Distributed storage system and method of reusing symmetric keys for encrypted message transmissions

    公开(公告)号:US11792003B2

    公开(公告)日:2023-10-17

    申请号:US16950852

    申请日:2020-11-17

    Applicant: VMware, Inc.

    CPC classification number: H04L9/14 G06F9/545 H04L9/32 H04L2101/622

    Abstract: Distributed storage system and method for transmitting storage-related messages between host computers in a distributed storage system uses a handshake operation of a first-type communication connection between a source data transport daemon of a source host computer and a target data transport daemon of a target host computer to derive a symmetric key at each of the source and target data transport daemons. The two symmetric keys are sent to a source data transport manager of the source host computer and to a target data transport manager of the target host computer. The source and target data transport managers then use the same symmetric keys to encrypt and decrypt storage-related messages that are transmitted from the source data transport manager to the target data transport manager through multiple second-type communication connections between the source and target data transport managers.

    End-to-end checksum in a multi-tenant encryption storage system

    公开(公告)号:US10581602B2

    公开(公告)日:2020-03-03

    申请号:US15866185

    申请日:2018-01-09

    Applicant: VMware, Inc.

    Abstract: A multi-tenant storage system can store clear text data and associated clear text checksum received from a storage tenant using their associated cryptographic key (“cryptokey”). When the clear text data is compressible, cryptographic data (“cryptodata”) is generated from a concatenation of the clear text checksum and compressed clear text data using the cryptokey. A cryptographic checksum (“cryptochecksum”) is generated from the cryptodata. When the clear text data is uncompressible, cryptographic data (“cryptodata”) is generated by encrypting the clear text data using the cryptokey with an extra verification step to make sure the clear text checksum can be rebuilt during the read request. A cryptographic checksum (“cryptochecksum”) is generated from the cryptodata. The cryptodata and associated cryptochecksum are stored in the multi-tenant storage system, so that repairs to damaged cryptodata can be made using the associated cryptochecksum.

    END-TO-END CHECKSUM IN A MULTI-TENANT ENCRYPTION STORAGE SYSTEM

    公开(公告)号:US20190215152A1

    公开(公告)日:2019-07-11

    申请号:US15866185

    申请日:2018-01-09

    Applicant: VMware, Inc.

    Abstract: A multi-tenant storage system can store clear text data and associated clear text checksum received from a storage tenant using their associated cryptographic key (“cryptokey”). When the clear text data is compressible, cryptographic data (“cryptodata”) is generated from a concatenation of the clear text checksum and compressed clear text data using the cryptokey. A cryptographic checksum (“cryptochecksum”) is generated from the cryptodata. When the clear text data is uncompressible, cryptographic data (“cryptodata”) is generated by encrypting the clear text data using the cryptokey with an extra verification step to make sure the clear text checksum can be rebuilt during the read request. A cryptographic checksum (“cryptochecksum”) is generated from the cryptodata. The cryptodata and associated cryptochecksum are stored in the multi-tenant storage system, so that repairs to damaged cryptodata can be made using the associated cryptochecksum.

    Systems and methods for customizing and programming a cloud-based management server
    7.
    发明授权
    Systems and methods for customizing and programming a cloud-based management server 有权
    用于定制和编程基于云的管理服务器的系统和方法

    公开(公告)号:US09557986B2

    公开(公告)日:2017-01-31

    申请号:US13906332

    申请日:2013-05-30

    Applicant: VMware, Inc.

    Abstract: Systems and methods for managing Software-as-a-Service (SaaS) provided by a virtual machine are described. The system may include a management application, and may receive a feature package from the virtual machine. The feature package may be associated with a function supported by the virtual machine. The system may integrate the feature package into the management application, and transmit a first command to the virtual machine for executing the function at the virtual machine. The first command may be generated by the management application based on the feature package.

    Abstract translation: 描述了虚拟机提供的用于管理软件即服务(SaaS)的系统和方法。 系统可以包括管理应用,并且可以从虚拟机接收特征包。 功能包可能与虚拟机支持的功能相关联。 系统可以将特征包集成到管理应用中,并且向虚拟机发送第一命令以在虚拟机上执行该功能。 第一个命令可以由管理应用程序基于特征包生成。

    SYSTEMS AND METHODS FOR CUSTOMIZING AND PROGRAMMING A CLOUD-BASED MANAGEMENT SERVER
    8.
    发明申请
    SYSTEMS AND METHODS FOR CUSTOMIZING AND PROGRAMMING A CLOUD-BASED MANAGEMENT SERVER 有权
    用于自定义和编程基于云的管理服务器的系统和方法

    公开(公告)号:US20140359610A1

    公开(公告)日:2014-12-04

    申请号:US13906332

    申请日:2013-05-30

    Applicant: VMware, Inc.

    Abstract: Systems and methods for managing Software-as-a-Service (SaaS) provided by a virtual machine are described. The system may include a management application, and may receive a feature package from the virtual machine. The feature package may be associated with a function supported by the virtual machine. The system may integrate the feature package into the management application, and transmit a first command to the virtual machine for executing the function at the virtual machine. The first command may be generated by the management application based on the feature package.

    Abstract translation: 描述了虚拟机提供的用于管理软件即服务(SaaS)的系统和方法。 系统可以包括管理应用,并且可以从虚拟机接收特征包。 功能包可能与虚拟机支持的功能相关联。 系统可以将特征包集成到管理应用中,并且向虚拟机发送第一命令以在虚拟机上执行该功能。 第一个命令可以由管理应用程序基于特征包生成。

    Workflow for enabling data-in-transit in a distributed system

    公开(公告)号:US11658820B2

    公开(公告)日:2023-05-23

    申请号:US17102363

    申请日:2020-11-23

    Applicant: VMware, Inc.

    CPC classification number: H04L9/32 H04L63/0428

    Abstract: A distributed system, such as a distributed storage system in a virtualized computing environment and having storage nodes arranged in a cluster, is provided by management server with a transition period between non-encryption and encryption modes of operation. The transition period enables all of the nodes to complete a transition from the non-encryption mode of operation to the encryption mode of operation, without loss of data-in-transit (DIT). An auto-remediation feature is provided by the management server to the cluster, so as to fix inconsistent state(s) of one or more nodes in the cluster.

    DISTRIBUTED STORAGE SYSTEM AND METHOD OF REUSING SYMMETRIC KEYS FOR ENCRYPTED MESSAGE TRANSMISSIONS

    公开(公告)号:US20220103359A1

    公开(公告)日:2022-03-31

    申请号:US16950852

    申请日:2020-11-17

    Applicant: VMware, Inc.

    Abstract: Distributed storage system and method for transmitting storage-related messages between host computers in a distributed storage system uses a handshake operation of a first-type communication connection between a source data transport daemon of a source host computer and a target data transport daemon of a target host computer to derive a symmetric key at each of the source and target data transport daemons. The two symmetric keys are sent to a source data transport manager of the source host computer and to a target data transport manager of the target host computer. The source and target data transport managers then use the same symmetric keys to encrypt and decrypt storage-related messages that are transmitted from the source data transport manager to the target data transport manager through multiple second-type communication connections between the source and target data transport managers.

Patent Agency Ranking