Hidden proactive replication of data

US 7,631,359 B2
Filed: 11/06/2002
Issued: 12/08/2009
Est. Priority Date: 11/06/2002
Status: Expired due to Fees

First Claim

Patent Images

1. In an environment that includes a plurality of computer systems that may be used to store a plurality of movable replicas of given data in order to protect against loss of the given data in the event of a concerted attack aimed at locating and destroying it, a method for protecting the given data from destruction by occasionally moving the plurality of movable replicas from one computer system location to another so that the plurality of movable replicas are more difficult to find, the method comprising the following:

maintaining a centrally located catalog on a computer system, wherein the computer system on which the centrally located catalog is maintained is a single physical device;

maintaining a plurality of movable replicas of given data on a computer network, wherein the plurality of movable replicas of given data are distributed throughout at least a plurality of computer systems in the computer network and which are remote from the single physical device computer system on which the central catalog is maintained, the plurality of movable replicas each being repeatedly moved from its then current location to a new location in the computer network, as directed by the single physical device computer system on which the central catalog is maintained;

determining, at a centrally located relocation module on the single physical device computer system on which the central catalog is maintained, a specific target location in the network from among a plurality of potential target locations to which one of the plurality of movable replicas is to be relocated;

encrypting the centrally located relocation module to protect it from any unauthorized user so as not to provide information identifying the target location to which the one of the plurality of movable replicas is to be relocated;

after determining a specific target location, an act of the single physical device computer system on which the central catalog is maintained, using the centrally located relocation module located thereon, notifying one or more authorized individuals that the one of the plurality of movable replicas will be moved and of the specific target location thereof;

after notifying the one or more authorized users that the one of the plurality of movable replicas will be moved and of the specific target location thereof relocating the one of the plurality of movable replicas to the determined specific target location;

updating the centrally located catalog on the single physical device computer system, which centrally located catalog contains a current listing of all of the plurality of movable replicas of the given data and target locations to which each of the plurality of movable replicas has been relocated in order to keep track of where each of the plurality of movable replicas is stored once it is newly relocated; and

at least partially encrypting the catalog centrally located on the single physical device computer system to secure it against unauthorized access.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Moving replicas in a cryptographically secure manner such that the target location and timing of the movements are completely hidden from any user, or is kept as a secret by a limited number of users who have been given advanced notice of the new location and relocation time for a replica. A catalog of replica locations that describe the current location of the replicas is stored in encrypted form so as to prevent individuals from determining the exact location of the replicas. Since the location of the replicas is hidden at any given moment, attackers may not use the location of the replicas in order to attack all of the replicas at the same time. Accordingly, recovery mechanisms may have an opportunity to recover from any given attack by once again creating replicas from those replicas that had not been attacked.

18 Citations

View as Search Results

25 Claims

1. In an environment that includes a plurality of computer systems that may be used to store a plurality of movable replicas of given data in order to protect against loss of the given data in the event of a concerted attack aimed at locating and destroying it, a method for protecting the given data from destruction by occasionally moving the plurality of movable replicas from one computer system location to another so that the plurality of movable replicas are more difficult to find, the method comprising the following:
- maintaining a centrally located catalog on a computer system, wherein the computer system on which the centrally located catalog is maintained is a single physical device;
  
  maintaining a plurality of movable replicas of given data on a computer network, wherein the plurality of movable replicas of given data are distributed throughout at least a plurality of computer systems in the computer network and which are remote from the single physical device computer system on which the central catalog is maintained, the plurality of movable replicas each being repeatedly moved from its then current location to a new location in the computer network, as directed by the single physical device computer system on which the central catalog is maintained;
  
  determining, at a centrally located relocation module on the single physical device computer system on which the central catalog is maintained, a specific target location in the network from among a plurality of potential target locations to which one of the plurality of movable replicas is to be relocated;
  
  encrypting the centrally located relocation module to protect it from any unauthorized user so as not to provide information identifying the target location to which the one of the plurality of movable replicas is to be relocated;
  
  after determining a specific target location, an act of the single physical device computer system on which the central catalog is maintained, using the centrally located relocation module located thereon, notifying one or more authorized individuals that the one of the plurality of movable replicas will be moved and of the specific target location thereof;
  
  after notifying the one or more authorized users that the one of the plurality of movable replicas will be moved and of the specific target location thereof relocating the one of the plurality of movable replicas to the determined specific target location;
  
  updating the centrally located catalog on the single physical device computer system, which centrally located catalog contains a current listing of all of the plurality of movable replicas of the given data and target locations to which each of the plurality of movable replicas has been relocated in order to keep track of where each of the plurality of movable replicas is stored once it is newly relocated; and
  
  at least partially encrypting the catalog centrally located on the single physical device computer system to secure it against unauthorized access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. A method in accordance with claim 1, further comprising the following:
    - the centrally located relocation module determining a movement time for the one of the plurality of movable replicas to be relocated to the target location.
  - 3. A method in accordance with claim 2, wherein the centrally located relocation module considers whether or not there is a current attack threat when determining a movement time for the one of the plurality of movable replicas.
  - 4. A method in accordance with claim 2, wherein the centrally located relocation module considers a sensitivity level of the given data when determining a movement time for the one of the plurality of movable replicas.
  - 5. A method in accordance with claim 2, wherein the centrally located relocation module considers a trust level of a computer associated with the target location when determining a movement time for the one of the plurality of movable replicas.
  - 6. A method in accordance with claim 2, wherein the centrally located relocation module considers a bandwidth level for a connection to the target location when determining a movement time for the one of the plurality of movable replicas.
  - 7. A method in accordance with claim 2, wherein the centrally located relocation module considers a load level for a computer associated with the target location when determining a movement time for the one of the plurality of movable replicas.
  - 8. A method in accordance with claim 2, wherein the centrally located relocation module considers a memory availability level for a computer associated with the target location when determining a movement time for the one of the plurality of movable replicas.
  - 9. A method in accordance with claim 2, wherein the centrally located relocation module considers a network traffic load for a computer associated with the target location when determining a movement time for the one of the plurality of movable replicas.
  - 10. A method in accordance with claim 2, wherein the centrally located relocation module considers how easy it would be to monitor network traffic to a computer associated with the target location when determining a movement time for the one of the plurality of movable replicas.
  - 11. A method in accordance with claim 2, further comprising:
    - securing the centrally located relocation module against giving information identifying the movement time to any user at any time.
  - 12. A method in accordance with claim 2, further comprising the following:
    - notifying one or more users of an association between the movement time and the one of the plurality of movable replicas.
  - 13. A method in accordance with claim 12, wherein notifying one or more users of an association between the movement time and the one of the plurality of movable replicas comprises the following:
    - notifying the one or more users of the movement time prior to the movement time.
  - 14. A method in accordance with claim 1, wherein encrypting the centrally located relocation module to protect it from any unauthorized user so as not to provide information identifying the target location to which the one of the multiple replicas is to be relocated, comprises the following:
    - encrypting at least a portion of computer-executable instructions that, when executed by a processor, form the centrally located relocation module and allow the centrally located relocation module to function; and
      
      prior to executing the portion of computer-executable instructions that are encrypted, decrypting the computer-executable instructions using a decryption module that does not allow user access to any resulting decrypted computer-executable instructions.
  - 15. A method in accordance with claim 1, further comprising the following:
    - determining whether the target location is on a computer system that is outside of a trusted zone; and
      
      wherein the one of the plurality of movable replicas is moved in encrypted form when the target location is outside of the trusted zone, and in an unencrypted form when the target location is within the trusted zone.
  - 16. A method in accordance with claim 1, further comprising the following:
    - determining that the target location is on an accessible computer system that has memory resources that are lower than a threshold value, wherein in response the one of the plurality of movable replicas is moved in compressed form.
  - 17. A method in accordance with claim 1, wherein the centrally located relocation module considers whether or not there is a current attack threat when determining a target location for the one of the plurality of movable replicas.
  - 18. A method in accordance with claim 1, wherein the centrally located relocation module considers a sensitivity level of the given data when performing the act of determining a specific target location for the one of the plurality of movable replicas.
  - 19. A method in accordance with claim 1, wherein the centrally located relocation module considers a trust level of a computers associated with the target location when determining a target location for the one of the plurality of movable replicas.
  - 20. A method in accordance with claim 1, wherein the centrally located relocation module considers a bandwidth level for a connection to the target location when determining a target location for the one of the plurality of movable replicas.
  - 21. A method in accordance with claim 1, wherein the centrally located relocation module considers a load level for a computer associated with the target location determining a target location for the one of the plurality of movable replicas.
  - 22. A method in accordance with claim 1, wherein the centrally located relocation module considers a memory availability level for an accessible computer associated with the target location when determining a target location for the one of the plurality of movable replicas.
  - 23. A computer program product for use in a computing network that includes a plurality of computer systems distributed therein and in connection through the computing network, the computer program product for implementing a method for protecting data from destruction by occasionally relocating a plurality of movable replicas from location to another so that the plurality of movable replicas are more difficult to find and destroy, the computer-program product comprising:
    - one or more physical computer-readable storage media having stored thereon computer-executable instructions that, when executed, perform the method of claim 1.

24. In a computing network having a plurality of computers distributed therein and in communication over the computing network, a method for protecting data from destruction by occasionally relocating a plurality of movable replicas from one location to another so that the plurality of movable replicas are more difficult to find and destroy, the method comprising:
- maintaining a plurality of movable replicas of given data, wherein the plurality of movable replicas of the given data are distributed throughout the plurality of computers in the computing network;
  
  maintaining, on only one of the plurality of computers, a relocation module for managing occasional relocation of each of the plurality of movable replicas of the given data;
  
  maintaining, on the one of the plurality of computers on which the relocation module is maintained, only one catalog that contains a record of each of the plurality of movable replicas of the given data and associates each of the plurality of movable replicas with its corresponding current location of each of the plurality of movable replicas of the given data, and such that the catalog is centrally located on the one of the plurality of computers, wherein the one of the plurality of computers on which the relocation and catalog are maintained is a secure computer requiring verification of an identity and authority of a user attempting access to at least the catalog centrally located on the secure computer;
  
  determining, at the relocation module maintained on the secure computer, and for one of the plurality of movable replicas of the given data, a target location to which the one of the plurality of movable replicas will be moved, the target location being in the network and determined from among locations on the plurality of computers, wherein the one of the plurality of movable replicas for which a target location is determined is on a computer remote from the secure computer on which the relocation module and catalog is maintained;
  
  notifying one or more authorized users of the target location of the one of the plurality of movable replicas of the given data;
  
  after notifying the one or more authorized users, sending, from the relocation module maintained on the secure computer, instructions, to the computer remote from the secure computer and on which the one of the plurality of movable replicas is maintained, for moving the one of the plurality of movable replicas to the target location, wherein the instructions cause relocation of the replica to the target location;
  
  updating the catalog to include the target location as a current location for the one of the plurality of movable replicas; and
  
  repeating the acts of determining, notifying, sending and updating occasionally, for each of the plurality of movable replicas of the given data, such that the relocation module manages occasional relocation of each of the plurality of movable replicas of the given data.

25. A computer program product for use in a computing network that includes a plurality of computers distributed therein and in connection through the computing network, the computer program product for implementing a method for protecting data from destruction by occasionally relocating a plurality of movable replicas from one location to another so that the plurality of movable replicas are more difficult to find and destroy, the computer-program product comprising:
- one or more physical computer-readable storage media having stored thereon computer-executable instructions that, when executed, causes the computing network to perform the process of;
  
  maintaining plurality of movable replicas of given data, wherein the plurality of movable replicas of the given data are distributed throughout the plurality of computers in the computing network, and wherein the number of the plurality of movable replicas is proportional to a sensitivity of the given data;
  
  maintaining, on only one of the plurality of computers, a relocation module for managing occasional relocation of each of the plurality of movable replicas of the given data, wherein the one of the plurality of computers on which the relocation is maintained includes none of the plurality of movable replicas of the given data;
  
  maintaining, on the one of the plurality of computers on which the relocation module is maintained, only one catalog that contains a record of each of the plurality of movable replicas of the given data and associates each of the plurality of movable replicas with its corresponding current location of each of the plurality of movable replicas of the given data, and such that the catalog is centrally located on the one of the plurality of computers, wherein the one of the plurality of different computers on which the relocation and catalog are maintained is a secure computer requiring verification of an identity and authority of a user attempting access to at least the catalog centrally located on the secure computer;
  
  determining, at the relocation module maintained on the secure computer, and for one of the plurality of movable replicas of the given data, a target location to which the one of the plurality of movable replicas will be moved, the target location being in the network and determined from among locations on the plurality of computers, wherein the target location is determined in a completely random manner and wherein the one of the plurality of movable replicas for which a target location is determined is on a computer remote from the secure computer on which the relocation module and catalog is maintained;
  
  determining, at the relocation module maintained on the secure computer, and for the one of the plurality of movable replicas of the given data, a movement time at which the one of the plurality of movable replicas will be moved to the target location, wherein determining the movement time comprises the relocation module on the one of the plurality of computers considering at least three or more of a group selected from the following;
  
  whether the target location is subject to a threat of an attack;
  
  the sensitivity of the given data;
  
  a trust level of a computer associated with the target location;
  
  a bandwidth level for a connection to the target location;
  
  a load level for the computer associated with the target location;
  
  a memory availability level of an online and accessible computer associated with the target location;
  
  a network traffic load for the computer associated with the target location; and
  
  an ease of monitoring network traffic to the computer associated with the target location;
  
  after determining the target location and movement time, the relocation module notifying one or more authorized users of the target location and movement time of the one of the plurality of movable replicas of the given data, the movement time being in the future;
  
  after notifying the one or more authorized users, sending, from the relocation module maintained on the secure computer, instructions, to the computer remote from the secure computer and on which the one of the plurality of movable replicas is maintained, for moving the one of the plurality of movable replicas to the target location, wherein the instructions cause relocation of the one of the plurality of movable replicas to the target location;
  
  updating the catalog to include the target location as a current location for the one of the plurality of movable replicas;
  
  repeating the acts of determining, notifying, sending and updating occasionally, for each of the plurality of movable replicas of the given data, such that the relocation module manages occasional relocation of each of the plurality of movable replicas of the given data, and wherein repeating the acts comprises;
  
  modifying at least some of the plurality of movable so that not all replicas are exact copies;
  
  determining that at least one of the plurality of movable replicas has been lost or damaged; and
  
  in response to determining that at least one of the plurality of movable replicas has been lost or damaged, a recovery mechanism replacing the at least one of the plurality of movable replicas that has been lost or damaged.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Kaler, Christopher G., Theimer, Marvin M., Cabrera, Luis Felipe
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
WILLIAMS, JEFFERY L

Application Number

US10/289,988
Publication Number

US 20040088580A1
Time in Patent Office

2,589 Days
Field of Search

726/33
US Class Current

726/26
CPC Class Codes

G06F 21/6272 by registering files or doc...

Hidden proactive replication of data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Hidden proactive replication of data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links