Storage availability using cryptographic splitting
    1.
    发明授权
    Storage availability using cryptographic splitting 有权
    使用加密拆分的存储可用性

    公开(公告)号:US08135980B2

    公开(公告)日:2012-03-13

    申请号:US12342438

    申请日:2008-12-23

    IPC分类号: G06F11/00

    摘要: A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. In one aspect, a method includes assigning a volume to a primary secure storage appliance located in a secure data storage network, the secure data storage network including a plurality of secure data paths between the primary secure storage appliance and a client device and a plurality of secure data paths between the secure storage appliance and a plurality of storage systems, the volume corresponding to physical storage at each of the plurality of storage systems. The method also includes detecting a connectivity problem on at least one of the secure data paths. The method further includes assessing whether to reassign the volume to a different secure storage appliance based upon the connectivity problem.

    摘要翻译: 公开了一种安全存储设备,以及在安全存储网络中存储和读取数据的方法。 一方面,一种方法包括将卷分配给位于安全数据存储网络中的主要安全存储设备,所述安全数据存储网络包括主安全存储设备和客户端设备之间的多个安全数据路径,以及多个 所述安全存储设备与多个存储系统之间的安全数据路径,所述卷对应于所述多个存储系统中的每一个处的物理存储。 该方法还包括检测至少一个安全数据路径上的连接问题。 该方法还包括基于连接性问题评估是否将卷重新分配给不同的安全存储设备。

    STORAGE SECURITY USING CRYPTOGRAPHIC SPLITTING
    2.
    发明申请
    STORAGE SECURITY USING CRYPTOGRAPHIC SPLITTING 审中-公开
    存储安全使用CRYPTOGRAPHIC分割

    公开(公告)号:US20100154053A1

    公开(公告)日:2010-06-17

    申请号:US12336562

    申请日:2008-12-17

    IPC分类号: H04L9/32 G06F21/00

    摘要: Methods and systems for presenting a virtual disk to a client device are disclosed. One method includes receiving client credentials from a client device, the client credentials including a client identifier. The method also includes authenticating the client device at a secure storage device. The method further includes determining a volume is associated with the client device based upon the client identifier, the volume associated with a plurality of shares stored on a corresponding plurality of physical storage devices. The method also includes, upon determining the volume is associated with the client device, presenting the volume to the client device.

    摘要翻译: 公开了向客户端设备呈现虚拟磁盘的方法和系统。 一种方法包括从客户端设备接收客户端凭证,客户机凭证包括客户端标识符。 该方法还包括在安全存储设备处验证客户端设备。 该方法还包括基于客户端标识符确定与客户端设备相关联的卷,该存储器与存储在相应的多个物理存储设备上的多个共享相关联的卷。 所述方法还包括在确定所述卷与所述客户端设备相关联时,将所述卷呈现给所述客户端设备。

    STORAGE COMMUNITIES OF INTEREST USING CRYPTOGRAPHIC SPLITTING
    4.
    发明申请
    STORAGE COMMUNITIES OF INTEREST USING CRYPTOGRAPHIC SPLITTING 审中-公开
    存储利益分享的社区

    公开(公告)号:US20100161964A1

    公开(公告)日:2010-06-24

    申请号:US12342575

    申请日:2008-12-23

    IPC分类号: H04L9/00 G06F21/00 G06F12/14

    摘要: Methods and systems of presenting data in a secure data storage network are disclosed. One method includes defining a plurality of communities of interest, each community of interest capable of accessing data stored in a secure data storage network and including a plurality of users desiring access to a common set of data, wherein each of the plurality of communities of interest has a set of security rights. The method also includes associating each of the plurality of communities of interest with a different workgroup key. The method further includes, upon identification of a client device as associated with a user from among the plurality of users in a community of interest, presenting a virtual disk to the client device in accordance with the security rights, the virtual disk associated with the workgroup key associated with the community of interest and a volume containing the common set of data to the community of interest, the volume including a plurality of shares stored on a plurality of physical storage devices.

    摘要翻译: 公开了在安全数据存储网络中呈现数据的方法和系统。 一种方法包括定义感兴趣的多个社区,感兴趣的每个社区都能够访问存储在安全数据存储网络中的数据,并且包括希望访问一组共同的数据的多个用户,其中所述多个感兴趣社区中的每一个 有一套担保权。 该方法还包括将感兴趣的多个社区中的每一个与不同的工作组密钥相关联。 该方法还包括:在感兴趣的社区中的多个用户中识别与用户相关联的客户端设备时,根据安全权限向客户端设备呈现虚拟磁盘,与工作组相关联的虚拟磁盘 与所关注的社区相关联的密钥以及包含所述感兴趣社区的共同数据集的卷,所述卷包括存储在多个物理存储设备上的多个共享。

    STORAGE SECURITY USING CRYPTOGRAPHIC SPLITTING
    5.
    发明申请
    STORAGE SECURITY USING CRYPTOGRAPHIC SPLITTING 审中-公开
    存储安全使用CRYPTOGRAPHIC分割

    公开(公告)号:US20140164790A1

    公开(公告)日:2014-06-12

    申请号:US13706457

    申请日:2012-12-06

    IPC分类号: H04L9/32

    摘要: Methods and systems for administrative management of a secure data storage network are disclosed. One system includes a secure storage appliance configured to host a plurality of volumes, each volume associated with a plurality of shares stored on a corresponding plurality of physical storage devices and having a plurality of volume management settings, wherein each volume is accessible by a group of one or more users, each user assigned an administrative access level, the volume management settings are editable by a first user from the group of one or more users associated with the volume and assigned an administrative access level sufficient to edit the volume management settings, and the volume management settings are inaccessible by a second user from outside the group of one or more users associated with the volume and assigned an administrative access level at least equal to that of the first user.

    摘要翻译: 公开了用于安全数据存储网络的管理管理的方法和系统。 一个系统包括被配置为托管多个卷的安全存储设备,每个卷与存储在相应的多个物理存储设备上的多个共享相关联,并具有多个卷管理设置,其中每个卷可由一组 一个或多个用户,每个用户分配了管理访问级别,所述卷管理设置可由第一用户从与所述卷相关联的一个或多个用户的组中编辑,并且分配了足以编辑所述卷管理设置的管理访问级别,以及 卷管理设置由第二用户从与卷相关联的一个或多个用户的组之外的外部不可访问,并且分配了至少等于第一用户的管理访问级别。

    Block-level data storage using an outstanding write list
    6.
    发明授权
    Block-level data storage using an outstanding write list 有权
    使用未完成的写入列表的块级数据存储

    公开(公告)号:US08386798B2

    公开(公告)日:2013-02-26

    申请号:US12342500

    申请日:2008-12-23

    IPC分类号: G06F11/30

    摘要: A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk and reconstitute the block of data from at least a portion of the plurality of secondary blocks of data stored in shares on corresponding physical storage devices in response to a request from the client.

    摘要翻译: 公开了一种安全存储设备,以及在安全存储网络中存储和读取数据的方法。 安全存储设备被配置为向客户端呈现映射到多个物理存储设备的虚拟磁盘。 安全存储设备能够执行被配置为通过对从客户端接收的数据块进行分割和加密操作来生成多个次要数据块的程序指令,以存储在虚拟磁盘上并从至少重构数据块 响应于来自客户端的请求,存储在对应的物理存储设备上的共享中的多个次要数据块的一部分。

    STORAGE OF CRYPTOGRAPHICALLY-SPLIT DATA BLOCKS AT GEOGRAPHICALLY-SEPARATED LOCATIONS
    7.
    发明申请
    STORAGE OF CRYPTOGRAPHICALLY-SPLIT DATA BLOCKS AT GEOGRAPHICALLY-SEPARATED LOCATIONS 审中-公开
    在地理分离位置存储数据分割数据块

    公开(公告)号:US20100162004A1

    公开(公告)日:2010-06-24

    申请号:US12342547

    申请日:2008-12-23

    IPC分类号: H04L9/06

    摘要: A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary data blocks by performing splitting and encrypting operations on a primary data block received from the client for storage on the virtual disk. For security, the secondary data blocks are stored at geographically-distributed locations. The secure storage appliance is also capable of executing program instructions configured to reconstitute the primary data block from at least a portion of the plurality of secondary data blocks stored in shares on corresponding physical storage devices in response to a request from the client.

    摘要翻译: 公开了一种安全存储设备,以及在安全存储网络中存储和读取数据的方法。 安全存储设备被配置为向客户端呈现映射到多个物理存储设备的虚拟磁盘。 安全存储设备能够执行被配置为通过对从客户端接收的主数据块执行拆分和加密操作来生成多个次数据块的程序指令,以存储在虚拟盘上。 为了安全起见,辅助数据块存储在地理位置分布的位置。 安全存储设备还能够执行程序指令,其被配置为响应于来自客户端的请求,从存储在相应物理存储设备上的共享中的多个辅助数据块的至少一部分重构主数据块。

    STORAGE SECURITY USING CRYPTOGRAPHIC SPLITTING
    8.
    发明申请
    STORAGE SECURITY USING CRYPTOGRAPHIC SPLITTING 审中-公开
    存储安全使用CRYPTOGRAPHIC分割

    公开(公告)号:US20100150341A1

    公开(公告)日:2010-06-17

    申请号:US12336568

    申请日:2008-12-17

    IPC分类号: H04L9/28 H04L9/00 H04L9/06

    摘要: Methods and systems for securing data in a data storage network are disclosed. One method includes receiving at a secure storage appliance a block of data for storage on a volume, the volume associated with a plurality of shares distributed across a plurality of physical storage devices. The method further includes cryptographically splitting the block of data received by the secure storage appliance into a plurality of secondary data blocks, and cryptographically splitting the session key into a plurality of session key fragments. The method further includes encrypting each of the plurality of secondary data blocks with a different session key, each session key associated with at least one of the plurality of shares, and encrypting each of the plurality of session key fragments with a workgroup key associated with a source of the block of data.

    摘要翻译: 公开了用于在数据存储网络中保护数据的方法和系统。 一种方法包括在安全存储设备处接收用于存储在卷上的数据块,所述数据块与多个物理存储设备上分布的多个共享相关联。 该方法还包括将由安全存储设备接收的数据块加密地分割成多个辅助数据块,以及将会话密钥加密地分割成多个会话密钥片段。 该方法还包括用不同的会话密钥加密多个辅助数据块中的每一个,每个会话密钥与多个共享中的至少一个共享相关联,并且利用与该多个会话密钥相关联的工作组密钥加密每个会话密钥片段 源数据块。

    Storage availability using cryptographic splitting
    9.
    发明授权
    Storage availability using cryptographic splitting 有权
    使用加密拆分的存储可用性

    公开(公告)号:US08719594B2

    公开(公告)日:2014-05-06

    申请号:US13397084

    申请日:2012-02-15

    IPC分类号: H04L29/06 G06F21/00

    摘要: Methods and systems for maintaining data connectivity in a secure data storage network are disclosed. In one aspect, a method includes assigning a volume to a primary secure storage appliance located in a secure data storage network the primary secure storage appliance selected from among a plurality of secure storage appliances located in the secure data storage network, the volume presented as a virtual disk to a client device and mapped to physical storage at each of a plurality of storage systems. The method further includes detecting at one of the plurality of secure storage appliances a failure of the primary secure storage appliance. The method also includes, upon detecting the failure of the primary secure storage appliance, reassigning the volume to a second secure storage appliance from among the plurality of secure storage appliances, thereby rendering the second secure storage appliance a new primary secure storage appliance.

    摘要翻译: 公开了用于在安全数据存储网络中维护数据连接的方法和系统。 一方面,一种方法包括将卷分配给位于安全数据存储网络中的主安全存储设备,主安全存储设备从位于安全数据存储网络中的多个安全存储设备中选择,该卷呈现为 虚拟磁盘到客户端设备,并映射到多个存储系统中的每一个处的物理存储器。 该方法还包括在多个安全存储设备之一处检测主安全存储设备的故障。 该方法还包括在检测到主安全存储设备的故障之后,将该卷从多个安全存储设备中重新分配到第二安全存储设备,从而使第二安全存储设备成为新的主安全存储设备。

    STORAGE AVAILABILITY USING CRYPTOGRAPHIC SPLITTING
    10.
    发明申请
    STORAGE AVAILABILITY USING CRYPTOGRAPHIC SPLITTING 有权
    存储可用性使用CRYPTOGRAPHIC分割

    公开(公告)号:US20130212373A1

    公开(公告)日:2013-08-15

    申请号:US13397084

    申请日:2012-02-15

    IPC分类号: H04L29/06

    摘要: Methods and systems for maintaining data connectivity in a secure data storage network are disclosed. In one aspect, a method includes assigning a volume to a primary secure storage appliance located in a secure data storage network the primary secure storage appliance selected from among a plurality of secure storage appliances located in the secure data storage network, the volume presented as a virtual disk to a client device and mapped to physical storage at each of a plurality of storage systems. The method further includes detecting at one of the plurality of secure storage appliances a failure of the primary secure storage appliance. The method also includes, upon detecting the failure of the primary secure storage appliance, reassigning the volume to a second secure storage appliance from among the plurality of secure storage appliances, thereby rendering the second secure storage appliance a new primary secure storage appliance.

    摘要翻译: 公开了用于在安全数据存储网络中维护数据连接的方法和系统。 一方面,一种方法包括将卷分配给位于安全数据存储网络中的主安全存储设备,主安全存储设备从位于安全数据存储网络中的多个安全存储设备中选择,该卷呈现为 虚拟磁盘到客户端设备,并映射到多个存储系统中的每一个处的物理存储器。 该方法还包括在多个安全存储设备之一处检测主安全存储设备的故障。 该方法还包括在检测到主安全存储设备的故障之后,将该卷从多个安全存储设备中重新分配到第二安全存储设备,从而使第二安全存储设备成为新的主安全存储设备。