Systems and methods for secure distributed storage

US 8,375,223 B2
Filed: 10/30/2009
Issued: 02/12/2013
Est. Priority Date: 10/30/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

decomposing, by a computer system, a virtual machine into a first storage subunit and a second storage subunit;

encrypting, by the computer system, the first storage subunit and the second storage subunit;

transmitting, by the computer system, the encrypted first storage subunit to a first storage host;

transmitting, by the computer system, the encrypted second storage subunit to a second storage host;

storing, by the computer system, a record that associates the virtual machine with a first network location of the first remote storage host and a second network location of the second storage host;

receiving, by the computer system, a request for the virtual machine; and

in response to the request;

retrieving from the record, by the computer system, the first network location and the second network location,transmitting, by the computer system, a request to the first network location for the encrypted first storage subunit,transmitting, by the computer system, a request to the second network location for the encrypted second storage subunit,decrypting, by the computer system, the encrypted first storage subunit to obtain the first storage subunit,decrypting, by the computer system, the encrypted second storage subunit to obtain the second storage subunit, andreconstructing the virtual machine from the first storage subunit and the second storage subunit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments relate to systems and methods for secure distributed storage. In aspects, a set of remote storage hosts, such as personal computers, servers, media devices, cell phones, or others, can subscribe or register to provide storage via a cloud-based or other distributed network. Source data from an originating computer, such as a data file, can be decomposed into data storage subunits, each of which is encrypted via a cloud management system or other logic or control. The data storage subunits can comprise data blocks or even or uneven size. The set of encrypted data storage subunits can be registered to a table or other record, and disseminated to the remote storage hosts. In the event of data loss at the originating computer or at other times, the remotely stored data storage subunits can be extracted, decrypted, and reassembled to reconstruct the original source data.

116 Citations

View as Search Results

16 Claims

1. A method comprising:
- decomposing, by a computer system, a virtual machine into a first storage subunit and a second storage subunit;
  
  encrypting, by the computer system, the first storage subunit and the second storage subunit;
  
  transmitting, by the computer system, the encrypted first storage subunit to a first storage host;
  
  transmitting, by the computer system, the encrypted second storage subunit to a second storage host;
  
  storing, by the computer system, a record that associates the virtual machine with a first network location of the first remote storage host and a second network location of the second storage host;
  
  receiving, by the computer system, a request for the virtual machine; and
  
  in response to the request;
  
  retrieving from the record, by the computer system, the first network location and the second network location,transmitting, by the computer system, a request to the first network location for the encrypted first storage subunit,transmitting, by the computer system, a request to the second network location for the encrypted second storage subunit,decrypting, by the computer system, the encrypted first storage subunit to obtain the first storage subunit,decrypting, by the computer system, the encrypted second storage subunit to obtain the second storage subunit, andreconstructing the virtual machine from the first storage subunit and the second storage subunit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the encryption comprises one or both of public key infrastructure encryption and private key encryption.
  - 3. The method of claim 1, wherein the first storage host comprises at least one of a client computer, a server computer, a media playback device, or a wireless communications device.
  - 4. The method of claim 1, wherein the record of the network location of the first storage host comprises a storage table that associates the first storage subunit with the first storage host.
  - 5. The method of claim 1, wherein the first storage subunit comprises a file composed of equally sized data blocks.
  - 6. The method of claim 1, wherein first storage subunit comprises file composed of unequally sized data blocks.
  - 7. The method of claim 1, wherein the first storage host and the second storage host are managed via a cloud management system.
  - 8. The method of claim 1, wherein the request for the virtual machine is in response to a recovery event.

9. A system comprising:
- a network interface; and
  
  a processor to;
  
  decompose the virtual machine into a first storage subunit and a second storage subunit,encrypt the first storage subunit and the second storage subunit,transmit, via the network interface, the encrypted first storage subunit to a first storage host,transmit, via the network interface, the encrypted second storage subunit to a second storage host,store a record that associates the virtual machine with a first network location of the first remote storage host and a second network location of the second storage host,retrieve the first network location and the second network location from the record,transmit, via the network interface, a request to the first network location for the encrypted first storage subunit,transmit, via the network interface, a request to the second network location for the encrypted second storage subunit,decrypt the encrypted first storage subunit to obtain the first storage subunit,decrypt the encrypted second storage subunit to obtain the second storage subunit, andreconstruct the virtual machine from the first storage subunit and the second storage subunit.
- View Dependent Claims (10, 11, 12)
- - 10. The system of claim 9, wherein the encryption comprises one or both of public key infrastructure encryption and private key encryption.
  - 11. The system of claim 9, wherein the first storage host comprises at least one of a client computer, a server computer, a media playback device, or a wireless communications device.
  - 12. The system of claim 9, wherein the first storage host and the second storage host are managed via a cloud management system.

13. A non-transitory computer readable storage medium embodying instructions that, when executed by a computer system, will cause the computer system to perform a method comprising:
- decomposing, by the computer system, a virtual machine into a first storage subunit and a second storage subunit;
  
  encrypting, by the computer system, the first storage subunit and the second storage subunit;
  
  transmitting, by the computer system, the encrypted first storage subunit to a first storage host;
  
  transmitting, by the computer system, the encrypted second storage subunit to a second storage host;
  
  storing, by the computer system, a record that associates the virtual machine with a first network location of the first remote storage host and a second network location of the second storage host;
  
  receiving, by the computer system, a request for the virtual machine; and
  
  in response to the request;
  
  retrieving from the record, by the computer system, the first network location and the second network location,transmitting, by the computer system, a request to the first network location for the encrypted first storage subunit,transmitting, by the computer system, a request to the second network location for the encrypted second storage subunit,decrypting, by the computer system, the encrypted first storage subunit to obtain the first storage subunit,decrypting, by the computer system, the encrypted second storage subunit to obtain the second storage subunit, andreconstructing the virtual machine from the first storage subunit and the second storage subunit.
- View Dependent Claims (14, 15, 16)
- - 14. The non-transitory computer readable storage medium of claim 13, wherein the encryption comprises one or both of public key infrastructure encryption and private key encryption.
  - 15. The non-transitory computer readable storage medium of claim 13, wherein the first storage host comprises at least one of a client computer, a server computer, a media playback device, or a wireless communications device.
  - 16. The non-transitory computer readable storage medium of claim 13, wherein the record of the network location of the first storage host comprises a storage table that associates the first storage subunit with the first storage host.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
DeHaan, Michael Paul, Likins, Adrian Karstan, Vidal, Seth Kelby
Primary Examiner(s)
Dinh, Minh

Application Number

US12/610,081
Publication Number

US 20110107103A1
Time in Patent Office

1,201 Days
Field of Search

None
US Class Current

713/193
CPC Class Codes

G06F 11/1456   Hardware arrangements for b...

G06F 11/1464   for networked environments

G06F 11/1469   Backup restoration techniques

G06F 21/6218   to a system of files or obj...

Systems and methods for secure distributed storage

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

116 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for secure distributed storage

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others