WO2002093314A3 - Encryption based security system for network storage - Google Patents

Encryption based security system for network storage Download PDF

Info

Publication number
WO2002093314A3
WO2002093314A3 PCT/US2002/015421 US0215421W WO02093314A3 WO 2002093314 A3 WO2002093314 A3 WO 2002093314A3 US 0215421 W US0215421 W US 0215421W WO 02093314 A3 WO02093314 A3 WO 02093314A3
Authority
WO
WIPO (PCT)
Prior art keywords
network interface
storage
security system
based security
network
Prior art date
Application number
PCT/US2002/015421
Other languages
French (fr)
Other versions
WO2002093314A2 (en
Inventor
Dan Avida
Serge Plotkin
Original Assignee
Decru Inc
Dan Avida
Serge Plotkin
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Decru Inc, Dan Avida, Serge Plotkin filed Critical Decru Inc
Priority to US10/478,386 priority Critical patent/US8335915B2/en
Priority to AU2002305607A priority patent/AU2002305607A1/en
Priority to EP02734438A priority patent/EP1388061A4/en
Publication of WO2002093314A2 publication Critical patent/WO2002093314A2/en
Publication of WO2002093314A3 publication Critical patent/WO2002093314A3/en
Priority to US11/350,047 priority patent/US8423780B2/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Abstract

The presently preferred embodiment of the invention provides an encryption based security system for network storage that separates the ability to access storage from the ability to access the stored data. This is achieved by keeping all the data encrypted on the storage devices (12). Logically, the invention comprises a device that has two network interfaces: one is a clear text network interface that connects to one or more clients, and the other is a secure network interface that is connected to one or more persistent storage servers. Functionally, each network interface supports multiple network nodes (13). That is, the clear text network interface supports multiple client machines, and the secure network interface supports one or more storage servers (12).
PCT/US2002/015421 2001-05-17 2002-05-14 Encryption based security system for network storage WO2002093314A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US10/478,386 US8335915B2 (en) 2002-05-14 2002-05-14 Encryption based security system for network storage
AU2002305607A AU2002305607A1 (en) 2001-05-17 2002-05-14 Encryption based security system for network storage
EP02734438A EP1388061A4 (en) 2001-05-17 2002-05-14 Encryption based security system for network storage
US11/350,047 US8423780B2 (en) 2002-05-14 2006-02-07 Encryption based security system for network storage

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US29208801P 2001-05-17 2001-05-17
US60/292,088 2001-05-17

Publications (2)

Publication Number Publication Date
WO2002093314A2 WO2002093314A2 (en) 2002-11-21
WO2002093314A3 true WO2002093314A3 (en) 2003-05-15

Family

ID=23123156

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2002/015421 WO2002093314A2 (en) 2001-05-17 2002-05-14 Encryption based security system for network storage

Country Status (3)

Country Link
EP (1) EP1388061A4 (en)
AU (1) AU2002305607A1 (en)
WO (1) WO2002093314A2 (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8352726B2 (en) 2003-11-07 2013-01-08 Netapp, Inc. Data storage and/or retrieval
US7162647B2 (en) 2004-03-11 2007-01-09 Hitachi, Ltd. Method and apparatus for cryptographic conversion in a data storage system
US7383462B2 (en) 2004-07-02 2008-06-03 Hitachi, Ltd. Method and apparatus for encrypted remote copy for secure data backup and restoration
US7502923B2 (en) 2004-09-16 2009-03-10 Nokia Corporation Systems and methods for secured domain name system use based on pre-existing trust
US7428642B2 (en) 2004-10-15 2008-09-23 Hitachi, Ltd. Method and apparatus for data storage
US7272727B2 (en) 2005-04-18 2007-09-18 Hitachi, Ltd. Method for managing external storage devices
JP2009506405A (en) 2005-08-09 2009-02-12 ネクサン テクノロジーズ カナダ インコーポレイテッド Data archiving system
US8898452B2 (en) 2005-09-08 2014-11-25 Netapp, Inc. Protocol translation
US7886158B2 (en) 2005-09-08 2011-02-08 Hitachi, Ltd. System and method for remote copy of encrypted data
US8171307B1 (en) 2006-05-26 2012-05-01 Netapp, Inc. Background encryption of disks in a large cluster
US8255704B1 (en) 2006-08-24 2012-08-28 Netapp, Inc. Pool encryption with automatic detection
US8190905B1 (en) 2006-09-29 2012-05-29 Netapp, Inc. Authorizing administrative operations using a split knowledge protocol
US8245050B1 (en) 2006-09-29 2012-08-14 Netapp, Inc. System and method for initial key establishment using a split knowledge protocol
US8042155B1 (en) 2006-09-29 2011-10-18 Netapp, Inc. System and method for generating a single use password based on a challenge/response protocol
US8607046B1 (en) 2007-04-23 2013-12-10 Netapp, Inc. System and method for signing a message to provide one-time approval to a plurality of parties
US8611542B1 (en) 2007-04-26 2013-12-17 Netapp, Inc. Peer to peer key synchronization
US8824686B1 (en) 2007-04-27 2014-09-02 Netapp, Inc. Cluster key synchronization
US8196182B2 (en) 2007-08-24 2012-06-05 Netapp, Inc. Distributed management of crypto module white lists
US9774445B1 (en) 2007-09-04 2017-09-26 Netapp, Inc. Host based rekeying

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4588991A (en) * 1983-03-07 1986-05-13 Atalla Corporation File access security method and means
US5065429A (en) * 1989-04-03 1991-11-12 Lang Gerald S Method and apparatus for protecting material on storage media
US5150407A (en) * 1991-12-16 1992-09-22 Chan Steve S C Secured data storage devices
US5235641A (en) * 1990-03-13 1993-08-10 Hitachi, Ltd. File encryption method and file cryptographic system
US5235642A (en) * 1992-07-21 1993-08-10 Digital Equipment Corporation Access control subsystem and method for distributed computer system using locally cached authentication credentials
US5720034A (en) * 1995-12-07 1998-02-17 Case; Jeffrey D. Method for secure key production
US5940507A (en) * 1997-02-11 1999-08-17 Connected Corporation Secure file archive through encryption key management
US6175924B1 (en) * 1997-06-20 2001-01-16 International Business Machines Corp. Method and apparatus for protecting application data in secure storage areas
US6185684B1 (en) * 1998-08-28 2001-02-06 Adobe Systems, Inc. Secured document access control using recipient lists

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6981141B1 (en) * 1998-05-07 2005-12-27 Maz Technologies, Inc Transparent encryption and decryption with algorithm independent cryptographic engine that allows for containerization of encrypted files

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4588991A (en) * 1983-03-07 1986-05-13 Atalla Corporation File access security method and means
US5065429A (en) * 1989-04-03 1991-11-12 Lang Gerald S Method and apparatus for protecting material on storage media
US5235641A (en) * 1990-03-13 1993-08-10 Hitachi, Ltd. File encryption method and file cryptographic system
US5150407A (en) * 1991-12-16 1992-09-22 Chan Steve S C Secured data storage devices
US5235642A (en) * 1992-07-21 1993-08-10 Digital Equipment Corporation Access control subsystem and method for distributed computer system using locally cached authentication credentials
US5720034A (en) * 1995-12-07 1998-02-17 Case; Jeffrey D. Method for secure key production
US5940507A (en) * 1997-02-11 1999-08-17 Connected Corporation Secure file archive through encryption key management
US6175924B1 (en) * 1997-06-20 2001-01-16 International Business Machines Corp. Method and apparatus for protecting application data in secure storage areas
US6185684B1 (en) * 1998-08-28 2001-02-06 Adobe Systems, Inc. Secured document access control using recipient lists

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1388061A4 *

Also Published As

Publication number Publication date
EP1388061A2 (en) 2004-02-11
WO2002093314A2 (en) 2002-11-21
EP1388061A4 (en) 2010-11-03
AU2002305607A1 (en) 2002-11-25

Similar Documents

Publication Publication Date Title
WO2002093314A3 (en) Encryption based security system for network storage
WO2001022650A3 (en) Server-side implementation of a cryptographic system
WO2003032603A3 (en) Ip hopping for secure data transfer
WO2003032133A3 (en) Distributed security architecture for storage area networks (san)
WO1998058473A3 (en) Network security and integration method and system
AU2000264222A1 (en) Single sign-on process
WO2006124479A3 (en) Cifs for scalable nas architecture
WO2006050074A3 (en) System and method for providing a multi-credential authentication protocol
CA2323766A1 (en) Providing secure access to network services
WO2000072500A3 (en) Information encryption system and method
WO2002082825A3 (en) Method and apparatus for authentication using remote multiple access sim technology
WO2002033884A3 (en) Method and apparatus for providing a key distribution center
CA2571608A1 (en) System and method for consolidating, securing and automating out-of-band access to nodes in a data network
WO2004081719A3 (en) Methods and systems for digital rights management of protected content
WO2002012987A3 (en) Systems and methods for authenticating a user to a web server
EP1251423A3 (en) Access control system
WO2001045049A8 (en) Secure gateway having user identification and password authentication
CA2375443A1 (en) Secure data exchange between data processing systems
KR960701410A (en) METHOD FOR PROVIDING MUTUAL AUTHENTICATION OF A USER AND A SERVER ON A NETWORK
CA2287871A1 (en) Secure document management system
WO2004075012A3 (en) System and method for simplified secure universal access and control of remote network electronic resources
WO2002082767A3 (en) System and method for distributing security processing functions for network applications
WO2004046849A3 (en) Cryptographic methods and apparatus for secure authentication
DE60138884D1 (en) DATA TRANSFER AND ADMINISTRATIVE PROCEDURES
WO2002017034A3 (en) System and method for highly scalable high-speed content-based filtering and load balancing in interconnected fabrics

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2002734438

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 10478386

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 2002734438

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP