Method And Apparatus For Achieving Data Security In A Distributed Cloud Computing Environment

US 20120303736A1
Filed: 05/25/2011
Published: 11/29/2012
Est. Priority Date: 05/25/2011
Status: Active Grant

First Claim

Patent Images

1. Apparatus for providing data storage services for a client, in accordance with a cloud computing model wherein a client platform is operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the apparatus at the cloud storage broker comprising:

a user interface;

a cloud storage interface;

a memory; and

at least one processor operably coupled to the user interface, cloud storage interface and memory and configured to;

(a) receive a client request for cloud storage services associated with a data item;

(b) choose selected cloud storage platforms of the plurality of remote cloud storage platforms for cloud storage of the data item, wherein each of the selected platforms are to store an allocated portion of the data item;

(c) identify a first rule that defines a manner of dividing the data item into a plurality of portions, the plurality of portions corresponding in number with the plurality of selected cloud storage platforms;

(d) identify a second rule that defines a manner of allocating the respective portions among the selected cloud storage platforms; and

(e) communicate indicia of the first and second rules to the client, thereby enabling the client to divide the data item into portions according to the first rule and to allocate the respective portions among the selected cloud storage platforms according to the second rule.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A distributed cloud storage system includes a cloud storage broker logically residing between a client platform and a plurality of remote cloud storage platforms. The cloud storage broker mediates execution of a cloud storage process that involves dividing a data item into multiple portions and allocating the portions to multiple selected cloud storage platforms according to first and second rules defining a key known only to the cloud storage broker or to the client. At some later time when it is desired to retrieve the data item, the key is retrieved from storage and the rules are executed in a reverse fashion to retrieve and reassemble the data item.

Citations

19 Claims

1. Apparatus for providing data storage services for a client, in accordance with a cloud computing model wherein a client platform is operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the apparatus at the cloud storage broker comprising:
- a user interface;
  
  a cloud storage interface;
  
  a memory; and
  
  at least one processor operably coupled to the user interface, cloud storage interface and memory and configured to;
  
  (a) receive a client request for cloud storage services associated with a data item;
  
  (b) choose selected cloud storage platforms of the plurality of remote cloud storage platforms for cloud storage of the data item, wherein each of the selected platforms are to store an allocated portion of the data item;
  
  (c) identify a first rule that defines a manner of dividing the data item into a plurality of portions, the plurality of portions corresponding in number with the plurality of selected cloud storage platforms;
  
  (d) identify a second rule that defines a manner of allocating the respective portions among the selected cloud storage platforms; and
  
  (e) communicate indicia of the first and second rules to the client, thereby enabling the client to divide the data item into portions according to the first rule and to allocate the respective portions among the selected cloud storage platforms according to the second rule.
- View Dependent Claims (2, 3)
- - 2. The apparatus of claim 1, further comprising:
    - a rule generator for creating at least one of the first and second rules to be used for respective data storage transactions; and
      
      a file storage index for maintaining indicia of the first and second rules used for respective data storage transactions.
  - 3. The apparatus of claim 2, wherein the at least one processor is further configured to:
    - (f) receive a client request for data retrieval services associated with a data item;
      
      (g) consult the file storage index to identify indicia of the first and second rules that were used to store the data item;
      
      (h) communicate indicia of the first and second rules to the client, thereby enabling the client to retrieve and reassemble the data item according to an inverse of the first and second rule.

4. Apparatus for providing data storage services for a client, in accordance with a cloud computing model wherein a client platform is operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the apparatus at the cloud storage broker comprising:
- a user interface;
  
  a cloud storage interface;
  
  a memory; and
  
  at least one processor operably coupled to the user interface, cloud storage interface and memory and configured to;
  
  (a) receive a client request for cloud storage services associated with a data item;
  
  (b) choose selected cloud storage platforms of the plurality of remote cloud storage platforms for cloud storage of the data item, wherein each of the selected platforms are to store an allocated portion of the data item;
  
  (c) identify a first rule that defines a manner of dividing the data item into a plurality of portions, the plurality of portions corresponding in number with the plurality of selected cloud storage platforms;
  
  (d) identify a second rule that defines a manner of allocating the respective portions among the selected cloud storage platforms;
  
  (e) obtain the data item; and
  
  (f) divide the data item into portions according to the first rule and allocate the respective portions among the selected cloud storage platforms according to the second rule.
- View Dependent Claims (5, 6)
- - 5. The apparatus of claim 4, further comprising:
    - a rule generator for creating at least one of the first and second rules to be used for respective data storage transactions; and
      
      a file storage index for maintaining a record of the first and second rules or indicia of the first and second rules used for respective data storage transactions.
  - 6. The apparatus of claim 4, wherein the at least one processor is further configured to:
    - (g) receive a client request for data retrieval services associated with a data item;
      
      (h) consult the file storage index to identify indicia of the first and second rules that were used to store the data item;
      
      (i) execute an inverse of the first and second rules to retrieve and reassemble the data item, yielding a reassembled data item; and
      
      (j) deliver the reassembled data item to the client.

7. Apparatus for providing data storage services for a client, in accordance with a cloud computing model wherein a client platform is operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the apparatus at the client platform comprising:
- a memory; and
  
  at least one processor operably coupled to the memory and configured to;
  
  send to the cloud storage broker, a request for cloud storage services associated with a data item;
  
  responsive to the request, receive from the cloud storage broker indicia of (a) selected cloud storage platforms of the plurality of remote cloud storage platforms for cloud storage of the data item, wherein each of the selected platforms are to store an allocated portion of the data item;
  
  (b) a first rule that defines a manner of dividing the data item into a plurality of portions, the plurality of portions corresponding in number with the plurality of selected cloud storage platforms; and
  
  (c) a second rule that defines a manner of allocating the respective portions among the selected cloud storage platforms; and
  
  divide the data item into portions according to the first rule and allocate the respective portions among the selected cloud storage platforms according to the second rule.
- View Dependent Claims (8)
- - 8. The apparatus of claim 7, wherein the at least one processor is further configured to:
    - send to the cloud storage broker, a request for data retrieval services associated with the data item;
      
      responsive to the request, receive from the cloud storage broker indicia of the first and second rules; and
      
      execute an inverse of the first and second rules to retrieve and reassemble the data item.

9. A method for providing data storage services for a client, in accordance with a cloud computing model wherein a client platform is operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the method comprising the cloud storage broker:
- receiving a client request for cloud storage services associated with a data item;
  
  choosing selected cloud storage platforms of the plurality of remote cloud storage platforms for cloud storage of the data item, wherein each of the selected platforms are to store an allocated portion of the data item;
  
  identifying a first rule that defines a manner of dividing the data item into a plurality of portions, the plurality of portions corresponding in number with the plurality of selected cloud storage platforms;
  
  identifying a second rule that defines a manner of allocating the respective portions among the selected cloud storage platforms; and
  
  communicating indicia of the first and second rules to the client, thereby enabling the client to divide the data item into portions according to the first rule and to allocate the respective portions among the selected cloud storage platforms according to the second rule.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, further comprising the cloud storage broker:
    - receiving a client request for data retrieval services associated with the data item;
      
      consulting a file storage index to identify indicia of the first and second rules that were used to store the data item; and
      
      communicating indicia of the first and second rules to the client, thereby enabling the client to retrieve and reassemble the data item according to an inverse of the first and second rule.
  - 11. An article of manufacture comprising a processor-readable storage medium storing one or more software programs which when executed by a processor associated with the cloud storage platform perform the steps of the method of claim 9.

12. A method for providing data storage services for a client, in accordance with a cloud computing model wherein a client platform is operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, the method comprising the cloud storage broker:
- receiving a client request for cloud storage services associated with a data item;
  
  choosing selected cloud storage platforms of the plurality of remote cloud storage platforms for cloud storage of the data item, wherein each of the selected platforms are to store an allocated portion of the data item;
  
  identifying a first rule that defines a manner of dividing the data item into a plurality of portions, the plurality of portions corresponding in number with the plurality of selected cloud storage platforms;
  
  identifying a second rule that defines a manner of allocating the respective portions among the selected cloud storage platforms;
  
  obtaining the data item; and
  
  dividing the data item into portions according to the first rule and allocate the respective portions among the selected cloud storage platforms according to the second rule.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, further comprising the cloud storage broker:
    - receiving a client request for data retrieval services associated with the data item;
      
      consulting a file storage index to identify indicia of the first and second rules that were used to store the data item;
      
      executing an inverse of the first and second rules to retrieve and reassemble the data item, yielding a reassembled data item; and
      
      delivering the reassembled data item to the client.
  - 14. An article of manufacture comprising a processor-readable storage medium storing one or more software programs which when executed by a processor associated with the cloud storage platform perform the steps of the method of claim 12.

15. In a cloud storage system including a client platform operably connected to a cloud storage broker and a plurality of remote cloud storage platforms, a method for providing distributed cloud storage of a data item comprising:
- dividing the data item into a plurality of portions according to a first rule;
  
  allocating the portions to a plurality of selected cloud storage platforms according to a second rule, the plurality of portions corresponding in number with the plurality of selected cloud storage platforms; and
  
  retaining indicia of the first and second rules for later data retrieval.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The method of claim 15, wherein the step of dividing and allocating is performed by the client platform, responsive to receiving indicia of the first and second rules from the cloud storage broker.
  - 17. The method of claim 15, wherein the step of dividing and allocating is performed by the cloud storage broker.
  - 18. The method of claim 15, further comprising:
    - executing an inverse of the first and second rules to retrieve and reassemble the data item.
  - 19. An article of manufacture comprising a processor-readable storage medium storing one or more software programs which when executed by a processor associated with the cloud storage platform perform the steps of the method of claim 15.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent SA (Nokia Corporation)
Original Assignee
Alcatel-Lucent USA, Inc. (Nokia Corporation)
Inventors
Novotny, Hanan M., Sankalia, Anish, DePaul, Kenneth E., Nta, Patrick, Larsen, Renaud

Granted Patent

US 9,137,304 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/213
CPC Class Codes

H04L 67/1008   based on parameters of serv...

H04L 67/101   based on network conditions

H04L 67/1014   based on the content of a r...

H04L 67/1019   Random or heuristic server ...

H04L 67/1021   based on client or server l...

H04L 67/1097   for distributed storage of ...

H04L 67/562   Brokering proxy services

Method And Apparatus For Achieving Data Security In A Distributed Cloud Computing Environment

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method And Apparatus For Achieving Data Security In A Distributed Cloud Computing Environment

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links