Method and apparatus for a secure and deduplicated write once read many virtual disk

US 10,320,558 B2
Filed: 04/19/2013
Issued: 06/11/2019
Est. Priority Date: 05/07/2012
Status: Active Grant

First Claim

Patent Images

1. A method of preparing a secure write once read many virtual disk comprising the steps of:

a. generating an encryption sequence;

b. storing the encryption sequence into a location on the virtual disk;

c. accessing a data file to be stored;

d. combining the data file with the encryption sequence forming a secure data file, wherein the encryption sequence is at least of equal size to the data file; and

e. storing the secure data file into the same location on the virtual disk in which the encryption sequence was previously stored.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus is provided for the operation of a secure and deduplicated write once read many virtual disk which exceeds the write performance of traditional cryptographic methods. This is achieved through the utilization of a time-memory tradeoff via the empty space on a virtual disk at format time. Traditionally empty space is zeroed to indicate that data is not present. When implementing the apparatus, the empty space is filled with the output of a symmetric-key algorithm uniquely keyed for that specific disk. From an information theoretic point of view, the format operation stores cryptographically structured data, rather than purely redundant data, enabling the write operation that encodes data to be stored on the disk to operate without additional cryptographic computation. This reduced computation requirement for encoding enables the computation required deduplication to operate as if encoding was not being performed, resulting in a net throughput increase.

Citations

18 Claims

1. A method of preparing a secure write once read many virtual disk comprising the steps of:
- a. generating an encryption sequence;
  
  b. storing the encryption sequence into a location on the virtual disk;
  
  c. accessing a data file to be stored;
  
  d. combining the data file with the encryption sequence forming a secure data file, wherein the encryption sequence is at least of equal size to the data file; and
  
  e. storing the secure data file into the same location on the virtual disk in which the encryption sequence was previously stored.
- View Dependent Claims (2, 3)
- - 2. The method according to claim 1 wherein the steps of generating and storing the encryption sequence can be performed in parallel using one of multiple CPUs, multi-core CPUs or a combination thereof.
  - 3. The method according to claim 1 wherein the step of combining comprises exclusive ORing the data file with the encryption sequence.

4. A method of preparing a secure write once read many virtual disk comprising the steps of:
- a. generating a random number for use as a key in a symmetric-key algorithm;
  
  b. using the key with the symmetric-key algorithm in counter mode to form a keystream;
  
  c. storing the keystream into a location on the virtual disk;
  
  d. accessing a data file to be stored;
  
  e. combining the data file with the keystream forming a secure data file, wherein the keystream is at least of equal size to the data file; and
  
  f. storing the secure data file into the same location on the virtual disk in which the keystream was previously stored.
- View Dependent Claims (5, 6)
- - 5. The method according to claim 4 wherein the steps of generating and storing the keystream can be performed in parallel using one of multiple CPUs, multi-core CPUs or a combination thereof.
  - 6. The method according to claim 4 wherein the step of combining comprises exclusive ORing the data file with the encryption sequence.

7. A method of preparing a secure and deduplicated write once read many virtual disk comprising the steps of:
- a. generating a random number for use as a key in a symmetric-key algorithm;
  
  b. using the key with the symmetric-key algorithm in counter mode to form a keystream;
  
  c. storing the keystream into a location on the virtual disk;
  
  d. accessing a data file to be stored;
  
  e. deduplicating the data file to form a deduplicated data file;
  
  f. combining the deduplicated data file with the keystream forming a secure and deduplicated data file, wherein the keystream is at least of equal size to the data file; and
  
  g. storing the secure and deduplicated data file into the same location on the virtual disk in which the keystream was previously stored.
- View Dependent Claims (8, 9, 10)
- - 8. The method according to claim 7 wherein the step of storing the encryption sequence can be performed in parallel using one of multiple CPUs, multi-core CPUs or a combination thereof.
  - 9. The method according to claim 7 wherein the step of combining comprises exclusive ORing the data file with the encryption sequence.
  - 10. The method according to claim 7 wherein the step of deduplicating the data file comprises eliminating duplicate copies of redundant data.

11. A secure write once read many virtual disk system comprising:
- a. a system element for forming an encryption sequence and storing the encryption sequence into a location on the virtual disk;
  
  b. a processor for combining a data file with the encryption sequence to form a secure data file, wherein the secure data file is stored into the same location on the virtual disk in which the encryption sequence was previously stored, wherein the encryption sequence is at least of equal size to the data file.

12. A secure write once read many virtual disk system comprising:
- a. a system element for generating a random number for use as a key in a symmetric-key algorithm;
  
  b. a processor for using the key with the symmetric-key algorithm in counter mode to form a keystream wherein the processor stores the keystream into a location on the virtual disk; and
  
  c. the processor is configured to access a data file to be stored and combing the data file with the keystream to form a secure data file, wherein the secure data file is stored into the same location on the virtual disk in which the keystream was previously stored, and further wherein the keystream is at least of equal size to the data file.
- View Dependent Claims (13, 14)
- - 13. The system according to claim 12 wherein the system element for generating a random number comprises a hardware based random number generator.
  - 14. The system according to claim 12 wherein the system element for generating a random number comprises a software based pseudorandom number generator.

15. A secure and deduplicated write once read many virtual disk system comprising:
- a. a random number generator for generating a key for use in a symmetric-key algorithm;
  
  b. a processor for using the key with the symmetric-key algorithm in counter mode to form a keystream and storing the keystream into a location on the virtual disk;
  
  c. the processor configured to access a data file to be stored and to deduplicate the data file to form a deduplicated data file;
  
  d. the processor configured to combine the deduplicated data file with the keystream forming a secure and deduplicated data file, wherein the secure and deduplicated data file is stored into the same location on the virtual disk in which the keystream was previously stored, and further wherein the keystream is at least of equal size to the data file.
- View Dependent Claims (16, 17, 18)
- - 16. The system according to claim 15 wherein the system element for generating a random number comprises a hardware based random number generator.
  - 17. The system according to claim 15 wherein the system element for generating a random number comprises a software based pseudorandom number generator.
  - 18. The system according to claim 15 wherein the processor is adapted to read the secure data file, by regenerating the keystream and using it to extract the data file from the secure data file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dark Signal Research, LLC
Original Assignee
Dark Signal Research, LLC
Inventors
Leventhal, David H, Barnitt, Robert F
Primary Examiner(s)
Bayou, Yonas A

Application Number

US13/866,257
Publication Number

US 20140157005A1
Time in Patent Office

2,244 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/79   in semiconductor storage me...

H04L 2209/125   Parallelization or pipelini...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0662   with particular pseudorando...

Method and apparatus for a secure and deduplicated write once read many virtual disk

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for a secure and deduplicated write once read many virtual disk

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links