Security system for replicated storage devices on computer networks
First Claim
1. A method in a replicated networked storage domain of at least one original data partition and one or more replica data partitions, each partition being stored on a storage device having a network address, the method comprising:
- associating with each partition a secret key;
sharing said secret keys between said storage devices and a file manager;
responsive to a request from a client for access to a partition, said file manager selecting a partition to which the client is to be directed and issuing a credential encrypted by the key associated with the selected partition and including a network address of the storage device which stores the selected partition; and
accessing said selected partition by said client using said credential.
1 Assignment
0 Petitions
Accused Products
Abstract
Through associating each data partition within a replicated storage domain of networked storage devices with one of multiple secret keys shared with a file manager, a credential is issued from the file manager to a client requesting access to a partition. The credential includes a network address for the partition to which the client is to direct its actions. The storage device periodically confirms with the file manager the validity of the shared secret keys. Through logical process and evaluations applied to issuing the credential and determining the address of the partition to be included in each credential, the file manager may invalidate partitions individually, provide load balancing between access of original and replica partitions, and provide security functions such as isolation of partitions for access by and tracking of unauthorized users, or for testing purposes.
81 Citations
32 Claims
-
1. A method in a replicated networked storage domain of at least one original data partition and one or more replica data partitions, each partition being stored on a storage device having a network address, the method comprising:
-
associating with each partition a secret key;
sharing said secret keys between said storage devices and a file manager;
responsive to a request from a client for access to a partition, said file manager selecting a partition to which the client is to be directed and issuing a credential encrypted by the key associated with the selected partition and including a network address of the storage device which stores the selected partition; and
accessing said selected partition by said client using said credential. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer readable medium encoded with software for use in a replicated networked storage domain of a at least one original data partition and one or more replica data partitions, each partition being stored on a storage device having a network address, the software performing steps comprising:
-
associating with each partition a secret key;
sharing said secret keys between said storage devices and a file manager;
responsive to a request from a client for access to a partition, said file manager selecting a partition to which the client is to be directed and issuing a credential encrypted by the key associated with the selected partition and including a network address of the storage device which stores the selected partition; and
accessing said selected partition by said client using said credential. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A security system in a replicated networked storage domain of at least one original data partition and one or more replica data partitions, each partition being stored on a storage device having a network address, the system comprising:
-
a secret key associated with each partition, each key being shared between a file manager and a storage device on which a partition is stored;
a partition selector operable by a file manager for selecting an original or replica partition to which a client is to be directed responsive to a request for access to a partition from said client;
a credential generator and issuer configured to create a credential encrypted by the secret key shared with the selected partition'"'"'s storage device and the file manager, said credential including a network address corresponding to the storage device which stores the selected partition; and
a partition access controller adapted to receive said issued credential from a client with a request for access to a partition, to evaluate the validity of the key used to sign the credential, and to allow access operations by the requesting client to the requested partition. - View Dependent Claims (24, 25, 26, 27, 29, 30, 31, 32)
-
Specification