公开(公告)号：US20110040732A1

公开(公告)日：2011-02-17

申请号：US12541191

申请日：2009-08-14

申请人： Matthew J. Anglin ,  David M. Cannon ,  Avishai H. Hochberg ,  Alexei Kojenov ,  James P. Smith ,  Mark L. Yakushev

发明人： Matthew J. Anglin ,  David M. Cannon ,  Avishai H. Hochberg ,  Alexei Kojenov ,  James P. Smith ,  Mark L. Yakushev

IPC分类号： G06F12/00 ,  G06F12/16 ,  G06F7/00

CPC分类号： G06F11/1453 ,  G06F21/55 ,  G06F21/64

摘要： The various embodiments of the present invention include techniques for securing the use of data deduplication activities occurring in a source-deduplicating storage management system. These techniques are intended to prevent fake data backup, target data contamination, and data spoofing attacks initiated by a source. In one embodiment, one technique includes limiting chunk querying to authorized users. Another technique provides detection of attacks and unauthorized access to keys within the target system. Additional techniques include the combination of validating the existence of data from the source by validating the data chunk, validating a data sample of the data chunk, or validating a hash value of the data chunk. A further embodiment involves the use of policies to provide authorization levels for chunk sharing and linking within the target. These techniques separately and in combination provide a comprehensive strategy to avoid unauthorized access to data within the target storage system.

摘要翻译： 本发明的各种实施例包括用于确保在源 - 重复数据删除存储管理系统中发生的重复数据删除活动的使用的技术。 这些技术旨在防止由源发起的假数据备份，目标数据污染和数据欺骗攻击。 在一个实施例中，一种技术包括限制对授权用户的块查询。 另一种技术提供对目标系统内的攻击和未授权访问密钥的检测。 附加技术包括通过验证数据块来验证来自源的数据的存在，验证数据块的数据样本或验证数据块的哈希值的组合。 进一步的实施例涉及使用策略来为目标内的块共享和链接提供授权级别。 这些技术分开并组合提供了一种全面的策略，以避免未经授权的访问目标存储系统中的数据。

公开(公告)号：US08453257B2

公开(公告)日：2013-05-28

申请号：US12541191

申请日：2009-08-14

申请人： Matthew J. Anglin ,  David M. Cannon ,  Avishai H. Hochberg ,  Alexei Kojenov ,  James P. Smith ,  Mark L. Yakushev

发明人： Matthew J. Anglin ,  David M. Cannon ,  Avishai H. Hochberg ,  Alexei Kojenov ,  James P. Smith ,  Mark L. Yakushev

IPC分类号： H04L29/06

CPC分类号： G06F11/1453 ,  G06F21/55 ,  G06F21/64

摘要： The various embodiments of the present invention include techniques for securing the use of data deduplication activities occurring in a source-deduplicating storage management system. These techniques are intended to prevent fake data backup, target data contamination, and data spoofing attacks initiated by a source. In one embodiment, one technique includes limiting chunk querying to authorized users. Another technique provides detection of attacks and unauthorized access to keys within the target system. Additional techniques include the combination of validating the existence of data from the source by validating the data chunk, validating a data sample of the data chunk, or validating a hash value of the data chunk. A further embodiment involves the use of policies to provide authorization levels for chunk sharing and linking within the target. These techniques separately and in combination provide a comprehensive strategy to avoid unauthorized access to data within the target storage system.

摘要翻译： 本发明的各种实施例包括用于确保在源 - 重复数据删除存储管理系统中发生的重复数据删除活动的使用的技术。 这些技术旨在防止由源发起的假数据备份，目标数据污染和数据欺骗攻击。 在一个实施例中，一种技术包括限制对授权用户的块查询。 另一种技术提供对目标系统内的攻击和未授权访问密钥的检测。 附加技术包括通过验证数据块来验证来自源的数据的存在，验证数据块的数据样本或验证数据块的哈希值的组合。 进一步的实施例涉及使用策略来为目标内的块共享和链接提供授权级别。 这些技术分开并组合提供了一种全面的策略，以避免未经授权的访问目标存储系统中的数据。

公开(公告)号：US08041676B2

公开(公告)日：2011-10-18

申请号：US11293650

申请日：2005-12-02

申请人： Malahal R. Naineni ,  Ninad S. Palsule ,  Alexei Kojenov ,  Venkateswararao Jujjuri ,  James J. Seeger, Jr.

发明人： Malahal R. Naineni ,  Ninad S. Palsule ,  Alexei Kojenov ,  Venkateswararao Jujjuri ,  James J. Seeger, Jr.

IPC分类号： G06F7/00 ,  G06F17/00 ,  G06F12/00 ,  G06F13/00 ,  G06F13/28

CPC分类号： G06F11/1435 ,  G06F11/1448

摘要： File system objects of unknown type are backed up and restored. A list of file system objects is received from a file system. The file system objects are to be backed up. For each file system object that has a file type that is unknown, the following is performed. First, the file system is queried to obtain information regarding the file system object that is sufficient for the file system to later recreate the file system object if necessary. Second, the file system object and the information regarding the file system object are stored. Examples of file system object types of the file system that may be unknown to an application running on a Microsoft Windows® operating system include symbolic links, named pipes, and special device files.

摘要翻译： 备份和恢复未知类型的文件系统对象。 从文件系统接收文件系统对象的列表。 要备份文件系统对象。 对于具有未知的文件类型的每个文件系统对象，执行以下操作。 首先，查询文件系统以获取有关文件系统对象的信息，该文件系统对象足以使文件系统稍后在必要时重新创建文件系统对象。 其次，存储文件系统对象和有关文件系统对象的信息。 可能在MicrosoftWindows®操作系统上运行的应用程序可能未知的文件系统的文件系统对象类型的示例包括符号链接，命名管道和特殊设备文件。

公开(公告)号：US20050015415A1

公开(公告)日：2005-01-20

申请号：US10619986

申请日：2003-07-14

申请人： Neeta Garimella ,  Alexei Kojenov

发明人： Neeta Garimella ,  Alexei Kojenov

IPC分类号： G06F3/06 ,  G06F12/00

CPC分类号： G06F3/0637 ,  G06F3/0623 ,  G06F3/0656 ,  G06F3/067

摘要： Provided are a method, system, and program for performing an Input/Output (I/O) operation with respect to a logical device capable of being accessed by multiple host systems. Metadata in the logical device that is required in order to access the data in the logical device is overwritten to prevent at least one host system from accessing the data in the logical device represented by the overwritten metadata. An I/O operation is performed with respect to the logical device. Valid metadata is written to the logical device to enable host systems to access the data in the logical device represented by the metadata.

公开(公告)号：US08086572B2

公开(公告)日：2011-12-27

申请号：US10814431

申请日：2004-03-30

申请人： Alexei Kojenov ,  Omar Bond Vargas

发明人： Alexei Kojenov ,  Omar Bond Vargas

IPC分类号： G06F7/00 ,  G06F17/00 ,  G06F15/173

CPC分类号： G06F11/1469 ,  G06F11/1464

摘要： Provided is a method, system and program for backing up the contents of a source storage device as an object in a data storage subsystem wherein the object contains image data representing the contents of the source storage device, and restoring the contents of the source storage device from the object to a file such as a flat file. The contents of the file may be copied to a target storage device to restore the contents of the source storage device from the file to the target storage device which may be the source storage device or another target storage device.

摘要翻译： 提供了一种用于备份作为数据存储子系统中的对象的源存储设备的内容的方法，系统和程序，其中对象包含表示源存储设备的内容的图像数据，并且还原源存储设备的内容 从对象到一个文件，如平面文件。 可以将文件的内容复制到目标存储装置，以将源存储装置的内容从文件恢复到可以是源存储装置或另一目标存储装置的目标存储装置。

公开(公告)号：US20090110198A1

公开(公告)日：2009-04-30

申请号：US11929103

申请日：2007-10-30

申请人： Neeta Garimella ,  Alexei Kojenov ,  Shawn P. Mullen ,  Ravi A. Shankar ,  John Viksne

发明人： Neeta Garimella ,  Alexei Kojenov ,  Shawn P. Mullen ,  Ravi A. Shankar ,  John Viksne

IPC分类号： H04L9/00

CPC分类号： G06F21/6218 ,  G06F21/6209

摘要： The present invention provides a computer implemented method, data processing system, and computer program product to restore an encrypted file. A computer receives a command to restore an encrypted file, wherein the encrypted file was previously backed up. The computer identifies a user associated with the encrypted file. The computer looks up a first keystore of the user based on the user, the first keystore having an active private key. The computer determines that a public key of the encrypted file fails to match an active public key of the first keystore. The computer restores a second keystore of the user to form a restored private key, wherein the second keystore was previously backed up. The computer responsive to a determination that the public key of the encrypted file fails to match the active public key of the first keystore, decrypts the encrypted file encryption key based on the restored private key to form a file encryption key. The computer encrypts the file encryption key with the active private key of the first keystore.

摘要翻译： 本发明提供了一种计算机实现的方法，数据处理系统和用于恢复加密文件的计算机程序产品。 计算机接收恢复加密文件的命令，其中先前备份了加密文件。 计算机识别与加密文件相关联的用户。 计算机基于用户查找用户的第一密钥库，第一密钥库具有活动的私钥。 计算机确定加密文件的公钥不能匹配第一密钥库的活动公钥。 计算机恢复用户的第二密钥库以形成恢复的私钥，其中先前备份了第二密钥库。 该计算机响应于确定加密文件的公开密钥与第一密钥库的活动公钥匹配的确定，基于恢复的私钥对加密的文件加密密钥进行解密以形成文件加密密钥。 计算机使用第一个密钥库的活动私钥对文件加密密钥进行加密。

公开(公告)号：US08494167B2

公开(公告)日：2013-07-23

申请号：US11929103

申请日：2007-10-30

申请人： Neeta Garimella ,  Alexei Kojenov ,  Shawn P. Mullen ,  Ravi A. Shankar ,  John Viksne

发明人： Neeta Garimella ,  Alexei Kojenov ,  Shawn P. Mullen ,  Ravi A. Shankar ,  John Viksne

IPC分类号： H04K1/04 ,  H04K1/10

CPC分类号： G06F21/6218 ,  G06F21/6209

摘要： The present invention provides a computer implemented method, data processing system, and computer program product to restore an encrypted file. A computer receives a command to restore an encrypted file, wherein the encrypted file was previously backed up. The computer identifies a user associated with the encrypted file. The computer looks up a first keystore of the user based on the user, the first keystore having an active private key. The computer determines that a public key of the encrypted file fails to match an active public key of the first keystore. The computer restores a second keystore of the user to form a restored private key, wherein the second keystore was previously backed up. The computer responsive to a determination that the public key of the encrypted file fails to match the active public key of the first keystore, decrypts the encrypted file encryption key based on the restored private key to form a file encryption key. The computer encrypts the file encryption key with the active private key of the first keystore.

摘要翻译： 本发明提供了一种计算机实现的方法，数据处理系统和用于恢复加密文件的计算机程序产品。 计算机接收恢复加密文件的命令，其中先前备份了加密文件。 计算机识别与加密文件相关联的用户。 计算机基于用户查找用户的第一密钥库，第一密钥库具有活动的私钥。 计算机确定加密文件的公钥不能匹配第一密钥库的活动公钥。 计算机恢复用户的第二密钥库以形成恢复的私钥，其中先前备份了第二密钥库。 该计算机响应于确定加密文件的公开密钥与第一密钥库的活动公钥匹配的确定，基于恢复的私钥对加密的文件加密密钥进行解密以形成文件加密密钥。 计算机使用第一个密钥库的活动私钥对文件加密密钥进行加密。

公开(公告)号：US08285680B2

公开(公告)日：2012-10-09

申请号：US12350840

申请日：2009-01-08

申请人： Bryan Wayne Freeman ,  Alexei Kojenov ,  Joanne T. Nguyen ,  Delbert Barron Hoobler, III

发明人： Bryan Wayne Freeman ,  Alexei Kojenov ,  Joanne T. Nguyen ,  Delbert Barron Hoobler, III

IPC分类号： G06F17/30

CPC分类号： G06F11/1435

摘要： A method for restoring an object comprises receiving a request to restore an object. Also, the method includes outputting a representation of available backup files and receiving a selection of at least one of the available backup files. Further, the method comprises restoring at least one of the selected backup files into a temporary location and mounting at least one of the restored backup files as a server. In addition, the method includes outputting a representation of available objects from the server and receiving a selection of at least one of the available objects to be restored from the server. Also, the method includes copying one or more selected objects from the server into an Active Directory.

摘要翻译： 用于恢复对象的方法包括接收恢复对象的请求。 此外，该方法包括输出可用备份文件的表示并接收至少一个可用备份文件的选择。 此外，该方法包括将所选择的备份文件中的至少一个恢复到临时位置，并将至少一个恢复的备份文件安装为服务器。 此外，该方法包括从服务器输出可用对象的表示，并从服务器接收要恢复的可用对象中的至少一个的选择。 而且，该方法包括将一个或多个所选择的对象从服务器复制到Active Directory中。

公开(公告)号：US20070214197A1

公开(公告)日：2007-09-13

申请号：US11372816

申请日：2006-03-09

申请人： Christian Bolik ,  Venkateswararao Jujjuri ,  Alexei Kojenov ,  Malahal Naineni ,  Ninad Palsule ,  James Seeger ,  James Smith ,  Jason Young

发明人： Christian Bolik ,  Venkateswararao Jujjuri ,  Alexei Kojenov ,  Malahal Naineni ,  Ninad Palsule ,  James Seeger ,  James Smith ,  Jason Young

IPC分类号： G06F17/30

CPC分类号： G06F11/1451

摘要： Provided are techniques for determining whether content of an object has changed. Under control of a backup system, opaque object attributes and a data identifier are received, wherein the data identifier is generated based on one or more relevant object attributes of the opaque object attributes that indicate whether at least one of the content of the object and one or more of the relevant object attributes has changed. The received data identifier is compared with a previously stored data identifier. In response to determining that the received data identifier and the previously stored data identifier do not match, it is determined that the content of the object has changed.

摘要翻译： 提供了用于确定对象的内容是否已经改变的技术。 在备份系统的控制下，接收不透明对象属性和数据标识符，其中基于不透明对象属性的一个或多个相关对象属性生成数据标识符，该对象属性指示对象的内容和一个对象的内容中的至少一个 或更多的相关对象属性已更改。 所接收的数据标识符与先前存储的数据标识符进行比较。 响应于确定接收到的数据标识符和先前存储的数据标识符不匹配，确定对象的内容已经改变。

公开(公告)号：US06988179B2

公开(公告)日：2006-01-17

申请号：US10410415

申请日：2003-04-07

申请人： Christian Bolik ,  Alexei Kojenov

发明人： Christian Bolik ,  Alexei Kojenov

IPC分类号： G06F12/10

CPC分类号： G06F3/065 ,  G06F3/0619 ,  G06F3/0644 ,  G06F3/067 ,  G06F11/1448 ,  G06F11/1456

摘要： Disclosed is a method, system, and program for ordering data. Portions of a logical volume are matched with portions of one or more physical extents. The one or more physical extents are ordered according to the order of the matched portions of the logical volume.

摘要翻译： 公开了用于订购数据的方法，系统和程序。 逻辑卷的部分与一个或多个物理盘区的部分相匹配。 一个或多个物理盘区根据逻辑卷的匹配部分的顺序排列。