IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0796007
(2010-06-08)
|
등록번호 |
US-8429428
(2013-04-23)
|
발명자
/ 주소 |
- Ignatius, Paul
- Prahlad, Anand
- Tyagarajan, Mahesh
- Vijayan Retnamma, Manoj
- Amarendran, Arun
- Kottomtharayil, Rajiv
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
18 인용 특허 :
132 |
초록
▼
In accordance with embodiments of the invention, a method is provided for performing a storage operation in a pipeline storage system in which one or more data streams containing data to be stored are written into data chunks. The method includes generating an encryption key associated with a first
In accordance with embodiments of the invention, a method is provided for performing a storage operation in a pipeline storage system in which one or more data streams containing data to be stored are written into data chunks. The method includes generating an encryption key associated with a first archive file to be stored when encryption is requested for the storage operation, encrypting the archive data from the data stream using the encryption key to create an encrypted data chunk when a data stream containing the archive file is processed in the pipeline storage system, storing the encrypted data chunk on a storage medium, and storing the encryption key in a manner accessible during a restore operation of the encrypted data chunk.
대표청구항
▼
1. A computer-implemented method, to be performed by at least one hardware processor, for storing data for a user, the method comprising: when storing data for the user: generating an encryption key associated with the data for the user;encrypting the data for the user using the generated encryption
1. A computer-implemented method, to be performed by at least one hardware processor, for storing data for a user, the method comprising: when storing data for the user: generating an encryption key associated with the data for the user;encrypting the data for the user using the generated encryption key to create encrypted data;storing the encrypted data in a data center associated with a third party;encrypting the encryption key to create an encrypted encryption key, wherein a password or other information set by the user is required to decrypt the encrypted encryption key; andstoring, by the at least one hardware processor, the encrypted encryption key, wherein the encrypted encryption key is accessible to allow the encrypted data stored in the data center to be restored during a subsequent restore operation;wherein the password or other information for decrypting the encrypted encryption key is set by the user without knowledge of the third party, andwherein the third party is unable to decrypt the encrypted data stored in the data center without first receiving the password or other information from the user. 2. The method of claim 1, wherein the method is performed in a pipeline storage system comprising multiple processes arranged in stages including an encryption process, and wherein encrypting the data is performed by the encryption process. 3. The method of claim 1, further comprising restoring the encrypted data stored in the data center using the password or other information for decrypting the encrypted encryption key, wherein the password or other information for decrypting the encrypted encryption key is contained in a file kept on a data agent belonging to and controlled by the user, and wherein restoring the encrypted data is performed by a restore process which uses the password or other information contained in the file to decrypt the encrypted encryption key. 4. The method of claim 1, wherein storing the encrypted encryption key comprises storing the encrypted encryption key on a storage medium in the data center where the encrypted data is stored. 5. The method of claim 1, wherein the method is performed in a pipeline storage system, wherein the method comprises storing on a first storage device an index of storage media used by the pipeline storage system, and wherein storing the encrypted encryption key comprises storing the encrypted encryption key on the first storage device. 6. The method of claim 1, wherein the method is performed in a pipeline storage system, wherein the pipeline storage system includes a storage management component, and wherein storing the encrypted encryption key comprises storing the encryption key on the storage management component. 7. The method of claim 1, further comprising inserting a tag in the encrypted data indicating that the encrypted data is encrypted, andinserting the encrypted encryption key in the tag in the encrypted data. 8. The method of claim 1, further comprising inserting a tag in the encrypted data indicating that the encrypted data is encrypted. 9. A storage management system for storing data for a user, the system comprising: means for generating an encryption key associated with data for the user;means for encrypting the data belonging to the user using the generated encryption key to create encrypted data;means for storing the encrypted data in a data center associated with a third party;means for encrypting the encryption key to create an encrypted encryption key such that a password or other information set by the user is required to decrypt the encrypted encryption key; andmeans for storing the encrypted encryption key such that the encrypted encryption key is accessible to allow the encrypted data stored in the data center to be restored during a subsequent restore operation; wherein the system is configured such that the password or other information for decrypting the encrypted encryption key is set by the user without knowledge of the third party, andwherein the third party is unable to decrypt the encrypted data stored in the data center without receiving the password or other information from the user. 10. The system of claim 9, further comprising means for restoring the encrypted data stored in the data center using the password or other information for decrypting the encrypted encryption key, wherein the password or other information for decrypting the encrypted encryption key is contained in a file kept on a data agent, and wherein the means for restoring the encrypted data includes a restore process which uses the password or other information contained in the file to decrypt the encrypted encryption key. 11. The system of claim 9, wherein the system includes a pipeline storage system, wherein a first storage device stores an index of storage media used by the pipeline storage system, and wherein the encrypted encryption key is stored on the first storage device. 12. The system of claim 9, wherein the system includes a pipeline storage system, wherein the pipeline storage system includes a storage management component, and wherein the encryption key is stored on the storage management component. 13. The system of claim 9, further comprising means for inserting a tag in the encrypted data indicating that the encrypted data is encrypted, andmeans for inserting the encrypted encryption key in the tag in the encrypted data. 14. The system of claim 9, further comprising means for inserting a tag in the encrypted data indicating that the encrypted data is encrypted. 15. A non-transitory computer-readable medium having instructions which, when executed by a processor of a data storage system, cause the data storage system to perform a method for storing data for a user, the method comprising: generating an encryption key associated with data for the user;encrypting the data belonging to the user using the generated encryption key to create encrypted data;storing the encrypted data in a data center associated with a third party;encrypting the encryption key to create an encrypted encryption key, wherein a password or other information set by the user is required to decrypt the encrypted encryption key; andstoring the encrypted encryption key, wherein the encrypted encryption key is accessible to allow the encrypted data stored in the data center during a subsequent restore operation; wherein the password or other information for decrypting the encrypted encryption key is set by the user without knowledge by the third party, andwherein the third party is unable to decrypt the encrypted data stored in the data center without first receiving the password or other information from the user. 16. The non-transitory computer-readable medium of claim 15, wherein the method further comprises restoring the encrypted data stored in the data center using the password or other information for decrypting the encrypted encryption key, wherein the password or other information for decrypting the encrypted encryption key is contained in a file kept on a data agent, and wherein restoring the encrypted data is performed by a restore process which uses the password or other information contained in the file to decrypt the encrypted encryption key.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.