Method and apparatus for a secure and deduplicated write once read many virtual disk
First Claim
1. A method of preparing a secure write once read many virtual disk comprising the steps of:
- a. generating an encryption sequence;
b. storing the encryption sequence into a location on the virtual disk;
c. accessing a data file to be stored;
d. combining the data file with the encryption sequence forming a secure data file, wherein the encryption sequence is at least of equal size to the data file; and
e. storing the secure data file into the same location on the virtual disk in which the encryption sequence was previously stored.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus is provided for the operation of a secure and deduplicated write once read many virtual disk which exceeds the write performance of traditional cryptographic methods. This is achieved through the utilization of a time-memory tradeoff via the empty space on a virtual disk at format time. Traditionally empty space is zeroed to indicate that data is not present. When implementing the apparatus, the empty space is filled with the output of a symmetric-key algorithm uniquely keyed for that specific disk. From an information theoretic point of view, the format operation stores cryptographically structured data, rather than purely redundant data, enabling the write operation that encodes data to be stored on the disk to operate without additional cryptographic computation. This reduced computation requirement for encoding enables the computation required deduplication to operate as if encoding was not being performed, resulting in a net throughput increase.
-
Citations
18 Claims
-
1. A method of preparing a secure write once read many virtual disk comprising the steps of:
-
a. generating an encryption sequence; b. storing the encryption sequence into a location on the virtual disk; c. accessing a data file to be stored; d. combining the data file with the encryption sequence forming a secure data file, wherein the encryption sequence is at least of equal size to the data file; and e. storing the secure data file into the same location on the virtual disk in which the encryption sequence was previously stored. - View Dependent Claims (2, 3)
-
-
4. A method of preparing a secure write once read many virtual disk comprising the steps of:
-
a. generating a random number for use as a key in a symmetric-key algorithm; b. using the key with the symmetric-key algorithm in counter mode to form a keystream; c. storing the keystream into a location on the virtual disk; d. accessing a data file to be stored; e. combining the data file with the keystream forming a secure data file, wherein the keystream is at least of equal size to the data file; and f. storing the secure data file into the same location on the virtual disk in which the keystream was previously stored. - View Dependent Claims (5, 6)
-
-
7. A method of preparing a secure and deduplicated write once read many virtual disk comprising the steps of:
-
a. generating a random number for use as a key in a symmetric-key algorithm; b. using the key with the symmetric-key algorithm in counter mode to form a keystream; c. storing the keystream into a location on the virtual disk; d. accessing a data file to be stored; e. deduplicating the data file to form a deduplicated data file; f. combining the deduplicated data file with the keystream forming a secure and deduplicated data file, wherein the keystream is at least of equal size to the data file; and g. storing the secure and deduplicated data file into the same location on the virtual disk in which the keystream was previously stored. - View Dependent Claims (8, 9, 10)
-
-
11. A secure write once read many virtual disk system comprising:
-
a. a system element for forming an encryption sequence and storing the encryption sequence into a location on the virtual disk; b. a processor for combining a data file with the encryption sequence to form a secure data file, wherein the secure data file is stored into the same location on the virtual disk in which the encryption sequence was previously stored, wherein the encryption sequence is at least of equal size to the data file.
-
-
12. A secure write once read many virtual disk system comprising:
-
a. a system element for generating a random number for use as a key in a symmetric-key algorithm; b. a processor for using the key with the symmetric-key algorithm in counter mode to form a keystream wherein the processor stores the keystream into a location on the virtual disk; and c. the processor is configured to access a data file to be stored and combing the data file with the keystream to form a secure data file, wherein the secure data file is stored into the same location on the virtual disk in which the keystream was previously stored, and further wherein the keystream is at least of equal size to the data file. - View Dependent Claims (13, 14)
-
-
15. A secure and deduplicated write once read many virtual disk system comprising:
-
a. a random number generator for generating a key for use in a symmetric-key algorithm; b. a processor for using the key with the symmetric-key algorithm in counter mode to form a keystream and storing the keystream into a location on the virtual disk; c. the processor configured to access a data file to be stored and to deduplicate the data file to form a deduplicated data file; d. the processor configured to combine the deduplicated data file with the keystream forming a secure and deduplicated data file, wherein the secure and deduplicated data file is stored into the same location on the virtual disk in which the keystream was previously stored, and further wherein the keystream is at least of equal size to the data file. - View Dependent Claims (16, 17, 18)
-
Specification