Method and apparatus for verifiably migrating WORM data
First Claim
Patent Images
1. A method comprising:
- using a file system of a storage server to provide a user with access to data stored by the storage server;
selecting a subset of the data stored by the storage server, the selected subset containing one or more data items, including at least one file;
creating a signature file for the selected subset, the signature file specifying the data items contained in the selected subset and locations of said data items within the selected subset, the signature file further including metadata associated with each said data item, the metadata including a write once, read many (WORM) state indication for at least one data item in the selected subset;
generating a cryptographic hash for each file in the selected subset and including each said cryptographic hash in the signature file in association with the corresponding file;
using a private key of a public-private key pair to generate a first digital signature of the signature file as a whole;
associating the first digital signature with the signature file;
migrating the selected subset from a source set of storage media to a destination set of storage media; and
using the signature file to verify the selected subset of the data, as stored in the destination set of storage media, including verifying a WORM state of the at least one data item.
2 Assignments
0 Petitions
Accused Products
Abstract
A file system in a storage system allows a user to designate data as write-once read-many (WORM) data. The WORM data are stored in a first set of storage media of the storage system. Signature data are generated from the WORM data. Using the signature data, the integrity of the WORM data can be verified.
-
Citations
18 Claims
-
1. A method comprising:
-
using a file system of a storage server to provide a user with access to data stored by the storage server; selecting a subset of the data stored by the storage server, the selected subset containing one or more data items, including at least one file; creating a signature file for the selected subset, the signature file specifying the data items contained in the selected subset and locations of said data items within the selected subset, the signature file further including metadata associated with each said data item, the metadata including a write once, read many (WORM) state indication for at least one data item in the selected subset; generating a cryptographic hash for each file in the selected subset and including each said cryptographic hash in the signature file in association with the corresponding file; using a private key of a public-private key pair to generate a first digital signature of the signature file as a whole; associating the first digital signature with the signature file; migrating the selected subset from a source set of storage media to a destination set of storage media; and using the signature file to verify the selected subset of the data, as stored in the destination set of storage media, including verifying a WORM state of the at least one data item. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A storage system comprising:
-
a processor; a storage interface, coupled to the processor, through which to communicate with a set of mass storage media; a file system to provide user access to data stored in the set of mass storage media; and a memory storing instructions which, when executed by the processor, cause the storage system to perform a process which includes; creating a signature file corresponding to a data set stored in the set of mass storage media, the signature file specifying data items contained in the data set, locations of each data item within the data set, and metadata associated with the data items; generating a cryptographic hash for each data item of a predetermined type in the data set and including each cryptographic hash in the signature file; generating a digital signature of the signature file as a whole; associating the digital signature with the signature file; using the signature file to verify integrity of the data set, wherein the data set includes write once read many (WORM) data; and migrating the data set to another set of mass storage media, wherein the signature file is used to verify a WORM state of the WORM data and that the data set migrated to said other set of mass storage media is identical to the data set from which the signature file was created. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method comprising:
-
using a directory-and-file based file system interface in a storage server to receive a selection by a user of a subset of data stored by the storage server, the selected subset including a plurality of files, the selection indicating that the plurality of files are to be protected; in the storage server, creating a signature file for the plurality of files in the selected subset in response to the selection, the signature file specifying the files included in the selected subset and the locations of the files within the selected subset, the signature file further including metadata associated with each said file, the metadata including a write once, read many (WORM) state indication for at least one file in the selected subset; in the storage server, generating a cryptographic hash for each file in the selected subset and including each said cryptographic hash in the signature file in association with the corresponding file; in the storage server, using a private key of a public-private key pair to generate a first digital signature of the signature file as a whole; associating the first digital signature with the signature file; migrating the selected subset from a first set of storage media to a second set of storage media; using the signature file to verify a WORM state of the selected subset; and using the signature file to verify that the selected subset migrated to the second set of storage media is identical to the selected subset from which the signature data was generated. - View Dependent Claims (17, 18)
-
Specification