Protecting the Integrity and Privacy of Data with Storage Leases

US 20120110338A1
Filed: 10/27/2011
Published: 05/03/2012
Est. Priority Date: 10/27/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-readable storage medium including instructions adapted to direct a computer to perform an operation, the operation comprising:

receiving at least a first storage operation from a storage client, wherein the first storage operation is associated with first stored data;

accessing first storage lease information specifying a first time period of restricted access for the first stored data;

comparing the first storage lease information with a current time reference; and

allowing the first storage operation in response to the current time reference being outside the first time period of restricted access to the first stored data specified by the first storage lease information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Storage leases specify access restrictions and time periods, restricting access to their associated data during the storage lease time period. Storage leases may be assigned to individual data storage blocks or groups of data storage blocks in a data storage device. A data storage device may include any arbitrary number of different storage leases assigned to different portions of its data storage blocks. Storage lease-enabled devices may provide security certificates to verify that data access operations have been performed as requested and that their storage leases are being enforced. Storage lease-enabled devices compare storage lease information for data units with the current time using a clock isolated from access by storage clients or time certificates from one or more trusted time servers. Storage leases may be used in combination with backup applications, file systems, database systems, peer-to-peer data storage, and cloud storage systems.

34 Citations

View as Search Results

17 Claims

1. A computer-readable storage medium including instructions adapted to direct a computer to perform an operation, the operation comprising:
- receiving at least a first storage operation from a storage client, wherein the first storage operation is associated with first stored data;
  
  accessing first storage lease information specifying a first time period of restricted access for the first stored data;
  
  comparing the first storage lease information with a current time reference; and
  
  allowing the first storage operation in response to the current time reference being outside the first time period of restricted access to the first stored data specified by the first storage lease information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The computer-readable storage medium of claim 1, wherein the first storage lease information includes a timestamp.
  - 3. The computer-readable storage medium of claim 2, wherein the timestamp indicates the end of the first time period for restricted access to the first stored data.
  - 4. The computer-readable storage medium of claim 2, wherein the timestamp indicates the beginning of the first time period for restricted access to the first stored data.
  - 5. The computer-readable storage medium of claim 1, wherein allowing the first storage operation comprises:
    - determining a storage space-time rate based on an amount of data consumed and a second time period of restricted storage access for at least one previously performed storage operation;
      
      comparing the storage space-time rate with a storage space-time rate limit; and
      
      allowing the first storage operation in response to the storage space-time rate being less than the storage space-time rate limit.
  - 6. The computer-readable storage medium of claim 1, comprising:
    - generating a security certificate in response to the completion of at least the first storage operation, wherein the security certificate indicates completion of at least the first storage operation.
  - 7. The computer-readable storage medium of claim 6, wherein the security certificate includes a cryptographic hash based on at least the first storage operation.
  - 8. The computer-readable storage medium of claim 1, wherein the current time reference is received from an internal clock isolated from the storage client.
  - 9. The computer-readable storage medium of claim 1, wherein the current time reference is received from at least one external time server.
  - 10. The computer-readable storage medium of claim 9, wherein the current time reference is received as at least one cryptographically signed time certificate.
  - 11. The computer-readable storage medium of claim 1, wherein the current time reference is based at least in part on a measurement of a periodic process of a storage device.
  - 12. The computer-readable storage medium of claim 1, wherein the first storage operation includes a data write operation.
  - 13. The computer-readable storage medium of claim 12, wherein the first storage operation includes new storage lease information, the operation comprising:
    - in response to allowing the first storage operation, updating the first storage lease information with the new storage lease information.
  - 14. The computer-readable storage medium of claim 1, wherein the first storage operation includes a data read operation.
  - 15. The computer-readable storage medium of claim 1, wherein the first storage lease information is associated with a first storage block including the first stored data.
  - 16. The computer-readable storage medium of claim 15, wherein a data storage device includes the first storage block and a second storage block including second stored data, wherein the second storage block is associated with second storage lease information specifying a second time period of restricted access for the second stored data, wherein the second time period is different than the first time period.
  - 17. The computer-readable storage medium of claim 1, comprising:
    - inhibiting the first storage operation from being performed in response to the current time reference being inside the first time period of restricted access to the first stored data specified by the first storage lease information; and
      
      providing a response message to the storage client indicating that the first storage operation was not performed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Max-Planck-Gesellschaft Zur Foerderung Der Wissenschaften e.V. (Max-Planck-Gesellschaft zur Frderung der Wissenschaften e)
Original Assignee
Max-Planck-Gesellschaft Zur Foerderung Der Wissenschaften e.V. (Max-Planck-Gesellschaft zur Frderung der Wissenschaften e)
Inventors
Gehrke, Johannes, Druschel, Peter, Rodrigues, Rodrigo, Post, Ansley, Vahldiek, Anjo Lucas

Granted Patent

US 9,165,155 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2137 Time limited access, e.g. t...

Protecting the Integrity and Privacy of Data with Storage Leases

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting the Integrity and Privacy of Data with Storage Leases

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links