Approach for securing distributed deduplication software
    1.
    发明授权
    Approach for securing distributed deduplication software 有权
    保护分发重复数据删除软件的方法

    公开(公告)号:US08453257B2

    公开(公告)日:2013-05-28

    申请号:US12541191

    申请日:2009-08-14

    IPC分类号: H04L29/06

    摘要: The various embodiments of the present invention include techniques for securing the use of data deduplication activities occurring in a source-deduplicating storage management system. These techniques are intended to prevent fake data backup, target data contamination, and data spoofing attacks initiated by a source. In one embodiment, one technique includes limiting chunk querying to authorized users. Another technique provides detection of attacks and unauthorized access to keys within the target system. Additional techniques include the combination of validating the existence of data from the source by validating the data chunk, validating a data sample of the data chunk, or validating a hash value of the data chunk. A further embodiment involves the use of policies to provide authorization levels for chunk sharing and linking within the target. These techniques separately and in combination provide a comprehensive strategy to avoid unauthorized access to data within the target storage system.

    摘要翻译: 本发明的各种实施例包括用于确保在源 - 重复数据删除存储管理系统中发生的重复数据删除活动的使用的技术。 这些技术旨在防止由源发起的假数据备份,目标数据污染和数据欺骗攻击。 在一个实施例中,一种技术包括限制对授权用户的块查询。 另一种技术提供对目标系统内的攻击和未授权访问密钥的检测。 附加技术包括通过验证数据块来验证来自源的数据的存在,验证数据块的数据样本或验证数据块的哈希值的组合。 进一步的实施例涉及使用策略来为目标内的块共享和链接提供授权级别。 这些技术分开并组合提供了一种全面的策略,以避免未经授权的访问目标存储系统中的数据。

    Encrypting data objects to back-up
    2.
    发明授权
    Encrypting data objects to back-up 失效
    加密数据对象进行备份

    公开(公告)号:US08762743B2

    公开(公告)日:2014-06-24

    申请号:US13484028

    申请日:2012-05-30

    IPC分类号: G06F12/16 H04L9/28

    摘要: Provided are a computer program product, system, and method for encrypting data objects to back-up to a server. A client private key is intended to be maintained only by the client. A data object of chunks to store at the server is generated. A first portion of the chunks in the data object is encrypted with the client private key and the first portion of the chunks in the data object encrypted with the client private key are sent to the server to store. A second portion of the chunks in the data object not encrypted with the client private key are sent to the server to store.

    摘要翻译: 提供了用于加密数据对象以备份到服务器的计算机程序产品,系统和方法。 客户端私钥仅由客户端维护。 生成存储在服务器上的块的数据对象。 数据对象中的块的第一部分用客户端私钥加密,并且使用客户端私钥加密的数据对象中的块的第一部分被发送到服务器进行存储。 没有使用客户端私钥加密的数据对象中的块的第二部分被发送到服务器进行存储。

    APPROACH FOR SECURING DISTRIBUTED DEDUPLICATION SOFTWARE
    3.
    发明申请
    APPROACH FOR SECURING DISTRIBUTED DEDUPLICATION SOFTWARE 有权
    分发分发软件的保护方法

    公开(公告)号:US20110040732A1

    公开(公告)日:2011-02-17

    申请号:US12541191

    申请日:2009-08-14

    IPC分类号: G06F12/00 G06F12/16 G06F7/00

    摘要: The various embodiments of the present invention include techniques for securing the use of data deduplication activities occurring in a source-deduplicating storage management system. These techniques are intended to prevent fake data backup, target data contamination, and data spoofing attacks initiated by a source. In one embodiment, one technique includes limiting chunk querying to authorized users. Another technique provides detection of attacks and unauthorized access to keys within the target system. Additional techniques include the combination of validating the existence of data from the source by validating the data chunk, validating a data sample of the data chunk, or validating a hash value of the data chunk. A further embodiment involves the use of policies to provide authorization levels for chunk sharing and linking within the target. These techniques separately and in combination provide a comprehensive strategy to avoid unauthorized access to data within the target storage system.

    摘要翻译: 本发明的各种实施例包括用于确保在源 - 重复数据删除存储管理系统中发生的重复数据删除活动的使用的技术。 这些技术旨在防止由源发起的假数据备份,目标数据污染和数据欺骗攻击。 在一个实施例中,一种技术包括限制对授权用户的块查询。 另一种技术提供对目标系统内的攻击和未授权访问密钥的检测。 附加技术包括通过验证数据块来验证来自源的数据的存在,验证数据块的数据样本或验证数据块的哈希值的组合。 进一步的实施例涉及使用策略来为目标内的块共享和链接提供授权级别。 这些技术分开并组合提供了一种全面的策略,以避免未经授权的访问目标存储系统中的数据。

    Integrated approach for deduplicating data in a distributed environment that involves a source and a target
    4.
    发明授权
    Integrated approach for deduplicating data in a distributed environment that involves a source and a target 有权
    在涉及源和目标的分布式环境中重复数据删除的集成方法

    公开(公告)号:US09058298B2

    公开(公告)日:2015-06-16

    申请号:US12504083

    申请日:2009-07-16

    IPC分类号: G06F17/30 G06F11/14

    摘要: One aspect of the present invention includes a configuration of a storage management system that enables the performance of deduplication activities at both the client (source) and at the server (target) locations. The location of deduplication operations can then be optimized based on system conditions or predefined policies. In one embodiment, seamless switching of deduplication activities between the client and the server is enabled by utilizing uniform deduplication process algorithms and accessing the same deduplication index (containing information on the hashed data chunks). Additionally, any data transformations on the chunks are performed subsequent to identification of the data chunks. Accordingly, with use of this storage configuration, the storage system can find and utilize matching chunks generated with either client- or server-side deduplication.

    摘要翻译: 本发明的一个方面包括能够在客户端(源)和服务器(目标)位置处执行重复数据删除活动的存储管理系统的配置。 然后可以基于系统条件或预定义策略来优化重复数据删除操作的位置。 在一个实施例中,通过使用统一的重复数据删除处理算法和访问相同的重复数据删除索引(包含关于散列数据块的信息),能够实现客户端和服务器之间的重复数据删除活动的无缝切换。 此外,在识别数据块之后执行块上的任何数据变换。 因此,利用这种存储配置,存储系统可以找到并利用通过客户端或服务器端重复数据删除生成的匹配块。

    ENCRYPTING DATA OBJECTS TO BACK-UP
    7.
    发明申请
    ENCRYPTING DATA OBJECTS TO BACK-UP 失效
    加密数据对象进行备份

    公开(公告)号:US20130103945A1

    公开(公告)日:2013-04-25

    申请号:US13484028

    申请日:2012-05-30

    IPC分类号: H04L9/28

    摘要: Provided are a computer program product, system, and method for encrypting data objects to back-up to a server. A client private key is intended to be maintained only by the client. A data object of chunks to store at the server is generated. A first portion of the chunks in the data object is encrypted with the client private key and the first portion of the chunks in the data object encrypted with the client private key are sent to the server to store. A second portion of the chunks in the data object not encrypted with the client private key are sent to the server to store.

    摘要翻译: 提供了用于加密数据对象以备份到服务器的计算机程序产品,系统和方法。 客户端私钥仅由客户端维护。 生成存储在服务器上的块的数据对象。 数据对象中的块的第一部分用客户端私钥加密,并且使用客户端私钥加密的数据对象中的块的第一部分被发送到服务器进行存储。 没有使用客户端私钥加密的数据对象中的块的第二部分被发送到服务器进行存储。

    Integrated Approach for Deduplicating Data in a Distributed Environment that Involves a Source and a Target
    8.
    发明申请
    Integrated Approach for Deduplicating Data in a Distributed Environment that Involves a Source and a Target 有权
    在涉及源和目标的分布式环境中重复数据删除的综合方法

    公开(公告)号:US20110016095A1

    公开(公告)日:2011-01-20

    申请号:US12504083

    申请日:2009-07-16

    IPC分类号: G06F12/16 G06F12/00 G06F7/00

    摘要: One aspect of the present invention includes a configuration of a storage management system that enables the performance of deduplication activities at both the client (source) and at the server (target) locations. The location of deduplication operations can then be optimized based on system conditions or predefined policies. In one embodiment, seamless switching of deduplication activities between the client and the server is enabled by utilizing uniform deduplication process algorithms and accessing the same deduplication index (containing information on the hashed data chunks). Additionally, any data transformations on the chunks are performed subsequent to identification of the data chunks. Accordingly, with use of this storage configuration, the storage system can find and utilize matching chunks generated with either client- or server-side deduplication.

    摘要翻译: 本发明的一个方面包括能够在客户端(源)和服务器(目标)位置处执行重复数据删除活动的存储管理系统的配置。 然后可以基于系统条件或预定义策略来优化重复数据删除操作的位置。 在一个实施例中,通过使用统一的重复数据消除处理算法和访问相同的重复数据删除索引(包含散列数据块上的信息),能够实现客户端与服务器之间的重复数据删除活动的无缝切换。 此外,在识别数据块之后执行块上的任何数据变换。 因此,利用这种存储配置,存储系统可以找到并利用通过客户端或服务器端重复数据删除生成的匹配块。

    Restoring deduplicated data objects from sequential backup devices
    9.
    发明授权
    Restoring deduplicated data objects from sequential backup devices 有权
    从顺序备份设备恢复重复数据删除的数据对象

    公开(公告)号:US08892603B2

    公开(公告)日:2014-11-18

    申请号:US13479003

    申请日:2012-05-23

    IPC分类号: G06F17/30 G06F11/14

    摘要: Provided are computer program product, system, and method for restoring deduplicated data objects from sequential backup devices. A server stores data objects of extents having deduplicated data in the at least one sequential backup device. The server receives from a client a request for data objects. The server determines extents stored in the at least one sequential backup device for the requested data objects. The server or client sorts the extents according to an order in which they are stored in the at least one sequential backup device to generate a sort list. The server retrieves the extents from the at least one sequential backup device according to the order in the sort list to access the extents sequentially from the sequential backup device in the order in which they were stored. The server returns the retrieved extents to the client and the client reconstructs the requested data objects from the received extents.

    摘要翻译: 提供的是用于从顺序备份设备恢复重复数据删除的数据对象的计算机程序产品,系统和方法。 服务器将具有重复数据删除数据的盘区的数据对象存储在所述至少一个顺序备份设备中。 服务器从客户端接收对数据对象的请求。 服务器确定存储在所请求的数据对象的至少一个顺序备份设备中的区段。 服务器或客户端根据它们存储在至少一个顺序备份设备中的顺序对扩展区进行排序以生成排序列表。 服务器根据排序列表中的顺序从至少一个顺序备份设备中检索扩展数据块,以顺序备份设备按顺序从存储顺序访问扩展数据块。 服务器将检索到的扩展区返回到客户端,客户机从接收到的扩展区重新构建所请求的数据对象。

    Restoring a restore set of files from backup objects stored in sequential backup devices
    10.
    发明授权
    Restoring a restore set of files from backup objects stored in sequential backup devices 失效
    从存储在顺序备份设备中的备份对象恢复一组还原文件

    公开(公告)号:US08209298B1

    公开(公告)日:2012-06-26

    申请号:US12972291

    申请日:2010-12-17

    IPC分类号: G06F17/30

    摘要: Provided are a computer program product, system, and method for restoring a restore set of files from backup objects stored in sequential backup devices. Backup objects are stored in at least one sequential backup device. A client initiates a restore request to restore a restore set of data in a volume as of a restore point-in-time. A determination is made of backup objects stored in at least one sequential backup device including the restore set of data for the restore point-in-time, wherein the determined backup objects are determined from a set of backup objects including a full volume backup and delta backups providing data in the volume at different points-in-time, and wherein extents in different backup objects providing data for blocks in the volume at different points-in-time are not stored contiguously in the sequential backup device. A determination is made of extents stored in the at least one sequential backup device for the determined backup objects. The determined extents are sorted according to an order in which they are stored in the at least one sequential backup device to generate a sort list. The extents are retrieved from the at least one sequential backup device according to the order in the sort list to access the extents sequentially from the sequential backup device in the order in which they were stored. The retrieved extents are returned to the client and the client reconstructs the restore data set from the received extents.

    摘要翻译: 提供了一种计算机程序产品,系统和方法,用于从存储在顺序备份设备中的备份对象恢复恢复文件集。 备份对象存储在至少一个顺序备份设备中。 客户端启动还原请求,以恢复卷中恢复的还原数据集。 确定存储在至少一个顺序备份设备中的备份对象,包括用于恢复时间点的还原数据集,其中所确定的备份对象由一组备份对象确定,包括全卷备份和增量 在不同时间点在卷中提供数据的备份,并且其中不同备份对象中的不同备份对象中的盘区在不同时间点为块中的块提供数据不会连续存储在顺序备份设备中。 确定存储在所确定的备份对象的至少一个顺序备份设备中的范围。 确定的区段根据它们存储在至少一个顺序备份设备中的顺序进行排序以生成排序列表。 根据排序列表中的顺序从至少一个顺序备份设备检索扩展数据块,以顺序备份设备按顺序从存储顺序访问区段。 检索到的盘区返回到客户端,客户机从收到的盘区重构恢复数据集。