A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include deter
A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.
대표청구항▼
1. A system for backing up an encrypted file, the system comprising: a primary storage system;a secondary storage device residing in a secondary storage system; anda data agent implemented in computer hardware of a computing system within the primary storage system, the data agent configured to: rec
1. A system for backing up an encrypted file, the system comprising: a primary storage system;a secondary storage device residing in a secondary storage system; anda data agent implemented in computer hardware of a computing system within the primary storage system, the data agent configured to: receive an indication to backup an encrypted file stored in the primary storage system to the secondary storage device, the encrypted file comprising an encrypted version of a file and a plurality of encrypted keys, wherein a first encrypted key of the plurality of encrypted keys is an encrypted data encryption key assigned to the computing system and a second encrypted key of the plurality of encrypted keys is an encrypted data encryption key assigned to a user; andin response to the indication: extract the first encrypted key from the encrypted file;decrypt the first encrypted key to obtain a copy of a data encryption key;discard the first encrypted key;decrypt the encrypted file using the copy of the data encryption key to obtain a decrypted file; andprovide the decrypted file to a secondary storage system for backup to the secondary storage device. 2. The system of claim 1, wherein the system further comprises a storage manager configured to store a first asymmetric key of a first asymmetric key pair associated with the computing system, the first asymmetric key corresponding to a second asymmetric key of the asymmetric key pair, the second asymmetric key stored by the computing system. 3. The system of claim 2, wherein decrypting the first encrypted key comprises: providing the first encrypted key to the storage manager; andreceiving the copy of the data encryption key from the storage manager. 4. The system of claim 1, wherein the data agent is further configured to: obtain a second asymmetric key pair associated with the computing system, the second asymmetric key pair comprising a third asymmetric key and a fourth asymmetric key corresponding to the third asymmetric key;encrypt the data encryption key using the third asymmetric key to obtain a third encrypted key; andembed the third encrypted key with the encrypted version of the file. 5. The system of claim 4, wherein the data agent is further configured to provide the fourth asymmetric key to a storage manager. 6. The system of claim 4, wherein, in response to the user being authorized to access the file, the data agent is further configured to: obtain a third asymmetric key pair associated with the user, the third asymmetric key pair comprising a fifth asymmetric key and a sixth asymmetric key corresponding to the fifth asymmetric key;encrypt the copy of the data encryption key with the fifth asymmetric key to obtain the second encrypted key. 7. The system of claim 6, wherein the data agent is further configured to: obtain a passphrase for the user;hash the passphrase to obtain a modified passphrase; andencrypt the sixth asymmetric key using the modified passphrase. 8. The system of claim 7, wherein hashing the passphrase to obtain the modified passphrase further comprises performing a hashing algorithm a plurality of times, thereby reducing the probability that unauthorized attempts to access the passphrase are successful. 9. The system of claim 7, wherein the passphrase for the user corresponds to a password used by the user to access the computing system. 10. A method for backing up an encrypted file, the method comprising: by a computing system comprising one or more hardware processors: receiving an indication to backup an encrypted file stored in a primary storage system to a secondary storage device, the encrypted file comprising an encrypted version of a file and a plurality of encrypted keys, wherein a first encrypted key of the plurality of encrypted keys is an encrypted data encryption key assigned to the computing system and a second encrypted key of the plurality of encrypted keys is an encrypted data encryption key assigned to a user; andin response to the indication: extracting the first encrypted key from the encrypted file;decrypting the first encrypted key to obtain a copy of a data encryption key;discarding the first encrypted key;decrypting the encrypted file using the copy of the data encryption key to obtain a decrypted file; andproviding the decrypted file to a secondary storage system for backup to the secondary storage device. 11. The method of claim 10, wherein decrypting the first encrypted key comprises: providing the first encrypted key to a storage manager; andreceiving the copy of the data encryption key from the storage manager, wherein the storage manager is configured to store a first asymmetric key of a first asymmetric key pair associated with the computing system, the first asymmetric key corresponding to a second asymmetric key of the asymmetric key pair, the second asymmetric key stored by the computing system. 12. The method of claim 10, further comprising: obtaining a second asymmetric key pair associated with the computing system, the second asymmetric key pair comprising a third asymmetric key and a fourth asymmetric key corresponding to the third asymmetric key;encrypting the data encryption key using the third asymmetric key to obtain a third encrypted key; andembedding the third encrypted key with the encrypted version of the file. 13. The method of claim 12, further comprising providing the fourth asymmetric key to a storage manager. 14. The method of claim 10, wherein the plurality of encrypted keys includes a fourth encrypted key assigned to a second user. 15. The method of claim 10, wherein, in response to the user being authorized to access the file, the method further comprises: obtaining a third asymmetric key pair associated with the user, the third asymmetric key pair comprising a fifth asymmetric key and a sixth asymmetric key corresponding to the fifth asymmetric key;encrypting the copy of the data encryption key with the fifth asymmetric key to obtain the second encrypted key. 16. The method of claim 15, wherein the method further comprises: obtaining a passphrase for the user;hashing the passphrase to obtain a modified passphrase; andencrypting the sixth asymmetric key using the modified passphrase. 17. The method of claim 16, wherein hashing the passphrase to obtain the modified passphrase further comprises performing a hashing algorithm a plurality of times, thereby reducing the probability that unauthorized attempts to access the passphrase are successful. 18. The method of claim 16, wherein the passphrase for the user corresponds to a password used by the user to access the computing system.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (183)
Yuval Ofek ; Zoran Cakeljic ; Samuel Krikler IL; Sharon Galtzur IL; Michael Hirsch IL; Dan Arnon ; Peter Kamvysselis, Apparatus and methods for copying, backing up, and restoring data using a backup segment size larger than the storage block size.
Kitamura,Yuuji, Apparatus, method, and program product for secure data formatting and retriving, and computer readable transportable data recording medium storing the program product.
Griffin David (Maynard MA) Campbell Jonathan (Acton MA) Reilly Michael (Sterling MA) Rosenbaum Richard (Pepperell MA), Arrangement with cooperating management server node and network service node.
Nakano Toshio (Odawara JPX) Nozawa Masafumi (Odawara JPX) Kurano Akira (Odawara JPX) Hisano Kiyoshi (Odawara JPX) Hoshino Masayuki (Odawara JPX), Backup control method and system in data processing system using identifiers for controlling block data transfer.
Kitajima Hiroyuki (Yokohama) Yamamoto Akira (Yokohama) Doi Takashi (Hadano) Nozawa Masafumi (Odawara JPX), Buffered peripheral system and method for backing up and retrieving data to and from backup memory device.
Myers James J. (San Francisco CA) Wang Pong-Sheng (San Jose CA), CPU implemented method for backing up modified data sets in non-volatile store for recovery in the event of CPU failure.
Cole Leo J. (Raleigh NC) Frantz Curtis J. (Durham NC) Lee Jeannette (Raleigh NC) Ordanic Zvonimir (Raleigh NC) Plank Larry K. (Rochester MN), Centralized management in a computer network.
Carpenter Kelly S. (Fremont CA) Dearing Gerard M. (San Jose CA) Nick Jeffrey M. (Fishkill NY) Strickland Jimmy P. (Saratoga CA) Swanson Michael D. (Poughkeepsie NY) Wilkinson Wendell W. (Hyde Park NY, Coherence controls for store-multiple shared data coordinated by cache directory entries in a shared electronic storage.
Senator Steven T. ; Fuller Billy J., Computer system method and apparatus providing for various versions of a file without requiring data copy or log operati.
Fecteau Jean G. (Toronto NY CAX) Gdaniec Joseph M. (Vestal NY) Hennessy James P. (Endicott NY) MacDonald John F. (Vestal NY) Osisek Damian L. (Vestal NY), Computer system which supports asynchronous commitment of data.
Prahlad, Anand; Muller, Marcus S.; Kottomtharayil, Rajiv; Kavuri, Srinivas; Gokhale, Parag; Vijayan, Manoj, Data object store and server for a cloud storage environment, including data deduplication and data management across multiple cloud storage sites.
Dunphy William E. (Westminster CO) Halladay Steven M. (Louisville CO) Moy Michael E. (Lafayette CO) Munro Frederick G. (Broomfield CO), Data storage and protection system.
Yanai Moshe (Framingham MA) Vishlitzky Natan (Brookline MA) Alterescu Bruno (Newton MA) Castel Daniel (Framingham MA) Shklarsky Gadi (Brookline MA), Data storage system controlled remote data mirroring with respectively maintained data indices.
Fortier Richard W. (Acton MA) Mastors Robert M. (Ayer MA) Taylor Tracy M. (Upton MA) Wallace John J. (Franklin MA), Digital data processor with improved backup storage.
Kenley Gregory (Northboro MA) Ericson George (Schrewsbury MA) Fortier Richard (Acton MA) Holland Chuck (Northboro MA) Mastors Robert (Ayer MA) Pownell James (Natick MA) Taylor Tracy (Upton MA) Wallac, Digital data storage system with improved data migration.
Xu Yikang ; Vahalia Uresh K. ; Jiang Xiaoye ; Gupta Uday ; Tzelnic Percy, File server system using file system storage, data movers, and an exchange of meta data among data movers for file locking and direct access to shared file systems.
Lagueux, Jr., Richard A.; Stave, Joel H.; Yeaman, John B.; Stevens, Brian E.; Higgins, Robert M.; Collins, James M., Graphical user interface for configuration of a storage system.
Urevig Paul D. ; Malnati James R. ; Ethen Donald J. ; Weber Herbert L., Grouping shared resources into one or more pools and automatically re-assigning shared resources from where they are not currently needed to where they are needed.
Prahlad,Anand; Kavuri,Srinivas; Madeira,Andre Duque; Lunde,Norman R.; Bunte,Alan G.; May,Andreas; Schwartz,Jeremy, Hierarchical systems and methods for providing a unified view of storage information.
Dechant Thomas E. (Bainbridge OH) Glaser Edward L. (Santa Monica CA) Pitt Paul E. (Santa Monica CA) Way Frederick (Cleveland Heights OH), Information storage and retrieval system.
Barney Rock D. ; Schwols Keith ; Nelson Ellen M., Integration of a database into file management software for protecting, tracking and retrieving data.
Oshinsky, David Alan; Ignatius, Paul; Prahlad, Anand; May, Andreas, Logical view and access to data managed by a modular data and storage management system.
Oshinsky,David Alan; Ignatius,Paul; Prahlad,Anand; May,Andreas, Logical view and access to data managed by a modular data and storage management system.
Ignatius, Paul; Theisen, Marjorie H.; Oshinsky, David Alan; Kavuri, Srinivas, Logical view and access to physical storage in modular data and storage management system.
Prahlad,Anand; De Meno,Randy; Schwartz,Jeremy A.; McGuigan,James J., Logical view with granular access to exchange data managed by a modular data and storage management system.
Prahlad,Anand; Meno,Randy De; Schwartz,Jeremy A.; McGuigan,James J., Logical view with granular access to exchange data managed by a modular data and storage management system.
Martin Charles W. (Richardson TX) Reid Fredrick S. (Plano TX) Forbus Gary L. (Dallas TX) Adams Steve M. (Plano TX) Shannon C. Patrick (Garland TX) Pirpich Eric A. (Garland TX), Mass data storage and retrieval system.
Kedem Nadav,ILX, Mass storage subsystem and backup arrangement for digital data processing system which permits information to be backed up while host computer(s) continue(s) operating in connection with information .
Long Robert M., Media element library with non-overlapping subset of media elements and non-overlapping subset of media element drives accessible to first host and unaccessible to second host.
Hori, Yoshihiro; Kanai, Yuichi; Ohno, Ryoji; Ohishi, Takeo; Tada, Kenichiro; Hirai, Tatsuya; Tsuru, Masafumi; Hasebe, Takayuki, Method and apparatus for encrypting data to be secured and inputting/outputting the same.
Kullick Steven E. ; Spirakis Charles S. ; Titus Diane J., Method and apparatus for transferring archival data among an arbitrarily large number of computer devices in a networked.
Eastridge Lawrence E. (Tucson AZ) Kern Robert F. (Tucson AZ) Kern Ronald M. (Tucson AZ) Mikkelsen Claus W. (Morgan Hill CA) Ratliff James M. (Tucson AZ), Method and system for automated backup copy ordering in a time zero backup copy session.
Eastridge Lawrence E. (Tucson AZ) Kern Robert F. (Tucson AZ) Micka William F. (Tucson AZ) Mikkelsen Claus W. (Morgan Hill CA) Ratliff James M. (Tucson AZ), Method and system for automated termination and resumption in a time zero backup copy process.
Walter A. Hubis ; William G. Deitz, Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access .
Prahlad, Anand; Schwartz, Jeremy A.; Ngo, David; Brockway, Brian; Muller, Marcus S.; Gokhale, Parag; Kottomtharayil, Rajiv, Method and system for offline indexing of content and classifying stored data.
Aoyama Yuki,JPX ; Takahashi Toru,JPX ; Wakayama Satoshi,JPX, Method of and an apparatus for displaying version information and configuration information and a computer-readable recording medium on which a version and configuration information display program i.
Crescenti,John; Kavuri,Srinivas; Oshinsky,David Alan; Prahlad,Anand, Modular backup and retrieval system used in conjunction with a storage area network.
Pisello Thomas (De Bary FL) Crossmier David (Casselberry FL) Ashton Paul (Oviedo FL), Network management system having virtual catalog overview of files distributively stored across network domain.
Prahlad, Anand; Kottomtharayil, Rajiv; Kavuri, Srinivas; Gokhale, Parag; Vijayan, Manoj, Performing data storage operations in a cloud storage environment, including searching, encryption and indexing.
Crockett Robert N. (Tucson AZ) Kern Ronald M. (Tucson AZ) Micka William F. (Tucson AZ), Software directed microcode state save for distributed storage controller.
Retnamma,Manoj Vijayan; Amarendran,Arun; Kottomtharayil,Rajiv, System and method for combining data streams in pipelined storage operations in a storage network.
Vogl, Norbert George; Purdy, Geoffrey Hale; Flavin, Robert Alan; Feng, Yuan; Clarke, Jr., Edward Payson, System and method for dispatching and scheduling network transmissions with feedback.
Kottomtharayil,Rajiv; Gokhale,Parag; Prahlad,Anand; Vijayan Retnamma,Manoj Kumar; Ngo,David; Devassy,Varghese, System and method for dynamically performing storage operations in a computer network.
Kottomtharayil,Rajiv; Gokhale,Parag; Prahlad,Anand; Vijayan Retnamma,Manoj Kumar; Ngo,David; Devassy,Varghese, System and method for dynamically sharing media in a computer network.
Mutalik Madhav ; Senie Faith M., System and method for performing file-handling operations in a digital data processing system using an operating system-independent file map.
Kottomtharayil,Rajiv; Gokhale,Parag; Prahlad,Anand; Vijayan Retnamma,Manoj Kumar; Ngo,David; Devassy,Varghese, System and method for performing storage operations in a computer network.
Ignatius,Paul; Prahlad,Anand; Tyagarajan,Mahesh; Vijayan Retnamma,Manoj; Amarendran,Arun; Kottomtharayil,Rajiv, System and method for providing encryption in a storage network by storing a secured encryption key with encrypted archive data in an archive storage device.
Ignatius, Paul; Prahlad, Anand; Tyagarajan, Mahesh; Retnamma, Manoj Vijayan; Amarendran, Arun; Kottomtharayil, Rajiv, System and method for providing encryption in storage operations in a storage network, such as for use by application service providers that provide data storage services.
Ignatius, Paul; Prahlad, Anand; Tyagarajan, Mahesh; Vijayan Retnamma, Manoj; Amarendran, Arun; Kottomtharayil, Rajiv, System and method for providing encryption in storage operations in a storage network, such as for use by application service providers that provide data storage services.
Huai ReiJane (Old Brookville NY) Daly Robert (Ronkonkoma NY) Curti Walter (Dix Hills NY) Mohan Deepak (Huntington NY) Chueh James Kuang-Ru (Bayside NY) Louie Larry (Forest Hills NY), System and parallel streaming and data stripping to back-up a network.
Stoppani ; Jr. Peter (Woodinville WA), System for allocating storage spaces based upon required and optional service attributes having assigned piorities.
Capozzi ; Anthony J. ; Cordi ; Vincent A. ; Edson ; Bruce A., System for facilitating the copying back of data in disc and tape units of a memory hierarchial system.
Flynn Rex A. (Belmont MA) Anick Peter G. (Marlboro MA), System for reconstructing prior versions of indexes using records indicating changes between successive versions of the.
Saether Christian D. (Seattle WA) Stoppani ; Jr. Peter (Woodinville WA), System of device independent file directories using a tag between the directories and file descriptors that migrate with.
Kottomtharayil, Rajiv; Gokhale, Parag; Prahlad, Anand; Vijayan Retnamma, Manoj Kumar; Ngo, David; Devassy, Varghese, Systems and methods for performing storage operations in a computer network.
Kottomtharayil, Rajiv; Gokhale, Parag; Prahlad, Anand; Vijayan Retnamma, Manoj Kumar; Ngo, David; Devassy, Varghese, Systems and methods for sharing media in a computer network.
Kottomtharayil,Rajiv; Gokhale,Parag; Prahlad,Anand; Retnamma,Manoj Kumar Vijayan; Ngo,David; Devassy,Varghese, Systems and methods for sharing media in a computer network.
Prahlad, Anand; Schwartz, Jeremy Alan; Ngo, David; Brockway, Brian; Muller, Marcus S., Systems and methods for using metadata to enhance data identification operations.
Prahlad, Anand; Schwartz, Jeremy Alan; Ngo, David; Brockway, Brian; Muller, Marcus S., Systems and methods for using metadata to enhance data management operations.
Mourad,Magda M.; Munson,Jonathan P.; Nadeem,Tamer; Pacifici,Giovanni; Pistoia,Marco; Youssef,Alaa S., Transparent digital rights management for extendible content viewers.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.