RETRIEVAL OF CRYPTOGRAPHICALLY-SPLIT DATA BLOCKS FROM FASTEST-RESPONDING STORAGE DEVICES
First Claim
1. A method for securely storing and retrieving data, the method comprising:
- cryptographically splitting, at an electronic computing system, a primary data block into a plurality of secondary data blocks such that the primary data block can be reconstructed using any subset of the secondary data blocks that includes at least a minimum number of secondary data blocks, wherein the minimum number of secondary data blocks is less than a total number of the secondary data blocks;
storing each of the secondary data blocks at a different storage device in a set of storage devices;
receiving, at the electronic computing system, a primary read request to retrieve data stored virtually at a primary storage location;
automatically identifying, at the electronic computing system, a set of fastest-responding storage devices in the set of storage devices, the set of fastest-responding storage devices including fewer storage devices than the set of storage devices, the set of fastest-responding storage devices including at least as many storage devices as the minimum number of secondary data blocks required to reconstruct the primary data block, and the set of fastest-responding storage devices being those ones of the storage devices that are expected to respond fastest to secondary read requests sent by the electronic computing system;
exclusively sending, from the electronic computing system to the storage devices in the set of fastest-responding storage devices, secondary read requests to retrieve data stored at secondary storage locations associated with the primary storage location;
receiving, at the electronic computing system from the storage devices in the set of fastest-responding storage devices, secondary read responses that are responsive to the secondary read requests, the secondary read responses containing ones of the secondary data blocks;
reconstructing the primary data block using exclusively the secondary data blocks contained in the secondary read responses; and
sending, from the electronic computing system, a primary read response that is responsive to the primary read request, the primary read response containing the primary data block.
9 Assignments
0 Petitions
Accused Products
Abstract
A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk and reconstitute the block of data from at least a portion of the plurality of secondary blocks of data stored in shares on corresponding physical storage devices in response to a request from the client.
-
Citations
20 Claims
-
1. A method for securely storing and retrieving data, the method comprising:
-
cryptographically splitting, at an electronic computing system, a primary data block into a plurality of secondary data blocks such that the primary data block can be reconstructed using any subset of the secondary data blocks that includes at least a minimum number of secondary data blocks, wherein the minimum number of secondary data blocks is less than a total number of the secondary data blocks; storing each of the secondary data blocks at a different storage device in a set of storage devices; receiving, at the electronic computing system, a primary read request to retrieve data stored virtually at a primary storage location; automatically identifying, at the electronic computing system, a set of fastest-responding storage devices in the set of storage devices, the set of fastest-responding storage devices including fewer storage devices than the set of storage devices, the set of fastest-responding storage devices including at least as many storage devices as the minimum number of secondary data blocks required to reconstruct the primary data block, and the set of fastest-responding storage devices being those ones of the storage devices that are expected to respond fastest to secondary read requests sent by the electronic computing system; exclusively sending, from the electronic computing system to the storage devices in the set of fastest-responding storage devices, secondary read requests to retrieve data stored at secondary storage locations associated with the primary storage location; receiving, at the electronic computing system from the storage devices in the set of fastest-responding storage devices, secondary read responses that are responsive to the secondary read requests, the secondary read responses containing ones of the secondary data blocks; reconstructing the primary data block using exclusively the secondary data blocks contained in the secondary read responses; and sending, from the electronic computing system, a primary read response that is responsive to the primary read request, the primary read response containing the primary data block. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An electronic computing system for securely storing and retrieving data, the electronic computing system comprising:
-
a processing unit; a primary interface; a secondary interface; and a system memory comprising instructions that, when executed by the processing unit, cause the processing unit to; cryptographically split a primary data block into a plurality of secondary data blocks such that the primary data block can be reconstructed using any subset of the secondary data blocks that includes at least a minimum number of the secondary data blocks and such that the primary data block cannot be reconstructed using any subset of the secondary data blocks that includes fewer than the minimum number of the secondary data blocks, wherein the minimum number of the secondary data blocks is less than a total number of the secondary data blocks; store each of the secondary data blocks at secondary storage locations at different storage devices in a plurality of storage devices, each of the secondary storage locations being associated with a primary storage location; receive, via the primary interface, a primary read request to retrieve data stored virtually at a primary storage location; automatically identify, in response to receiving the primary read request, the secondary storage locations at the storage devices that are associated with the primary storage location; automatically identify, a set of fastest-responding storage devices in the set of storage devices, the set of fastest-responding storage devices including fewer storage devices than the set of storage devices, the set of fastest-responding storage devices including at least as many storage devices as the minimum number of secondary data blocks, and the set of fastest-responding storage devices being those ones of the storage devices that are expected to respond fastest to secondary read requests sent by the electronic computing system; exclusively send, via the secondary interface to the storage devices in the set of fastest-responding storage devices, secondary read requests to retrieve data stored at the identified secondary storage locations at the storage devices in the set of fastest-responding storage devices; receive, via the secondary interface from the storage devices in the set of fastest-responding storage devices, secondary read responses that are responsive to the secondary read requests, the secondary read responses containing ones of the secondary data blocks; reconstruct the primary data block using exclusively the secondary data blocks contained in the secondary read responses; and send, via the primary interface, a primary read response that is responsive to the primary read request, the primary read response containing the primary data block. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A computer-readable storage medium comprising instructions that, when executed at an electronic computing device, cause the electronic computing device to:
-
receive a primary write request to write a primary data block at a primary storage location; cryptographically split the primary data block into a plurality of secondary data blocks such that the primary data block can be reconstructed using any subset of the secondary data blocks that includes at least a minimum number of the secondary data blocks and such that the primary data block cannot be reconstructed using any subset of the secondary data blocks that includes fewer than the minimum number of the secondary data blocks, wherein the minimum number of the secondary data blocks is less than a total number of the secondary data blocks; store each of the secondary data blocks at secondary storage locations at different storage devices in a plurality of storage devices, each of the secondary storage locations being associated with the primary storage location; receive a primary read request to retrieve data stored virtually at the primary storage location; automatically identify, in response to receiving the primary read request, the secondary storage locations at the storage devices that are associated with the primary storage location; automatically identify, a set of fastest-responding storage devices in the set of storage devices, the set of fastest-responding storage devices including fewer storage devices than the set of storage devices, the set of fastest-responding storage devices including at least as many storage devices as the minimum number of secondary data blocks, and the set of fastest-responding storage devices being those ones of the storage devices that are expected to respond fastest to secondary read requests sent by the electronic computing system; exclusively send to the storage devices in the set of fastest-responding storage devices, secondary read requests to retrieve data stored at the identified secondary storage locations at the storage devices in the set of fastest-responding storage devices; receive from the storage devices in the set of fastest-responding storage devices, secondary read responses that are responsive to the secondary read requests, the secondary read responses containing ones of the secondary data blocks; reconstruct the primary data block using exclusively the secondary data blocks contained in the secondary read responses; and send a primary read response that is responsive to the primary read request, the primary read response containing the primary data block. - View Dependent Claims (19, 20)
-
Specification