Receipt, Data Reduction, and Storage of Encrypted Data
First Claim
1. A method comprising:
- separating a received encrypted data stream into one or more encrypted data chunks, including a first data chunk;
placing the first data chunk into a sub-stream, wherein the sub-stream corresponds with a first master key and a first owning entity;
decrypting the first data chunk into plaintext;
transforming the plaintext, including applying one or more advanced data functions to the plaintext;
organizing the transformed plaintext into a first data unit;
creating a first encryption unit from the first data unit, including encrypting the data unit with a first wrapped encryption key comprising the first master key and a first private key corresponding to the first encryption unit, wherein the first encryption unit has a space allocation in persistent storage; and
storing the wrapped encryption key as metadata for the encryption unit.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments relate to processing streams of encrypted data received from multiple users. As a stream is received, smaller partitions in the form of data chunks, including a first data chunk, are created and subject to individual decryption. The first data chunk is placed into sub-stream according to a first master key associated with a first owning entity. Prior to processing, the first data chunk is decrypted into plaintext, and the plaintext is transformed by applying one or more advanced data functions. The transformed plaintext is organized into a first data unit, and a first encryption unit is created from the first data unit. The first encryption unit has a space allocation in persistent storage. Accordingly, confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported.
-
Citations
21 Claims
-
1. A method comprising:
-
separating a received encrypted data stream into one or more encrypted data chunks, including a first data chunk; placing the first data chunk into a sub-stream, wherein the sub-stream corresponds with a first master key and a first owning entity; decrypting the first data chunk into plaintext; transforming the plaintext, including applying one or more advanced data functions to the plaintext; organizing the transformed plaintext into a first data unit; creating a first encryption unit from the first data unit, including encrypting the data unit with a first wrapped encryption key comprising the first master key and a first private key corresponding to the first encryption unit, wherein the first encryption unit has a space allocation in persistent storage; and storing the wrapped encryption key as metadata for the encryption unit. - View Dependent Claims (3, 4, 5, 6, 19)
-
-
2. (canceled)
-
7. A computer program product for data encryption, the computer program product comprising a computer readable storage device having program code embodied therewith, the program code executable by a processing unit to:
-
separate a received encrypted data stream into one or more encrypted data chunks, including a first data chunk; place the first data chunk into a sub-stream, wherein the sub-stream corresponds with a first master key and a first owning entity; decrypt the first data chunk into plaintext; transform the plaintext, including program code to apply one or more advanced data functions to the plaintext; organize the transformed plaintext into a first data unit; create a first encryption unit from the first data unit, including the processing unit to encrypt the data unit with a first wrapped encryption key comprising the first master key and a first private key corresponding to the first encryption unit, wherein the first encryption unit has a space allocation in persistent storage; and store the wrapped encryption key as metadata for the encryption unit. - View Dependent Claims (9, 10, 11, 12, 20)
-
-
8. (canceled)
-
13. A computer system comprising:
-
a processor; a gatekeeper; and a decrypter in communication with the processor, the gatekeeper and data storage for efficient storage of encrypted data; the decrypter to; separate a received encrypted data stream into one or more encrypted data chunks, including a first data chunk; place the first data chunk into a sub-stream, wherein the sub-stream corresponds to a first master key and a first owning entity; decrypt the first data chunk into plaintext; transform the plaintext, including the decrypter to apply one or more advanced data functions to the plaintext; organize the transformed plaintext into a first data unit; create a first encryption unit from the first data unit, including the decrypter to encrypt the data unit with a first wrapped encryption key comprising the first master key and a first private key corresponding to the first encryption unit, wherein the first encryption unit has a space allocation in persistent storage;
, andstore the wrapped encryption key as metadata for the encryption unit. - View Dependent Claims (15, 16, 17, 18, 21)
-
-
14. (canceled)
Specification