WO2010057191A8 - Storage security using cryptographic splitting - Google Patents

Storage security using cryptographic splitting Download PDF

Info

Publication number
WO2010057191A8
WO2010057191A8 PCT/US2009/064810 US2009064810W WO2010057191A8 WO 2010057191 A8 WO2010057191 A8 WO 2010057191A8 US 2009064810 W US2009064810 W US 2009064810W WO 2010057191 A8 WO2010057191 A8 WO 2010057191A8
Authority
WO
WIPO (PCT)
Prior art keywords
volume
client device
client
data
session key
Prior art date
Application number
PCT/US2009/064810
Other languages
French (fr)
Other versions
WO2010057191A3 (en
WO2010057191A2 (en
Inventor
David Dodgson
Joseph Neill
Ralph R. Farina
Edward Chin
Albert French
Scott Summers
Robert Johnson
Original Assignee
Unisys Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US12/272,012 external-priority patent/US20100125730A1/en
Priority claimed from US12/336,562 external-priority patent/US20100154053A1/en
Priority claimed from US12/336,558 external-priority patent/US20100153740A1/en
Priority claimed from US12/336,559 external-priority patent/US20100153703A1/en
Priority claimed from US12/336,568 external-priority patent/US20100150341A1/en
Priority claimed from US12/336,564 external-priority patent/US8392682B2/en
Application filed by Unisys Corporation filed Critical Unisys Corporation
Priority to EP09796510A priority Critical patent/EP2359294A2/en
Priority to AU2009313746A priority patent/AU2009313746A1/en
Publication of WO2010057191A2 publication Critical patent/WO2010057191A2/en
Publication of WO2010057191A3 publication Critical patent/WO2010057191A3/en
Publication of WO2010057191A8 publication Critical patent/WO2010057191A8/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Abstract

Methods and systems for storing data securely and presenting a virtual disk in a secure data storage network are disclosed. One method includes receiving at a secure storage appliance a block of data for storage on a volume, the volume associated with a plurality of shares distributed across a plurality of physical storage devices. Another method includes receiving client credentials from a client device, the client credentials including a client identifier. The method also includes cryptographically splitting the block of data received by the secure storage appliance into a plurality of secondary data blocks. The method further includes encrypting each of the plurality of secondary data blocks with a different session key, each session key associated with at least one of the plurality of shares. The method also includes storing each data block and associated session key at the corresponding share, remote from the secure storage appliance. The method also includes authenticating the client device at a secure storage device. The method further includes determining a volume is associated with the client device based upon the client identifier, the volume associated with a plurality of shares stored on a corresponding plurality of physical storage devices. The method also includes, upon determining the volume is associated with the client device, presenting the volume to the client device.
PCT/US2009/064810 2008-11-17 2009-11-17 Storage security using cryptographic splitting WO2010057191A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP09796510A EP2359294A2 (en) 2008-11-17 2009-11-17 Storage security using cryptographic splitting
AU2009313746A AU2009313746A1 (en) 2008-11-17 2009-11-17 Storage security using cryptographic splitting

Applications Claiming Priority (12)

Application Number Priority Date Filing Date Title
US12/272,012 US20100125730A1 (en) 2008-11-17 2008-11-17 Block-level data storage security system
US12/272,012 2008-11-17
US12/336,562 US20100154053A1 (en) 2008-12-17 2008-12-17 Storage security using cryptographic splitting
US12/336,559 2008-12-17
US12/336,558 US20100153740A1 (en) 2008-12-17 2008-12-17 Data recovery using error strip identifiers
US12/336,568 2008-12-17
US12/336,564 2008-12-17
US12/336,559 US20100153703A1 (en) 2008-12-17 2008-12-17 Storage security using cryptographic splitting
US12/336,562 2008-12-17
US12/336,568 US20100150341A1 (en) 2008-12-17 2008-12-17 Storage security using cryptographic splitting
US12/336,558 2008-12-17
US12/336,564 US8392682B2 (en) 2008-12-17 2008-12-17 Storage security using cryptographic splitting

Publications (3)

Publication Number Publication Date
WO2010057191A2 WO2010057191A2 (en) 2010-05-20
WO2010057191A3 WO2010057191A3 (en) 2010-11-11
WO2010057191A8 true WO2010057191A8 (en) 2011-03-03

Family

ID=42115942

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/US2009/064818 WO2010057194A2 (en) 2008-11-17 2009-11-17 Storage security using cryptographic splitting
PCT/US2009/064810 WO2010057191A2 (en) 2008-11-17 2009-11-17 Storage security using cryptographic splitting

Family Applications Before (1)

Application Number Title Priority Date Filing Date
PCT/US2009/064818 WO2010057194A2 (en) 2008-11-17 2009-11-17 Storage security using cryptographic splitting

Country Status (3)

Country Link
EP (2) EP2359294A2 (en)
AU (4) AU2009313749A1 (en)
WO (2) WO2010057194A2 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2747333A1 (en) * 2012-12-19 2014-06-25 Nagravision S.A. A secure storage system including a virtual safe device and a mobile secure storage device
TWI476629B (en) * 2012-12-26 2015-03-11 Chunghwa Telecom Co Ltd Data security and security systems and methods
GB2524561A (en) * 2014-03-27 2015-09-30 St Microelectronics Res & Dev Methods and apparatus for storing content
CN105282171B (en) * 2015-11-06 2018-04-27 北京大学深圳研究生院 A kind of safe and reliable distributed cloud storage method
DE102016115193A1 (en) * 2016-08-16 2018-02-22 Fujitsu Technology Solutions Intellectual Property Gmbh Method for secure data storage in a computer network

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2358980A1 (en) * 2001-10-12 2003-04-12 Karthika Technologies Inc. Distributed security architecture for storage area networks (san)
EP1952575B1 (en) * 2005-11-18 2017-12-27 Security First Corp. Secure data parser method and system

Also Published As

Publication number Publication date
WO2010057191A3 (en) 2010-11-11
WO2010057191A2 (en) 2010-05-20
WO2010057194A2 (en) 2010-05-20
AU2016210698A1 (en) 2016-08-25
AU2009313749A1 (en) 2011-07-07
AU2018236853B2 (en) 2020-07-09
EP2359297A2 (en) 2011-08-24
EP2359294A2 (en) 2011-08-24
WO2010057194A3 (en) 2010-08-05
AU2018236853A1 (en) 2018-10-18
AU2009313746A1 (en) 2011-07-07

Similar Documents

Publication Publication Date Title
MX2022003019A (en) Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography.
WO2010057199A3 (en) Storage and retrieval of crytographically-split data blocks to/from multiple storage devices
WO2010057151A3 (en) Block-level data storage security system
WO2013081983A3 (en) Migrating authenticated content towards content consumer
AU2012225621A8 (en) Secure file sharing method and system
GB2496354B (en) A method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors
RU2020106575A (en) GENERATION OF CERTIFICATE OF KEY APPROVAL WITH PROVIDING ANONYMOUS DEVICE
US20140122888A1 (en) Method for password based authentication and apparatus executing the method
WO2012096791A3 (en) Methods and systems for distributing cryptographic data to authenticated recipients
WO2007121190A3 (en) Method and apparatus for binding multiple authentications
EP1953670A3 (en) System and method of storage device data encryption and data access
CN104219228A (en) User registration and user identification method and user registration and user identification system
WO2016144257A3 (en) Method and system for facilitating authentication
WO2009158086A3 (en) Techniques for ensuring authentication and integrity of communications
GB2514055A (en) Bluetooth pairing system, method, and apparatus
WO2008121157A3 (en) Cryptographic key management system facilitating secure access of data portions to corresponding groups of users
WO2011159715A3 (en) Key management systems and methods for shared secret ciphers
GB2541586A (en) Password-based authentication
WO2013114125A3 (en) A method and database system for secure storage and communication of information
WO2006067739A3 (en) Method and device for key generation and proving authenticity
EP2398208A3 (en) Method for securing transmission data and security system for implementing the same
WO2012092072A3 (en) System and method for mutually authenticated cryptographic key exchange using matrices
RU2013140418A (en) SAFE ACCESS TO PERSONAL HEALTH RECORDS IN EMERGENCIES
WO2010057191A3 (en) Storage security using cryptographic splitting
CN102739687A (en) Application service network access method and system based on identifier

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09796510

Country of ref document: EP

Kind code of ref document: A2

WWE Wipo information: entry into national phase

Ref document number: 2009796510

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2009313746

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 4604/DELNP/2011

Country of ref document: IN

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2009313746

Country of ref document: AU

Date of ref document: 20091117

Kind code of ref document: A