WO2010126644A2 - Methods and systems for stripe blind encryption - Google Patents
Methods and systems for stripe blind encryption Download PDFInfo
- Publication number
- WO2010126644A2 WO2010126644A2 PCT/US2010/024889 US2010024889W WO2010126644A2 WO 2010126644 A2 WO2010126644 A2 WO 2010126644A2 US 2010024889 W US2010024889 W US 2010024889W WO 2010126644 A2 WO2010126644 A2 WO 2010126644A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data item
- stripe
- blinding factor
- encryption key
- logic operation
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 238000013500 data storage Methods 0.000 claims abstract description 45
- 238000009795 derivation Methods 0.000 claims description 10
- 238000010276 construction Methods 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims 2
- 230000006870 function Effects 0.000 description 13
- 238000007726 management method Methods 0.000 description 13
- 150000003839 salts Chemical class 0.000 description 11
- 230000015654 memory Effects 0.000 description 9
- 230000008569 process Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000006978 adaptation Effects 0.000 description 3
- 230000006378 damage Effects 0.000 description 3
- 230000002085 persistent effect Effects 0.000 description 3
- 238000011084 recovery Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005192 partition Methods 0.000 description 2
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000004630 atomic force microscopy Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 238000007789 sealing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1471—Saving, restoring, recovering or retrying involving logging of persistent data for recovery
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/20—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
- G06F11/2053—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where persistent mass storage functionality or persistent mass storage control functionality is redundant
- G06F11/2094—Redundant storage or storage space
Definitions
- the present invention generally relates to the field of encryption systems and methods and, more particularly, to an archival data storage apparatus for encrypting and managing archival data.
- Computers are connected to storage devices such as disks and disk arrays by network connections such as Ethernet.
- the data stored on such storage devices is often a proprietary nature.
- the creation of proprietary information is one of the most valuable intellectual assets developed, shared and traded among individuals, businesses, and institutions. This information is mostly defined in electronic digital formats, e.g., alphanumeric, audio, video, photographic, scanned image, etc.
- the exposed nature of the storage and transport of this proprietary information particularly for the purposes of sharing among separate collaboration groups, has significantly increased the risk of interception and theft by criminal elements, competitors, amateur thieves, computer hackers, terrorists, or political or industrial spies.
- KDF key derivation function
- PKE Public Key Encryption
- Key derivation functions internally often use a cryptographic hash function. Key derivation functions are often used in conjunction with non- secret parameters to derive one or more keys from a common secret value. Such use may prevent an attacker who obtains a derived key from learning useful information about either the input secret value or any of the other derived keys.
- a KDF may also be used to ensure that derived keys have other desirable properties, such as avoiding "weak keys" in some specific encryption systems.
- the derived key is used instead of the original key or password as the key to the system.
- the values of the salt and the number of iterations, if not fixed, can be stored with the hashed password or sent as plaintext with an encrypted message.
- Some techniques that are known in the art of cryptography as applied to plaintext files include hashing, compressing, and encrypting the plaintext file, hashing the ciphertext, hashing the plaintext hash and the ciphertext hash, and sealing the ciphertext together with the resulting hash.
- the owner may be concerned with preventing the data from being readable should the disk drives themselves be stolen or lost.
- the cryptography system employed with a data storage system may use encryption/decryption techniques such as Key Blinding, in which it is necessary to have possession of key information that is distributed across numerous locations in order to recover the encryption or decryption key.
- the key information may be distributed across numerous disk drives.
- the key information may be distributed across numerous stripes.
- a stripe (or shard) is a grouping of data and/or metadata, formed from one or more logical partitions of data storage.
- the data comprise assets having multiple asset parts
- the metadata associated with the assets and asset parts are stored in stripes, and, again, the key information may be distributed across numerous stripes.
- Shamir's Secret Sharing is a form of secret sharing.
- Shamir's Secret Sharing a secret is divided into parts. Each participant is given its own unique part and some or all of the parts are needed in order to reconstruct the secret.
- the present invention implements methods and systems of protecting data in a data storage system having a plurality of storage devices such as disk drives, in which data of a data item in a plurality of disks of a data storage system are encrypted.
- the disks have a plurality of stripes and each data item has an independent, unique encryption key with which the data in the data item are encrypted.
- at least one processor is used for constructing a non-zero blinding factor based on a stripe blind and a unique data item identifier associated with the data.
- the stripe blind comprises a large, securely random value that may be assigned to each stripe in the data storage system.
- a first logic operation F is then performed between the blinding factor and the encryption key to form a blinded encryption key for the data item identified by the unique data item identifier.
- the blinded encryption key for the data item may be stored in metadata associated with the item so that it is available later when the data item needs to be decrypted and retrieved.
- the data item is decrypted by the data storage system using information about the data item along with information about the blinding process and the encryption process that was used to encrypt the data item.
- a user supplies the unique data item identifier for the target data item to request decryption and retrieval of the data item.
- the stripe blind and the unique data item identifier value are digested to recreate the blinding factor.
- a second logic operation G is then performed on the blinding factor and the blinded encryption key to recreate the encryption key.
- the first logic operation comprises an
- the first and second logic operations may be any functions F and G as defined above.
- a data item may be destroyed by destroying the blinded encryption key associated with the data item.
- the encryption key cannot be recreated, and so the target document that was encrypted with the encryption key can no longer be decrypted, resulting in the destruction of the target document.
- FIG. 1 illustrates an exemplary data storage system consistent with features and principles of the present invention
- FiG. 2 illustrates exemplary storage devices in the data storage system of FIG. 1 configured for redundant storage of assets, consistent with features and principles of the present invention
- FIG. 3 illustrates exemplary data items comprising assets and their corresponding asset parts consistent with features and principles of the present invention
- FIG. 4 illustrates data contained within an exemplary stripe of the storage devices of FIG. 2;
- FIG. 5 illustrates an example of a flow diagram of an exemplary procedure for blinding an encryption key for encryption consistent with an embodiment of the invention
- FIG. 6 illustrates an example of a flow diagram of a process for an exemplary procedure for decrypting a document consistent with an embodiment of the invention
- FIG. 7 illustrates an exemplary procedure for destroying a data item by destroying the blinded encryption key associated with the data item.
- a “data storage system” broadly refers to any data storage devices or memories such as hard disk drives, databases, or enterprise storage systems.
- a data storage system further includes any processors, programs, and applications accessing and/or managing the data storage devices or memories as well as communication links between the data storage devices or memories, and communication links between the processors, programs, and applications and the data storage devices or memories.
- FIG. 1 shows a data storage system 100 having a node 101 and a node 201.
- a "node” refers to a subset of a data storage system having at least one associated disk drive.
- An example of a node is a server having one or more hard disk drives for storing data.
- the nodes in a data storage system may be in different geographical locations.
- FIG. 1 also shows that data storage system 100 has disk drives 110, 120, and 130 associated with node 101 and disk drives 210, 220 and 230 associated with node 201.
- a "disk drive” refers to any persistent memory accessible by a node, such as an internal or external hard drive.
- a disk drive may be a RAID drive made up of one or more physical storage devices.
- the nodes of data storage system 100 have management modules which include one or more processors, memory, and hardware, software, or firmware used to store and execute instructions to manage the data stored on the disk drives of that node.
- management modules 102 and 202 implement algorithms for managing the data stored in disk drives 110, 120, 130, 210, 220, 230.
- the methods disclosed herein may be implemented by one or more of the management modules 102, 202, and additional management modules not depicted for simplicity.
- the methods disclosed herein may be implemented by management modules external to the nodes, or by a combination of management modules internal to the nodes, such as management modules 102 and 202, and management modules external to the nodes communicating with the nodes via network 300.
- memory used by the management modules and instructions implemented by the management modules may be stored in a location on the data storage system external to the management modules themselves.
- One of the management modules comprises the cryptographic module that has instructions for assigning a securely generated random number for each disk stripe containing data. This number is called the stripe blind.
- a stripe blind can be a number of bytes defined according to proper cryptographic practice extant at the time of an embodiment. In one embodiment of the present application, the stripe blind is 32 bytes.
- the stripe blind itself is not written to any disk, nor is it committed to any form of persistent storage. Instead the stripe blind is a "secret value constructed and maintained only in the volatile RAM memory of the management modules 102 and 202 of the nodes 101 and 201.
- Data storage system 100 uses a technique such as the well-known Shamir Secret Sharing algorithm to generate and write a number of "shares" on different disks mounted on different nodes. Knowledge of a sufficiently large subset of all shares provides the ability to correctly reconstruct the blind; having fewer shares than the required subset reveals nothing about the blind. Each system has a threshold value that determines the minimum number of shares that would be required for recovering the stripe blind.
- the threshold can be set to 3 disks. Therefore, the shares from a combination of 3 disks out of 10 would be required.
- An attacker intending to gain unauthorized access to data by acquiring disk drives removed the data storage system 100 would be require a minimum of at least three drives, greatly increasing the difficulty of a successful attack.
- nodes 101 and 201 of data storage system 100 For simplicity, only three disk drives are shown in nodes 101 and 201 of data storage system 100. Although only a few nodes and disk drives are shown throughout the figures for simplicity, embodiments of the present invention can have any number of nodes and any number of disk drives.
- Network 300 shown in FIG. 1 provides communications between various entities in data storage system 100, such as node 101 , node 201 , and applications 200.
- Network 300 may be a shared, public, or private network, may encompass a wide area or local area, and may be implemented through any suitable combination of wired and/or wireless communication networks.
- network 300 may comprise an intranet or the Internet.
- Applications 200 are any programs communicating with nodes 101 and 201 , such as those retrieving data from the disk drives at the nodes.
- An exemplary application is a search engine, whereby a user can search for particular data stored in the data storage system 100.
- FIG. 2 shows nodes 101 and 201 in more detail according to an embodiment of the present invention.
- Each disk drive may contain a combination of stripes (also called shards) and content.
- disk drive 120 contains content 11 , content 12, and stripe 15.
- each disk drive may be permitted to contain only content or only stripes.
- node 201 has two disk drives 210 and 220, and disk drive 210 contains only content (content 11 and content 12) while disk drive 220 contains only stripes
- stripes 13, 14, and 15 In other embodiments, all disk drives on a node may contain only content or only stripes.
- a stripe is a logical entity and replicas of one stripe can be stored on multiple disks.
- each stripe has a stripe blind which is a large, securely randomly generated value.
- the stripe blind is assigned to the stripe, not the disk it is stored on.
- the blind value for a stripe is the same in each replica and remains the same even as copies of a stripe are moved from one node to another in failure recovery scenarios. There is no correlation between stripe blinds across the disks.
- shares are stored to multiple disks using the Shamir Secret Sharing algorithm. The disks that the shares are stored on may or may not be the same or related to the disks on which the replicated stripes are stored.
- Each data item also known as a document, may comprise an asset or, since assets may be made up of asset parts, an asset part. Some asset parts may be unique and other asset parts may be non-unique. The non-unique asset parts contain the same data and metadata as another asset or asset part, and the unique asset parts are the asset parts for which no match is found on the system or which are unique by their nature.
- An "asset,” as used herein, refers to one or more units of data.
- a single asset may correspond to data comprising what an end user application would consider to be a single file, such as a MICROSOFT Office Word TM document, or an email.
- Assets contain application metadata and one or more asset parts.
- the application metadata may contain the elements that an application applies in the process of managing the asset, such as annotations or retention data.
- Asset parts are portions of assets.
- an asset part contains only immutable data, such as an archival copy of a document, but in other embodiments, asset parts may contain changeable data.
- the end user application performs the decomposition of an asset into its asset parts.
- FIG. 3 shows exemplary asset 300.
- Asset 300 has two asset parts, 303 and 304. If asset 300 is an email, for example, asset part 303 may be the body text of the email and asset part 304 may be an attachment to the email. For another example, if asset 300 is a MICROSOFT Office Word TM document, asset part 303 may be the text and formatting information relating to the text, and asset part 304 may be an embedded figure in the document. In alternative embodiments, an asset may correspond to a portion of a file. Further, in alternative embodiments, more hierarchy may exist so that the asset parts themselves have child asset parts.
- data storage system 100 stores metadata associated with the assets and asset parts. This metadata is stored in stripes (or shards), which comprise metadata for a group of assets and/or asset parts.
- a stripe (or shard) is a grouping of data and/or metadata, formed from one or more logical partitions of data storage.
- the stripe that stores a particular object (data or metadata) should be computed in a deterministic manner, for example, by using an algorithm that chooses a stripe based on a unique identifier associated with the object. In this way, knowing the unique identifier of the object, data storage system 100 can determine which stripe contains the object.
- FIG. 2 shows exemplary stripes 13, 14, and 15.
- the data storage system 100 stores replicas of stripes 13, 14, and 15, which are replicated across the plurality of nodes.
- FIG. 4 illustrates exemplary stripe 15 in detail.
- Stripe 15 contains a storage metadata record for each of the asset parts associated with stripe 15.
- 256 records comprise a page of records, the page comprising storage metadata records 400, but in alternative embodiments any number of records could be associated with a stripe.
- stripe 15 has a journal 402 for maintaining information regarding work to be performed on the assets and/or asset parts associated with the stripe 15.
- all actions to be performed on assets and asset parts associated with the stripe 15 correspond to an entry in the journal 402. Since every action relating to storage metadata records 400 corresponds to an entry in journal 402, in the event of a system failure, the last state of the storage metadata records 400 could be recovered by replaying the journal entries from the start of journal 402.
- the data storage system 100 uses journal 402 to maintain the correct reference count for an asset, which is the count of the number of assets that are associated with that asset part.
- Every asset and asset part (hereinafter, document or object or data item) is provided with a unique key called an encryption key, which may be used to encrypt and decrypt the data item.
- the encryption key may have a fixed length of 32 bytes regardless of the size of the document. The length may vary according to proper cryptographic practice extant at the time of an embodiment.
- every data item is provided with a unique data item identifier which is a value that uniquely identifies the data item.
- the data item identifier may comprise the data item's lookup key, with which the data item may be located.
- the unique data item identifier comprises the data item's lookup key
- the data item identifier maps to the data item in a record in a page (shown in FIG. 4) that holds the storage metadata for the data item.
- the data item identifier may map to content in the sense that the data item identifier may also be the filename that may be used to look up the data item content in the file system.
- the data item identifier may map to a virtual location. In other embodiments, the mapping may be directly to the physical location, in which case the data item identifier comprises a file offset for a data item in the file system.
- the identifier may or may not be secret.
- the unique data identifier value may also be used as the salt input to the KDF.
- any unique value that is available without decrypting the asset or asset part may serve as the salt input for the KDF.
- a randomly generated value may be stored with the asset or asset part on the disk with the metadata associated with the asset or asset part and used as the salt value for the KDF.
- FIG. 5 illustrates an exemplary procedure for blinding an encryption key.
- a blinding factor is constructed by a blinding factor construction module, based on the stripe blind associated with the location of the data item and a unique data item identifier or other suitable salt value described above associated with the data item.
- the stripe blind is assigned to a variable.
- the blinding factor is the digest (such as an SHA-256 hash) of the concatenation of the salt value assigned to the data item (such as a unique data identifier) and the variable that the stripe blind is assigned to.
- the unique identifier is concatenated with the value of the variable and then, the value of the variable is replaced with the digest of the concatenation of the value of the variable and the unique identifier.
- the stage 510 is repeated a selected number of times for additional security. In an illustrative embodiment, the number of times that stage 510 is repeated is large and it may be fixed. In one illustrative embodiment, the stage 510 is performed 256 times.
- any suitably strong Key Derivation Function that combines the stripe blind and a suitable salt value may be used to generate the blinding factor.
- a first logic operation is performed between the blinding factor and the encryption key.
- the first logic operation comprises an XOR operation, in which the blinding factor is XOR'd with the 32-byte encryption key.
- the result of this XOR operation provides the blinded encryption key (shown in FIG. 4 as blinded encryption key 20).
- the blinded encryption key is stored in storage metadata records 400 (as shown in FIG. 4).
- the data item or document is decrypted by the data storage system using information about the data item along with information about the encryption process that was used to encrypt the data item and the blinding process that had been used to protect the encryption key used in the encryption process.
- the actual encryption key used to encode or decode a document is computed from the stored bits maintained in the storage metadata for the document, and the blind values for the stripes on which the contents of the data item are stored.
- a known technique called Key Derivation is used to encode each encryption key in such a way that even if the true unblinded key value corresponding to one blinded key becomes known, no information about the remaining blinded keys is revealed.
- FIG. 6 illustrates an exemplary procedure for decrypting a document.
- the user submits the unique data item identifier value of the document to the cryptographic module for use in identifying the stripe blind.
- the stripe blind is identified.
- the stripe blind and the unique data item identifier value are used to recreate the blinding factor by a blinding factor recreation module.
- the stripe blind is assigned to a variable.
- the blinding factor is the digest (such as an SHA-256 hash) of the concatenation of the unique data identifier and the variable that the stripe blind is assigned to.
- stage 640 the unique identifier is concatenated with the value of the variable and then, the value of the variable is replaced with the digest of the concatenation of the value of the variable and the unique identifier.
- stage 650 the stage 640 is repeated a selected number of times for additional security. In an illustrative embodiment, the number of times that stage 640 is repeated is large and it may be fixed.
- stage 660 a second logic operation is then performed on the blinding factor and the blinded encryption key to recreate the encryption key.
- the second logic operation is the inverse of the first logic operation that was used in forming the blinded encryption key.
- the first logic operation is an XOR operation between the encryption key and the blinding factor
- the second logic operation is an XOR operation between the blinded key and the blinding factor.
- first and second logic operations comprise a pair of functions such that, using one function, the blinded encryption key b may be combined with the blinding factor f to form the unblinded encryption key u, and, using the other function, the unblinded encryption key u may be combined with the blinding factor f to form the blinded encryption key b.
- the result of stage 660 gives the original, unblinded encryption key that can now be used decrypt the document in stage 670.
- a data item may be destroyed by destroying the blinded encryption key associated with the data item, which renders it impossible to obtain a copy of the encryption key.
- By destroying the blinded encryption key only the target document is destroyed. Without the blinded encryption key, it is impossible to compute the unblinded, true encryption key.
- the unblinded encryption key which is what the blinding technology protects, exists only briefly in the node's volatile memory. Without the unblinded encryption key, the data item that was encrypted with the key cannot be decrypted. Therefore, recovering the content of the data item, even if an attacker were able to acquire the encrypted content bytes, is cryptographically infeasible. Therefore, the systems and methods described herein may be used to ensure that no one, whether a malicious entity or a government operating under subpoena, can recover a copy of the blinded encryption key.
- FIG. 7 illustrates an exemplary procedure for destroying the blinded encryption key.
- the storage metadata and its replicas, where the blinded encryption key is stored are located using the data item's unique data item identifier.
- the blinded encryption key field in all replicas of that storage metadata is overwritten, for example by the following values, in sequence: zeros, ones, and then random bits.
- new blinds are allocated for all stripes periodically, for instance once per week, and the blinded encryption keys are re-blinded with the new blinds.
- a sufficient subset of the shares of the original blinds are physically destroyed to ensure that no recovery of keys blinded by the original blind values is possible, rendering any obsolete keys harmless.
- the stripe shares in this algorithm may be stored on an alternative medium that can be economically destroyed. For example, one technique would be to burn the shares to a set of CD-ROM disks. These can be removed and stored securely once written, and when destruction is required, these can economically be physically destroyed.
- modules have been described above as being separate modules, one of ordinary skill in the art will recognize that functionalities provided by one or more modules may be combined. As one of ordinary skill in the art will appreciate, one or more of modules may be optional and may be omitted from implementations in certain embodiments.
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB1113926A GB2480030A (en) | 2009-02-23 | 2010-02-22 | Methods and systems for stripe blind encryption |
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15461809P | 2009-02-23 | 2009-02-23 | |
US12/391,099 | 2009-02-23 | ||
US61/154,618 | 2009-02-23 | ||
US12/391,099 US8145598B2 (en) | 2009-02-23 | 2009-02-23 | Methods and systems for single instance storage of asset parts |
US12/402,470 | 2009-03-11 | ||
US12/402,470 US20100215175A1 (en) | 2009-02-23 | 2009-03-11 | Methods and systems for stripe blind encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2010126644A2 true WO2010126644A2 (en) | 2010-11-04 |
WO2010126644A3 WO2010126644A3 (en) | 2011-01-06 |
Family
ID=42790994
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2010/024889 WO2010126644A2 (en) | 2009-02-23 | 2010-02-22 | Methods and systems for stripe blind encryption |
Country Status (3)
Country | Link |
---|---|
US (1) | US20100215175A1 (en) |
GB (1) | GB2480030A (en) |
WO (1) | WO2010126644A2 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140105401A1 (en) * | 2012-07-12 | 2014-04-17 | Elwha Llc | Level-one encryption associated with individual privacy and public safety protection via double encrypted lock box |
US8806175B2 (en) | 2009-02-23 | 2014-08-12 | Longsand Limited | Hybrid hash tables |
US9521370B2 (en) | 2012-07-12 | 2016-12-13 | Elwha, Llc | Level-two decryption associated with individual privacy and public safety protection via double encrypted lock box |
US9781389B2 (en) | 2012-07-12 | 2017-10-03 | Elwha Llc | Pre-event repository associated with individual privacy and public safety protection via double encrypted lock box |
US9825760B2 (en) | 2012-07-12 | 2017-11-21 | Elwha, Llc | Level-two decryption associated with individual privacy and public safety protection via double encrypted lock box |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090259669A1 (en) * | 2008-04-10 | 2009-10-15 | Iron Mountain Incorporated | Method and system for analyzing test data for a computer application |
US8145598B2 (en) * | 2009-02-23 | 2012-03-27 | Iron Mountain Incorporated | Methods and systems for single instance storage of asset parts |
US8090683B2 (en) * | 2009-02-23 | 2012-01-03 | Iron Mountain Incorporated | Managing workflow communication in a distributed storage system |
US8914669B2 (en) * | 2010-04-26 | 2014-12-16 | Cleversafe, Inc. | Secure rebuilding of an encoded data slice in a dispersed storage network |
US8751819B1 (en) * | 2011-09-22 | 2014-06-10 | Symantec Corporation | Systems and methods for encoding data |
CN104375848B (en) * | 2013-08-14 | 2017-06-16 | 英华达(上海)科技有限公司 | Information Microprocessor System for Real Time Record and method |
US9811546B1 (en) * | 2014-06-30 | 2017-11-07 | EMC IP Holding Company LLC | Storing data and metadata in respective virtual shards on sharded storage systems |
US9680651B2 (en) * | 2014-10-27 | 2017-06-13 | Seagate Technology Llc | Secure data shredding in an imperfect data storage device |
US9558128B2 (en) | 2014-10-27 | 2017-01-31 | Seagate Technology Llc | Selective management of security data |
US10185730B2 (en) * | 2014-12-31 | 2019-01-22 | Nexenta Systems, Inc. | Methods and systems for key-value-tuple-encoded storage |
US11095646B2 (en) | 2017-07-10 | 2021-08-17 | Zamna Technologies Limited | Method and system for data security within independent computer systems and digital networks |
CA3082977A1 (en) | 2017-12-06 | 2019-06-13 | Zamna Technologies Limited | Method and system for data security, validation, verification and provenance within independent computer systems and digital networks |
US10873459B2 (en) * | 2018-09-24 | 2020-12-22 | Nxp B.V. | Password authentication using white-box cryptography |
US10985912B2 (en) * | 2018-10-05 | 2021-04-20 | Intuit Inc. | Homomorphic key derivation |
CN115242540B (en) * | 2022-08-03 | 2023-09-26 | 平安银行股份有限公司 | Data processing method and system |
Family Cites Families (59)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5287499A (en) * | 1989-03-22 | 1994-02-15 | Bell Communications Research, Inc. | Methods and apparatus for information storage and retrieval utilizing a method of hashing and different collision avoidance schemes depending upon clustering in the hash table |
US5440727A (en) * | 1991-12-18 | 1995-08-08 | International Business Machines Corporation | Asynchronous replica management in shared nothing architectures |
US5812398A (en) * | 1996-06-10 | 1998-09-22 | Sun Microsystems, Inc. | Method and system for escrowed backup of hotelled world wide web sites |
US5813008A (en) * | 1996-07-12 | 1998-09-22 | Microsoft Corporation | Single instance storage of information |
US6041423A (en) * | 1996-11-08 | 2000-03-21 | Oracle Corporation | Method and apparatus for using undo/redo logging to perform asynchronous updates of parity and data pages in a redundant array data storage environment |
US20020028783A1 (en) * | 1999-09-09 | 2002-03-07 | O'brien John S. | Method of stimulating prosaposin receptor activity |
US7716060B2 (en) * | 1999-03-02 | 2010-05-11 | Germeraad Paul B | Patent-related tools and methodology for use in the merger and acquisition process |
US6711585B1 (en) * | 1999-06-15 | 2004-03-23 | Kanisa Inc. | System and method for implementing a knowledge management system |
US6477544B1 (en) * | 1999-07-16 | 2002-11-05 | Microsoft Corporation | Single instance store for file systems |
US7093137B1 (en) * | 1999-09-30 | 2006-08-15 | Casio Computer Co., Ltd. | Database management apparatus and encrypting/decrypting system |
JP2001265361A (en) * | 2000-03-14 | 2001-09-28 | Sony Corp | Device and method for providing information, device and method for providing information, and program storage medium |
CN1252581C (en) * | 2000-10-11 | 2006-04-19 | 卓信科技有限公司 | Secreting and/or discriminating documents remote-controlling printing |
US6865577B1 (en) * | 2000-11-06 | 2005-03-08 | At&T Corp. | Method and system for efficiently retrieving information from a database |
US7003551B2 (en) * | 2000-11-30 | 2006-02-21 | Bellsouth Intellectual Property Corp. | Method and apparatus for minimizing storage of common attachment files in an e-mail communications server |
US6629198B2 (en) * | 2000-12-08 | 2003-09-30 | Sun Microsystems, Inc. | Data storage system and method employing a write-ahead hash log |
US6678809B1 (en) * | 2001-04-13 | 2004-01-13 | Lsi Logic Corporation | Write-ahead log in directory management for concurrent I/O access for block storage |
JP4446738B2 (en) * | 2001-08-20 | 2010-04-07 | データセンターテクノロジーズ エヌ.ヴイ. | System and method for efficiently backing up computer files |
US7047358B2 (en) * | 2001-12-26 | 2006-05-16 | Boon Storage Technologies, Inc. | High-performance log-structured RAID |
JP3702231B2 (en) * | 2002-01-31 | 2005-10-05 | 株式会社東芝 | Disk array apparatus and dynamic storage capacity expansion method in the same |
US20030188153A1 (en) * | 2002-04-02 | 2003-10-02 | Demoff Jeff S. | System and method for mirroring data using a server |
US8335915B2 (en) * | 2002-05-14 | 2012-12-18 | Netapp, Inc. | Encryption based security system for network storage |
JP4254178B2 (en) * | 2002-09-11 | 2009-04-15 | 富士ゼロックス株式会社 | Distributed storage control apparatus and method |
US20040088556A1 (en) * | 2002-10-31 | 2004-05-06 | Weirauch Charles R. | Using digital watermarking for protection of digital data |
JP4186602B2 (en) * | 2002-12-04 | 2008-11-26 | 株式会社日立製作所 | Update data writing method using journal log |
US7424637B1 (en) * | 2003-03-21 | 2008-09-09 | Networks Appliance, Inc. | Technique for managing addition of disks to a volume of a storage system |
US20050015416A1 (en) * | 2003-07-16 | 2005-01-20 | Hitachi, Ltd. | Method and apparatus for data recovery using storage based journaling |
GB2404538A (en) * | 2003-07-31 | 2005-02-02 | Sony Uk Ltd | Access control for digital content |
US20050033777A1 (en) * | 2003-08-04 | 2005-02-10 | Moraes Mark A. | Tracking, recording and organizing changes to data in computer systems |
US7165082B1 (en) * | 2003-10-31 | 2007-01-16 | Veritas Operating Corporation | Incremental method for backup of email messages |
JP2005157463A (en) * | 2003-11-20 | 2005-06-16 | Pioneer Electronic Corp | Data classifying method, summary data generating method, data classifying device, summary data generating device, data classifying program, summary data generating program and information recording medium |
US7197599B2 (en) * | 2003-12-29 | 2007-03-27 | Intel Corporation | Method, system, and program for managing data updates |
US7386663B2 (en) * | 2004-05-13 | 2008-06-10 | Cousins Robert E | Transaction-based storage system and method that uses variable sized objects to store data |
US20050262361A1 (en) * | 2004-05-24 | 2005-11-24 | Seagate Technology Llc | System and method for magnetic storage disposal |
US20060031230A1 (en) * | 2004-07-21 | 2006-02-09 | Kumar Sinha M | Data storage systems |
WO2006053084A2 (en) * | 2004-11-05 | 2006-05-18 | Commvault Systems, Inc. | Method and system of pooling storage devices |
US7536291B1 (en) * | 2004-11-08 | 2009-05-19 | Commvault Systems, Inc. | System and method to support simulated storage operations |
EP1828936A2 (en) * | 2004-11-17 | 2007-09-05 | Iron Mountain Incorporated | Systems and methods for managing digital assets |
US7444360B2 (en) * | 2004-11-17 | 2008-10-28 | International Business Machines Corporation | Method, system, and program for storing and using metadata in multiple storage locations |
US7958148B2 (en) * | 2004-11-17 | 2011-06-07 | Iron Mountain Incorporated | Systems and methods for filtering file system input and output |
US7788240B2 (en) * | 2004-12-29 | 2010-08-31 | Sap Ag | Hash mapping with secondary table having linear probing |
US7702850B2 (en) * | 2005-03-14 | 2010-04-20 | Thomas Earl Ludwig | Topology independent storage arrays and methods |
US7765191B2 (en) * | 2005-04-15 | 2010-07-27 | Emc Corporation | Methods and apparatus for managing the replication of content |
US20060248055A1 (en) * | 2005-04-28 | 2006-11-02 | Microsoft Corporation | Analysis and comparison of portfolios by classification |
US7617370B2 (en) * | 2005-04-29 | 2009-11-10 | Netapp, Inc. | Data allocation within a storage system architecture |
US7680806B2 (en) * | 2005-05-17 | 2010-03-16 | Cisco Technology, Inc. | Reducing overflow of hash table entries |
US7562188B2 (en) * | 2005-06-17 | 2009-07-14 | Intel Corporation | RAID power safe apparatus, systems, and methods |
JP2007140746A (en) * | 2005-11-16 | 2007-06-07 | Hitachi Ltd | Computer system, management computer and recovery management method |
JP4829632B2 (en) * | 2006-02-10 | 2011-12-07 | 株式会社リコー | Data encryption apparatus, data encryption method, data encryption program, and recording medium |
US8806227B2 (en) * | 2006-08-04 | 2014-08-12 | Lsi Corporation | Data shredding RAID mode |
WO2008147577A2 (en) * | 2007-01-22 | 2008-12-04 | Spyrus, Inc. | Portable data encryption device with configurable security functionality and method for file encryption |
US20080243878A1 (en) * | 2007-03-29 | 2008-10-02 | Symantec Corporation | Removal |
US8489830B2 (en) * | 2007-03-30 | 2013-07-16 | Symantec Corporation | Implementing read/write, multi-versioned file system on top of backup data |
WO2009029842A1 (en) * | 2007-08-31 | 2009-03-05 | Exegy Incorporated | Method and apparatus for hardware-accelerated encryption/decryption |
US8989388B2 (en) * | 2008-04-02 | 2015-03-24 | Cisco Technology, Inc. | Distribution of storage area network encryption keys across data centers |
US20090259669A1 (en) * | 2008-04-10 | 2009-10-15 | Iron Mountain Incorporated | Method and system for analyzing test data for a computer application |
US8589697B2 (en) * | 2008-04-30 | 2013-11-19 | Netapp, Inc. | Discarding sensitive data from persistent point-in-time image |
US9215066B2 (en) * | 2008-06-25 | 2015-12-15 | Oracle America, Inc. | Method and system for making information in a data set of a copy-on-write file system inaccessible |
US8090683B2 (en) * | 2009-02-23 | 2012-01-03 | Iron Mountain Incorporated | Managing workflow communication in a distributed storage system |
US8397051B2 (en) * | 2009-02-23 | 2013-03-12 | Autonomy, Inc. | Hybrid hash tables |
-
2009
- 2009-03-11 US US12/402,470 patent/US20100215175A1/en not_active Abandoned
-
2010
- 2010-02-22 GB GB1113926A patent/GB2480030A/en not_active Withdrawn
- 2010-02-22 WO PCT/US2010/024889 patent/WO2010126644A2/en active Application Filing
Non-Patent Citations (1)
Title |
---|
None |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8806175B2 (en) | 2009-02-23 | 2014-08-12 | Longsand Limited | Hybrid hash tables |
US20140105401A1 (en) * | 2012-07-12 | 2014-04-17 | Elwha Llc | Level-one encryption associated with individual privacy and public safety protection via double encrypted lock box |
US9521370B2 (en) | 2012-07-12 | 2016-12-13 | Elwha, Llc | Level-two decryption associated with individual privacy and public safety protection via double encrypted lock box |
US9596436B2 (en) | 2012-07-12 | 2017-03-14 | Elwha Llc | Level-one encryption associated with individual privacy and public safety protection via double encrypted lock box |
US9667917B2 (en) * | 2012-07-12 | 2017-05-30 | Elwha, Llc | Level-one encryption associated with individual privacy and public safety protection via double encrypted lock box |
US9781389B2 (en) | 2012-07-12 | 2017-10-03 | Elwha Llc | Pre-event repository associated with individual privacy and public safety protection via double encrypted lock box |
US9825760B2 (en) | 2012-07-12 | 2017-11-21 | Elwha, Llc | Level-two decryption associated with individual privacy and public safety protection via double encrypted lock box |
US10277867B2 (en) | 2012-07-12 | 2019-04-30 | Elwha Llc | Pre-event repository associated with individual privacy and public safety protection via double encrypted lock box |
US10348494B2 (en) | 2012-07-12 | 2019-07-09 | Elwha Llc | Level-two decryption associated with individual privacy and public safety protection via double encrypted lock box |
Also Published As
Publication number | Publication date |
---|---|
WO2010126644A3 (en) | 2011-01-06 |
GB201113926D0 (en) | 2011-09-28 |
US20100215175A1 (en) | 2010-08-26 |
GB2480030A (en) | 2011-11-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20100215175A1 (en) | Methods and systems for stripe blind encryption | |
AU2018367363B2 (en) | Processing data queries in a logically sharded data store | |
US10873450B2 (en) | Cryptographic key generation for logically sharded data stores | |
Zhou et al. | SecDep: A user-aware efficient fine-grained secure deduplication scheme with multi-level key management | |
US9559837B2 (en) | Methods for cryptographic delegation and enforcement of dynamic access to stored data | |
US9122888B2 (en) | System and method to create resilient site master-key for automated access | |
US20100268966A1 (en) | Efficient and secure data storage utilizing a dispersed data storage system | |
US8656187B2 (en) | Dispersed storage secure data decoding | |
Pang et al. | StegFS: A steganographic file system | |
US8826023B1 (en) | System and method for securing access to hash-based storage systems | |
US8200964B2 (en) | Method and apparatus for accessing an encrypted file system using non-local keys | |
GB2567146A (en) | Method and system for secure storage of digital data | |
EP3163789B1 (en) | Forward-secure crash-resilient logging device | |
Virvilis et al. | A cloud provider-agnostic secure storage protocol | |
Sarkar et al. | Enhancing data storage security in cloud computing through steganography | |
CN115021988B (en) | Method and system for secure backup and recovery of data based on verifiable secret sharing | |
Kroeger et al. | The case for distributed data archival using secret splitting with percival | |
Pang et al. | Steganographic schemes for file system and b-tree | |
AU2017440029B2 (en) | Cryptographic key generation for logically sharded data stores | |
US8738531B1 (en) | Cryptographic distributed storage system and method | |
US11580091B2 (en) | Method of ensuring confidentiality and integrity of stored data and metadata in an untrusted environment | |
Carbunar et al. | Write-once read-many oblivious RAM | |
Aslam et al. | Data deduplication with encrypted big data management in cloud computing | |
Bel et al. | Inkpack | |
Bel et al. | Inkpack: A Secure, Data-Exposure Resistant Storage System |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10747712 Country of ref document: EP Kind code of ref document: A2 |
|
ENP | Entry into the national phase |
Ref document number: 1113926 Country of ref document: GB Kind code of ref document: A Free format text: PCT FILING DATE = 20100222 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1113926.8 Country of ref document: GB |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 10747712 Country of ref document: EP Kind code of ref document: A2 |
|
ENPC | Correction to former announcement of entry into national phase, pct application did not enter into the national phase |
Ref country code: GB |