STORAGE AVAILABILITY USING CRYPTOGRAPHIC SPLITTING

US 20130212373A1
Filed: 02/15/2012
Published: 08/15/2013
Est. Priority Date: 02/15/2012
Status: Active Grant

First Claim

Patent Images

1. A method of maintaining data connectivity in a secure data storage network, the method comprising:

assigning a volume to a primary secure storage appliance located in a secure data storage network the primary secure storage appliance selected from among a plurality of secure storage appliances located in the secure data storage network, the volume presented as a virtual disk to a client device and mapped to physical storage at each of a plurality of storage systems;

storing data, by the primary secure storage appliance, in the volume as blocks spread across the plurality of storage systems, the data stored across the plurality of storage systems cryptography splits the data into a plurality of secondary data blocks that are stored into the separate volumes;

detecting at one of the plurality of secure storage appliances a failure of the primary secure storage appliance;

upon detecting the failure of the primary secure storage appliance, reassigning the volume to a second secure storage appliance from among the plurality of secure storage appliances, thereby rendering the second secure storage appliance a new primary secure storage appliance;

wherein in cryptographically splitting the data into the plurality of secondary data blocks utilizes a plurality of encryption keys to create a plurality of separate community of interest data sets in which the data and corresponding plurality of secondary data blocks are members of the community of interest associated with the one of the plurality of encryption keys used in the write requests.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for maintaining data connectivity in a secure data storage network are disclosed. In one aspect, a method includes assigning a volume to a primary secure storage appliance located in a secure data storage network the primary secure storage appliance selected from among a plurality of secure storage appliances located in the secure data storage network, the volume presented as a virtual disk to a client device and mapped to physical storage at each of a plurality of storage systems. The method further includes detecting at one of the plurality of secure storage appliances a failure of the primary secure storage appliance. The method also includes, upon detecting the failure of the primary secure storage appliance, reassigning the volume to a second secure storage appliance from among the plurality of secure storage appliances, thereby rendering the second secure storage appliance a new primary secure storage appliance.

31 Citations

View as Search Results

21 Claims

1. A method of maintaining data connectivity in a secure data storage network, the method comprising:
- assigning a volume to a primary secure storage appliance located in a secure data storage network the primary secure storage appliance selected from among a plurality of secure storage appliances located in the secure data storage network, the volume presented as a virtual disk to a client device and mapped to physical storage at each of a plurality of storage systems;
  
  storing data, by the primary secure storage appliance, in the volume as blocks spread across the plurality of storage systems, the data stored across the plurality of storage systems cryptography splits the data into a plurality of secondary data blocks that are stored into the separate volumes;
  
  detecting at one of the plurality of secure storage appliances a failure of the primary secure storage appliance;
  
  upon detecting the failure of the primary secure storage appliance, reassigning the volume to a second secure storage appliance from among the plurality of secure storage appliances, thereby rendering the second secure storage appliance a new primary secure storage appliance;
  
  wherein in cryptographically splitting the data into the plurality of secondary data blocks utilizes a plurality of encryption keys to create a plurality of separate community of interest data sets in which the data and corresponding plurality of secondary data blocks are members of the community of interest associated with the one of the plurality of encryption keys used in the write requests.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein detecting the failure of the primary secure storage appliance includes determining an absence of a heartbeat signal transmitted periodically among the plurality of secure storage appliances.
  - 3. The method of claim 1, wherein the plurality of secure storage appliances are connected within a cluster.
  - 4. The method of claim 1, further comprising, upon reassigning the volume to a second secure storage appliance, sending an error message to an administrator of the secure data storage network.
  - 5. The method of claim 1, wherein the primary secure storage appliance and the second secure storage appliance are each connected to the plurality of storage systems.
  - 6. The method of claim 1, further comprising presenting an administrative interface to an administrator of the secure data storage network, the administrative interface presenting the plurality of secure storage appliances as a virtual secure storage appliance.
  - 7. The method of claim 6, further comprising presenting a common set of administrative settings for each of the plurality of secure storage appliances associated with the virtual secure storage appliance.
  - 8. The method of claim 7, wherein the common set of administrative settings is stored at each of the plurality of secure storage appliances.
  - 9. The method of claim 1, further comprising restoring operation of the primary secure storage appliance.
  - 10. The method of claim 8, further comprising detecting restoration of the primary secure storage appliance at one of the plurality of secure storage appliances.
  - 11. The method of claim 10, further comprising restoring a common set of administrative settings for the plurality of secure storage appliances to the primary secure storage appliance.
  - 12. The method of claim 10, further comprising reassigning the volume to the primary secure storage appliance and disassociating the second secure storage appliance from the volume.

13. (canceled)

14. (canceled)

15. (canceled)

16. (canceled)

17. (canceled)

18. A secure data storage network comprising:
- a client device;
  
  a plurality of storage systems;
  
  a plurality of secure storage appliances interconnected between the client device and the plurality of storage systems, the plurality of secure storage appliances including a primary secure storage appliance associated with a volume, the volume presented as a virtual disk to the client device and mapped to physical storage at each of the plurality of storage systems;
  
  wherein each of the plurality of secure storage appliances includes a common set of administrative information, and each of the plurality of secure storage appliances monitors operational status of one or more of a different secure storage appliance among the plurality of secure storage appliances;
  
  wherein data is stored in the volume as blocks spread across the plurality of storage systems by the primary secure storage appliance and the data stored across virtual disk being cryptography split into a plurality of secondary data blocks that are stored into the separate volumes of the virtual disk; and
  
  the cryptographically splitting the data into the plurality of secondary data blocks utilizes a plurality of encryption keys to create a plurality of separate community of interest data sets in which the data and corresponding plurality of secondary data blocks are members of the community of interest associated with the one of the plurality of encryption keys used in the write requests.
- View Dependent Claims (19, 20, 21)
- - 19. The secure data storage network of claim 18, wherein each of the plurality of secure storage appliances is configured to periodically transmit a heartbeat message to another secure storage appliance from among the plurality of secure storage appliances.
  - 20. The secure data storage network of claim 18, further comprising an administrative interface hosted by an administrative console, the administrative interface providing a view of a virtual secure storage appliance representing the plurality of secure storage appliances and presenting a common set of administrative settings associated with the plurality of secure storage appliances.
  - 21. The secure data storage network of claim 18, wherein the plurality of secure storage appliances reside within a cluster in the secure data storage network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dodgson, David, Edward Chin, French, Albert, Neill, Joseph, Ralph Farina, Summers, Scott
Original Assignee
Dodgson, David, Edward Chin, French, Albert, Neill, Joseph, Ralph Farina, Summers, Scott
Inventors
Dodgson, David, Neill, Joseph, Farina, Ralph, Chin, Edward, French, Albert, Summers, Scott

Granted Patent

US 8,719,594 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

H04L 67/1097   for distributed storage of ...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0894   Escrow, recovery or storing...

STORAGE AVAILABILITY USING CRYPTOGRAPHIC SPLITTING

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

STORAGE AVAILABILITY USING CRYPTOGRAPHIC SPLITTING

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links