BLOCK-LEVEL DATA STORAGE SECURITY SYSTEM
First Claim
1. A method of securely storing data in a network, the method comprising:
- receiving a block of data from a client device;
splitting the block of data into a predetermined number of secondary blocks of data, each of the secondary blocks of data associated with one of a plurality of shares;
encrypting the plurality of shares with a corresponding number of different session keys, each of the session keys associated with a different physical storage device from among a plurality of physical storage devices; and
storing each secondary block of data and session key used to encrypt the secondary block of data in the share associated with the session key.
11 Assignments
0 Petitions
Accused Products
Abstract
A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk and reconstitute the block of data from at least a portion of the plurality of secondary blocks of data stored in shares on corresponding physical storage devices in response to a request from the client.
-
Citations
22 Claims
-
1. A method of securely storing data in a network, the method comprising:
-
receiving a block of data from a client device; splitting the block of data into a predetermined number of secondary blocks of data, each of the secondary blocks of data associated with one of a plurality of shares; encrypting the plurality of shares with a corresponding number of different session keys, each of the session keys associated with a different physical storage device from among a plurality of physical storage devices; and storing each secondary block of data and session key used to encrypt the secondary block of data in the share associated with the session key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of reading secured data in a network, the method comprising:
-
receiving a request from a client device to read a block of data managed by a secure storage appliance; determining a number of secondary blocks of data required to reconstitute the block of data; transmitting a request for the number of secondary blocks of data to a plurality of shares located at a plurality of physical storage devices, the plurality of shares corresponding to the number of secondary blocks of data required to reconstitute the block of data, each of the secondary blocks of data representing a portion of the block of data encrypted by a different session key; receiving at least the number of secondary blocks of data required to reconstitute the block of data from the plurality of shares; reconstituting the block of data from the secondary blocks of data; and transmitting the reconstituted block of data to the client device. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A secure storage network comprising:
-
a client, a plurality of physical storage devices having stored thereon a plurality of shares having associated therewith a corresponding plurality of session keys; and a secure storage appliance configured to present to the client a virtual disk, the virtual disk mapped to the plurality of physical storage devices, the secure storage appliance configured to; generate a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk; and reconstitute the block of data from at least a portion of the plurality of secondary blocks of data stored on corresponding physical storage devices in response to a request from the client. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A secure storage appliance configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices, the secure storage appliance capable of executing program instructions configured to:
-
generating a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk; and reconstituting the block of data from at least a portion of the plurality of secondary blocks of data stored on corresponding physical storage devices in response to a request from the client. - View Dependent Claims (22)
-
Specification