Secure network data storage mediator

US 20040143733A1
Filed: 01/16/2003
Published: 07/22/2004
Est. Priority Date: 01/16/2003
Status: Abandoned Application

First Claim

Patent Images

1. A mediator for the storage and protection of data over a network, the mediator comprising:

(a) an incoming network interface operative to connecting to a sending data client over an incoming network, and operative to receiving data from said sending data client;

(b) an encryption unit for encrypting said data received from said sending data client;

(c) a storage network interface operative to connecting to a data storage device over a storage network, for storing data in said data storage device after encryption by said encryption unit;

(d) a retrieval network interface operative to connecting to said data storage device over a retrieval network, for retrieving data from said data storage device;

(e) a decryption unit for decrypting said data retrieved from said data storage device; and

(f) an outgoing network interface operative to connecting to a receiving data client over an outgoing network, and operative to sending data to said receiving data client after decryption by said decryption unit.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mediator for the protection of data in storage devices over a network. The mediator connects over the network to one or more data clients and to one or more data storage devices, and provides secure storage of data for the data clients on the data storage devices. The mediator functions as a central point for the encryption of data from the data clients to be stored on the storage devices, as well as decryption of the encrypted data retrieved from the storage devices for delivery to the data clients. The mediator can handle multiple protocols, such as IP protocols, file service protocols, and block device protocols; multiple storage technologies such as Fiber Channel and Ethernet; and multiple services such as block, file, and database services. The mediator can also perform various fictions such as protocol translation. The mediator benefits from the fact that all storage devices, as well as data clients, are connected over a network, thereby allowing flexibility, expandability, and scalability of configurations without the limitations imposed by local interconnectivity. At the same time, however, the mediator provides secure virtual storage to data clients without requiting them to be involved in any of the encryption or decryption operations. In particular, data clients are not burdened with compulsory management of any keys used in the protection of stored data. As a result, the encryption/decryption of stored data can be optimized for security without concerns for key distribution.

Citations

20 Claims

1. A mediator for the storage and protection of data over a network, the mediator comprising:
- (a) an incoming network interface operative to connecting to a sending data client over an incoming network, and operative to receiving data from said sending data client;
  
  (b) an encryption unit for encrypting said data received from said sending data client;
  
  (c) a storage network interface operative to connecting to a data storage device over a storage network, for storing data in said data storage device after encryption by said encryption unit;
  
  (d) a retrieval network interface operative to connecting to said data storage device over a retrieval network, for retrieving data from said data storage device;
  
  (e) a decryption unit for decrypting said data retrieved from said data storage device; and
  
  (f) an outgoing network interface operative to connecting to a receiving data client over an outgoing network, and operative to sending data to said receiving data client after decryption by said decryption unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The mediator of claim 1, wherein said encryption unit is operative to:
    - i) obtaining an encryption key from a source other than said sending data client; and
      
      ii) encrypting said data received from said sending data client, using said encryption key.
  - 3. The mediator of claim 2, wherein said encryption unit is further operative to;
    - iii) using a master key to encrypt said encryption key.
  - 4. The mediator of claim 1, wherein said decryption unit is operative to:
    - i) obtaining a decryption key from a source other than said receiving data client; and
      
      ii) decrypting said data retrieved from said data storage device, using said decryption key.
  - 5. The mediator of claim 4, wherein said decryption unit is further operative to:
    - iii) using a master key to decrypt said decryption key.
  - 6. The mediator of claim 1, wherein said sending data client is the same as said receiving data client.
  - 7. The mediator of claim 1, wherein at least two of said incoming network interface, said storage network interface, said retrieval network interface, and said outgoing network interface are the same.
  - 8. The mediator of claim 1, wherein at least two of said incoming network, said storage network, said retrieval network, and said outgoing network are the same.
  - 9. The mediator of claim 1, wherein said encryption unit and said decryption unit are the same.
  - 10. The mediator of claim 1, wherein at least one of said networks includes a plurality of different network interface technologies.
  - 11. The mediator of claim 1, wherein at least one of said network interfaces includes a technology selected from a group including Gigabit Ethernet, TCP/IP, and Fiber Channel.
  - 12. The mediator of claim 1, further comprising a protocol translator for bridging between networks utilizing different protocols.
  - 13. The mediator of claim 1, wherein said at least one data client includes a client protocol, wherein said at least one at least one data storage device includes a device protocol, and wherein the mediator is operative to providing protocol translation between said client protocol and said device protocol.
  - 14. The mediator of claim 1, operative to providing services selected from a group including:
    - block services, file services, and database services.
  - 15. The mediator of claim 14, operative to providing file services and encryption of file data only.

16. A configuration for secure data storage, the configuration comprising:
- (a) a set of networks containing at least one network;
  
  (b) a sending data client connected to an incoming network included in said set of networks;
  
  (c) a receiving data client connected to an outgoing network included in said set of networks (d) a storage network included in said set of networks and connecting to a data storage device;
  
  (e) a retrieval network included in said set of networks and connecting to said data storage device; and
  
  (f) a mediator connected to said incoming network, to said storage network, to said retrieval network, and to said outgoing network, wherein said mediator is operative to;
  
  i) receiving, over said incoming network, data from said sending data client;
  
  ii) obtaining an encryption key from a source other than said sending data client;
  
  iii) encrypting said data received from said sending data client into encrypted data, using said encryption key;
  
  iv) sending, over said storage network, said encrypted data to said data storage device for storage therein;
  
  v) receiving, over said retrieval network, encrypted data retrieved from said data storage device;
  
  vi) obtaining a decryption key from a source other than said receiving data client;
  
  vii) decrypting said encrypt data retrieved from said data storage device into decrypted data, using said decryption key; and
  
  viii) sending, over said outgoing network, said decrypted data to said receiving data client.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The configuration of claim 16, wherein said sending data client is the same as said receiving data client.
  - 18. The configuration of claim 16, wherein at least two of said incoming network, said storage network, said retrieval network, and said outgoing network are the same.
  - 19. The configuration of claim 16, wherein said encryption unit and said decryption unit are the same.
  - 20. The configuration of claim 16, wherein said mediator is further operative to:
    - ix) a master key to encrypt said encryption key; and
      
      x) using a master key to decrypt said decryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cloverleaf Communications
Original Assignee
Cloverleaf Communications
Inventors
Ophir, Sefy, Yavor, Elic

Application Number

US10/345,348
Publication Number

US 20040143733A1
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 63/0471   applying encryption by an i...

H04L 67/1097   for distributed storage of ...

H04L 69/18   Multiprotocol handlers, e.g...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Secure network data storage mediator

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure network data storage mediator

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links