Hidden proactive replication of data
First Claim
1. In an environment that includes a plurality of computer systems that may be used to store a plurality of movable replicas of given data in order to protect against loss of the given data in the event of a concerted attack aimed at locating and destroying it, a method for protecting the given data from destruction by occasionally moving the plurality of movable replicas from one computer system location to another so that the plurality of movable replicas are more difficult to find, the method comprising the following:
- maintaining a centrally located catalog on a computer system, wherein the computer system on which the centrally located catalog is maintained is a single physical device;
maintaining a plurality of movable replicas of given data on a computer network, wherein the plurality of movable replicas of given data are distributed throughout at least a plurality of computer systems in the computer network and which are remote from the single physical device computer system on which the central catalog is maintained, the plurality of movable replicas each being repeatedly moved from its then current location to a new location in the computer network, as directed by the single physical device computer system on which the central catalog is maintained;
determining, at a centrally located relocation module on the single physical device computer system on which the central catalog is maintained, a specific target location in the network from among a plurality of potential target locations to which one of the plurality of movable replicas is to be relocated;
encrypting the centrally located relocation module to protect it from any unauthorized user so as not to provide information identifying the target location to which the one of the plurality of movable replicas is to be relocated;
after determining a specific target location, an act of the single physical device computer system on which the central catalog is maintained, using the centrally located relocation module located thereon, notifying one or more authorized individuals that the one of the plurality of movable replicas will be moved and of the specific target location thereof;
after notifying the one or more authorized users that the one of the plurality of movable replicas will be moved and of the specific target location thereof relocating the one of the plurality of movable replicas to the determined specific target location;
updating the centrally located catalog on the single physical device computer system, which centrally located catalog contains a current listing of all of the plurality of movable replicas of the given data and target locations to which each of the plurality of movable replicas has been relocated in order to keep track of where each of the plurality of movable replicas is stored once it is newly relocated; and
at least partially encrypting the catalog centrally located on the single physical device computer system to secure it against unauthorized access.
2 Assignments
0 Petitions
Accused Products
Abstract
Moving replicas in a cryptographically secure manner such that the target location and timing of the movements are completely hidden from any user, or is kept as a secret by a limited number of users who have been given advanced notice of the new location and relocation time for a replica. A catalog of replica locations that describe the current location of the replicas is stored in encrypted form so as to prevent individuals from determining the exact location of the replicas. Since the location of the replicas is hidden at any given moment, attackers may not use the location of the replicas in order to attack all of the replicas at the same time. Accordingly, recovery mechanisms may have an opportunity to recover from any given attack by once again creating replicas from those replicas that had not been attacked.
18 Citations
25 Claims
-
1. In an environment that includes a plurality of computer systems that may be used to store a plurality of movable replicas of given data in order to protect against loss of the given data in the event of a concerted attack aimed at locating and destroying it, a method for protecting the given data from destruction by occasionally moving the plurality of movable replicas from one computer system location to another so that the plurality of movable replicas are more difficult to find, the method comprising the following:
-
maintaining a centrally located catalog on a computer system, wherein the computer system on which the centrally located catalog is maintained is a single physical device; maintaining a plurality of movable replicas of given data on a computer network, wherein the plurality of movable replicas of given data are distributed throughout at least a plurality of computer systems in the computer network and which are remote from the single physical device computer system on which the central catalog is maintained, the plurality of movable replicas each being repeatedly moved from its then current location to a new location in the computer network, as directed by the single physical device computer system on which the central catalog is maintained; determining, at a centrally located relocation module on the single physical device computer system on which the central catalog is maintained, a specific target location in the network from among a plurality of potential target locations to which one of the plurality of movable replicas is to be relocated; encrypting the centrally located relocation module to protect it from any unauthorized user so as not to provide information identifying the target location to which the one of the plurality of movable replicas is to be relocated; after determining a specific target location, an act of the single physical device computer system on which the central catalog is maintained, using the centrally located relocation module located thereon, notifying one or more authorized individuals that the one of the plurality of movable replicas will be moved and of the specific target location thereof; after notifying the one or more authorized users that the one of the plurality of movable replicas will be moved and of the specific target location thereof relocating the one of the plurality of movable replicas to the determined specific target location; updating the centrally located catalog on the single physical device computer system, which centrally located catalog contains a current listing of all of the plurality of movable replicas of the given data and target locations to which each of the plurality of movable replicas has been relocated in order to keep track of where each of the plurality of movable replicas is stored once it is newly relocated; and at least partially encrypting the catalog centrally located on the single physical device computer system to secure it against unauthorized access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. In a computing network having a plurality of computers distributed therein and in communication over the computing network, a method for protecting data from destruction by occasionally relocating a plurality of movable replicas from one location to another so that the plurality of movable replicas are more difficult to find and destroy, the method comprising:
-
maintaining a plurality of movable replicas of given data, wherein the plurality of movable replicas of the given data are distributed throughout the plurality of computers in the computing network; maintaining, on only one of the plurality of computers, a relocation module for managing occasional relocation of each of the plurality of movable replicas of the given data; maintaining, on the one of the plurality of computers on which the relocation module is maintained, only one catalog that contains a record of each of the plurality of movable replicas of the given data and associates each of the plurality of movable replicas with its corresponding current location of each of the plurality of movable replicas of the given data, and such that the catalog is centrally located on the one of the plurality of computers, wherein the one of the plurality of computers on which the relocation and catalog are maintained is a secure computer requiring verification of an identity and authority of a user attempting access to at least the catalog centrally located on the secure computer; determining, at the relocation module maintained on the secure computer, and for one of the plurality of movable replicas of the given data, a target location to which the one of the plurality of movable replicas will be moved, the target location being in the network and determined from among locations on the plurality of computers, wherein the one of the plurality of movable replicas for which a target location is determined is on a computer remote from the secure computer on which the relocation module and catalog is maintained; notifying one or more authorized users of the target location of the one of the plurality of movable replicas of the given data; after notifying the one or more authorized users, sending, from the relocation module maintained on the secure computer, instructions, to the computer remote from the secure computer and on which the one of the plurality of movable replicas is maintained, for moving the one of the plurality of movable replicas to the target location, wherein the instructions cause relocation of the replica to the target location; updating the catalog to include the target location as a current location for the one of the plurality of movable replicas; and repeating the acts of determining, notifying, sending and updating occasionally, for each of the plurality of movable replicas of the given data, such that the relocation module manages occasional relocation of each of the plurality of movable replicas of the given data.
-
-
25. A computer program product for use in a computing network that includes a plurality of computers distributed therein and in connection through the computing network, the computer program product for implementing a method for protecting data from destruction by occasionally relocating a plurality of movable replicas from one location to another so that the plurality of movable replicas are more difficult to find and destroy, the computer-program product comprising:
-
one or more physical computer-readable storage media having stored thereon computer-executable instructions that, when executed, causes the computing network to perform the process of; maintaining plurality of movable replicas of given data, wherein the plurality of movable replicas of the given data are distributed throughout the plurality of computers in the computing network, and wherein the number of the plurality of movable replicas is proportional to a sensitivity of the given data; maintaining, on only one of the plurality of computers, a relocation module for managing occasional relocation of each of the plurality of movable replicas of the given data, wherein the one of the plurality of computers on which the relocation is maintained includes none of the plurality of movable replicas of the given data; maintaining, on the one of the plurality of computers on which the relocation module is maintained, only one catalog that contains a record of each of the plurality of movable replicas of the given data and associates each of the plurality of movable replicas with its corresponding current location of each of the plurality of movable replicas of the given data, and such that the catalog is centrally located on the one of the plurality of computers, wherein the one of the plurality of different computers on which the relocation and catalog are maintained is a secure computer requiring verification of an identity and authority of a user attempting access to at least the catalog centrally located on the secure computer; determining, at the relocation module maintained on the secure computer, and for one of the plurality of movable replicas of the given data, a target location to which the one of the plurality of movable replicas will be moved, the target location being in the network and determined from among locations on the plurality of computers, wherein the target location is determined in a completely random manner and wherein the one of the plurality of movable replicas for which a target location is determined is on a computer remote from the secure computer on which the relocation module and catalog is maintained; determining, at the relocation module maintained on the secure computer, and for the one of the plurality of movable replicas of the given data, a movement time at which the one of the plurality of movable replicas will be moved to the target location, wherein determining the movement time comprises the relocation module on the one of the plurality of computers considering at least three or more of a group selected from the following; whether the target location is subject to a threat of an attack; the sensitivity of the given data; a trust level of a computer associated with the target location; a bandwidth level for a connection to the target location; a load level for the computer associated with the target location; a memory availability level of an online and accessible computer associated with the target location; a network traffic load for the computer associated with the target location; and an ease of monitoring network traffic to the computer associated with the target location; after determining the target location and movement time, the relocation module notifying one or more authorized users of the target location and movement time of the one of the plurality of movable replicas of the given data, the movement time being in the future; after notifying the one or more authorized users, sending, from the relocation module maintained on the secure computer, instructions, to the computer remote from the secure computer and on which the one of the plurality of movable replicas is maintained, for moving the one of the plurality of movable replicas to the target location, wherein the instructions cause relocation of the one of the plurality of movable replicas to the target location; updating the catalog to include the target location as a current location for the one of the plurality of movable replicas; repeating the acts of determining, notifying, sending and updating occasionally, for each of the plurality of movable replicas of the given data, such that the relocation module manages occasional relocation of each of the plurality of movable replicas of the given data, and wherein repeating the acts comprises; modifying at least some of the plurality of movable so that not all replicas are exact copies; determining that at least one of the plurality of movable replicas has been lost or damaged; and in response to determining that at least one of the plurality of movable replicas has been lost or damaged, a recovery mechanism replacing the at least one of the plurality of movable replicas that has been lost or damaged.
-
Specification