公开(公告)号：US09773012B2

公开(公告)日：2017-09-26

申请号：US14075831

申请日：2013-11-08

Applicant: Seagate Technology LLC

Inventor： Craig F. Cutforth ,  Caroline W. Arnold ,  Christopher J. DeMattio

IPC: G06F17/30 ,  G06F3/06

CPC classification number: G06F17/30194 ,  G06F3/0647 ,  G06F3/067 ,  G06F17/30079 ,  G06F17/30197

Abstract: Apparatus and method for updating map structures in an object storage system. A server communicates with users of an object storage system over a network. A plurality of data storage devices are arranged into locations to store and retrieve data objects of the users. A storage controller is associated with each location to direct data object transfers between the data storage devices of the associated location and the server using an existing map structure that describes the data objects in each location. A management module is adapted to generate a new map structure, migrate at least one data object from an existing location described by the existing map structure to a new location described by the new map structure, and to distribute the new map structure to each of the storage controllers after the migration of the at least one data object.

公开(公告)号：US09489508B2

公开(公告)日：2016-11-08

申请号：US14540784

申请日：2014-11-13

Applicant: Seagate Technology LLC

Inventor： Monty A. Forehand ,  Manuel A. Offenberg ,  Christopher J. DeMattio

IPC: G06F21/44 ,  G06F21/80 ,  H04L29/06 ,  H04L9/06

CPC classification number: G06F21/44 ,  G06F21/80 ,  G06F2221/2103 ,  G06F2221/2107 ,  H04L9/0643 ,  H04L63/0853

Abstract: Apparatus and method for controlling access to protected functionality of a data storage device. In some embodiments, a plurality of identification (ID) values associated with a data storage device are combined to form a combined ID value. The combined ID value is cryptographically processed using a secret symmetric encryption key in combination with a hash function or a key derivation function to generate a unique device credential for the data storage device. The unique device credential is used as an input to a selected cryptographic function to control access to a protected function of the data storage device.

Abstract translation: 用于控制对数据存储设备的受保护功能的访问的装置和方法。 在一些实施例中，与数据存储设备相关联的多个识别（ID）值被组合以形成组合的ID值。 组合的ID值使用秘密对称加密密钥与散列函数或密钥导出函数组合进行加密处理，以生成用于数据存储设备的唯一设备凭证。 独特的设备凭证被用作所选密码功能的输入，以控制对数据存储设备的保护功能的访问。

公开(公告)号：US20160140334A1

公开(公告)日：2016-05-19

申请号：US14540784

申请日：2014-11-13

Applicant: Seagate Technology LLC

Inventor： Monty A. Forehand ,  Manuel A. Offenberg ,  Christopher J. DeMattio

IPC: G06F21/44

CPC classification number: G06F21/44 ,  G06F21/80 ,  G06F2221/2103 ,  G06F2221/2107 ,  H04L9/0643 ,  H04L63/0853

Abstract: Apparatus and method for controlling access to protected functionality of a data storage device. In some embodiments, a plurality of identification (ID) values associated with a data storage device are combined to form a combined ID value. The combined ID value is cryptographically processed using a secret symmetric encryption key in combination with a hash function or a key derivation function to generate a unique device credential for the data storage device. The unique device credential is used as an input to a selected cryptographic function to control access to a protected function of the data storage device.

Abstract translation: 用于控制对数据存储设备的受保护功能的访问的装置和方法。 在一些实施例中，与数据存储设备相关联的多个识别（ID）值被组合以形成组合的ID值。 组合的ID值使用秘密对称加密密钥与散列函数或密钥导出函数组合进行加密处理，以生成用于数据存储设备的唯一设备凭证。 独特的设备凭证被用作所选密码功能的输入，以控制对数据存储设备的保护功能的访问。

公开(公告)号：US20150248568A1

公开(公告)日：2015-09-03

申请号：US14194290

申请日：2014-02-28

Applicant: Seagate Technology LLC

Inventor： Manuel A. Offenberg ,  Monty A. Forehand ,  Christopher J. DeMattio ,  KianBeng Lim

IPC: G06F21/78 ,  G06F21/62

CPC classification number: G06F21/78 ,  G06F21/6218 ,  G06F2221/0748

Abstract: Apparatus and method for data security through the use of an encrypted keystore data structure. In accordance with some embodiments, first and second sets of input data are respectively encrypted using first and second encryption keys to form corresponding first and second encrypted data sets. The first and second encryption keys are combined to form a string. A hidden key stored within a system on chip (SOC) is used to encrypt the string to form an encrypted keystore data structure, and the first and second encrypted data sets and the encrypted keystore data structure are stored in a memory.

Abstract translation: 通过使用加密密钥库数据结构的数据安全的装置和方法。 根据一些实施例，使用第一和第二加密密钥分别加密第一和第二组输入数据，以形成对应的第一和第二加密数据集。 第一和第二加密密钥被组合形成一个字符串。 使用存储在片上系统（SOC）中的隐藏密钥来加密字符串以形成加密的密钥库数据结构，并且将第一和第二加密数据集和加密的密钥库数据结构存储在存储器中。

公开(公告)号：US20150205531A1

公开(公告)日：2015-07-23

申请号：US14159181

申请日：2014-01-20

Applicant: Seagate Technology LLC

Inventor： Christopher J. DeMattio ,  Craig F. Cutforth ,  Caroline W. Arnold

IPC: G06F3/06

CPC classification number: G06F3/065 ,  G06F3/0617 ,  G06F3/0647 ,  G06F3/0689 ,  G06F11/20

Abstract: Apparatus and method for adding storage capacity to an object storage system. In accordance with some embodiments, a first set of data storage devices store data objects in accordance with a first map structure. A management module detects a second set of data storage devices added to the first set and, in response thereto, generates a second map structure and migrates a portion of the data objects from the first set to the second set based on the second map structure to balance the first and second sets.

Abstract translation: 将存储容量添加到对象存储系统的装置和方法。 根据一些实施例，第一组数据存储设备根据第一映射结构存储数据对象。 管理模块检测添加到第一集合的第二组数据存储设备，并且响应于此产生第二映射结构，并且基于第二映射结构将数据对象从第一集合到第二集合的一部分迁移到 平衡第一和第二组。

公开(公告)号：US09443111B2

公开(公告)日：2016-09-13

申请号：US14194290

申请日：2014-02-28

Applicant: Seagate Technology LLC

Inventor： Manuel A. Offenberg ,  Monty A. Forehand ,  Christopher J. DeMattio ,  KianBeng Lim

IPC: G06F21/78 ,  G06F21/62

CPC classification number: G06F21/78 ,  G06F21/6218 ,  G06F2221/0748

Abstract: Apparatus and method for data security through the use of an encrypted keystore data structure. In accordance with some embodiments, first and second sets of input data are respectively encrypted using first and second encryption keys to form corresponding first and second encrypted data sets. The first and second encryption keys are combined to form a string. A hidden key stored within a system on chip (SOC) is used to encrypt the string to form an encrypted keystore data structure, and the first and second encrypted data sets and the encrypted keystore data structure are stored in a memory.

Abstract translation: 通过使用加密密钥库数据结构的数据安全的装置和方法。 根据一些实施例，使用第一和第二加密密钥分别加密第一和第二组输入数据，以形成对应的第一和第二加密数据集。 第一和第二加密密钥被组合形成一个字符串。 使用存储在片上系统（SOC）中的隐藏密钥来加密字符串以形成加密的密钥库数据结构，并且将第一和第二加密数据集和加密的密钥库数据结构存储在存储器中。

公开(公告)号：US20150200833A1

公开(公告)日：2015-07-16

申请号：US14152398

申请日：2014-01-10

Applicant: Seagate Technology LLC

Inventor： Craig F. Cutforth ,  Caroline W. Arnold ,  Christopher J. DeMattio

IPC: H04L12/26

CPC classification number: H04L67/1097 ,  G06F3/0613 ,  G06F3/0647 ,  G06F3/067 ,  H04L43/0882 ,  H04L67/101

Abstract: Apparatus and method for migrating data within an object storage system using available storage system bandwidth. In accordance with some embodiments, a server communicates with users of the object storage system over a network. A plurality of data storage devices are grouped into zones, with each zone corresponding to a different physical location within the object storage system. A controller direct transfers of data objects between the server and the data storage devices of a selected zone. A rebalancing module directs migration of sets of data objects between zones in relation to an available bandwidth of the server.

Abstract translation: 用于使用可用的存储系统带宽在对象存储系统内迁移数据的装置和方法。 根据一些实施例，服务器通过网络与对象存储系统的用户进行通信。 多个数据存储设备被分组成区域，每个区域对应于对象存储系统内的不同物理位置。 控制器直接在服务器和所选区域的数据存储设备之间传输数据对象。 重新平衡模块指导相对于服务器的可用带宽的区域之间的数据对象集的迁移。

公开(公告)号：US20150134708A1

公开(公告)日：2015-05-14

申请号：US14075831

申请日：2013-11-08

Applicant: Seagate Technology LLC

Inventor： Craig F. Cutforth ,  Caroline W. Arnold ,  Christopher J. DeMattio

IPC: G06F17/30

CPC classification number: G06F17/30194 ,  G06F3/0647 ,  G06F3/067 ,  G06F17/30079 ,  G06F17/30197

Abstract: Apparatus and method for updating map structures in an object storage system. A server communicates with users of an object storage system over a network. A plurality of data storage devices are arranged into locations to store and retrieve data objects of the users. A storage controller is associated with each location to direct data object transfers between the data storage devices of the associated location and the server using an existing map structure that describes the data objects in each location. A management module is adapted to generate a new map structure, migrate at least one data object from an existing location described by the existing map structure to a new location described by the new map structure, and to distribute the new map structure to each of the storage controllers after the migration of the at least one data object.

Abstract translation: 用于更新对象存储系统中的地图结构的装置和方法。 服务器通过网络与对象存储系统的用户进行通信。 多个数据存储装置被布置在存储和检索用户的数据对象的位置。 存储控制器与每个位置相关联，以使用描述每个位置中的数据对象的现有映射结构来引导相关位置的数据存储设备和服务器之间的数据对象传输。 管理模块适于生成新的地图结构，将至少一个数据对象从现有地图结构描述的现有位置迁移到由新地图结构描述的新位置，并将新的地图结构分发到每个 存储控制器在迁移至少一个数据对象之后。