Secure peer-to-peer object storage system

US 20050240591A1
Filed: 10/01/2004
Published: 10/27/2005
Est. Priority Date: 04/21/2004
Status: Active Grant

First Claim

Patent Images

1. A distributed data storage system comprising:

a plurality of peer nodes coupled by a communications network to form a peer-to-peer computing network; and

a plurality of storage areas that stores data objects, each of the plurality of storage areas being coupled to a corresponding one of the plurality of peer nodes, wherein each of the plurality of peer nodes includes;

one or more metadata indexes that store metadata associated with the data objects, a query processing module that processes queries from the other peer nodes and identifies one or more of the data objects based on metadata constraints specified within the queries, and an access control module that controls access to the data objects.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A peer-to-peer (P2P) networking system is disclosed that provides a large, persistent object repository with the ability to easily scale to significant size. Data security is provided using a distributed object data access mechanism to grant access to data objects to authorized users. Data objects stored within the object repository are provided a plurality of security options including plain text data, objects, encrypted data objects, and secure, secret sharing data objects. A data object query processing component permits users to locate requested information within the P2P networking system.

161 Citations

View as Search Results

32 Claims

1. A distributed data storage system comprising:
- a plurality of peer nodes coupled by a communications network to form a peer-to-peer computing network; and
  
  a plurality of storage areas that stores data objects, each of the plurality of storage areas being coupled to a corresponding one of the plurality of peer nodes, wherein each of the plurality of peer nodes includes;
  
  one or more metadata indexes that store metadata associated with the data objects, a query processing module that processes queries from the other peer nodes and identifies one or more of the data objects based on metadata constraints specified within the queries, and an access control module that controls access to the data objects.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The distributed data storage system according to claim 1, wherein peer nodes store each of the data objects in one of a plurality of formats in accordance with a security level associated with each of the data objects.
  - 3. The distributed data storage system according to claim 1, wherein the peer nodes store at least one of the data objects within the storage areas as a high security data object by:
    - dividing the high security data object into a plurality of data object components; and
      
      storing each of the plurality of data object components as separate data objects within storage areas coupled to different peer nodes of the plurality of peer nodes.
  - 4. The distributed data storage system according to claim 1, wherein data objects are stored within the plurality of storage areas as plain text data objects.
  - 5. The distributed data storage system according to claim 1, wherein data objects are stored within the plurality of storage areas as encrypted data objects.
  - 6. The distributed data storage system according to claim 5, wherein an encryption key for generating a particular encrypted data object is stored as a set of data objects within the repositories.
  - 7. The distributed data storage system according to claim 1, wherein each of the data objects is stored using a respective unique object identifier (ID).
  - 8. The distributed data storage system according to claim 7, wherein the unique object ID corresponds to a hash of contents of the data object.
  - 9. The distributed data storage system according to claim 7, wherein each of the data objects is stored within one or more of the peer nodes having a peer-to-peer address that is closest to the unique object ID for the data object.
  - 10. The distributed data storage system according to claim 1, wherein the communication network comprises an IP-based network, and the peer-to-peer computing network is an overlay network on the IP-based network.

11. A system comprising:
- a communications network;
  
  a plurality of peer nodes coupled by the communications network to form a peer-to-peer network; and
  
  a plurality of storage areas, each of the plurality of storage areas being coupled to a corresponding one of the plurality of peer nodes;
  
  wherein each of the peer nodes includes an encryption module, and wherein a first one of the peer nodes generates a data object and invokes the encryption module to an encrypted data object prior to transmitting the encrypted data object to a second one of the peer nodes for storage in one of the storage areas.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system according to claim 11, wherein the encryption module of the first client decrypts the encrypted data object for use within the first peer node after retrieval from the second peer node.
  - 13. The system according to claim 11, wherein the encryption module of the first peer node generates the encrypted data object using an encryption key, and wherein first client module stores bit sequences for reconstructing the encryption key as data objects within the peer-to-peer network.
  - 14. The system according to claim 13, wherein the first peer node stores master encrypted data objects within the peer-to-peer communication network, wherein each of the master encrypted data objects includes an intermediate encrypted data objects and a corresponding intermediate bit sequence produced from the encryption key for that intermediate encrypted data object and the corresponding bit sequences.
  - 15. The system according to claim 11, wherein data objects are stored using a unique object identifier (ID).
  - 16. The system according to claim 15, wherein the unique object ID corresponds to a hash of contents of the data object.
  - 17. The system according to claim 15, wherein a data object is stored within one or more peer nodes having a P2P address closest to the unique object ID for the data object.

18. A system comprising:
- a plurality of peer nodes forming a peer-to-peer network, wherein each peer node includes a storage area for storing encrypted data objects, and wherein for each encrypted data object the peer nodes store a plurality of bit sequences as data objects within the peer-to-peer network, and retrieve the bit sequences for reconstructing encryption keys associated with the encrypted data objects.
- View Dependent Claims (19, 20, 21)
- - 19. The system according to claim 18, wherein the peer nodes:
    - encrypt original plain text data objects with encryption keys to produce intermediate encrypted data objects;
      
      process the encrypted key with the bit sequences to produce an intermediate bit sequence;
      
      store master encrypted data objects within the peer-to-peer network, wherein each of the master encrypted data objects includes one of the intermediate encrypted data objects and the corresponding intermediate bit sequence produced from the encryption key of that intermediate encrypted data object; and
      
      store the bit sequences as separate data objects within the peer-to-peer communication network.
  - 20. The system according to claim 18, wherein at least one of the encrypted data objects is encrypted by a first one of the peer nodes prior to transmission to a second one of the peer nodes for storage in the storage area coupled to the second peer node.
  - 21. The system according to claim 18, wherein the peer nodes randomly generate the bit sequences.

22. A method comprising:
- receiving a query from a first peer node of a peer-to-peer (P2P) network requesting identity of a data object associated with a metadata constraint;
  
  determining with a second peer node of the P2P network an object identifier corresponding to the data object associated with the metadata constraint; and
  
  retrieving with a third peer node the data object corresponding the determined object identifier.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 23. The method according to claim 22, wherein determining with a second peer node comprises:
    - processing the query within a query processing module to compare the metadata constraint against a metadata index; and
      
      selecting the object identifier from the metadata index based on the metadata constraint.
  - 24. The method according to claim 23, wherein the metadata entries correspond to a metadata attribute-value pair.
  - 25. The method according to claim 24, wherein the metadata entries correspond to hierarchical metadata specified in a mark-up language.
  - 26. The method according to claim 25, wherein the mark-up language is XML.
  - 27. The method according to claim 22, wherein the data objects includes a data object payload, and wherein the data object identifier includes:
    - an object ID field;
      
      an object type field; and
      
      a plurality of metadata attribute fields.
  - 28. The method according to claim 27, wherein the data object payload comprises plain text data.
  - 29. The method according to claim 27, wherein the data object payload comprises encrypted data.
  - 30. The method according to claim 27, wherein the data object payload comprises secret share component data.
  - 31. The method according to claim 22, wherein the first peer node, the second peer node and the third peer node are the same peer nodes.
  - 32. The method according to claim 22, wherein the first peer node, the second peer node and the third peer node are three different peer nodes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Architecture Technology Corporation
Original Assignee
Architecture Technology Corporation
Inventors
Stillerman, Matthew A., Marceau, Carla

Granted Patent

US 8,015,211 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/10 File systems; File servers

Secure peer-to-peer object storage system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

161 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Secure peer-to-peer object storage system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

161 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links