Secure network data storage mediator
First Claim
1. A mediator for the storage and protection of data over a network, the mediator comprising:
- (a) an incoming network interface operative to connecting to a sending data client over an incoming network, and operative to receiving data from said sending data client;
(b) an encryption unit for encrypting said data received from said sending data client;
(c) a storage network interface operative to connecting to a data storage device over a storage network, for storing data in said data storage device after encryption by said encryption unit;
(d) a retrieval network interface operative to connecting to said data storage device over a retrieval network, for retrieving data from said data storage device;
(e) a decryption unit for decrypting said data retrieved from said data storage device; and
(f) an outgoing network interface operative to connecting to a receiving data client over an outgoing network, and operative to sending data to said receiving data client after decryption by said decryption unit.
2 Assignments
0 Petitions
Accused Products
Abstract
A mediator for the protection of data in storage devices over a network. The mediator connects over the network to one or more data clients and to one or more data storage devices, and provides secure storage of data for the data clients on the data storage devices. The mediator functions as a central point for the encryption of data from the data clients to be stored on the storage devices, as well as decryption of the encrypted data retrieved from the storage devices for delivery to the data clients. The mediator can handle multiple protocols, such as IP protocols, file service protocols, and block device protocols; multiple storage technologies such as Fiber Channel and Ethernet; and multiple services such as block, file, and database services. The mediator can also perform various fictions such as protocol translation. The mediator benefits from the fact that all storage devices, as well as data clients, are connected over a network, thereby allowing flexibility, expandability, and scalability of configurations without the limitations imposed by local interconnectivity. At the same time, however, the mediator provides secure virtual storage to data clients without requiting them to be involved in any of the encryption or decryption operations. In particular, data clients are not burdened with compulsory management of any keys used in the protection of stored data. As a result, the encryption/decryption of stored data can be optimized for security without concerns for key distribution.
-
Citations
20 Claims
-
1. A mediator for the storage and protection of data over a network, the mediator comprising:
-
(a) an incoming network interface operative to connecting to a sending data client over an incoming network, and operative to receiving data from said sending data client;
(b) an encryption unit for encrypting said data received from said sending data client;
(c) a storage network interface operative to connecting to a data storage device over a storage network, for storing data in said data storage device after encryption by said encryption unit;
(d) a retrieval network interface operative to connecting to said data storage device over a retrieval network, for retrieving data from said data storage device;
(e) a decryption unit for decrypting said data retrieved from said data storage device; and
(f) an outgoing network interface operative to connecting to a receiving data client over an outgoing network, and operative to sending data to said receiving data client after decryption by said decryption unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A configuration for secure data storage, the configuration comprising:
-
(a) a set of networks containing at least one network;
(b) a sending data client connected to an incoming network included in said set of networks;
(c) a receiving data client connected to an outgoing network included in said set of networks (d) a storage network included in said set of networks and connecting to a data storage device;
(e) a retrieval network included in said set of networks and connecting to said data storage device; and
(f) a mediator connected to said incoming network, to said storage network, to said retrieval network, and to said outgoing network, wherein said mediator is operative to;
i) receiving, over said incoming network, data from said sending data client;
ii) obtaining an encryption key from a source other than said sending data client;
iii) encrypting said data received from said sending data client into encrypted data, using said encryption key;
iv) sending, over said storage network, said encrypted data to said data storage device for storage therein;
v) receiving, over said retrieval network, encrypted data retrieved from said data storage device;
vi) obtaining a decryption key from a source other than said receiving data client;
vii) decrypting said encrypt data retrieved from said data storage device into decrypted data, using said decryption key; and
viii) sending, over said outgoing network, said decrypted data to said receiving data client. - View Dependent Claims (17, 18, 19, 20)
-
Specification