Method and apparatus for heterogeneous data storage management in cloud computing
First Claim
1. An apparatus for managing data storage in a communication network, the apparatus comprising:
- at least one processor; and
at least one memory including computer-executable code,wherein the at least one memory and the computer-executable code are configured to, with the at least one processor, cause the apparatus to;
receive from a first device, a request for storing a data in the apparatus;
check whether the same data has been stored in the apparatus;
in response to a check result that no same data has been stored in the apparatus, receive from the first device a data package comprising at least the data in plaintext or ciphertext, and the data package further comprising an index list and a hash chain information;
in response to a check result that the same data has been stored in the apparatus, obtain a deduplication policy for the data;
when the deduplication policy indicates deduplication to be controlled by both or either of an authorized party and an owner of the data, or only the authorized party, or only the data owner, contact both or either of the authorized party and the data owner, or only the authorized party, or only the data owner to conduct deduplication for the data, wherein the contacting comprises the apparatus being caused torequest the first device to transmit a hash information corresponding to at least one index from the index list;
verify whether the first device holds the data based on the hash information from the first device corresponding to the requested at least one index; and
in response to a positive verification result, contact to conduct deduplication or record a deduplication information of the data for the first device; and
when the deduplication policy indicates deduplication to be controlled by none of the authorized party and the data owner, conduct deduplication for the data.
1 Assignment
0 Petitions
Accused Products
Abstract
Method and apparatus are disclosed for heterogeneous data storage management in cloud computing. According to some embodiments, a method for managing data storage in a communication network comprises: receiving at a data center in the communication network from a first device, a request for storing a data in the data center; checking whether the same data has been stored in the data center; in response to a check result that no same data has been stored in the data center, receiving from the first device a data package containing at least the data in plaintext or ciphertext (CT) in response to a check result that the same data has been stored in the data center, obtaining a deduplication policy for the data; when the deduplication policy indicates deduplication to be controlled by both or either of an authorized party (AP) and an owner of the data, or only the AP, or only the data owner, contacting both or either of the AP and the data owner, or only the AP, or only the data owner to conduct deduplication for the data; and when the deduplication policy indicates deduplication to be controlled by none of the AP and the data owner, conducting deduplication for the data at the data center. In some embodiments, the data package may contain or indicate the deduplication policy, and contain information for data holdership verification. The data center may challenge to ensure the data holdership before contacting to conduct deduplication or conducting deduplication at the data center.
-
Citations
20 Claims
-
1. An apparatus for managing data storage in a communication network, the apparatus comprising:
-
at least one processor; and at least one memory including computer-executable code, wherein the at least one memory and the computer-executable code are configured to, with the at least one processor, cause the apparatus to; receive from a first device, a request for storing a data in the apparatus; check whether the same data has been stored in the apparatus; in response to a check result that no same data has been stored in the apparatus, receive from the first device a data package comprising at least the data in plaintext or ciphertext, and the data package further comprising an index list and a hash chain information; in response to a check result that the same data has been stored in the apparatus, obtain a deduplication policy for the data; when the deduplication policy indicates deduplication to be controlled by both or either of an authorized party and an owner of the data, or only the authorized party, or only the data owner, contact both or either of the authorized party and the data owner, or only the authorized party, or only the data owner to conduct deduplication for the data, wherein the contacting comprises the apparatus being caused to request the first device to transmit a hash information corresponding to at least one index from the index list; verify whether the first device holds the data based on the hash information from the first device corresponding to the requested at least one index; and in response to a positive verification result, contact to conduct deduplication or record a deduplication information of the data for the first device; and when the deduplication policy indicates deduplication to be controlled by none of the authorized party and the data owner, conduct deduplication for the data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus for managing data storage in a user device, the apparatus comprising:
-
at least one processor; and at least one memory including computer-executable code, wherein the at least one memory and the computer-executable code are configured to, with the at least one processor, cause the apparatus to; transmit a request for storing a data to a data center; in response to a request for the data from the data center, transmit a data package comprising at least the data in plaintext or ciphertext to the data center, and the data package further comprising an index list, and a hash chain information, wherein a deduplication policy for the data is contained in the data package or can be determined according to the data package, the deduplication policy indicating deduplication to be controlled by both or either or none of an authorized party and an owner of the data, or only the authorized party, or only the data owner; in response to receiving a deduplication request from the data center or at least one other data center, issuing an attribute secret key to an eligible data holder according to an attribute based encryption scheme for conducting deduplication; and when the deduplication policy indicates deduplication to be controlled by both of the authorized party and the data owner, transmit in the data package a first cipherkey and a second cipherkey being not equal to each other, the first and second cipherkeys being generated by separating a data encryption key into a first data encryption key and a second data encryption key and encrypting the first and second data encryption keys respectively, the data encryption key being used for encrypting the data to obtain the ciphertext. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification