METHOD AND APPARATUS FOR NON-REDUNDANT ENCRYPTED STORAGE
First Claim
1. A method of storing digital data, comprising:
- partitioning the data into portions;
taking a first hash of a first portion;
taking a one-way function value of the first hash;
comparing the one-way function value to an index of previously stored data portions;
if the one-way function value is found in the index, updating the index;
if the one-way function value is not found, encrypting the first portion using the first hash as a key;
storing the encrypted first portion in storage;
updating the index with an entry including the one-way function value and a location of the encrypted first portion in the storage; and
repeating the method for a second portion of the data.
10 Assignments
0 Petitions
Accused Products
Abstract
For secure non-redundant storage of data, to store a data blocklet (sub-block), one takes a hash of each blocklet. The hash value is used as a key to encrypt the blocklet data. The key is then hashed to encrypt it and the hashed key used in the blocklet index to identify the blocklet. The blocklet index entry also conventionally includes the address of that encrypted blocklet. Unless one has a file representation which is a vector of the hash values, one cannot obtain direct information about the original blocklet from the blocklet index or the blocklet storage. To retrieve data, each original blocklet hash is hashed again to generate the index entry. Once the encrypted blocklet is located via the index, the same key (original hash) is used to decrypt the blocklet back to its original form and a file is assembled as a sequence of its blocklets.
-
Citations
22 Claims
-
1. A method of storing digital data, comprising:
-
partitioning the data into portions; taking a first hash of a first portion; taking a one-way function value of the first hash; comparing the one-way function value to an index of previously stored data portions; if the one-way function value is found in the index, updating the index; if the one-way function value is not found, encrypting the first portion using the first hash as a key; storing the encrypted first portion in storage; updating the index with an entry including the one-way function value and a location of the encrypted first portion in the storage; and repeating the method for a second portion of the data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. Apparatus for storing data, comprising:
-
a first storage for storing the data; a partitioner coupled to the first storage to partition the data into portions; a first hash module coupled to the partitioner to take a first hash of a portion; a one-way function module coupled to the first hash module to take a one-way function value of the first hash; a processor coupled to the one-way function module and to a second storage storing an index of previously stored data portions; an encryptor coupled to the first hash module and to the first storage to encrypt the portion using the first hash as a key; a third storage coupled to the encryptor to store the encrypted portion; wherein the processor updates the index with an entry including the one-way function value and a location of the encrypted portion in the third storage. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A data storage system comprising:
-
a workstation coupled to a network; a reduced redundancy data storage apparatus coupled to the network and including; a first storage for storing the data from the workstation; a partitioner coupled to the first storage to partition the data into portions; a first hash module coupled to the partitioner to take a first hash of a portion; a one-way function module coupled to the first hash module to take a one-way function value of the first hash; a processor coupled to the one-way function module and to a second storage storing an index of previously stored data portions; an encryptor coupled to the first hash module and to the first storage to encrypt the portion using the first hash as a key; and a third storage coupled to the encryptor to store the encrypted portion; wherein the processor updates the index with an entry including the one-way function value and a location of the encrypted portion in the third storage.
-
Specification