SECURING BACKING STORAGE DATA PASSED THROUGH A NETWORK

US 20100281247A1
Filed: 04/29/2009
Published: 11/04/2010
Est. Priority Date: 04/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method for securing data read from a storage device before passing the data to a network, comprising:

reading data from the storage device;

evaluating the data to determine that either the data read from the storage device is in encrypted form or that the data read from the storage device is in unencrypted form;

encrypting the data when the data is determined to be in unencrypted form; and

passing the encrypted data to the network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques described herein generally relate to methods, data processing devices and computer readable media to ensure that data stored in a remote backing storage device are in encrypted form before that data is transferred to another device or over a network. In some examples, the methods, data processing devices and computer readable media may be arranged to encrypt the data passed to the network when the data stored in the backing storage device is in unencrypted form. Also disclosed are methods, data processing devices and computer readable media that identify when the data stored in the backing storage device is in unencrypted form, including methods that may detect that the data may appear to be in encrypted form as a result of the data being compressed.

58 Citations

View as Search Results

20 Claims

1. A method for securing data read from a storage device before passing the data to a network, comprising:
- reading data from the storage device;
  
  evaluating the data to determine that either the data read from the storage device is in encrypted form or that the data read from the storage device is in unencrypted form;
  
  encrypting the data when the data is determined to be in unencrypted form; and
  
  passing the encrypted data to the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising passing the data read from the storage device without further encrypting when it is determined that the data read from the storage device is in encrypted form.
  - 3. The method of claim 1, wherein evaluating the data to determine that the data read from the storage device is in encrypted form comprises examining a table associated with the data read from the storage device.
  - 4. The method of claim 1 wherein the evaluating the data to determine that the data read from the storage device is in encrypted form comprises:
    - performing entropy analysis on the data read from the storage device; and
      
      determining on the basis of the entropy analysis whether the data read from the storage device is in encrypted form.
  - 5. The method of claim 4 wherein performing entropy analysis on the data read from the storage device comprises examining the data read from the storage device to determine a degree of randomness associated with the data.
  - 6. The method of claim 5 wherein examining the data read from the storage device to determine the degree of randomness associated with the data comprises examining the data on a byte-by-byte basis.
  - 7. The method of claim 1 wherein evaluating the data to determine that the data read from the storage device is in encrypted form comprises:
    - examining each file of data read from the storage device to identify header information indicating that the respective file is either compressed or uncompressed;
      
      identifying each file as either compressed or uncompressed based on the examination of the header information;
      
      performing entropy analysis on the data read from the storage device corresponding to each file that is identified as uncompressed; and
      
      determining on the basis of the entropy analysis whether the data read from the storage device corresponding to each file is in encrypted form.
  - 8. The method of claim 7, further comprising encrypting the data read from the storage device for each file that is identified as compressed before passing the data read from the storage device corresponding to the file to the network.

9. A remote data storage system including data security, comprising:
- a storage device storing data in either encrypted form or unencrypted form; and
  
  an electronic device coupled to the storage device, the electronic device being configured to examine data read from the storage device to identify data read from the storage device as either stored in encrypted form or stored in unencrypted form, and also configured to encrypt the data read from the storage device before allowing the data read from the storage device to be output from the remote data storage system when the data read from the storage device is identified as stored in unencrypted form.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The remote data storage system of claim 9 wherein the electronic device comprises a remote computer system.
  - 11. The remote data storage system of claim 9 wherein the electronic device comprises a controller.
  - 12. The remote data storage system of claim 9 wherein the electronic device further comprises a first component configured to detect a received authentication indication and a second component configured to inhibit outputting of the data from the remote data storage system when the authentication indication is not detected as received.
  - 13. The remote data storage system of claim 9 wherein the first component configured to detect the received authentication indication comprises a verification module, the verification module including a validation record storing authentication data.

14. A data processing system for securing data transferred over a network, comprising:
- a computer system coupled to the network, comprising;
  
  a processor; and
  
  a data cache configured to store data for use by the processor; and
  
  a remote data storage system coupled to the network, the remote storage system comprising;
  
  a backing storage device configured to store backing storage data in either encrypted form or unencrypted form; and
  
  an electronic device coupled to the storage device, the electronic device being configured to pass data read from the storage device to the network in encrypted form.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The data processing system of claim 14 wherein the electronic device comprises:
    - a first component configured to examine the data read from the backing storage device to identify data read from the backing storage device as stored in either encrypted form or unencrypted form; and
      
      a second component arranged in cooperation with the first component and configured to encrypt the data read from the backing storage device before passing the data to the network when the first component identifies the data read from the backing storage device as stored in unencrypted form.
  - 16. The data processing system of claim 15 wherein the second component is further configured to pass the data read from the backing storage device to the network without further encryption when the first component identifies the data read from the backing storage device as stored in encrypted form.
  - 17. The data processing system of claim 15 wherein the second component is further configured to identify the data read from the backing storage device as either compressed or uncompressed, and configured to encrypt the data read from the backing storage device before passing the data to the network when the second component identifies the data read from the backing storage device as compressed.
  - 18. The data processing system of claim 14 wherein the computer system includes a main memory, and wherein a portion of the main memory is used as the data cache.

19. A computer accessible medium having stored thereon computer executable instructions that, when executed by a processing unit, configure the processing unit to:
- read data from a storage device, wherein the data is either in encrypted form or unencrypted form;
  
  identify the data read from the storage device as stored in either encrypted form or unencrypted form;
  
  encrypt the data read from the storage device when the data read from the storage device is identified as stored in the storage device in unencrypted form; and
  
  pass the encrypted data to the network.
- View Dependent Claims (20)
- - 20. The computer accessible medium of claim 19 further comprising computer executable instructions that, when executed by the processing unit, configure the processing unit to:
    - identify the data read from the storage device as either compressed or uncompressed; and
      
      encrypt the data before passing the encrypted data to the network when the data read from the storage device is identified as compressed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Empire Technology Development LLC (Allied Inventors Management, LLC)
Original Assignee
Empire Technology Development LLC (Allied Inventors Management, LLC)
Inventors
Wolfe, Andrew, Conte, Thomas Martin

Granted Patent

US 8,726,043 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

H04L 2209/08   Randomization, e.g. dummy o...

H04L 9/00   Cryptographic mechanisms or...

H04L 9/0631   Substitution permutation ne...

SECURING BACKING STORAGE DATA PASSED THROUGH A NETWORK

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURING BACKING STORAGE DATA PASSED THROUGH A NETWORK

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links