SYSTEM AND METHOD FOR DISTRIBUTED DEDUPLICATIONOF ENCRYPTED CHUNKS
First Claim
Patent Images
1. A method for retrieving chunks of data from a distributed deduplication storage system, the method comprising:
- receiving a request for a chunk from a client, wherein the request for the chunk includes a chunk identifier;
retrieving an encrypted chunk payload and an encrypted chunk key for the chunk;
de-crypting the encrypted chunk key to obtain an unencrypted chunk key;
de-crypting the encrypted chunk payload using the unencrypted chunk key to obtain a decrypted chunk payload;
re-encrypting the decrypted chunk payload to obtain a re-encrypted chunk payload that is encrypted for the client to be able to decrypt;
returning the re-encrypted chunk payload to the client in response to the request for the chunk.
4 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure relates to an advantageous system and related methods for distributed deduplication of encrypted chunks. One embodiment relates to a method for storing encrypted chunks in which an encryption key is generated independently from a chunk payload. With this method, two encrypted chunks are identifiable as having identical chunk payloads even when the chunk payloads are encrypted with different encryption keys. Other embodiments, aspects and features are also disclosed.
-
Citations
22 Claims
-
1. A method for retrieving chunks of data from a distributed deduplication storage system, the method comprising:
-
receiving a request for a chunk from a client, wherein the request for the chunk includes a chunk identifier; retrieving an encrypted chunk payload and an encrypted chunk key for the chunk; de-crypting the encrypted chunk key to obtain an unencrypted chunk key; de-crypting the encrypted chunk payload using the unencrypted chunk key to obtain a decrypted chunk payload; re-encrypting the decrypted chunk payload to obtain a re-encrypted chunk payload that is encrypted for the client to be able to decrypt; returning the re-encrypted chunk payload to the client in response to the request for the chunk. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A distributed deduplication storage system for storing encrypted chunks of data, the storage system comprising:
-
a client; and a storage server which receives a request for a chunk from a client, wherein the request for the chunk includes a chunk identifier; retrieves an encrypted chunk payload and an encrypted chunk key for the chunk; de-crypts the encrypted chunk key to obtain an unencrypted chunk key; de-crypts the encrypted chunk payload using the unencrypted chunk key to obtain a decrypted chunk payload; re-encrypts the decrypted chunk payload to obtain a re-encrypted chunk payload that is encrypted for the client to be able to decrypt; and returns the re-encrypted chunk payload to the client in response to the request for the chunk.
-
-
11. A method of putting an encrypted chunk to an object storage system supporting distributed deduplication, the method comprising:
-
calculating a cryptographic hash to fingerprint an unencrypted payload by a client/proxy (a client, or proxy acting on behalf of the client), after optional compression has been applied at the client/proxy; sending a chunk put request to a chunk server that identifies the chunk to be put by a fingerprint, wherein the chunk server was selected either because it is co-located with the client/proxy or by a consistent hashing algorithm. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method of retrieving a chunk, the method comprising:
-
receiving a chunk get request from a client/proxy to get a chunk from a chunk server of a chunk storage system; using a chunk identifier to determine if the chunk is already stored locally as a local chunk image at the chunk server; if the chunk is already stored locally at the chunk server, then performing a first procedure to use the local chunk image; if the chunk is not already stored locally at the chunk server, and the chunk server is not designated to store the chunk identifier by a consistent hashing algorithm, then performing a second procedure to obtain a copy of a chunk image from a designated chunk server of the chunk storage system; and if the chunk is not stored in the chunk storage system, then returning an error message from the chunk server to the client/proxy. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification