the file. During re-encryption, the portion of the file can be relocated to another location in memory. Metadata associated with the file can be updated to include information pertaining to the location of the re-encrypted portion. The metadata can also be updated include information pertaining to how much of the file has been re-encrypted with the new key and how much of the file remains encrypted with the current key.

Abstract translation: 本申请涉及计算设备的文件系统的关键滚动过程。 关键滚动过程允许在后台进程中透明地重新加密文件，同时仍允许应用程序访问要重新加密的文件。 在重新加密期间，文件的一部分将使用文件的当前密钥进行解密，并使用该文件的新密钥重新加密。 在重新加密期间，文件的一部分可以重定位到内存中的另一个位置。 可以更新与文件相关联的元数据，以包括与再加密部分的位置有关的信息。 还可以更新元数据，包括关于用新密钥重新加密了多少文件的信息以及使用当前密钥保存多少文件。

公开(公告)号：US20140222879A1

公开(公告)日：2014-08-07

申请号：US13757630

申请日：2013-02-01

Applicant: APPLE INC.

Inventor： William L. RICKER ,  Guy HARRIS ,  George K. COLLEY

IPC: G06F17/30

CPC classification number: G06F16/182

Abstract: The invention provides a technique for managing hard-mounted network file systems (NFSs). First, a network file system (NFS) interface detects that a hard-mounted NFS is inaccessible. In response, the NFS interface obtains a list of virtual nodes (vNodes) associated with the hard-mounted NFS. If the NFS interface determines that each vNode in the list of vNodes is only associated with a read IN/OUT (I/O) operation, then the NFS interface automatically unmounts the hard-mounted NFS since doing so does not compromise the coherency of the hard-mounted NFS. Alternatively, if the NFS interface determines that at least one vNode in the list of vNodes is associated with data that is open for a write I/O operation, is mapped into a memory, or is associated with at least one dirty page, then the NFS interface does not unmount the hard-mounted NFS since doing so will compromise the coherency of the hard-mounted NFS.

Abstract translation: 本发明提供了一种用于管理硬安装的网络文件系统（NFS）的技术。 首先，网络文件系统（NFS）接口检测到硬安装的NFS是无法访问的。 作为响应，NFS接口获取与硬安装NFS相关联的虚拟节点（vNodes）列表。 如果NFS接口确定vNodes列表中的每个vNode仅与读/写（I / O）操作相关联，那么NFS接口将自动卸载硬安装的NFS，因为这样做不会损害该连接的一致性 硬安装的NFS。 或者，如果NFS接口确定vNodes列表中的至少一个vNode与为写入I / O操作打开的数据相关联，则被映射到存储器中，或者与至少一个脏页面相关联，则 NFS接口不会卸载硬安装的NFS，因为这样做会损害硬安装的NFS的一致性。