-
1.发明授权Method and apparatus for remediating backup data to control access to sensitive data 有权用于修复备份数据以控制对敏感数据的访问的方法和装置公开(公告)号:US08863304B1
公开(公告)日:2014-10-14
申请号:US12411850
申请日:2009-03-26
申请人: Kuldeep Sureshrao Nagarkar , Gaurav Malhotra , Thomas G. Clifford , Bruce Wootton , Aleksey Tsibulya
发明人: Kuldeep Sureshrao Nagarkar , Gaurav Malhotra , Thomas G. Clifford , Bruce Wootton , Aleksey Tsibulya
CPC分类号: G06F21/6245 , H04L67/1095
摘要: A method and apparatus for remediating backup data to control access to sensitive data is described. In one embodiment, the method for facilitating sensitive data remediation from backup images without a separate data store includes examining the backup images to identify sensitive data and modifying remediation information associated with the sensitive data, wherein the remediation information restricts access to the sensitive data to at least one corresponding access group.
摘要翻译: 描述了用于修复备份数据以控制对敏感数据的访问的方法和装置。 在一个实施例中,用于在没有单独的数据存储的情况下促进从备份图像的敏感数据修复的方法包括检查备份图像以识别敏感数据并修改与敏感数据相关联的修复信息,其中修复信息限制对敏感数据的访问 至少一个对应的访问组。
-
公开(公告)号:US08812874B1
公开(公告)日:2014-08-19
申请号:US12415699
申请日:2009-03-31
申请人: Thomas G. Clifford
发明人: Thomas G. Clifford
CPC分类号: G06F21/6209 , G06F17/30156 , G06F21/602 , G06F21/6218 , G06F2221/2107
摘要: A system and method is disclosed for implementing an enterprise rights management (ERM) system that enables effective data deduplication of ERM-protected data. An ERM-aware application may segment data, such as a file, into one or more data segments. The chosen segmentation boundaries may depend on data already stored on a target storage system and/or on a segmentation scheme used by a target deduplication system. An ERM-aware application may derive a respective convergent encryption key for each data segment, the convergent encryption key being dependent on the contents of the data segment, and encrypt the data segment using that key. The ERM-aware application may include the respective convergent decryption keys (which may be identical to the respective convergent encryption keys) in a publishing license of the ERM-protected file.
摘要翻译: 公开了一种用于实现企业权限管理(ERM)系统的系统和方法,其实现了ERM保护数据的有效重复数据删除。 启用ERM的应用程序可能会将数据(如文件)分段到一个或多个数据段。 所选择的分割边界可以取决于已经存储在目标存储系统上的数据和/或目标重复数据删除系统使用的分段方案。 ERM感知应用可以为每个数据段导出相应的收敛加密密钥,收敛加密密钥取决于数据段的内容,并且使用该密钥加密数据段。 在ERM保护的文件的发布许可证中,ERM感知应用可以包括相应的收敛解密密钥(其可以与相应的收敛加密密钥相同)。
-
3.发明授权System and method for netbackup data decryption in a high latency low bandwidth environment 有权在高延迟低带宽环境中进行网络备份数据解密的系统和方法公开(公告)号:US08713300B2
公开(公告)日:2014-04-29
申请号:US13011588
申请日:2011-01-21
IPC分类号: H04L29/06
CPC分类号: H04L63/0428 , G06F11/1451 , G06F11/1458 , G06F11/1464 , G06F11/1469 , G06F21/6218 , H04L9/0894
摘要: A system and method for efficient transfer of encrypted data over a low-bandwidth network. A backup server and a client computer are coupled to one another via a first network. The backup server is coupled to a remote data storage via another network, such as the Internet, also referred to as a cloud. The backup server encrypts received data for backup from the client computer. Cryptography segment and sub-segment sizes may be chosen that are aligned on a byte boundary with one another and with selected backup segment and sub-segment sizes used by backup software on the remote data storage. A selected cryptography algorithm has a property of allowing a given protected sub-segment with the cryptography sub-segment size to be decrypted by initially decrypting an immediate prior protected sub-segment that has the same cryptography sub-segment size. Therefore, the size of data transmitted via the cloud may be smaller than the cryptography segment size.
摘要翻译: 一种用于通过低带宽网络有效传输加密数据的系统和方法。 备份服务器和客户端计算机经由第一网络彼此耦合。 备份服务器通过另一个网络(例如因特网,也称为云)耦合到远程数据存储。 备份服务器从客户端计算机加密收到的数据进行备份。 可以选择在字节边界上彼此对齐的加密段和子段大小,以及备份软件在远程数据存储上使用的选择的备份段和子段大小。 所选择的加密算法具有通过首先解密具有相同加密子段大小的立即先前受保护的子段来允许具有加密子段大小的给定受保护子段来解密的属性。 因此,通过云传输的数据的大小可能小于密码段大小。
-
公开(公告)号:US20130318463A1
公开(公告)日:2013-11-28
申请号:US13480697
申请日:2012-05-25
申请人: Thomas G. Clifford
发明人: Thomas G. Clifford
IPC分类号: G06F3/048
CPC分类号: G06F11/1453 , G06F11/1451 , G06F11/1461 , G06F11/349
摘要: Various systems and methods to display information regarding duplication operations and to configure duplication operations. For example, information regarding policies that can be included in a duplication operation is presented via a display. The display receives selection of one or more of the policies. In response to the selection, the display updates to reflect how much of a bucket has been allocated and how much is available, where the bucket specifies an amount of time and is calculated as a function of a duplication window duration.
摘要翻译: 各种系统和方法来显示有关复制操作的信息,并配置复制操作。 例如,通过显示器呈现关于可以包括在复制操作中的策略的信息。 显示器接收一个或多个策略的选择。 响应于选择,显示器更新以反映已经分配了多少桶,以及多少可用,其中桶规定了时间量并且被计算为复制窗口持续时间的函数。
-
公开(公告)号:US20130318313A1
公开(公告)日:2013-11-28
申请号:US13480585
申请日:2012-05-25
申请人: Thomas G. Clifford
发明人: Thomas G. Clifford
IPC分类号: G06F12/16
CPC分类号: G06F11/1453 , G06F11/1451 , G06F11/1461 , G06F11/349
摘要: Various systems and methods for configuring a duplication operation. For example, a method involves specifying a duplication window, a source storage device, and a target storage device. When a duplication operation is executed, data is copied from the source storage device to the target storage device during the duplication window. The method also involves calculating a predicted duplication rate, where the predicted duplication rate is an estimate of a rate at which data can be copied from the source storage device to the target storage device.
摘要翻译: 用于配置复制操作的各种系统和方法。 例如,涉及指定复制窗口,源存储设备和目标存储设备的方法。 当执行复制操作时,在复制窗口期间将数据从源存储设备复制到目标存储设备。 该方法还包括计算预测的复制速率,其中预测的复制速率是可以将数据从源存储设备复制到目标存储设备的速率的估计。
-
公开(公告)号:US08572758B1
公开(公告)日:2013-10-29
申请号:US12413801
申请日:2009-03-30
申请人: Thomas G. Clifford
发明人: Thomas G. Clifford
IPC分类号: G06F12/14
CPC分类号: G06F21/6218 , G06F11/1458
摘要: A system and method is disclosed for implementing a data loss prevention (DLP) system configured to protect sensitive data in conjunction with corresponding content indexing (CI) metadata. In response to detecting a data loss risk, such as to data at rest (e.g., stored on a file system) and/or to data in motion (e.g., data being transmitted across a network) the system may perform any number of data loss prevention actions, including sequestering the data. The system may utilize an interface to a content indexing system in order to discover CI metadata associated with the data and sequester the CI metadata associated with the data. One or more common sequestration rules may be applied to the sequestration of the data and of the metadata. For example, the data and metadata may be encrypted using the same key and/or sequestered in the same location.
摘要翻译: 公开了一种用于实现数据丢失预防(DLP)系统的系统和方法,该系统配置为结合对应的内容索引(CI)元数据来保护敏感数据。 响应于检测数据丢失风险,例如静止数据(例如,存储在文件系统中)和/或运动中的数据(例如,跨网络传输的数据),系统可以执行任何数量的数据丢失 预防措施,包括隔离数据。 该系统可以利用到内容索引系统的接口,以便发现与该数据相关联的CI元数据并隔离与数据相关联的CI元数据。 一个或多个常见的隔离规则可以应用于数据和元数据的隔离。 例如,数据和元数据可以使用相同的密钥进行加密和/或被隔离在相同的位置。
-
公开(公告)号:US08438630B1
公开(公告)日:2013-05-07
申请号:US12413821
申请日:2009-03-30
申请人: Thomas G. Clifford
发明人: Thomas G. Clifford
IPC分类号: G06F17/00
CPC分类号: G06F21/60
摘要: A system and method is disclosed for implementing a data loss prevention (DLP) system capable of detecting transmission attempts involving encrypted data. In response to detecting that the data is encrypted, such a DLP system may perform any number of configurable DLP actions, such as blocking the data transmission attempt and/or sequestering the data. The DLP system may determine that the data is encrypted, based at least in part, on a value of a compressibility measure of the data, such as a compression ratio. The DLP system may leverage other operating system and/or file system capabilities, such as file extensions, magic numbers, or other utilities. The DLP system may determine if the data is compressed rather than encrypted by attempting to decompress the file.
摘要翻译: 公开了一种用于实现能够检测涉及加密数据的传输尝试的数据丢失预防(DLP)系统的系统和方法。 响应于检测到数据被加密,这样的DLP系统可以执行任何数量的可配置的DLP动作,诸如阻止数据传输尝试和/或隔离数据。 至少部分地,DLP系统可以确定数据被加密,诸如数据的可压缩性度量的值,例如压缩比。 DLP系统可以利用其他操作系统和/或文件系统功能,例如文件扩展名,魔术号码或其他实用程序。 DLP系统可以通过尝试解压缩文件来确定数据是否被压缩而不是加密。
-
公开(公告)号:US739589A
公开(公告)日:1903-09-22
申请号:US1903144963
申请日:1903-02-25
发明人: CLIFFORD THOMAS G
CPC分类号: F16L55/136
-
公开(公告)号:US09798627B2
公开(公告)日:2017-10-24
申请号:US13480697
申请日:2012-05-25
申请人: Thomas G. Clifford
发明人: Thomas G. Clifford
CPC分类号: G06F11/1453 , G06F11/1451 , G06F11/1461 , G06F11/349
摘要: Various systems and methods to display information regarding duplication operations and to configure duplication operations. For example, information regarding policies that can be included in a duplication operation is presented via a display. The display receives selection of one or more of the policies. In response to the selection, the display updates to reflect how much of a bucket has been allocated and how much is available, where the bucket specifies an amount of time and is calculated as a function of a duplication window duration.
-
10.发明授权Method and apparatus for backing up to tape drives with minimum write speed 有权以最低写入速度备份到磁带驱动器的方法和设备公开(公告)号:US08504785B1
公开(公告)日:2013-08-06
申请号:US12401535
申请日:2009-03-10
IPC分类号: G06F12/16
CPC分类号: G06F11/1458 , G06F11/1456 , G06F11/3409 , G06F11/3485 , G06F11/349 , G06F2201/81
摘要: Techniques for controlling data backup operations are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for data backup. The method may include receiving a minimum write speed for a plurality of tape drives. The method may further include controlling data writes for the plurality of tape drives such that data may be attempted to be written to each tape drive at or above the minimum write speed for each tape drive.
摘要翻译: 公开了用于控制数据备份操作的技术。 在一个特定的示例性实施例中,这些技术可以被实现为用于数据备份的方法。 该方法可以包括为多个磁带驱动器接收最小写入速度。 该方法还可以包括控制多个磁带驱动器的数据写入,使得可以尝试以每秒磁带驱动器的最小写入速度等于或高于每个磁带驱动器写入数据。
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.02 秒)
