AU2016210718A1 - Secure storage availability using cryptographic splitting - Google Patents

Secure storage availability using cryptographic splitting

Info

Publication number
AU2016210718A1
AU2016210718A1 AU2016210718A AU2016210718A AU2016210718A1 AU 2016210718 A1 AU2016210718 A1 AU 2016210718A1 AU 2016210718 A AU2016210718 A AU 2016210718A AU 2016210718 A AU2016210718 A AU 2016210718A AU 2016210718 A1 AU2016210718 A1 AU 2016210718A1
Authority
AU
Australia
Prior art keywords
storage
secure
appliance
secure storage
volume
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
AU2016210718A
Other versions
AU2016210718B2 (en
Inventor
Edward Chin
David Dodgson
Ralph R. Farina
Albert French
Joseph Neill
Scott Summers
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Unisys Corp
Original Assignee
Unisys Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US12/272,012 external-priority patent/US20100125730A1/en
Priority claimed from US12/336,568 external-priority patent/US20100150341A1/en
Priority claimed from US12/336,559 external-priority patent/US20100153703A1/en
Priority claimed from US12/336,562 external-priority patent/US20100154053A1/en
Priority claimed from US12/336,558 external-priority patent/US20100153740A1/en
Priority claimed from US12/336,564 external-priority patent/US8392682B2/en
Priority claimed from US12/342,500 external-priority patent/US8386798B2/en
Priority claimed from US12/342,523 external-priority patent/US20100162003A1/en
Priority claimed from US12/342,610 external-priority patent/US20100161981A1/en
Priority claimed from US12/342,414 external-priority patent/US20100162002A1/en
Priority claimed from US12/342,575 external-priority patent/US20100161964A1/en
Priority claimed from US12/342,438 external-priority patent/US8135980B2/en
Priority claimed from US12/342,636 external-priority patent/US20100162005A1/en
Priority claimed from US12/342,547 external-priority patent/US20100162004A1/en
Priority claimed from US12/342,464 external-priority patent/US20100162032A1/en
Priority claimed from US12/342,379 external-priority patent/US20100162001A1/en
Priority to AU2016210718A priority Critical patent/AU2016210718B2/en
Application filed by Unisys Corp filed Critical Unisys Corp
Publication of AU2016210718A1 publication Critical patent/AU2016210718A1/en
Application granted granted Critical
Publication of AU2016210718B2 publication Critical patent/AU2016210718B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0623Securing storage systems in relation to content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key

Abstract

A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage 5 network. In one aspect, a method includes assigning a volume to a primary secure storage appliance located in a secure data storage network, the secure data storage network including a plurality of secure data paths between the primary secure storage appliance and a client device 10 and a plurality of secure data paths between the secure storage appliance and a plurality of storage systems, the volume corresponding to physical storage at each of the plurality of storage systems. In another aspect, the volume presented as a virtual disk to a client device and 15 mapped to physical storage at each of a plurality of storage systems. The method also includes detecting a connectivity problem on at least one of the secure data paths. The method further includes assessing whether to reassign the volume to a different secure storage 20 appliance based upon the connectivity problem. The method also includes, upon detecting the failure of the primary secure storage appliance, reassigning the volume to a second secure storage appliance from among the plurality of secure storage appliances, thereby rendering the second 25 secure storage appliance a new primary secure storage appliance. STORAGE DEVICE STORAGE DEVICE SECURE STORAGE Admin APPLIANCE Device 12_0 APPLICATION SERVER DEVICE CLIENT DEVICE CLIENT DEVICE
AU2016210718A 2008-11-17 2016-08-04 Secure storage availability using cryptographic splitting Active AU2016210718B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2016210718A AU2016210718B2 (en) 2008-11-17 2016-08-04 Secure storage availability using cryptographic splitting

Applications Claiming Priority (35)

Application Number Priority Date Filing Date Title
US12/272,012 2008-11-17
US12/272,012 US20100125730A1 (en) 2008-11-17 2008-11-17 Block-level data storage security system
US12/336,559 US20100153703A1 (en) 2008-12-17 2008-12-17 Storage security using cryptographic splitting
US12/336,568 2008-12-17
US12/336,559 2008-12-17
US12/336,564 2008-12-17
US12/336,562 2008-12-17
US12/336,564 US8392682B2 (en) 2008-12-17 2008-12-17 Storage security using cryptographic splitting
US12/336,558 US20100153740A1 (en) 2008-12-17 2008-12-17 Data recovery using error strip identifiers
US12/336,562 US20100154053A1 (en) 2008-12-17 2008-12-17 Storage security using cryptographic splitting
US12/336,568 US20100150341A1 (en) 2008-12-17 2008-12-17 Storage security using cryptographic splitting
US12/336,558 2008-12-17
US12/342,547 2008-12-23
US12/342,575 2008-12-23
US12/342,438 2008-12-23
US12/342,610 US20100161981A1 (en) 2008-12-23 2008-12-23 Storage communities of interest using cryptographic splitting
US12/342,500 2008-12-23
US12/342,547 US20100162004A1 (en) 2008-12-23 2008-12-23 Storage of cryptographically-split data blocks at geographically-separated locations
US12/342,414 US20100162002A1 (en) 2008-12-23 2008-12-23 Virtual tape backup arrangement using cryptographically split storage
US12/342,414 2008-12-23
US12/342,464 US20100162032A1 (en) 2008-12-23 2008-12-23 Storage availability using cryptographic splitting
US12/342,379 US20100162001A1 (en) 2008-12-23 2008-12-23 Secure network attached storage device using cryptographic settings
US12/342,636 US20100162005A1 (en) 2008-12-23 2008-12-23 Storage communities of interest using cryptographic splitting
US12/342,379 2008-12-23
US12/342,610 2008-12-23
US12/342,500 US8386798B2 (en) 2008-12-23 2008-12-23 Block-level data storage using an outstanding write list
US12/342,438 US8135980B2 (en) 2008-12-23 2008-12-23 Storage availability using cryptographic splitting
US12/342,523 US20100162003A1 (en) 2008-12-23 2008-12-23 Retrieval of cryptographically-split data blocks from fastest-responding storage devices
US12/342,523 2008-12-23
US12/342,464 2008-12-23
US12/342,636 2008-12-23
US12/342,575 US20100161964A1 (en) 2008-12-23 2008-12-23 Storage communities of interest using cryptographic splitting
PCT/US2009/064820 WO2010057196A2 (en) 2008-11-17 2009-11-17 Secure storage availability using cryptographic splitting
AU2009313672A AU2009313672A1 (en) 2008-11-17 2009-11-17 Secure storage availability using cryptographic splitting
AU2016210718A AU2016210718B2 (en) 2008-11-17 2016-08-04 Secure storage availability using cryptographic splitting

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
AU2009313672A Division AU2009313672A1 (en) 2008-11-17 2009-11-17 Secure storage availability using cryptographic splitting

Publications (2)

Publication Number Publication Date
AU2016210718A1 true AU2016210718A1 (en) 2016-09-15
AU2016210718B2 AU2016210718B2 (en) 2018-10-25

Family

ID=42124888

Family Applications (7)

Application Number Title Priority Date Filing Date
AU2009313672A Abandoned AU2009313672A1 (en) 2008-11-17 2009-11-17 Secure storage availability using cryptographic splitting
AU2009313728A Abandoned AU2009313728A1 (en) 2008-11-17 2009-11-17 Storage communities of interest using cryptographic splitting
AU2009313675A Abandoned AU2009313675A1 (en) 2008-11-17 2009-11-17 Storage and retrieval of crytographically-split data blocks to/from multiple storage devices
AU2016210718A Active AU2016210718B2 (en) 2008-11-17 2016-08-04 Secure storage availability using cryptographic splitting
AU2016210716A Abandoned AU2016210716A1 (en) 2008-11-17 2016-08-04 Storage and retrieval of crytographically-split data blocks to/from multiple storage devices
AU2018236850A Ceased AU2018236850B2 (en) 2008-11-17 2018-09-28 Storage and retrieval of crytographically-split data blocks to/from multiple storage devices
AU2020200461A Active AU2020200461B2 (en) 2008-11-17 2020-01-22 Storage and retrieval of crytographically-split data blocks to/from multiple storage devices

Family Applications Before (3)

Application Number Title Priority Date Filing Date
AU2009313672A Abandoned AU2009313672A1 (en) 2008-11-17 2009-11-17 Secure storage availability using cryptographic splitting
AU2009313728A Abandoned AU2009313728A1 (en) 2008-11-17 2009-11-17 Storage communities of interest using cryptographic splitting
AU2009313675A Abandoned AU2009313675A1 (en) 2008-11-17 2009-11-17 Storage and retrieval of crytographically-split data blocks to/from multiple storage devices

Family Applications After (3)

Application Number Title Priority Date Filing Date
AU2016210716A Abandoned AU2016210716A1 (en) 2008-11-17 2016-08-04 Storage and retrieval of crytographically-split data blocks to/from multiple storage devices
AU2018236850A Ceased AU2018236850B2 (en) 2008-11-17 2018-09-28 Storage and retrieval of crytographically-split data blocks to/from multiple storage devices
AU2020200461A Active AU2020200461B2 (en) 2008-11-17 2020-01-22 Storage and retrieval of crytographically-split data blocks to/from multiple storage devices

Country Status (3)

Country Link
EP (3) EP2359249A2 (en)
AU (7) AU2009313672A1 (en)
WO (3) WO2010057196A2 (en)

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8725688B2 (en) 2008-09-05 2014-05-13 Commvault Systems, Inc. Image level copy or restore, such as image level restore without knowledge of data object metadata
GB2496111A (en) * 2011-10-28 2013-05-08 Intergence Systems Ltd Tracing the real-world storage location of critical data items to form part of physical network map
US9633216B2 (en) 2012-12-27 2017-04-25 Commvault Systems, Inc. Application of information management policies based on operation with a geographic entity
US9459968B2 (en) 2013-03-11 2016-10-04 Commvault Systems, Inc. Single index to query multiple backup formats
US9798596B2 (en) 2014-02-27 2017-10-24 Commvault Systems, Inc. Automatic alert escalation for an information management system
US9648100B2 (en) 2014-03-05 2017-05-09 Commvault Systems, Inc. Cross-system storage management for transferring data across autonomous information management systems
US9740574B2 (en) 2014-05-09 2017-08-22 Commvault Systems, Inc. Load balancing across multiple data paths
US11249858B2 (en) 2014-08-06 2022-02-15 Commvault Systems, Inc. Point-in-time backups of a production application made accessible over fibre channel and/or ISCSI as data sources to a remote application by representing the backups as pseudo-disks operating apart from the production application and its host
US9852026B2 (en) 2014-08-06 2017-12-26 Commvault Systems, Inc. Efficient application recovery in an information management system based on a pseudo-storage-device driver
US9766825B2 (en) 2015-07-22 2017-09-19 Commvault Systems, Inc. Browse and restore for block-level backups
US10296368B2 (en) 2016-03-09 2019-05-21 Commvault Systems, Inc. Hypervisor-independent block-level live browse for access to backed up virtual machine (VM) data and hypervisor-free file-level recovery (block-level pseudo-mount)
US10838821B2 (en) 2017-02-08 2020-11-17 Commvault Systems, Inc. Migrating content and metadata from a backup system
US10740193B2 (en) 2017-02-27 2020-08-11 Commvault Systems, Inc. Hypervisor-independent reference copies of virtual machine payload data based on block-level pseudo-mount
US10891069B2 (en) 2017-03-27 2021-01-12 Commvault Systems, Inc. Creating local copies of data stored in online data repositories
US10776329B2 (en) 2017-03-28 2020-09-15 Commvault Systems, Inc. Migration of a database management system to cloud storage
US11074140B2 (en) 2017-03-29 2021-07-27 Commvault Systems, Inc. Live browsing of granular mailbox data
US10664352B2 (en) 2017-06-14 2020-05-26 Commvault Systems, Inc. Live browsing of backed up data residing on cloned disks
GB2567146B (en) 2017-09-28 2022-04-13 Red Flint Llp Method and system for secure storage of digital data
US10795927B2 (en) 2018-02-05 2020-10-06 Commvault Systems, Inc. On-demand metadata extraction of clinical image data
US10789387B2 (en) 2018-03-13 2020-09-29 Commvault Systems, Inc. Graphical representation of an information management system
US11308034B2 (en) 2019-06-27 2022-04-19 Commvault Systems, Inc. Continuously run log backup with minimal configuration and resource usage from the source machine
US20230088566A1 (en) * 2019-12-31 2023-03-23 Nagravision S.A. Techniques for controlling access to segmented data

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6167531A (en) * 1998-06-18 2000-12-26 Unisys Corporation Methods and apparatus for transferring mirrored disk sets during system fail-over
US7391865B2 (en) * 1999-09-20 2008-06-24 Security First Corporation Secure data parser method and system
US7512673B2 (en) * 2001-01-11 2009-03-31 Attune Systems, Inc. Rule based aggregation of files and transactions in a switched file system
US20030188153A1 (en) * 2002-04-02 2003-10-02 Demoff Jeff S. System and method for mirroring data using a server
US6928514B2 (en) * 2002-08-05 2005-08-09 Lsi Logic Corporation Method and apparatus for teaming storage controllers
JP4601969B2 (en) * 2004-01-27 2010-12-22 株式会社日立製作所 File I / O controller
US7203871B2 (en) * 2004-06-03 2007-04-10 Cisco Technology, Inc. Arrangement in a network node for secure storage and retrieval of encoded data distributed among multiple network nodes
EP2264956B1 (en) * 2004-07-23 2017-06-14 Citrix Systems, Inc. Method for securing remote access to private networks
US7284020B2 (en) * 2004-09-01 2007-10-16 Hitachi, Ltd. System and method for data recovery in a storage system
US20070067644A1 (en) * 2005-08-26 2007-03-22 International Business Machines Corporation Memory control unit implementing a rotating-key encryption algorithm
US8880799B2 (en) * 2005-09-30 2014-11-04 Cleversafe, Inc. Rebuilding data on a dispersed storage network
US7574579B2 (en) * 2005-09-30 2009-08-11 Cleversafe, Inc. Metadata management system for an information dispersed storage system
CA2629015A1 (en) * 2005-11-18 2008-05-08 Rick L. Orsini Secure data parser method and system
EP2127204A2 (en) * 2006-12-08 2009-12-02 Unisys Corporation Securing multicast data

Also Published As

Publication number Publication date
WO2010057173A3 (en) 2010-10-07
EP2359249A2 (en) 2011-08-24
AU2020200461A1 (en) 2020-02-13
EP2359295A2 (en) 2011-08-24
AU2009313672A1 (en) 2011-07-07
WO2010057196A3 (en) 2011-12-29
WO2010057196A2 (en) 2010-05-20
WO2010057199A3 (en) 2011-03-17
AU2018236850A1 (en) 2018-10-18
AU2020200461B2 (en) 2021-10-07
AU2018236850B2 (en) 2020-07-09
AU2009313675A1 (en) 2011-07-07
AU2009313728A1 (en) 2011-07-07
WO2010057199A2 (en) 2010-05-20
EP2359298A2 (en) 2011-08-24
AU2016210716A1 (en) 2016-09-08
AU2016210718B2 (en) 2018-10-25
WO2010057173A2 (en) 2010-05-20

Similar Documents

Publication Publication Date Title
AU2016210718A1 (en) Secure storage availability using cryptographic splitting
WO2010141535A3 (en) Determining server utilization
GB2447094B (en) Entertainment device and method
WO2009105594A3 (en) Method and system for implementing a virtual storage pool in a virtual environment
WO2011046840A3 (en) Systems and methods to automatically generate a signature block
WO2013081983A3 (en) Migrating authenticated content towards content consumer
MX351105B (en) Client-side modification of search results based on social network data.
WO2014004810A3 (en) Inbox management
TW200513838A (en) System management infrastructure for corrective actions to servers with shared resources
GB0424149D0 (en) Virtual computing infrastructure
WO2010068237A3 (en) Deterministic session load-balancing and redundancy of access servers in a computer network
WO2012031044A3 (en) Methods and apparatus to cluster user data
GB0723276D0 (en) Method of anonymising an interaction between devices
WO2012162279A3 (en) Social data overlay
WO2010042449A3 (en) System for musically interacting avatars
WO2015013436A3 (en) Methods of identifying relevant content and subject matter expertise for online communities
ATE523008T1 (en) DISTRIBUTION OF MEDIA CONTENT USING CONTACT DETAILS
WO2006084205A3 (en) Methods and apparatus for optimizing identity management
WO2013002833A3 (en) Binding of cryptographic content using unique device characteristics with server heuristics
RU2012155862A (en) ONLINE SURVEILLANCE CONTROLS USING EXTENDED SIGNS OF THE CATALOG
WO2014052006A3 (en) Selecting anonymous users based on user location history
EP2564287A4 (en) Method and apparatus for providing cooperative user interface layer management with respect to inter-device communications
WO2013003611A3 (en) Systems and methods for identifying consumer electronic products using a playback device with a product identifier
WO2011152987A3 (en) Claim based content reputation service
WO2008046099A3 (en) System and method for diagnosis of and recommendations for remote processor system

Legal Events

Date Code Title Description
FGA Letters patent sealed or granted (standard patent)