RETRIEVAL OF CRYPTOGRAPHICALLY-SPLIT DATA BLOCKS FROM FASTEST-RESPONDING STORAGE DEVICES

US 20100162003A1
Filed: 12/23/2008
Published: 06/24/2010
Est. Priority Date: 12/23/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method for securely storing and retrieving data, the method comprising:

cryptographically splitting, at an electronic computing system, a primary data block into a plurality of secondary data blocks such that the primary data block can be reconstructed using any subset of the secondary data blocks that includes at least a minimum number of secondary data blocks, wherein the minimum number of secondary data blocks is less than a total number of the secondary data blocks;

storing each of the secondary data blocks at a different storage device in a set of storage devices;

receiving, at the electronic computing system, a primary read request to retrieve data stored virtually at a primary storage location;

automatically identifying, at the electronic computing system, a set of fastest-responding storage devices in the set of storage devices, the set of fastest-responding storage devices including fewer storage devices than the set of storage devices, the set of fastest-responding storage devices including at least as many storage devices as the minimum number of secondary data blocks required to reconstruct the primary data block, and the set of fastest-responding storage devices being those ones of the storage devices that are expected to respond fastest to secondary read requests sent by the electronic computing system;

exclusively sending, from the electronic computing system to the storage devices in the set of fastest-responding storage devices, secondary read requests to retrieve data stored at secondary storage locations associated with the primary storage location;

receiving, at the electronic computing system from the storage devices in the set of fastest-responding storage devices, secondary read responses that are responsive to the secondary read requests, the secondary read responses containing ones of the secondary data blocks;

reconstructing the primary data block using exclusively the secondary data blocks contained in the secondary read responses; and

sending, from the electronic computing system, a primary read response that is responsive to the primary read request, the primary read response containing the primary data block.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk and reconstitute the block of data from at least a portion of the plurality of secondary blocks of data stored in shares on corresponding physical storage devices in response to a request from the client.

Citations

20 Claims

1. A method for securely storing and retrieving data, the method comprising:
- cryptographically splitting, at an electronic computing system, a primary data block into a plurality of secondary data blocks such that the primary data block can be reconstructed using any subset of the secondary data blocks that includes at least a minimum number of secondary data blocks, wherein the minimum number of secondary data blocks is less than a total number of the secondary data blocks;
  
  storing each of the secondary data blocks at a different storage device in a set of storage devices;
  
  receiving, at the electronic computing system, a primary read request to retrieve data stored virtually at a primary storage location;
  
  automatically identifying, at the electronic computing system, a set of fastest-responding storage devices in the set of storage devices, the set of fastest-responding storage devices including fewer storage devices than the set of storage devices, the set of fastest-responding storage devices including at least as many storage devices as the minimum number of secondary data blocks required to reconstruct the primary data block, and the set of fastest-responding storage devices being those ones of the storage devices that are expected to respond fastest to secondary read requests sent by the electronic computing system;
  
  exclusively sending, from the electronic computing system to the storage devices in the set of fastest-responding storage devices, secondary read requests to retrieve data stored at secondary storage locations associated with the primary storage location;
  
  receiving, at the electronic computing system from the storage devices in the set of fastest-responding storage devices, secondary read responses that are responsive to the secondary read requests, the secondary read responses containing ones of the secondary data blocks;
  
  reconstructing the primary data block using exclusively the secondary data blocks contained in the secondary read responses; and
  
  sending, from the electronic computing system, a primary read response that is responsive to the primary read request, the primary read response containing the primary data block.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein automatically identifying the set of fastest-responding storage devices comprises:
    - calculating expected response times for each of the storage devices, the expected response times indicating expected amounts of time for the storage devices to respond to requests sent by the electronic computing system; and
      
      using the expected response times to identify the set of fastest-responding storage devices.
  - 3. The method of claim 1, wherein automatically identifying the set of fastest-responding storage devices comprises using a measure of how busy each of the storage devices currently is to identify the set of fastest-responding storage devices.
  - 4. The method of claim 3, wherein using the measure of how busy each of the storage devices currently is comprises using numbers of I/O requests in request queues associated with the storage devices as at least part of the measure of how busy each of the storage devices currently is.
  - 5. The method of claim 1, wherein cryptographically splitting the primary data block comprises cryptographically splitting the primary data block using a SECUREPARSER™
    - algorithm.
  - 6. The method of claim 1, wherein storing each of the secondary data blocks comprises:
    - storing a first subset of the secondary data blocks at a first subset of the storage devices that is physically located at a first data center; and
      
      storing a second subset of the secondary data blocks at a second subset of the storage devices that is physically located at a second data center, the first data center being geographically separated from the second data center.
  - 7. The method of claim 6,wherein the first subset of the secondary data blocks includes at least the minimum number of secondary data blocks;
    - andwherein the second subset of the secondary data blocks includes at least the minimum number of secondary data blocks.
  - 8. The method of claim 1, wherein sending the secondary read requests comprises sending the secondary read requests from the electronic computing system to the fastest-responding storage devices via a storage-area network (SAN).
  - 9. The method of claim 1, further comprising:
    - storing, at the electronic computing system, a location map that comprises an entry that maps the primary storage location to the secondary storage locations; and
      
      in response to receiving the primary read request, accessing the location map to identify the secondary storage locations associated with the primary storage location.
  - 10. The method of claim 1,wherein receiving the secondary read responses that are responsive to the secondary read requests comprises receiving the secondary read responses that are responsive to the secondary read requests when all of the secondary read requests were successful;
    - wherein reconstructing the primary data block using exclusively the secondary data blocks contained in the secondary read responses comprises reconstructing the primary data block using exclusively the secondary data blocks contained in the secondary read responses when all of the secondary read requests were successful; and
      
      wherein the method further comprises;
      
      determining, at the electronic computing system, that one of the secondary read requests was not successful;
      
      identifying, at the electronic computing system, a next fastest-responding storage device in the set of storage devices, the next fastest-responding storage device being expected to respond faster than any of the storage devices aside from the storage devices in the set of fastest-responding storage devices;
      
      sending, from the electronic computing system to the next fastest-responding storage device, an additional secondary read request to retrieve data stored at a secondary storage location associated with the primary storage location;
      
      receiving, at the electronic computing system from the next fastest-responding storage device, an additional secondary read response that is responsive to the additional secondary read request, the additional secondary read response containing one of the secondary data blocks; and
      
      reconstructing the primary data block using the secondary data blocks contained in the additional secondary read response and secondary data blocks contained in the secondary read responses that are responsive to ones of the secondary read requests that were successful.

11. An electronic computing system for securely storing and retrieving data, the electronic computing system comprising:
- a processing unit;
  
  a primary interface;
  
  a secondary interface; and
  
  a system memory comprising instructions that, when executed by the processing unit, cause the processing unit to;
  
  cryptographically split a primary data block into a plurality of secondary data blocks such that the primary data block can be reconstructed using any subset of the secondary data blocks that includes at least a minimum number of the secondary data blocks and such that the primary data block cannot be reconstructed using any subset of the secondary data blocks that includes fewer than the minimum number of the secondary data blocks, wherein the minimum number of the secondary data blocks is less than a total number of the secondary data blocks;
  
  store each of the secondary data blocks at secondary storage locations at different storage devices in a plurality of storage devices, each of the secondary storage locations being associated with a primary storage location;
  
  receive, via the primary interface, a primary read request to retrieve data stored virtually at a primary storage location;
  
  automatically identify, in response to receiving the primary read request, the secondary storage locations at the storage devices that are associated with the primary storage location;
  
  automatically identify, a set of fastest-responding storage devices in the set of storage devices, the set of fastest-responding storage devices including fewer storage devices than the set of storage devices, the set of fastest-responding storage devices including at least as many storage devices as the minimum number of secondary data blocks, and the set of fastest-responding storage devices being those ones of the storage devices that are expected to respond fastest to secondary read requests sent by the electronic computing system;
  
  exclusively send, via the secondary interface to the storage devices in the set of fastest-responding storage devices, secondary read requests to retrieve data stored at the identified secondary storage locations at the storage devices in the set of fastest-responding storage devices;
  
  receive, via the secondary interface from the storage devices in the set of fastest-responding storage devices, secondary read responses that are responsive to the secondary read requests, the secondary read responses containing ones of the secondary data blocks;
  
  reconstruct the primary data block using exclusively the secondary data blocks contained in the secondary read responses; and
  
  send, via the primary interface, a primary read response that is responsive to the primary read request, the primary read response containing the primary data block.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The electronic computing system of claim 11, wherein the instructions cause the processing unit to identify the set of fastest-responding storage devices at least in part by causing the processing unit to:
    - calculate expected response times for each of the storage devices, the expected response times indicating expected amounts of time for the storage devices to respond to requests sent by the electronic computing system; and
      
      use the expected response times to identify the set of fastest-responding storage devices.
  - 13. The electronic computing system of claim 11, wherein the instructions cause the processing unit to identify the set of fastest-responding storage devices at least in part by causing the processing unit to use a measure of how busy each of the storage devices currently is to identify the set of fastest-responding storage devices.
  - 14. The electronic computing system of claim 11, wherein the instructions cause the processing unit to cryptographically split the primary data block using a SECUREPARSER™
    - algorithm.
  - 15. The electronic computing system of claim 11, wherein the instructions cause the processing unit to store a first subset of the secondary data blocks at a first subset of the storage devices that is physically located at a first data center and to store a second subset of the secondary data blocks at a second subset of the storage devices that is physically located at a second data center, the first data center being geographically separated from the second data center.
  - 16. The electronic computing system of claim 11, wherein the instructions further cause the processing unit to cryptographically split the primary data block into the plurality of secondary data blocks in response to receiving a primary write request to store the primary data block at the primary storage location.
  - 17. The electronic computing system of claim 11, wherein the instructions further cause the processing unit to:
    - determine that one of the secondary read requests was not successful;
      
      send additional secondary read requests to each of the storage devices that stores a secondary data block associated with the primary data block, but was not among the set of fastest-responding storage devices; and
      
      reconstruct, upon receiving an additional secondary read response that contains one of the secondary data blocks, the primary data block using the secondary data block contained in the additional secondary read response, wherein the additional secondary read response is responsive to the additional secondary read request.

18. A computer-readable storage medium comprising instructions that, when executed at an electronic computing device, cause the electronic computing device to:
- receive a primary write request to write a primary data block at a primary storage location;
  
  cryptographically split the primary data block into a plurality of secondary data blocks such that the primary data block can be reconstructed using any subset of the secondary data blocks that includes at least a minimum number of the secondary data blocks and such that the primary data block cannot be reconstructed using any subset of the secondary data blocks that includes fewer than the minimum number of the secondary data blocks, wherein the minimum number of the secondary data blocks is less than a total number of the secondary data blocks;
  
  store each of the secondary data blocks at secondary storage locations at different storage devices in a plurality of storage devices, each of the secondary storage locations being associated with the primary storage location;
  
  receive a primary read request to retrieve data stored virtually at the primary storage location;
  
  automatically identify, in response to receiving the primary read request, the secondary storage locations at the storage devices that are associated with the primary storage location;
  
  automatically identify, a set of fastest-responding storage devices in the set of storage devices, the set of fastest-responding storage devices including fewer storage devices than the set of storage devices, the set of fastest-responding storage devices including at least as many storage devices as the minimum number of secondary data blocks, and the set of fastest-responding storage devices being those ones of the storage devices that are expected to respond fastest to secondary read requests sent by the electronic computing system;
  
  exclusively send to the storage devices in the set of fastest-responding storage devices, secondary read requests to retrieve data stored at the identified secondary storage locations at the storage devices in the set of fastest-responding storage devices;
  
  receive from the storage devices in the set of fastest-responding storage devices, secondary read responses that are responsive to the secondary read requests, the secondary read responses containing ones of the secondary data blocks;
  
  reconstruct the primary data block using exclusively the secondary data blocks contained in the secondary read responses; and
  
  send a primary read response that is responsive to the primary read request, the primary read response containing the primary data block.
- View Dependent Claims (19, 20)
- - 19. The computer-readable storage medium of claim 18, wherein the instructions cause the processing unit to identify the set of fastest-responding storage devices at least in part by causing the electronic computing device to:
    - calculate expected response times for each of the storage devices, the expected response times indicating expected amounts of time for the storage devices to respond to requests sent by the electronic computing system; and
      
      use the expected response times to identify the set of fastest-responding storage devices.
  - 20. The computer-readable storage medium of claim 18, wherein the instructions cause the processing unit to identify the set of fastest-responding storage devices at least in part by causing the electronic computing device to use a measure of how busy each of the storage devices currently is to identify the set of fastest-responding storage devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Albert French, David Dodgson, Edward Chin, Joseph Neill, Ralph Farina, Scott Summers
Original Assignee
Albert French, David Dodgson, Edward Chin, Joseph Neill, Ralph Farina, Scott Summers
Inventors
Summers, Scott, Farina, Ralph, Dodgson, David, Chin, Edward, French, Albert, Neill, Joseph

Application Number

US12/342,523
Publication Number

US 20100162003A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 11/1456   Hardware arrangements for b...

G06F 11/2005   using redundant communicati...

G06F 11/201   between storage system comp...

G06F 11/2094   Redundant storage or storag...

G06F 12/0866   for peripheral storage syst...

G06F 21/78   to assure secure storage of...

G06F 2212/263   Network storage, e.g. SAN o...

G06F 3/0611   in relation to response time

G06F 3/0619   in relation to data integri...

G06F 3/0623   in relation to content

G06F 3/064   Management of blocks

G06F 3/067   Distributed or networked st...

H04L 63/04   for providing a confidentia...

H04L 67/1097   for distributed storage of ...

H04L 67/146   Markers for unambiguous ide...

H04L 67/568   Storing data temporarily at...

H04L 9/0894   Escrow, recovery or storing...

RETRIEVAL OF CRYPTOGRAPHICALLY-SPLIT DATA BLOCKS FROM FASTEST-RESPONDING STORAGE DEVICES

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

RETRIEVAL OF CRYPTOGRAPHICALLY-SPLIT DATA BLOCKS FROM FASTEST-RESPONDING STORAGE DEVICES

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links