SYSTEM AND PROCEDURE FOR RAPID DECOMPRESSION AND/OR DECRYPTION OF SECURELY STORED DATA

US 20080144826A1
Filed: 10/30/2006
Published: 06/19/2008
Est. Priority Date: 10/30/2006
Status: Active Grant

First Claim

Patent Images

1. A method for reducing latency associated with decrypting or decompressing and decrypting securely stored data using a security appliance disposed between an initiator and a target, the method comprising the steps of:

intercepting, at the security appliance, a first read request for first data securely stored on the target;

issuing the first read request from the security appliance to the target;

issuing a predetermined number of read ahead requests from the security appliance for additional data stored on the target;

receiving, from the target, the first data responsive to the first read request, restoring the first data and returning the first data to the initiator; and

receiving, from the target, the additional data responsive to the predetermined number of read ahead requests, and restoring and caching the additional data in a memory of the security appliance.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A procedure and system reduces latency in restoring encrypted or compressed and encrypted data through a security appliance. The security appliance is coupled to a sequential access device and is configured to encrypt or compress and encrypt data provided by an initiator for secure storage on a sequential access device. To that end, the security appliance intercepts a read request issued by an initiator to access the data stored on the device, and forward the request to the device. Upon return of the requested data from the device, the security appliance restores (decrypts or decrypts and decompresses) the data prior to returning it to the initiator. The appliance also issues a “read ahead” (retrieve beyond the request) request to the device for predetermined amount of additional data for caching on the appliance. The appliance restores the read ahead data that is returned from the device and caches that additional data in memory in anticipation of one or more subsequent read requests for the data from the initiator.

27 Citations

View as Search Results

20 Claims

1. A method for reducing latency associated with decrypting or decompressing and decrypting securely stored data using a security appliance disposed between an initiator and a target, the method comprising the steps of:
- intercepting, at the security appliance, a first read request for first data securely stored on the target;
  
  issuing the first read request from the security appliance to the target;
  
  issuing a predetermined number of read ahead requests from the security appliance for additional data stored on the target;
  
  receiving, from the target, the first data responsive to the first read request, restoring the first data and returning the first data to the initiator; and
  
  receiving, from the target, the additional data responsive to the predetermined number of read ahead requests, and restoring and caching the additional data in a memory of the security appliance.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the step of issuing the predetermined number of read ahead requests to the target is performed contemporaneously with the step of issuing the first read request from the security appliance to the target.
  - 3. The method of claim 1, further comprising the step of serving a second request for data issued from the initiator from the additional data cached in the memory of the security appliance, thereby obviating the need to access the target.
  - 4. The method of claim 3, further comprising the step of issuing a second predetermined number of read ahead requests to the target contemporaneously with the step of responding to the second request for data.
  - 5. The method of claim 4, further comprising the step of receiving from the target, further additional data responsive to the second predetermined number of read ahead requests, and restoring and caching the further additional data in the memory pending further requests for the data from the initiator.
  - 6. The method of claim 1, wherein the target is selected from the group consisting of a sequential access device, a non-sequential access device and a non-back end storage device.
  - 7. The method of claim 6 wherein the target is a sequential access device and the sequential access device is a tape device.
  - 8. The method of claim 6 wherein the target is a sequential access device and the sequential access device is a virtual tape device.
  - 9. The method of claim 1, wherein the step of issuing a predetermined number of read ahead requests comprises issuing two read ahead requests for data stored on the target, such that the target responds with data responsive to the two read ahead requests, and the security appliance restores the data of the two read ahead requests and caches the data in memory.

10. A system configured to reduce latency associated with decrypting or decompressing and decrypting data securely stored on a target in response to a request issued by an initiator, the system comprising:
- a security appliance disposed between the initiator and the target and configured to intercept a read request issued by the initiator for data stored on the target; and
  
  a proxy module coupled to the security appliance, the proxy module configured to (i) issue a read request from the security appliance to the target, (ii) issue a predetermined number of read ahead requests for data stored on the target;
  
  an encryption processor coupled to the security appliance, the encryption processor configured to (i) decrypt or decrypt and decompress the encrypted or compressed and encrypted data returned from the target in response to the read request, and (ii) decrypt or decrypt and decompress the encrypted or compressed and encrypted data returned from the target in response to the predetermined number of read ahead requests; and
  
  a memory coupled to the security appliance, the memory adapted to cache the read ahead data pending a request for that data from the initiator.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10, wherein the security appliance is configured to issue the read request contemporaneously with the predetermined number of read ahead requests.
  - 12. The system of claim 10, wherein the security appliance is configured to intercept a second request for data issued from the initiator and service the second request for data using the data cached in memory, thereby obviating the need to access the target.
  - 13. The system of claim 12, wherein the security appliance is configured to issue a second predetermined number of read ahead requests to the target contemporaneously with the step of servicing the second request for data issued from the initiator.
  - 14. The system of claim 13, wherein the security appliance is configured to receive data from the target responsive to the second predetermined number of read ahead requests, and restore and cache data in the memory pending subsequent read requests from the initiator.
  - 15. The system of claim 10, wherein the target is selected from the group consisting of a sequential access device, a non-sequential access device and a non-back end storage device.

16. A computer readable medium containing executable program instructions for reducing latency associated with decrypting or decompressing and decrypting securely stored data using a security appliance disposed between an initiator and a target, the executable instructions comprising one or more program instructions for:
- intercepting, at the security appliance, a first read request for first data securely stored on the target;
  
  issuing the first read request from the security appliance to the target;
  
  issuing a predetermined number of read ahead requests from the security appliance for additional data stored on the target;
  
  receiving, from the target, the first data responsive to the first read request, restoring the first data and returning the first data to the initiator; and
  
  receiving, from the target, the additional data responsive to the predetermined number of read ahead requests, and restoring and caching the additional data in a memory of the security appliance.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer readable medium of claim 16, wherein the instruction for issuing the predetermined number of read ahead requests to the target are performed contemporaneously with the instruction for issuing the first read request from the security appliance to the target.
  - 18. The computer readable medium of claim 16, further comprising an instruction for serving a second request for data issued from the initiator from the additional data cached in the memory of the security appliance, thereby obviating the need to access the target.
  - 19. The computer readable medium of claim 18, further comprising an instruction for issuing a second predetermined number of read ahead requests to the target to be made contemporaneously with the instruction for responding to the second request for data.
  - 20. The computer readable medium of claim 19, further comprising an instruction for receiving from the target, further additional data responsive to the second predetermined number of read ahead requests, and restoring and caching the further additional data in the memory pending further requests for the data from the initiator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
NetApp, Inc.
Inventors
Chang, Ian Jen-Hao

Granted Patent

US 8,122,196 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/269
CPC Class Codes

G06F 21/602 Providing cryptographic fac...

SYSTEM AND PROCEDURE FOR RAPID DECOMPRESSION AND/OR DECRYPTION OF SECURELY STORED DATA

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND PROCEDURE FOR RAPID DECOMPRESSION AND/OR DECRYPTION OF SECURELY STORED DATA

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links