Storing and retrieving ciphertext in data storage
First Claim
1. A system, comprising:
- a processor; and
a non-transitory storage medium storing data storage instructions and data retrieval instructions, the data storage instructions executable on the processor to;
compute a first ciphertext value for a first data chunk to be saved to a storage system, the first ciphertext value computed based on encrypting information of the first data chunk using, as an initial value for encryption, an encrypted chunk hash value associated with the first data chunk, the encrypted chunk hash value encrypted using an encryption key, the computing of the first ciphertext value responsive to an indication provided as part of deduplicating ciphertext values corresponding to data chunks to be stored by a storage operation to the storage system, wherein the indication is responsive to a determination that the encrypted chunk hash value associated with the first data chunk is not stored in an index, and the deduplicating of ciphertext values avoids storing a redundant ciphertext value in the storage system in response to a determination that an encrypted chunk hash value associated with a given data chunk is stored in the index; and
provide the first ciphertext value to a server for storage in the storage system, and provide the encrypted chunk hash value for storage in the index; and
the data retrieval instructions executable on the processor to;
in response to a request from a client for the first data chunk;
receive the encrypted chunk hash value associated with the first data chunk from the index;
decrypt the first ciphertext value for the first data chunk using the received encrypted chunk hash value;
decrypt the received encrypted chunk hash value to produce a decrypted chunk hash value;
determine, using the decrypted chunk hash value, whether the decrypted first ciphertext value corresponds to the first data chunk; and
accept or reject the decrypted first ciphertext value based on the determining.
2 Assignments
0 Petitions
Accused Products
Abstract
Storing and retrieving ciphertext in data storage can include determining a first ciphertext value for a first data chunk to be saved to a client-server data storage system using an encrypted chunk hash value associated with the first data chunk as an initial value, and storing the first data chunk on a server in the client-server data storage system in response to determining that the first ciphertext value is a unique ciphertext value. Also, storing and retrieving ciphertext in data storage can include decrypting a ciphertext value for a second data chunk received from a client in the client-server data storage system and based on an encrypted chunk hash value associated with the second data chunk, and sending the second data chunk to the client in response to determining that the decrypted ciphertext value corresponds to an original data chunk saved to the server by the client.
41 Citations
16 Claims
-
1. A system, comprising:
-
a processor; and a non-transitory storage medium storing data storage instructions and data retrieval instructions, the data storage instructions executable on the processor to; compute a first ciphertext value for a first data chunk to be saved to a storage system, the first ciphertext value computed based on encrypting information of the first data chunk using, as an initial value for encryption, an encrypted chunk hash value associated with the first data chunk, the encrypted chunk hash value encrypted using an encryption key, the computing of the first ciphertext value responsive to an indication provided as part of deduplicating ciphertext values corresponding to data chunks to be stored by a storage operation to the storage system, wherein the indication is responsive to a determination that the encrypted chunk hash value associated with the first data chunk is not stored in an index, and the deduplicating of ciphertext values avoids storing a redundant ciphertext value in the storage system in response to a determination that an encrypted chunk hash value associated with a given data chunk is stored in the index; and provide the first ciphertext value to a server for storage in the storage system, and provide the encrypted chunk hash value for storage in the index; and the data retrieval instructions executable on the processor to; in response to a request from a client for the first data chunk; receive the encrypted chunk hash value associated with the first data chunk from the index; decrypt the first ciphertext value for the first data chunk using the received encrypted chunk hash value; decrypt the received encrypted chunk hash value to produce a decrypted chunk hash value; determine, using the decrypted chunk hash value, whether the decrypted first ciphertext value corresponds to the first data chunk; and accept or reject the decrypted first ciphertext value based on the determining. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer readable medium storing instructions executable by a processing resource to cause a computer to:
-
cause storage of ciphertext values for data chunks in a storage system that performs deduplication of the ciphertext values using an index comprising encrypted chunk hash values for respective data chunks; calculate a first decryption value for a first data chunk in the storage system using an encryption key, an encrypted chunk hash value as an initial value for decryption, and a ciphertext associated with the first data chunk, the encrypted chunk hash value associated with the first data chunk and based on encryption of a hash value using an encryption key; calculate a second decryption value by decrypting the encrypted chunk hash value using the encryption key; calculate a hash of the first decryption value to produce a calculated hash value; and determine whether to accept or reject the first decryption value as equivalent to the first data chunk, based on comparing the calculated hash value and the second decryption value, wherein the instructions to cause the computer to, as part of the deduplication; determine whether the encrypted chunk hash value associated with the first data chunk is stored in the index; in response to determining that the encrypted chunk hash value associated with the first data chunk is not stored in the index; compute the ciphertext associated with the first data chunk by encrypting information of the first data chunk using as an initial value for encryption the encrypted chunk hash value; and store the ciphertext associated with the first data chunk in the storage system. - View Dependent Claims (13, 14, 15)
-
-
16. A method executed by a system comprising a hardware processor, comprising:
-
computing a first ciphertext value for a first data chunk to be saved to a storage system, the first ciphertext value computed based on encrypting information of the first data chunk using, as an initial value for encryption, an encrypted chunk hash value associated with the first data chunk, the encrypted chunk hash value encrypted using an encryption key, the computing of the first ciphertext value responsive to an indication provided as part of deduplicating ciphertext values corresponding to data chunks to be stored by a storage operation to the storage system, wherein the indication is responsive to a determination that the encrypted chunk hash value associated with the first data chunk is not stored in an index, and the deduplicating of ciphertext values avoids storing a redundant ciphertext value in the storage system in response to a determination that an encrypted chunk hash value associated with a given data chunk is stored in the index; and providing the first ciphertext value to a server for storage in the storage system, and providing the encrypted chunk hash value for storage in the index; in response to a request from a client for the first data chunk; receiving the encrypted chunk hash value associated with the first data chunk from the index; decrypting the first ciphertext value for the first data chunk using the received encrypted chunk hash value; decrypting the received encrypted chunk hash value to produce a decrypted chunk hash value; determining, using the decrypted chunk hash value, whether the decrypted first ciphertext value corresponds to the first data chunk; and accepting or rejecting the decrypted first ciphertext value based on the determining.
-
Specification