	US 11,914,736 B2
	Encryption for a distributed filesystem
Maor Ben Dayan, Tel Aviv (IL); Omri Palmon, Tel Aviv (IL); Liran Zvibel, Tel Aviv (IL); Kanael Arditti, Tel Aviv (IL); and Ori Peleg, Tel Aviv (IL)
Assigned to Weka.IO Ltd., (IL)
Filed by Weka.IO Ltd, Tel Aviv (IL)
Filed on Oct. 7, 2022, as Appl. No. 17/961,981.
Application 17/961,981 is a continuation of application No. 17/317,086, filed on May 11, 2021, granted, now 11,507,681.
Application 17/317,086 is a continuation of application No. 16/274,541, filed on Feb. 13, 2019, granted, now 11,042,661, issued on Jun. 22, 2021.
Claims priority of provisional application 62/682,198, filed on Jun. 8, 2018.
Prior Publication US 2023/0033729 A1, Feb. 2, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/62 (2013.01); G06F 16/182 (2019.01); H04L 9/08 (2006.01); G06F 21/60 (2013.01); H04L 9/14 (2006.01)

CPC G06F 21/6218 (2013.01) [G06F 16/182 (2019.01); G06F 21/602 (2013.01); H04L 9/0838 (2013.01); H04L 9/0841 (2013.01); H04L 9/0891 (2013.01); H04L 9/14 (2013.01)]

20 Claims

1. A system comprises a cluster of computing devices, and wherein the cluster of computing devices is associated with a cluster key comprising:

a frontend to encrypt data as it enters the system; and a backend to build failure-protected stripes in a plurality of storage devices, wherein the frontend and backend are networked devices that run a virtual frontend and virtual backend, wherein:

the plurality of storage devices are distributed such that at most an allowed number of storage devices are within any particular node of a plurality of nodes; and

the frontend registers a long-term key with a leader of the cluster when the system joins the cluster of computing devices and wherein prior to a transfer of the data, a session key is negotiated using an ephemeral key pair signed with the long-term key.