-
公开(公告)号:US08762743B2
公开(公告)日:2014-06-24
申请号:US13484028
申请日:2012-05-30
CPC分类号: G06F21/6209 , G06F11/1458 , H04L9/0894 , H04L9/14
摘要: Provided are a computer program product, system, and method for encrypting data objects to back-up to a server. A client private key is intended to be maintained only by the client. A data object of chunks to store at the server is generated. A first portion of the chunks in the data object is encrypted with the client private key and the first portion of the chunks in the data object encrypted with the client private key are sent to the server to store. A second portion of the chunks in the data object not encrypted with the client private key are sent to the server to store.
摘要翻译: 提供了用于加密数据对象以备份到服务器的计算机程序产品,系统和方法。 客户端私钥仅由客户端维护。 生成存储在服务器上的块的数据对象。 数据对象中的块的第一部分用客户端私钥加密,并且使用客户端私钥加密的数据对象中的块的第一部分被发送到服务器进行存储。 没有使用客户端私钥加密的数据对象中的块的第二部分被发送到服务器进行存储。
-
公开(公告)号:US20110040732A1
公开(公告)日:2011-02-17
申请号:US12541191
申请日:2009-08-14
申请人: Matthew J. Anglin , David M. Cannon , Avishai H. Hochberg , Alexei Kojenov , James P. Smith , Mark L. Yakushev
发明人: Matthew J. Anglin , David M. Cannon , Avishai H. Hochberg , Alexei Kojenov , James P. Smith , Mark L. Yakushev
CPC分类号: G06F11/1453 , G06F21/55 , G06F21/64
摘要: The various embodiments of the present invention include techniques for securing the use of data deduplication activities occurring in a source-deduplicating storage management system. These techniques are intended to prevent fake data backup, target data contamination, and data spoofing attacks initiated by a source. In one embodiment, one technique includes limiting chunk querying to authorized users. Another technique provides detection of attacks and unauthorized access to keys within the target system. Additional techniques include the combination of validating the existence of data from the source by validating the data chunk, validating a data sample of the data chunk, or validating a hash value of the data chunk. A further embodiment involves the use of policies to provide authorization levels for chunk sharing and linking within the target. These techniques separately and in combination provide a comprehensive strategy to avoid unauthorized access to data within the target storage system.
摘要翻译: 本发明的各种实施例包括用于确保在源 - 重复数据删除存储管理系统中发生的重复数据删除活动的使用的技术。 这些技术旨在防止由源发起的假数据备份,目标数据污染和数据欺骗攻击。 在一个实施例中,一种技术包括限制对授权用户的块查询。 另一种技术提供对目标系统内的攻击和未授权访问密钥的检测。 附加技术包括通过验证数据块来验证来自源的数据的存在,验证数据块的数据样本或验证数据块的哈希值的组合。 进一步的实施例涉及使用策略来为目标内的块共享和链接提供授权级别。 这些技术分开并组合提供了一种全面的策略,以避免未经授权的访问目标存储系统中的数据。
-
公开(公告)号:US08453257B2
公开(公告)日:2013-05-28
申请号:US12541191
申请日:2009-08-14
申请人: Matthew J. Anglin , David M. Cannon , Avishai H. Hochberg , Alexei Kojenov , James P. Smith , Mark L. Yakushev
发明人: Matthew J. Anglin , David M. Cannon , Avishai H. Hochberg , Alexei Kojenov , James P. Smith , Mark L. Yakushev
IPC分类号: H04L29/06
CPC分类号: G06F11/1453 , G06F21/55 , G06F21/64
摘要: The various embodiments of the present invention include techniques for securing the use of data deduplication activities occurring in a source-deduplicating storage management system. These techniques are intended to prevent fake data backup, target data contamination, and data spoofing attacks initiated by a source. In one embodiment, one technique includes limiting chunk querying to authorized users. Another technique provides detection of attacks and unauthorized access to keys within the target system. Additional techniques include the combination of validating the existence of data from the source by validating the data chunk, validating a data sample of the data chunk, or validating a hash value of the data chunk. A further embodiment involves the use of policies to provide authorization levels for chunk sharing and linking within the target. These techniques separately and in combination provide a comprehensive strategy to avoid unauthorized access to data within the target storage system.
摘要翻译: 本发明的各种实施例包括用于确保在源 - 重复数据删除存储管理系统中发生的重复数据删除活动的使用的技术。 这些技术旨在防止由源发起的假数据备份,目标数据污染和数据欺骗攻击。 在一个实施例中,一种技术包括限制对授权用户的块查询。 另一种技术提供对目标系统内的攻击和未授权访问密钥的检测。 附加技术包括通过验证数据块来验证来自源的数据的存在,验证数据块的数据样本或验证数据块的哈希值的组合。 进一步的实施例涉及使用策略来为目标内的块共享和链接提供授权级别。 这些技术分开并组合提供了一种全面的策略,以避免未经授权的访问目标存储系统中的数据。
-
公开(公告)号:US08769310B2
公开(公告)日:2014-07-01
申请号:US13279017
申请日:2011-10-21
CPC分类号: G06F21/6209 , G06F11/1458 , H04L9/0894 , H04L9/14
摘要: Provided are a computer program product, system, and method for encrypting data objects to back-up to a server. A client private key is intended to be maintained only by the client. A data object of chunks to store at the server is generated. A first portion of the chunks in the data object is encrypted with the client private key and the first portion of the chunks in the data object encrypted with the client private key are sent to the server to store. A second portion of the chunks in the data object not encrypted with the client private key are sent to the server to store.
-
公开(公告)号:US20130103945A1
公开(公告)日:2013-04-25
申请号:US13484028
申请日:2012-05-30
IPC分类号: H04L9/28
CPC分类号: G06F21/6209 , G06F11/1458 , H04L9/0894 , H04L9/14
摘要: Provided are a computer program product, system, and method for encrypting data objects to back-up to a server. A client private key is intended to be maintained only by the client. A data object of chunks to store at the server is generated. A first portion of the chunks in the data object is encrypted with the client private key and the first portion of the chunks in the data object encrypted with the client private key are sent to the server to store. A second portion of the chunks in the data object not encrypted with the client private key are sent to the server to store.
摘要翻译: 提供了用于加密数据对象以备份到服务器的计算机程序产品,系统和方法。 客户端私钥仅由客户端维护。 生成存储在服务器上的块的数据对象。 数据对象中的块的第一部分用客户端私钥加密,并且使用客户端私钥加密的数据对象中的块的第一部分被发送到服务器进行存储。 没有使用客户端私钥加密的数据对象中的块的第二部分被发送到服务器进行存储。
-
6.发明申请Integrated Approach for Deduplicating Data in a Distributed Environment that Involves a Source and a Target 有权在涉及源和目标的分布式环境中重复数据删除的综合方法公开(公告)号:US20110016095A1
公开(公告)日:2011-01-20
申请号:US12504083
申请日:2009-07-16
申请人: Matthew J. Anglin , David M. Cannon , Avishai H. Hochberg , James P. Smith , David G. Van Hise , Mark L. Yakushev
发明人: Matthew J. Anglin , David M. Cannon , Avishai H. Hochberg , James P. Smith , David G. Van Hise , Mark L. Yakushev
CPC分类号: G06F11/1464 , G06F11/1453 , G06F17/30159
摘要: One aspect of the present invention includes a configuration of a storage management system that enables the performance of deduplication activities at both the client (source) and at the server (target) locations. The location of deduplication operations can then be optimized based on system conditions or predefined policies. In one embodiment, seamless switching of deduplication activities between the client and the server is enabled by utilizing uniform deduplication process algorithms and accessing the same deduplication index (containing information on the hashed data chunks). Additionally, any data transformations on the chunks are performed subsequent to identification of the data chunks. Accordingly, with use of this storage configuration, the storage system can find and utilize matching chunks generated with either client- or server-side deduplication.
摘要翻译: 本发明的一个方面包括能够在客户端(源)和服务器(目标)位置处执行重复数据删除活动的存储管理系统的配置。 然后可以基于系统条件或预定义策略来优化重复数据删除操作的位置。 在一个实施例中,通过使用统一的重复数据消除处理算法和访问相同的重复数据删除索引(包含散列数据块上的信息),能够实现客户端与服务器之间的重复数据删除活动的无缝切换。 此外,在识别数据块之后执行块上的任何数据变换。 因此,利用这种存储配置,存储系统可以找到并利用通过客户端或服务器端重复数据删除生成的匹配块。
-
7.发明授权Integrated approach for deduplicating data in a distributed environment that involves a source and a target 有权在涉及源和目标的分布式环境中重复数据删除的集成方法公开(公告)号:US09058298B2
公开(公告)日:2015-06-16
申请号:US12504083
申请日:2009-07-16
申请人: Matthew J. Anglin , David M. Cannon , Avishai H. Hochberg , James P. Smith , David G. Van Hise , Mark L. Yakushev
发明人: Matthew J. Anglin , David M. Cannon , Avishai H. Hochberg , James P. Smith , David G. Van Hise , Mark L. Yakushev
CPC分类号: G06F11/1464 , G06F11/1453 , G06F17/30159
摘要: One aspect of the present invention includes a configuration of a storage management system that enables the performance of deduplication activities at both the client (source) and at the server (target) locations. The location of deduplication operations can then be optimized based on system conditions or predefined policies. In one embodiment, seamless switching of deduplication activities between the client and the server is enabled by utilizing uniform deduplication process algorithms and accessing the same deduplication index (containing information on the hashed data chunks). Additionally, any data transformations on the chunks are performed subsequent to identification of the data chunks. Accordingly, with use of this storage configuration, the storage system can find and utilize matching chunks generated with either client- or server-side deduplication.
摘要翻译: 本发明的一个方面包括能够在客户端(源)和服务器(目标)位置处执行重复数据删除活动的存储管理系统的配置。 然后可以基于系统条件或预定义策略来优化重复数据删除操作的位置。 在一个实施例中,通过使用统一的重复数据删除处理算法和访问相同的重复数据删除索引(包含关于散列数据块的信息),能够实现客户端和服务器之间的重复数据删除活动的无缝切换。 此外,在识别数据块之后执行块上的任何数据变换。 因此,利用这种存储配置,存储系统可以找到并利用通过客户端或服务器端重复数据删除生成的匹配块。
-
公开(公告)号:US20130101113A1
公开(公告)日:2013-04-25
申请号:US13279017
申请日:2011-10-21
IPC分类号: H04L9/28
CPC分类号: G06F21/6209 , G06F11/1458 , H04L9/0894 , H04L9/14
摘要: Provided are a computer program product, system, and method for encrypting data objects to back-up to a server. A client private key is intended to be maintained only by the client. A data object of chunks to store at the server is generated. A first portion of the chunks in the data object is encrypted with the client private key and the first portion of the chunks in the data object encrypted with the client private key are sent to the server to store. A second portion of the chunks in the data object not encrypted with the client private key are sent to the server to store.
-
公开(公告)号:US20110218969A1
公开(公告)日:2011-09-08
申请号:US12719108
申请日:2010-03-08
IPC分类号: G06F17/30
CPC分类号: G06F11/1453 , G06F11/1402 , G06F11/1469 , G06F11/2089
摘要: Various techniques for improving the performance of restoring deduplicated data files from a server to a client within a storage management system are disclosed. In one embodiment, a chunk index is maintained on the client that tracks the chunks remaining on the client for each data file that is stored to and restored from the storage server. When a specific file is selected for restore from the storage server to the client, the client determines if any local copies of this specific file's chunks are stored in files already existing on the client data store. The file is then reconstructed from a combination of these local copies of the file chunks and chunks retrieved from the storage server. Therefore, only chunks that are not stored or are inaccessible to the client are retrieved from the server, reducing server-side processing requirements and the bandwidth required for data restore operations.
摘要翻译: 公开了用于提高从存储管理系统中的服务器向客户端恢复重复数据消除的数据文件的性能的各种技术。 在一个实施例中,在客户机上维护块索引,其跟踪存储在存储服务器中并从存储服务器恢复的每个数据文件的客户端上剩余的块。 当选择特定文件从存储服务器恢复到客户端时,客户端确定该特定文件块的任何本地副本是否存储在客户端数据存储上已存在的文件中。 然后从文件块的这些本地副本和从存储服务器检索的块的组合重建文件。 因此,仅从服务器检索不存储或无法访问客户端的块,从而减少了数据恢复操作所需的服务器端处理要求和带宽。
-
公开(公告)号:US08892603B2
公开(公告)日:2014-11-18
申请号:US13479003
申请日:2012-05-23
CPC分类号: G06F17/3015 , G06F11/1453 , G06F11/1469
摘要: Provided are computer program product, system, and method for restoring deduplicated data objects from sequential backup devices. A server stores data objects of extents having deduplicated data in the at least one sequential backup device. The server receives from a client a request for data objects. The server determines extents stored in the at least one sequential backup device for the requested data objects. The server or client sorts the extents according to an order in which they are stored in the at least one sequential backup device to generate a sort list. The server retrieves the extents from the at least one sequential backup device according to the order in the sort list to access the extents sequentially from the sequential backup device in the order in which they were stored. The server returns the retrieved extents to the client and the client reconstructs the requested data objects from the received extents.
摘要翻译: 提供的是用于从顺序备份设备恢复重复数据删除的数据对象的计算机程序产品,系统和方法。 服务器将具有重复数据删除数据的盘区的数据对象存储在所述至少一个顺序备份设备中。 服务器从客户端接收对数据对象的请求。 服务器确定存储在所请求的数据对象的至少一个顺序备份设备中的区段。 服务器或客户端根据它们存储在至少一个顺序备份设备中的顺序对扩展区进行排序以生成排序列表。 服务器根据排序列表中的顺序从至少一个顺序备份设备中检索扩展数据块,以顺序备份设备按顺序从存储顺序访问扩展数据块。 服务器将检索到的扩展区返回到客户端,客户机从接收到的扩展区重新构建所请求的数据对象。
-
-
-
-
-
-
-
-
-
搜索结果
25 条记录 (耗时 0.026 秒)
