System and method for providing encryption in storage operations in a storage network, such as for use by application service providers that provide data storage services
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-011/00
G06F-021/60
H04L-009/06
H04L-009/08
출원번호
US-0868320
(2013-04-23)
등록번호
US-8966288
(2015-02-24)
발명자
/ 주소
Ignatius, Paul
Prahlad, Anand
Tyagarajan, Mahesh
Vijayan, Manoj Kumar
Amarendran, Arun Prasad
Kottomtharayil, Rajiv
출원인 / 주소
CommVault Systems, Inc.
대리인 / 주소
Perkins Coie LLP
인용정보
피인용 횟수 :
8인용 특허 :
143
초록▼
In accordance with embodiments of the invention, a method is provided for performing a storage operation in a pipeline storage system in which one or more data streams containing data to be stored are written into data chunks. The method includes generating an encryption key associated with a first
In accordance with embodiments of the invention, a method is provided for performing a storage operation in a pipeline storage system in which one or more data streams containing data to be stored are written into data chunks. The method includes generating an encryption key associated with a first archive file to be stored when encryption is requested for the storage operation, encrypting the archive data from the data stream using the encryption key to create an encrypted data chunk when a data stream containing the archive file is processed in the pipeline storage system, storing the encrypted data chunk on a storage medium, and storing the encryption key in a manner accessible during a restore operation of the encrypted data chunk.
대표청구항▼
1. A computer-implemented method, to be performed by at least one hardware processor, for storing data for a user in hardware storage devices, the method comprising: when storing data for the user: receiving an encryption key associated with the data for the user;causing the data to be encrypted for
1. A computer-implemented method, to be performed by at least one hardware processor, for storing data for a user in hardware storage devices, the method comprising: when storing data for the user: receiving an encryption key associated with the data for the user;causing the data to be encrypted for the user with the received encryption key to create encrypted data;causing the encrypted data to be stored in a first hardware storage device associated with a third party;causing the encryption key to be encrypted to create an encrypted encryption key, wherein a password or other information set by the user is required to decrypt the encrypted encryption key; andcausing the encrypted encryption key to be stored in a second hardware storage device, wherein the encrypted encryption key is accessible to allow the encrypted data stored in the first hardware storage device to be restored during a subsequent restore operation,wherein the password or other information for decrypting the encrypted encryption key is set by the user without knowledge of the third party, andwherein the third party is unable to decrypt the encrypted data stored in the first hardware storage device without first receiving the password or other information from the user. 2. The method of claim 1, wherein the method is performed in a pipeline storage system comprising multiple processes arranged in stages including an encryption process, and wherein causing the data to be encrypted is performed by the encryption process. 3. The method of claim 1, further comprising causing the encrypted data, stored in the first hardware storage device, to be restored using the password or other information for decrypting the encrypted encryption key, wherein the password or other information for decrypting the encrypted encryption key is contained in a file kept on a data agent belonging to and controlled by the user, and wherein causing the encrypted data to be restored is performed by a restore process which uses the password or other information contained in the file to decrypt the encrypted encryption key. 4. The method of claim 1, wherein first hardware storage device is the same as the second hardware storage device. 5. The method of claim 1, wherein the method is performed in a pipeline storage system, wherein the method comprises causing an index of storage media to be stored on a component used by the pipeline storage system, and wherein the component is the same as the second hardware storage device. 6. The method of claim 1, wherein the method is performed in a pipeline storage system, wherein the pipeline storage system includes a storage management component, and wherein the storage management component is the same as the second hardware storage device. 7. The method of claim 1, further comprising causing a tag to be inserted in the encrypted data indicating that the encrypted data is encrypted, andcausing the encrypted encryption key to be inserted in the tag in the encrypted data. 8. The method of claim 1, further comprising causing a tag to be stored in the encrypted data indicating that the encrypted data is encrypted. 9. A storage management system for storing data for a user, the system comprising: means for receiving an encryption key associated with data for the user;means for causing the data belonging to the user to be encrypted with the received encryption key to create encrypted data;means for causing the encrypted data to be stored in a data center associated with a third party;means for causing the encryption key to be encrypted to create an encrypted encryption key such that a password or other information set by the user is required to decrypt the encrypted encryption key; andmeans for causing the encrypted encryption key to be stored such that the encrypted encryption key is accessible to allow the encrypted data stored in the data center to be restored during a subsequent restore operation, wherein the system is configured such that the password or other information for decrypting the encrypted encryption key is set by the user without knowledge of the third party, andwherein the third party is unable to decrypt the encrypted data stored in the data center without receiving the password or other information from the user. 10. The system of claim 9, further comprising means for causing the encrypted data, stored in the data center, to be restored using the password or other information for decrypting the encrypted encryption key, wherein the password or other information for decrypting the encrypted encryption key is contained in a file kept on a data agent, and wherein the means for causing the encrypted data to be restored includes a restore process which uses the password or other information contained in the file to decrypt the encrypted encryption key. 11. The system of claim 9, wherein the system includes a pipeline storage system, wherein a first storage device stores an index of storage media used by the pipeline storage system, and wherein the encrypted encryption key is stored on the first storage device. 12. The system of claim 9, wherein the system includes a pipeline storage system, wherein the pipeline storage system includes a storage management component, and wherein the encryption key is stored on the storage management component. 13. The system of claim 9, further comprising means for causing a tag to be inserted in the encrypted data indicating that the encrypted data is encrypted, andmeans for causing the encrypted encryption key to be inserted in the tag in the encrypted data. 14. The system of claim 9, further comprising means for causing a tag to be inserted in the encrypted data indicating that the encrypted data is encrypted. 15. A non-transitory computer-readable medium having instructions which, when executed by a processor of a data storage system, cause the data storage system to perform a method for storing data for a user, the method comprising: receiving an encryption key associated with data for the user;causing the data belonging to the user to be encrypted using the received encryption key to create encrypted data;causing the encrypted data to be stored in a data center associated with a third party;causing the encryption key to be encrypted to create an encrypted encryption key, wherein a password or other information set by the user is required to decrypt the encrypted encryption key; andcausing the encrypted encryption key to be stored, wherein the encrypted encryption key is accessible to allow the encrypted data stored in the data center to be restored during a subsequent restore operation, wherein the password or other information for decrypting the encrypted encryption key is set by the user without knowledge by the third party, andwherein the third party is unable to decrypt the encrypted data stored in the data center without first receiving the password or other information from the user. 16. The non-transitory computer-readable medium of claim 15, wherein the method further comprises causing the encrypted data, stored in the data center, to be restored using the password or other information for decrypting the encrypted encryption key, wherein the password or other information for decrypting the encrypted encryption key is contained in a file kept on a data agent, and wherein causing the encrypted data to be restored is performed by a restore process which uses the password or other information contained in the file to decrypt the encrypted encryption key.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (143)
Rackman Michael I., Access control system for litigation document production.
Yuval Ofek ; Zoran Cakeljic ; Samuel Krikler IL; Sharon Galtzur IL; Michael Hirsch IL; Dan Arnon ; Peter Kamvysselis, Apparatus and methods for copying, backing up, and restoring data using a backup segment size larger than the storage block size.
Griffin David (Maynard MA) Campbell Jonathan (Acton MA) Reilly Michael (Sterling MA) Rosenbaum Richard (Pepperell MA), Arrangement with cooperating management server node and network service node.
Nakano Toshio (Odawara JPX) Nozawa Masafumi (Odawara JPX) Kurano Akira (Odawara JPX) Hisano Kiyoshi (Odawara JPX) Hoshino Masayuki (Odawara JPX), Backup control method and system in data processing system using identifiers for controlling block data transfer.
Kitajima Hiroyuki (Yokohama) Yamamoto Akira (Yokohama) Doi Takashi (Hadano) Nozawa Masafumi (Odawara JPX), Buffered peripheral system and method for backing up and retrieving data to and from backup memory device.
Cole Leo J. (Raleigh NC) Frantz Curtis J. (Durham NC) Lee Jeannette (Raleigh NC) Ordanic Zvonimir (Raleigh NC) Plank Larry K. (Rochester MN), Centralized management in a computer network.
Carpenter Kelly S. (Fremont CA) Dearing Gerard M. (San Jose CA) Nick Jeffrey M. (Fishkill NY) Strickland Jimmy P. (Saratoga CA) Swanson Michael D. (Poughkeepsie NY) Wilkinson Wendell W. (Hyde Park NY, Coherence controls for store-multiple shared data coordinated by cache directory entries in a shared electronic storage.
Senator Steven T. ; Fuller Billy J., Computer system method and apparatus providing for various versions of a file without requiring data copy or log operati.
Fecteau Jean G. (Toronto NY CAX) Gdaniec Joseph M. (Vestal NY) Hennessy James P. (Endicott NY) MacDonald John F. (Vestal NY) Osisek Damian L. (Vestal NY), Computer system which supports asynchronous commitment of data.
Bucher, Christopher J.; Filipowski, Mark D.; Chase, Dennis J.; Hamel, Dawn E.; Bulmer, Kenneth R.; Dupree, Rodney C., Computer-implemented systems and methods for managing images.
Meier Stephan G. ; Juffa Norbert ; Achenbach Michael D. ; Weber Frederick D., Converting register data from a first format type to a second format type if a second type instruction consumes data produced by a first type instruction.
Witt David B. ; Hattangadi Rajiv M., Data cache which speculatively updates a predicted data cache storage location with store data and subsequently correct.
Dunphy William E. (Westminster CO) Halladay Steven M. (Louisville CO) Moy Michael E. (Lafayette CO) Munro Frederick G. (Broomfield CO), Data storage and protection system.
Yanai Moshe (Framingham MA) Vishlitzky Natan (Brookline MA) Alterescu Bruno (Newton MA) Castel Daniel (Framingham MA) Shklarsky Gadi (Brookline MA), Data storage system controlled remote data mirroring with respectively maintained data indices.
Fortier Richard W. (Acton MA) Mastors Robert M. (Ayer MA) Taylor Tracy M. (Upton MA) Wallace John J. (Franklin MA), Digital data processor with improved backup storage.
Kenley Gregory (Northboro MA) Ericson George (Schrewsbury MA) Fortier Richard (Acton MA) Holland Chuck (Northboro MA) Mastors Robert (Ayer MA) Pownell James (Natick MA) Taylor Tracy (Upton MA) Wallac, Digital data storage system with improved data migration.
Xu Yikang ; Vahalia Uresh K. ; Jiang Xiaoye ; Gupta Uday ; Tzelnic Percy, File server system using file system storage, data movers, and an exchange of meta data among data movers for file locking and direct access to shared file systems.
Lagueux, Jr., Richard A.; Stave, Joel H.; Yeaman, John B.; Stevens, Brian E.; Higgins, Robert M.; Collins, James M., Graphical user interface for configuration of a storage system.
Urevig Paul D. ; Malnati James R. ; Ethen Donald J. ; Weber Herbert L., Grouping shared resources into one or more pools and automatically re-assigning shared resources from where they are not currently needed to where they are needed.
Barney Rock D. ; Schwols Keith ; Nelson Ellen M., Integration of a database into file management software for protecting, tracking and retrieving data.
Ignatius, Paul; Theisen, Marjorie H.; Oshinsky, David Alan; Kavuri, Srinivas, Logical view and access to physical storage in modular data and storage management system.
Martin Charles W. (Richardson TX) Reid Fredrick S. (Plano TX) Forbus Gary L. (Dallas TX) Adams Steve M. (Plano TX) Shannon C. Patrick (Garland TX) Pirpich Eric A. (Garland TX), Mass data storage and retrieval system.
Kedem Nadav,ILX, Mass storage subsystem and backup arrangement for digital data processing system which permits information to be backed up while host computer(s) continue(s) operating in connection with information .
Long Robert M., Media element library with non-overlapping subset of media elements and non-overlapping subset of media element drives accessible to first host and unaccessible to second host.
Brandt Marcia Lynn ; Destefano George Francis ; Fosdick Eric Leonard ; Mehta Ramila Alexandra ; Prokop Teresa McConville ; Stamschror Kevin Patrick, Method and apparatus for software license management.
Kullick Steven E. ; Spirakis Charles S. ; Titus Diane J., Method and apparatus for transferring archival data among an arbitrarily large number of computer devices in a networked.
Eastridge Lawrence E. (Tucson AZ) Kern Robert F. (Tucson AZ) Kern Ronald M. (Tucson AZ) Mikkelsen Claus W. (Morgan Hill CA) Ratliff James M. (Tucson AZ), Method and system for automated backup copy ordering in a time zero backup copy session.
Eastridge Lawrence E. (Tucson AZ) Kern Robert F. (Tucson AZ) Micka William F. (Tucson AZ) Mikkelsen Claus W. (Morgan Hill CA) Ratliff James M. (Tucson AZ), Method and system for automated termination and resumption in a time zero backup copy process.
Walter A. Hubis ; William G. Deitz, Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access .
Aoyama Yuki,JPX ; Takahashi Toru,JPX ; Wakayama Satoshi,JPX, Method of and an apparatus for displaying version information and configuration information and a computer-readable recording medium on which a version and configuration information display program i.
Crescenti,John; Kavuri,Srinivas; Oshinsky,David Alan; Prahlad,Anand, Modular backup and retrieval system used in conjunction with a storage area network.
Pisello Thomas (De Bary FL) Crossmier David (Casselberry FL) Ashton Paul (Oviedo FL), Network management system having virtual catalog overview of files distributively stored across network domain.
Clapp, Doug; Mulder, David, Peripheral video conferencing system with control unit for adjusting the transmission bandwidth of the communication channel.
Rohler David P. ; Dechant Thomas E. ; Boasten Michelle F., Phone-assisted clinical document information computer system for use in home healthcare, post-acute clinical care, hospice and home infusion applications.
Park, Yong Cheol, Recording medium with physical access control (PAC) information thereon and apparatus and methods for forming, recording, and reproducing the recording medium.
Crockett Robert N. (Tucson AZ) Kern Ronald M. (Tucson AZ) Micka William F. (Tucson AZ), Software directed microcode state save for distributed storage controller.
Retnamma,Manoj Vijayan; Amarendran,Arun; Kottomtharayil,Rajiv, System and method for combining data streams in pipelined storage operations in a storage network.
Mutalik Madhav ; Senie Faith M., System and method for performing file-handling operations in a digital data processing system using an operating system-independent file map.
Kavuri, Srinivas; Prahlad, Anand; Gokhale, Parag; Madeira, Andre D.; Ali-Ali, Muath S.; Muller, Marcus S., System and method for providing a flexible licensing system for digital content.
Ignatius,Paul; Prahlad,Anand; Tyagarajan,Mahesh; Vijayan Retnamma,Manoj; Amarendran,Arun; Kottomtharayil,Rajiv, System and method for providing encryption in a storage network by storing a secured encryption key with encrypted archive data in an archive storage device.
Ignatius, Paul; Prahlad, Anand; Tyagarajan, Mahesh; Retnamma, Manoj Vijayan; Amarendran, Arun; Kottomtharayil, Rajiv, System and method for providing encryption in storage operations in a storage network, such as for use by application service providers that provide data storage services.
Boebert, William E.; Rogers, Clyde O.; Andreas, Glenn; Hammond, Scott W.; Gooderum, Mark P., System and method for providing secure internetwork services via an assured pipeline.
Huai ReiJane (Old Brookville NY) Daly Robert (Ronkonkoma NY) Curti Walter (Dix Hills NY) Mohan Deepak (Huntington NY) Chueh James Kuang-Ru (Bayside NY) Louie Larry (Forest Hills NY), System and parallel streaming and data stripping to back-up a network.
Stoppani ; Jr. Peter (Woodinville WA), System for allocating storage spaces based upon required and optional service attributes having assigned piorities.
Tran Nghia ; Li Ying Xuan ; Balicki Janusz ; Costello John, System for coupling programmable logic device to external circuitry which selects a logic standard and uses buffers to m.
Flynn Rex A. (Belmont MA) Anick Peter G. (Marlboro MA), System for reconstructing prior versions of indexes using records indicating changes between successive versions of the.
Saether Christian D. (Seattle WA) Stoppani ; Jr. Peter (Woodinville WA), System of device independent file directories using a tag between the directories and file descriptors that migrate with.
Zimniewicz,Jeff A.; Fitzgerald,Paul R.; Strully,Brian G., Systems and methods to migrate a user profile when joining a client to a server and/or domain.
Joshi, Hetalkumar N.; Maranna, Chandrashekar; Vijayan, Manoj Kumar, Scalable auxiliary copy processing in a data storage management system using media agent resources.
Joshi, Hetalkumar N.; Maranna, Chandrashekar; Vijayan, Manoj Kumar, Scalable auxiliary copy processing in a storage management system using media agent resources.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.