SECURE CLOUD-BASED STORAGE OF DATA SHARED ACROSS FILE SYSTEM OBJECTS AND CLIENTS

US 20160292429A1
Filed: 03/31/2015
Published: 10/06/2016
Est. Priority Date: 03/31/2015
Status: Active Grant

First Claim

Patent Images

1. A method of storing file system data, comprising:

determining for an object associated with a plurality of component chunks of file system data a primary encryption key;

using the primary encryption key to generate for each of said component chunks a corresponding chunk key, based at least in part on the primary encryption key and data comprising or otherwise associated with the chunk; and

providing the respective chunk keys to a file system client configured to create and store the object at least in part by encrypting each chunk included in the plurality of component chunks using the chunk key provided for that chunk to generated encrypted chunk data, and combining the encrypted chunk data to create and store the object.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques to provide secure cloud-based storage of data shared across file system objects and clients are disclosed. In various embodiments, a primary encryption key is determined for an object associated with a plurality of component chunks of file system data. The primary encryption key is used to generate for each of said component chunks a corresponding chunk key, based at least in part on the primary encryption key and data comprising or otherwise associated with the chunk. The respective chunk keys are provided to a file system client configured to create and store the object at least in part by encrypting each chunk included in the plurality of component chunks using the chunk key provided for that chunk to generated encrypted chunk data, and combining the encrypted chunk data to create and store the object.

88 Citations

View as Search Results

20 Claims

1. A method of storing file system data, comprising:
- determining for an object associated with a plurality of component chunks of file system data a primary encryption key;
  
  using the primary encryption key to generate for each of said component chunks a corresponding chunk key, based at least in part on the primary encryption key and data comprising or otherwise associated with the chunk; and
  
  providing the respective chunk keys to a file system client configured to create and store the object at least in part by encrypting each chunk included in the plurality of component chunks using the chunk key provided for that chunk to generated encrypted chunk data, and combining the encrypted chunk data to create and store the object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the primary encryption key is determined based at least in part on data comprising or otherwise associated with the plurality of component chunks.
  - 3. The method of claim 1, further comprising storing the primary encryption key in a file system metadata table.
  - 4. The method of claim 1, wherein each of the respective chunk keys is generated based on the primary encryption key and a chunk hash value associated with the chunk.
  - 5. The method of claim 1, wherein the chunk keys are not stored in file system metadata.
  - 6. The method of claim 1, further comprising providing to the file system client an identification of the plurality of component chunks to be included in the object.
  - 7. The method of claim 1, wherein the plurality of component chunks of file system data comprise at least a part of a file.
  - 8. The method of claim 7, further comprising receiving a request to store the file, the request including data identifying the plurality of component chunks as being associated with the file.
  - 9. The method of claim 1, further comprising receiving a request to access a file with which the plurality of component chunks are associated.
  - 10. The method of claim 9, further comprising providing in response to the request a locator to be used to retrieve the object, and for each chunk a corresponding offset within the object and a corresponding chunk key to be used to decrypt the chunk.

11. A system, comprising:
- a communication interface; and
  
  a processor coupled to the communication interface and configured to;
  
  determine for an object associated with a plurality of component chunks of file system data a primary encryption key;
  
  use the primary encryption key to generate for each of said component chunks a corresponding chunk key, based at least in part on the primary encryption key and data comprising or otherwise associated with the chunk; and
  
  provide the respective chunk keys, via the communication interface, to a file system client configured to create and store the object at least in part by encrypting each chunk included in the plurality of component chunks using the chunk key provided for that chunk to generated encrypted chunk data, and combining the encrypted chunk data to create and store the object.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein the primary encryption key is determined based at least in part on data comprising or otherwise associated with the plurality of component chunks.
  - 13. The system of claim 11, wherein the processor is further configured to store the primary encryption key in a file system metadata table.
  - 14. The system of claim 11, wherein each of the respective chunk keys is generated based on the primary encryption key and a chunk hash value associated with the chunk.
  - 15. The system of claim 11, wherein the chunk keys are not stored in file system metadata.
  - 16. The system of claim 11, wherein the processor is further configured to provide to the file system client an identification of the plurality of component chunks to be included in the object.
  - 17. The system of claim 11, wherein the plurality of component chunks of file system data comprise at least a part of a file.
  - 18. The system of claim 17, wherein the processor is further configured to receive a request to store the file, the request including data identifying the plurality of component chunks as being associated with the file.
  - 19. The system of claim 11, wherein the processor is further configured to receive a request to access a file with which the plurality of component chunks are associated;
    - and to provide in response to the request a locator to be used to retrieve the object, and for each chunk a corresponding offset within the object and a corresponding chunk key to be used to decrypt the chunk.

20. A computer program product to store file system data, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
- determining for an object associated with a plurality of component chunks of file system data a primary encryption key;
  
  using the primary encryption key to generate for each of said component chunks a corresponding chunk key, based at least in part on the primary encryption key and data comprising or otherwise associated with the chunk; and
  
  providing the respective chunk keys to a file system client configured to create and store the object at least in part by encrypting each chunk included in the plurality of component chunks using the chunk key provided for that chunk to generated encrypted chunk data, and combining the encrypted chunk data to create and store the object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Manville, Thomas, Lopez, Julio, Desai, Rajiv, Rosenblum, Nathan

Granted Patent

US 9,916,458 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/134   Distributed indices

G06F 16/137   Hash-based content-based in...

G06F 16/1748   De-duplication implemented ...

G06F 16/183   Provision of network file s...

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 21/6272   by registering files or doc...

G06F 2221/2107   File encryption

G06F 3/0608   Saving storage space on sto...

G06F 3/0641   De-duplication techniques

SECURE CLOUD-BASED STORAGE OF DATA SHARED ACROSS FILE SYSTEM OBJECTS AND CLIENTS

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

88 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE CLOUD-BASED STORAGE OF DATA SHARED ACROSS FILE SYSTEM OBJECTS AND CLIENTS

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

88 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links