Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low
Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited.
대표청구항▼
1. A method for storing data in an untrusted data store, the method being performed by a system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed by the processor, cause the system to perform the method, the method comprising: recei
1. A method for storing data in an untrusted data store, the method being performed by a system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed by the processor, cause the system to perform the method, the method comprising: receiving a first block of data for storage on a first partition of the untrusted data store;retrieving a first partition leader associated with the first partition, the first partition leader specifying first security parameters associated with the first partition;generating a first hash value of the first block of data;encrypting the first block of data;storing the encrypted first block of data in the first partition of the untrusted data store; andgenerating a first descriptor associated with the encrypted first block of data, the first descriptor comprising a location of the encrypted first block of data on the untrusted data store and the first hash value. 2. The method of claim 1, wherein the first security parameters specify a first encryption type associated with the first partition. 3. The method of claim 2, wherein the specified first encryption type comprises an indication of a first encryption algorithm associated with the first partition. 4. The method of claim 1, wherein the first security parameters comprise a first encryption key associated with the first partition, and wherein encrypting the first block of data comprises encrypting the first block of data using the first encryption key. 5. The method of claim 1, wherein the first security parameters comprise first hashing parameters associated with the first partition, and wherein generating the first hash value comprises computing the first hash value using the first hashing parameters. 6. The method of claim 1, wherein the method further comprises receiving a second block of data for storage on a second partition of the untrusted data store;retrieving a second partition leader associated with the second partition, the second partition leader specifying second security parameters associated with the second partition, the second security parameters being different, at least in part, from the first security parameters associated with the first partition;generating a second hash value of the second block of data;encrypting the second block of data;storing the encrypted second block of data in the second partition of the untrusted data store; andgenerating a second descriptor associated with the encrypted second block of data, the second descriptor comprising a location of the encrypted second block of data on the untrusted data store and the second hash value. 7. The method of claim 6, wherein the second security parameters specify a second encryption type associated with the second partition. 8. The method of claim 7, wherein the specified second encryption type comprises an indication of a second encryption algorithm associated with the second partition. 9. The method of claim 6, wherein the second security parameters comprise a second encryption key associated with the second partition, and wherein encrypting the second block of data comprises encrypting the second block of data using the second encryption key. 10. The method of claim 6, wherein the second security parameters comprise second hashing parameters associated with the second partition, and wherein generating the second hash value comprises computing the second hash value using the second hashing parameters. 11. A non-transitory computer-readable storage medium storing executable instructions that, when executed by a processor, cause the processor to perform a method for storing data in an untrusted data store comprising: receiving a first block of data for storage on a first partition of the untrusted data store;retrieving a first partition leader associated with the first partition, the first partition leader specifying first security parameters associated with the first partition;generating a first hash value of the first block of data;encrypting the first block of data;storing the encrypted first block of data in the first partition of the untrusted data store; andgenerating a first descriptor associated with the encrypted first block of data, the first descriptor comprising a location of the encrypted first block of data on the untrusted data store and the first hash value. 12. The non-transitory computer-readable storage medium of claim 11, wherein the first security parameters specify a first encryption type associated with the first partition. 13. The non-transitory computer-readable storage medium of claim 12, wherein the specified first encryption type comprises an indication of a first encryption algorithm associated with the first partition. 14. The non-transitory computer-readable storage medium of claim 11, wherein the first security parameters comprise a first encryption key associated with the first partition, and wherein encrypting the first block of data comprises encrypting the first block of data using the first encryption key. 15. The non-transitory computer-readable storage medium of claim 11, wherein the first security parameters comprise first hashing parameters associated with the first partition, and wherein generating the first hash value comprises computing the first hash value using the first hashing parameters. 16. The non-transitory computer-readable storage medium of claim 11, wherein the method further comprises receiving a second block of data for storage on a second partition of the untrusted data store;retrieving a second partition leader associated with the second partition, the second partition leader specifying second security parameters associated with the second partition, the second security parameters being different, at least in part, from the first security parameters associated with the first partition;generating a second hash value of the second block of data;encrypting the second block of data;storing the encrypted second block of data in the second partition of the untrusted data store; andgenerating a second descriptor associated with the encrypted second block of data, the second descriptor comprising a location of the encrypted second block of data on the untrusted data store and the second hash value. 17. The non-transitory computer-readable storage medium of claim 16, wherein the second security parameters specify a second encryption type associated with the second partition. 18. The non-transitory computer-readable storage medium of claim 17, wherein the specified second encryption type comprises an indication of a second encryption algorithm associated with the second partition. 19. The non-transitory computer-readable storage medium of claim 16, wherein the second security parameters comprise a second encryption key associated with the second partition, and wherein encrypting the second block of data comprises encrypting the second block of data using the second encryption key. 20. The non-transitory computer-readable storage medium of claim 16, wherein the second security parameters comprise second hashing parameters associated with the second partition and wherein generating the second hash value comprises computing the second hash value using the second hashing parameters.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (56)
Ober, Timothy; Reed, Peter; Doud, Robert W., Apparatus and method for implementing IPSEC transforms within an integrated circuit.
Erway, Charles Christopher; Küpçü, Alptekin; Papamanthou, Charalampos; Tamassia, Roberto, Apparatus, methods, and computer program products providing dynamic provable data possession.
Halter Bernard J. (Longmont CO) Bracco Alphonse M. (Reston VA) Johnson Donald B. (Manassas VA) Le An V. (Manassas VA) Matyas Stephen M. (Manassas VA) Prymak ; deceased Rostislaw (late of Dumfries VA , Method and system for multimedia access control enablement.
Asokan,Nadarajah; Ekberg,Jan Erik; Paatero,Lauri, Method, system and computer program product for a trusted counter in an external security element for securing a personal communication device.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
Shear Victor H. ; Van Wie David M. ; Weber Robert P., Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.