METHODS AND SYSTEMS FOR STORAGE OF LARGE DATA OBJECTS
First Claim
Patent Images
1. A method, comprising:
- receiving, by a storage service, a binary large object;
by a processor of the storage service, creating a first set of data chunks, wherein each of the data chunks in the first set is a subset of the object, and together the data chunks in the first set equal the object;
by the processor, assigning an encryption key to each data chunk in the first set;
encrypting each of the data chunks in the first set to form a set of encrypted data chunks;
by the processor, creating a second set of ciphertext chunks, wherein each of the ciphertext chunks in the second set will, taken together and decrypted, form the binary large object;
by the processor, assigning a message authentication code (MAC) to each data chunk in the second set;
storing the encrypted data chunks in one or more data stores; and
storing the encryption keys and the MACs as metadata in a metadata memory, wherein the metadata memory is separate from the one or more data stores.
1 Assignment
0 Petitions
Accused Products
Abstract
A storage service receives a binary large object (blob) for storage, and the service creates first and second sets of data chunks from the blob. The chunks in the first set together equal the blob, and the service uses one or more encryption keys to encrypt each of the data chunks in the first set. The chunks in the second set also together equal the blob. The service assigns a message authentication code (MAC) to each data chunk in the second set. The service stores the encrypted data chunks in one or more data stores, and it stores the encryption keys and the MACs as metadata in a metadata memory.
-
Citations
20 Claims
-
1. A method, comprising:
-
receiving, by a storage service, a binary large object; by a processor of the storage service, creating a first set of data chunks, wherein each of the data chunks in the first set is a subset of the object, and together the data chunks in the first set equal the object; by the processor, assigning an encryption key to each data chunk in the first set; encrypting each of the data chunks in the first set to form a set of encrypted data chunks; by the processor, creating a second set of ciphertext chunks, wherein each of the ciphertext chunks in the second set will, taken together and decrypted, form the binary large object; by the processor, assigning a message authentication code (MAC) to each data chunk in the second set; storing the encrypted data chunks in one or more data stores; and storing the encryption keys and the MACs as metadata in a metadata memory, wherein the metadata memory is separate from the one or more data stores. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising:
-
receiving, by a storage service, a binary large object;
by a processor of the storage service, creating a first set of data chunks, wherein each of the data chunks in the first set is a subset of the object, and together the data chunks in the first set equal the object;by the processor, assigning an encryption key to each data chunk in the first set; encrypting each of the data chunks in the first set to form a set of encrypted data chunks; by the processor, creating a second set of ciphertext chunks, wherein each of the data chunks in the second set will, taken together and decrypted, form the binary large object; by the processor, assigning a message authentication code (MAC) to each ciphertext chunk in the second set; storing the encrypted data chunks in one or more data stores; determining a data store location, wherein the data store location corresponds to a storage location of one or more of the data chunks in the first set; and storing the encryption keys, the data store location and the MACs as metadata in a metadata memory, wherein the metadata memory is separate from the one or more data stores, and wherein storing the metadata comprises assigning a metadata encryption key and using the metadata encryption key to encrypt the metadata. - View Dependent Claims (12, 13, 14, 15, 20)
-
-
16. A system, comprising:
-
a storage service comprising one or more processors, a non-transitory memory containing program instructions, one or more data stores, and a metadata memory that is separate from the one or more data stores, wherein the program instructions, when executed, instruct one or more of the processors to; receive a binary large object; create a first set of data chunks, wherein each of the data, chunks in the first set is a subset of the object, and together the data chunks in the first set equal the object; assign an encryption key to each data chunk in the first set; encrypt each of the data chunks in the first set to form a set of encrypted data chunks; create a second set of ciphertext chunks, wherein each of the ciphertext chunks in the second set is a subset of an encrypted form of the binary large object, and together the ciphertext chunks in the second set equal the binary large object; assign a message authentication code (MAC) to each ciphertext chunk in the second set; store the encrypted data chunks in one or more of the data stores; and store the encryption keys and the MACs as metadata in the metadata memory. - View Dependent Claims (17, 18, 19)
-
Specification