-
公开(公告)号:US08762743B2
公开(公告)日:2014-06-24
申请号:US13484028
申请日:2012-05-30
CPC分类号: G06F21/6209 , G06F11/1458 , H04L9/0894 , H04L9/14
摘要: Provided are a computer program product, system, and method for encrypting data objects to back-up to a server. A client private key is intended to be maintained only by the client. A data object of chunks to store at the server is generated. A first portion of the chunks in the data object is encrypted with the client private key and the first portion of the chunks in the data object encrypted with the client private key are sent to the server to store. A second portion of the chunks in the data object not encrypted with the client private key are sent to the server to store.
摘要翻译: 提供了用于加密数据对象以备份到服务器的计算机程序产品,系统和方法。 客户端私钥仅由客户端维护。 生成存储在服务器上的块的数据对象。 数据对象中的块的第一部分用客户端私钥加密,并且使用客户端私钥加密的数据对象中的块的第一部分被发送到服务器进行存储。 没有使用客户端私钥加密的数据对象中的块的第二部分被发送到服务器进行存储。
-
公开(公告)号:US20110218969A1
公开(公告)日:2011-09-08
申请号:US12719108
申请日:2010-03-08
IPC分类号: G06F17/30
CPC分类号: G06F11/1453 , G06F11/1402 , G06F11/1469 , G06F11/2089
摘要: Various techniques for improving the performance of restoring deduplicated data files from a server to a client within a storage management system are disclosed. In one embodiment, a chunk index is maintained on the client that tracks the chunks remaining on the client for each data file that is stored to and restored from the storage server. When a specific file is selected for restore from the storage server to the client, the client determines if any local copies of this specific file's chunks are stored in files already existing on the client data store. The file is then reconstructed from a combination of these local copies of the file chunks and chunks retrieved from the storage server. Therefore, only chunks that are not stored or are inaccessible to the client are retrieved from the server, reducing server-side processing requirements and the bandwidth required for data restore operations.
摘要翻译: 公开了用于提高从存储管理系统中的服务器向客户端恢复重复数据消除的数据文件的性能的各种技术。 在一个实施例中,在客户机上维护块索引,其跟踪存储在存储服务器中并从存储服务器恢复的每个数据文件的客户端上剩余的块。 当选择特定文件从存储服务器恢复到客户端时,客户端确定该特定文件块的任何本地副本是否存储在客户端数据存储上已存在的文件中。 然后从文件块的这些本地副本和从存储服务器检索的块的组合重建文件。 因此,仅从服务器检索不存储或无法访问客户端的块,从而减少了数据恢复操作所需的服务器端处理要求和带宽。
-
公开(公告)号:US20110040732A1
公开(公告)日:2011-02-17
申请号:US12541191
申请日:2009-08-14
申请人: Matthew J. Anglin , David M. Cannon , Avishai H. Hochberg , Alexei Kojenov , James P. Smith , Mark L. Yakushev
发明人: Matthew J. Anglin , David M. Cannon , Avishai H. Hochberg , Alexei Kojenov , James P. Smith , Mark L. Yakushev
CPC分类号: G06F11/1453 , G06F21/55 , G06F21/64
摘要: The various embodiments of the present invention include techniques for securing the use of data deduplication activities occurring in a source-deduplicating storage management system. These techniques are intended to prevent fake data backup, target data contamination, and data spoofing attacks initiated by a source. In one embodiment, one technique includes limiting chunk querying to authorized users. Another technique provides detection of attacks and unauthorized access to keys within the target system. Additional techniques include the combination of validating the existence of data from the source by validating the data chunk, validating a data sample of the data chunk, or validating a hash value of the data chunk. A further embodiment involves the use of policies to provide authorization levels for chunk sharing and linking within the target. These techniques separately and in combination provide a comprehensive strategy to avoid unauthorized access to data within the target storage system.
摘要翻译: 本发明的各种实施例包括用于确保在源 - 重复数据删除存储管理系统中发生的重复数据删除活动的使用的技术。 这些技术旨在防止由源发起的假数据备份,目标数据污染和数据欺骗攻击。 在一个实施例中,一种技术包括限制对授权用户的块查询。 另一种技术提供对目标系统内的攻击和未授权访问密钥的检测。 附加技术包括通过验证数据块来验证来自源的数据的存在,验证数据块的数据样本或验证数据块的哈希值的组合。 进一步的实施例涉及使用策略来为目标内的块共享和链接提供授权级别。 这些技术分开并组合提供了一种全面的策略,以避免未经授权的访问目标存储系统中的数据。
-
公开(公告)号:US20100198958A1
公开(公告)日:2010-08-05
申请号:US12760494
申请日:2010-04-14
IPC分类号: G06F15/173
CPC分类号: H04L41/0893 , H04L41/08 , H04L41/0886 , H04L41/22
摘要: One aspect of the invention is a method for providing real-time feedback regarding the effect of applying a policy definition used for management in a computing system. An example of the method includes receiving the policy definition, and accessing stored information regarding at least one managed entity in the computing system. This example also includes applying the policy definition to the information regarding the at least one managed entity. This example further includes outputting information providing real-time feedback regarding the effect of applying the policy definition to the information regarding the at least one managed entity. Another aspect of the invention is a method for defining a policy used for management in a computing system.
摘要翻译: 本发明的一个方面是提供关于在计算系统中应用用于管理的策略定义的效果的实时反馈的方法。 该方法的示例包括接收策略定义,以及访问关于计算系统中的至少一个被管实体的存储信息。 该示例还包括将策略定义应用于关于至少一个被管实体的信息。 该示例还包括输出提供关于将策略定义应用于关于至少一个被管实体的信息的效果的实时反馈的信息。 本发明的另一方面是一种用于定义用于计算系统中的管理的策略的方法。
-
公开(公告)号:US07734750B2
公开(公告)日:2010-06-08
申请号:US10741372
申请日:2003-12-19
IPC分类号: G06F15/173 , G06F15/177
CPC分类号: H04L41/0893 , H04L41/08 , H04L41/0886 , H04L41/22
摘要: One aspect of the invention is a method for providing real-time feedback regarding the effect of applying a policy definition used for management in a computing system. An example of the method includes receiving the policy definition, and accessing stored information regarding at least one managed entity in the computing system. This example also includes applying the policy definition to the information regarding the at least one managed entity. This example further includes outputting information providing real-time feedback regarding the effect of applying the policy definition to the information regarding the at least one managed entity. Another aspect of the invention is a method for defining a policy used for management in a computing system.
摘要翻译: 本发明的一个方面是提供关于在计算系统中应用用于管理的策略定义的效果的实时反馈的方法。 该方法的示例包括接收策略定义,以及访问关于计算系统中的至少一个被管实体的存储信息。 该示例还包括将策略定义应用于关于至少一个被管实体的信息。 该示例还包括输出提供关于将策略定义应用于关于至少一个被管实体的信息的效果的实时反馈的信息。 本发明的另一方面是一种用于定义用于计算系统中的管理的策略的方法。
-
36.发明申请POLICY-BASED SHARING OF REDUNDANT DATA ACROSS STORAGE POOLS IN A DEDUPLICATING SYSTEM 失效冗余数据在基于存储系统的存储池中的基于策略的共享公开(公告)号:US20100082558A1
公开(公告)日:2010-04-01
申请号:US12243743
申请日:2008-10-01
申请人: Matthew J. Anglin , David M. Cannon
发明人: Matthew J. Anglin , David M. Cannon
CPC分类号: G06F3/0641 , G06F3/0604 , G06F3/067 , G06F11/1453
摘要: One aspect of the present invention includes enabling data chunks to be shared among different storage pools within a storage management system, according the use of deduplication and storage information kept at the system level, and applied with policy-based rules that define the scope of deduplication. In one embodiment, the parameters of performing deduplication are defined within the policy, particularly which of the plurality of storage pools allow deduplication to which other pools. Accordingly, a data object may be linked to deduplicated data chunks existent within other storage pools, and the transfer of a data object may occur by simply creating references to existing data chunks in other pools provided the policy allows the pool to reference chunks in these other pools. Additionally, a group of storage pools may be defined within the policy to perform a common set of deduplication activities across all pools within the group.
摘要翻译: 本发明的一个方面包括根据使用在系统级别保存的重复数据删除和存储信息,使数据块在存储管理系统内的不同存储池之间共享,并且应用于基于策略的规则,该规则定义重复数据删除的范围 。 在一个实施例中,执行重复数据删除的参数在策略内被定义,特别是多个存储池中的哪一个允许重复数据删除到哪个其他池。 因此,数据对象可以链接到其他存储池中存在的重复数据删除的数据块,并且数据对象的传输可以通过简单地创建对其他池中的现有数据块的引用而发生,只要该策略允许池在其他存储池中引用块 游泳池。 另外,策略内可以定义一组存储池,以便在组内的所有池上执行一组通用的重复数据删除活动。
-
公开(公告)号:US20090234892A1
公开(公告)日:2009-09-17
申请号:US12048850
申请日:2008-03-14
申请人: Matthew J. Anglin , David M. Cannon
发明人: Matthew J. Anglin , David M. Cannon
IPC分类号: G06F17/30
CPC分类号: G06F17/30162 , G06F11/1453
摘要: The present invention provides for a system and method for assuring integrity of deduplicated data objects stored within a storage system. A data object is copied to secondary storage media, and a digital signature such as a checksum is generated of the data object. Then, deduplication is performed upon the data object and the data object is split into chunks. The chunks are combined when the data object is subsequently accessed, and a signature is generated for the reassembled data object. The reassembled data object is provided if the newly generated signature is identical to the originally generated signature, and otherwise a backup copy of the data object is provided from secondary storage media.
摘要翻译: 本发明提供了一种确保存储在存储系统内的重复数据删除的数据对象的完整性的系统和方法。 将数据对象复制到辅助存储介质,并且生成诸如校验和的数字签名。 然后,对数据对象执行重复数据删除,数据对象被分割成块。 当随后访问数据对象时,组合块,并为重新组装的数据对象生成签名。 如果新生成的签名与原始生成的签名相同,则提供重组的数据对象,否则从辅助存储介质提供数据对象的备份副本。
-
公开(公告)号:US4759523A
公开(公告)日:1988-07-26
申请号:US73059
申请日:1987-07-13
CPC分类号: B01L9/00
摘要: A supporting structure for a large laboratory flask comprising a supporting frame, a ring or hoop swivelly attached to said frame, flask supporting straps suspended from said ring, and locking and unlocking means cooperating between said frame and said ring in a fixed or swivelling condition.
-
公开(公告)号:US08769310B2
公开(公告)日:2014-07-01
申请号:US13279017
申请日:2011-10-21
CPC分类号: G06F21/6209 , G06F11/1458 , H04L9/0894 , H04L9/14
摘要: Provided are a computer program product, system, and method for encrypting data objects to back-up to a server. A client private key is intended to be maintained only by the client. A data object of chunks to store at the server is generated. A first portion of the chunks in the data object is encrypted with the client private key and the first portion of the chunks in the data object encrypted with the client private key are sent to the server to store. A second portion of the chunks in the data object not encrypted with the client private key are sent to the server to store.
-
公开(公告)号:US20130103945A1
公开(公告)日:2013-04-25
申请号:US13484028
申请日:2012-05-30
IPC分类号: H04L9/28
CPC分类号: G06F21/6209 , G06F11/1458 , H04L9/0894 , H04L9/14
摘要: Provided are a computer program product, system, and method for encrypting data objects to back-up to a server. A client private key is intended to be maintained only by the client. A data object of chunks to store at the server is generated. A first portion of the chunks in the data object is encrypted with the client private key and the first portion of the chunks in the data object encrypted with the client private key are sent to the server to store. A second portion of the chunks in the data object not encrypted with the client private key are sent to the server to store.
摘要翻译: 提供了用于加密数据对象以备份到服务器的计算机程序产品,系统和方法。 客户端私钥仅由客户端维护。 生成存储在服务器上的块的数据对象。 数据对象中的块的第一部分用客户端私钥加密,并且使用客户端私钥加密的数据对象中的块的第一部分被发送到服务器进行存储。 没有使用客户端私钥加密的数据对象中的块的第二部分被发送到服务器进行存储。
-
-
-
-
-
-
-
-
-
搜索结果
65 条记录 (耗时 0.027 秒)
