Data encryption in a network memory architecture for providing data based on local accessibility

US 10,091,172 B1
Filed: 05/06/2016
Issued: 10/02/2018
Est. Priority Date: 08/12/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A network memory system, comprising:

a source-site appliance comprising a first processor and a first memory device, and configured to be coupled to a source-site computer via a source-site local area network; and

a destination-site appliance comprising a second processor and a second memory device, and configured to be coupled to a destination-site computer via a destination-site local area network, the source-site computer in communication with the destination-site computer via a wide area network;

the source-site appliance configured to intercept original data sent from the source-site computer to the destination-site computer, encrypt the original data to generate encrypted data, store the encrypted data in the first memory device, determine whether a representation of the original data exists in the second memory device, and transmit a store instruction comprising the original data if the representation of the original data does not exist in the second memory device; and

the destination-site appliance configured to receive the store instruction from the source-site appliance, encrypt the original data received with the store instruction at the destination-site appliance to generate encrypted received data, store the encrypted received data in the second memory device, subsequently receive a retrieve instruction comprising an index at which the encrypted received data is stored in the second memory device, process the retrieve instruction to obtain encrypted response data comprising at least a portion of the encrypted received data, and decrypt the encrypted response data.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network memory system is disclosed. The network memory system comprises a first appliance configured to encrypt first data, and store the encrypted first data in a first memory device. The first appliance also determines whether the first data is available in a second appliance and transmits a store instruction comprising the first data based on the determination that the first data does not exist in the second appliance. The second appliance is configured to receive the store instruction from the first appliance comprising the first data, encrypt the first data, and store the encrypted first data in a second memory device. The second appliance is further configured to receive a retrieve instruction comprising a location indicator indicating where the encrypted first data is stored, process the retrieve instruction to obtain encrypted response data, and decrypt the encrypted response data.

366 Citations

20 Claims

1. A network memory system, comprising:
- a source-site appliance comprising a first processor and a first memory device, and configured to be coupled to a source-site computer via a source-site local area network; and
  
  a destination-site appliance comprising a second processor and a second memory device, and configured to be coupled to a destination-site computer via a destination-site local area network, the source-site computer in communication with the destination-site computer via a wide area network;
  
  the source-site appliance configured to intercept original data sent from the source-site computer to the destination-site computer, encrypt the original data to generate encrypted data, store the encrypted data in the first memory device, determine whether a representation of the original data exists in the second memory device, and transmit a store instruction comprising the original data if the representation of the original data does not exist in the second memory device; and
  
  the destination-site appliance configured to receive the store instruction from the source-site appliance, encrypt the original data received with the store instruction at the destination-site appliance to generate encrypted received data, store the encrypted received data in the second memory device, subsequently receive a retrieve instruction comprising an index at which the encrypted received data is stored in the second memory device, process the retrieve instruction to obtain encrypted response data comprising at least a portion of the encrypted received data, and decrypt the encrypted response data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The network memory system of claim 1, wherein the destination-site appliance is further configured to transmit the decrypted response data to the destination-site computer.
  - 3. The network memory system of claim 1, wherein the destination-site appliance is configured to encrypt the original data using an Advanced Encryption Scheme algorithm.
  - 4. The network memory system of claim 1, wherein the destination-site appliance is configured to encrypt the original data using a Data Encryption Scheme algorithm.
  - 5. The network memory system of claim 1, wherein the destination-site appliance is configured to encrypt the original data using a Triple Data Encryption Scheme algorithm.
  - 6. The network memory system of claim 1, wherein the source-site appliance is configured to determine whether a representation of the original data exists in the second memory device by identifying sync points in the original data having matches in locally accessible data stored in the first memory device, performing at one or more of the sync points, a forward and backward memory comparison to identify a size of a matching region, and determining a non-locally accessible portion of the original data outside the matching region that is not locally accessible at the destination-site appliance.
  - 7. The network memory system of claim 6, wherein the source-site appliance is further configured to identify the sync points in the original data by (i) determining hash values corresponding to different byte locations of the original data, (ii) finely filtering the hash values using a fine filter to determine a finely filtered set of the hash values corresponding to fine sync points, and coarsely filtering the hash values using a coarse filter to determine a coarsely filtered set of the hash values corresponding to coarse sync points, and (iii) determining from the finely filtered set of the hash values and the coarsely filtered set of the hash values, a plurality of hash values matching hash values of the locally accessible data.

8. A method for ensuring compliance in network memory, the method comprising:
- in a source-site appliance, intercepting original data sent from a source-site computer to a destination-site computer, the source-site appliance coupled to the source-site computer via a source-site local area network and the source-site computer in communication with the destination-site computer via a wide area network;
  
  encrypting the original data to generate encrypted data;
  
  storing the encrypted data in a first memory device within the source-site appliance;
  
  determining whether a representation of the original data exists in a destination-site appliance, the destination-site appliance coupled to the destination-site computer via a destination-site local area network;
  
  transmitting a store instruction comprising the original data from the source-site appliance based on the determination that the representation of the original data does not exist in the destination-site appliance;
  
  receiving the store instruction into the destination-site appliance;
  
  encrypting the original data received with the store instruction at the destination-site appliance to generate encrypted received data;
  
  storing the encrypted received data in a second memory device within the destination-site appliance;
  
  subsequently receiving a retrieve instruction into the destination-site appliance, the retrieve instruction comprising an index at which the encrypted received data is stored;
  
  in the destination-site appliance, processing the retrieve instruction to obtain encrypted response data comprising at least a portion of the encrypted received data; and
  
  in the destination-site appliance, decrypting the encrypted response data.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising transmitting the decrypted response data from the destination-site appliance to the destination-site computer.
  - 10. The method of claim 8, further comprising encrypting the original data using an Advanced Encryption Scheme algorithm.
  - 11. The method of claim 8, further comprising encrypting the original data using a Data Encryption Scheme algorithm.
  - 12. The method of claim 8, further comprising encrypting the original data using a Triple Data Encryption Scheme algorithm.
  - 13. The method of claim 8, wherein determining whether a representation of the original data exists in the second memory device comprises:
    - identifying sync points in the original data having matches in locally accessible data stored in the first memory device;
      
      performing at one or more of the sync points, a forward and backward memory comparison to identify a size of a matching region; and
      
      determining a non-locally accessible portion of the original data outside the matching region that is not locally accessible at the destination-site appliance.
  - 14. The method of claim 13, wherein identifying the sync points in the original data comprises:
    - determining hash values corresponding to different byte locations of the original data;
      
      finely filtering the hash values using a fine filter to determine a finely filtered set of the hash values corresponding to fine sync points, and coarsely filtering the hash values using a coarse filter to determine a coarsely filtered set of the hash values corresponding to coarse sync points; and
      
      determining from the finely filtered set of the hash values and the coarsely filtered set of the hash values, a plurality of hash values matching hash values of the locally accessible data.

15. A network memory system comprising:
- a first non-transitory computer-readable storage medium storing first instructions that when executed causing a first processor to perform steps comprising;
  
  encrypting the original data to generate encrypted data;
  
  storing the encrypted data in a first memory device within the source-site appliance;
  
  determining whether a representation of the original data exists in a destination-site appliance, the destination-site appliance coupled to the destination-site computer via a destination-site local area network;
  
  transmitting a store instruction comprising the original data from the source-site appliance based on the determination that the representation of the original data does not exist in the destination-site appliance;
  
  a second non-transitory computer-readable storage medium storing second instructions that when executed causing a second processor to perform steps comprising;
  
  receiving the store instruction into the destination-site appliance;
  
  encrypting the original data received with the store instruction at the destination-site appliance to generate encrypted received data;
  
  storing the encrypted received data in a second memory device within the destination-site appliance;
  
  subsequently receiving a retrieve instruction into the destination-site appliance, the retrieve instruction comprising an index at which the encrypted received data is stored;
  
  in the destination-site appliance, processing the retrieve instruction to obtain encrypted response data comprising at least a portion of the encrypted received data; and
  
  in the destination-site appliance, decrypting the encrypted response data.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The network memory system of claim 15, wherein the second instructions when executed cause the second processor to transmit the decrypted response data to the destination-site computer.
  - 17. The network memory system of claim 15, wherein encrypting the original data comprises applying an Advanced Encryption Scheme algorithm.
  - 18. The network memory system of claim 15, wherein encrypting the original data comprises applying a Data Encryption Scheme algorithm.
  - 19. The network memory system of claim 15, wherein determining whether a representation of the original data exists in the second memory device comprises:
    - identifying sync points in the original data having matches in locally accessible data stored in the first memory device;
      
      performing at one or more of the sync points, a forward and backward memory comparison to identify a size of a matching region; and
      
      determining a non-locally accessible portion of the original data outside the matching region that is not locally accessible at the destination-site appliance.
  - 20. The network memory system of claim 15, wherein identifying the sync points in the original data comprises:
    - determining hash values corresponding to different byte locations of the original data;
      
      finely filtering the hash values using a fine filter to determine a finely filtered set of the hash values corresponding to fine sync points, and coarsely filtering the hash values using a coarse filter to determine a coarsely filtered set of the hash values corresponding to coarse sync points; and
      
      determining from the finely filtered set of the hash values and the coarsely filtered set of the hash values, a plurality of hash values matching hash values of the locally accessible data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Silver Peak Systems Incorporated (Hewlett-Packard Enterprise Company)
Inventors
Hughes, David Anthony
Primary Examiner(s)
Rutz, Jared
Assistant Examiner(s)
Ayash, Marwan

Application Number

US15/148,671
Time in Patent Office

879 Days
Field of Search
US Class Current
CPC Class Codes

G06F 3/0605   by facilitating the interac...

G06F 3/0623   in relation to content

G06F 3/0647   Migration mechanisms

G06F 3/065   Replication mechanisms

G06F 3/067   Distributed or networked st...

H03M 7/30   Compression speech analysis...

H04L 12/66   Arrangements for connecting...

H04L 2209/12   Details relating to cryptog...

H04L 41/12   Discovery or management of ...

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/0471   applying encryption by an i...

H04L 63/061   for key exchange, e.g. in p...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/1097   for distributed storage of ...

H04L 67/56   Provisioning of proxy servi...

H04L 67/564   Enhancement of application ...

H04L 67/5651   Reducing the amount or size...

H04L 67/568 : Storing data temporarily at...

H04L 9/3234 : involving additional secure...

View All

Data encryption in a network memory architecture for providing data based on local accessibility

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

366 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data encryption in a network memory architecture for providing data based on local accessibility

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

366 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links