Systems and methods for secure distributed storage
First Claim
1. A method comprising:
- decomposing, by a computer system, a virtual machine into a first storage subunit and a second storage subunit;
encrypting, by the computer system, the first storage subunit and the second storage subunit;
transmitting, by the computer system, the encrypted first storage subunit to a first storage host;
transmitting, by the computer system, the encrypted second storage subunit to a second storage host;
storing, by the computer system, a record that associates the virtual machine with a first network location of the first remote storage host and a second network location of the second storage host;
receiving, by the computer system, a request for the virtual machine; and
in response to the request;
retrieving from the record, by the computer system, the first network location and the second network location,transmitting, by the computer system, a request to the first network location for the encrypted first storage subunit,transmitting, by the computer system, a request to the second network location for the encrypted second storage subunit,decrypting, by the computer system, the encrypted first storage subunit to obtain the first storage subunit,decrypting, by the computer system, the encrypted second storage subunit to obtain the second storage subunit, andreconstructing the virtual machine from the first storage subunit and the second storage subunit.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments relate to systems and methods for secure distributed storage. In aspects, a set of remote storage hosts, such as personal computers, servers, media devices, cell phones, or others, can subscribe or register to provide storage via a cloud-based or other distributed network. Source data from an originating computer, such as a data file, can be decomposed into data storage subunits, each of which is encrypted via a cloud management system or other logic or control. The data storage subunits can comprise data blocks or even or uneven size. The set of encrypted data storage subunits can be registered to a table or other record, and disseminated to the remote storage hosts. In the event of data loss at the originating computer or at other times, the remotely stored data storage subunits can be extracted, decrypted, and reassembled to reconstruct the original source data.
116 Citations
16 Claims
-
1. A method comprising:
-
decomposing, by a computer system, a virtual machine into a first storage subunit and a second storage subunit; encrypting, by the computer system, the first storage subunit and the second storage subunit; transmitting, by the computer system, the encrypted first storage subunit to a first storage host; transmitting, by the computer system, the encrypted second storage subunit to a second storage host; storing, by the computer system, a record that associates the virtual machine with a first network location of the first remote storage host and a second network location of the second storage host; receiving, by the computer system, a request for the virtual machine; and in response to the request; retrieving from the record, by the computer system, the first network location and the second network location, transmitting, by the computer system, a request to the first network location for the encrypted first storage subunit, transmitting, by the computer system, a request to the second network location for the encrypted second storage subunit, decrypting, by the computer system, the encrypted first storage subunit to obtain the first storage subunit, decrypting, by the computer system, the encrypted second storage subunit to obtain the second storage subunit, and reconstructing the virtual machine from the first storage subunit and the second storage subunit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
a network interface; and a processor to; decompose the virtual machine into a first storage subunit and a second storage subunit, encrypt the first storage subunit and the second storage subunit, transmit, via the network interface, the encrypted first storage subunit to a first storage host, transmit, via the network interface, the encrypted second storage subunit to a second storage host, store a record that associates the virtual machine with a first network location of the first remote storage host and a second network location of the second storage host, retrieve the first network location and the second network location from the record, transmit, via the network interface, a request to the first network location for the encrypted first storage subunit, transmit, via the network interface, a request to the second network location for the encrypted second storage subunit, decrypt the encrypted first storage subunit to obtain the first storage subunit, decrypt the encrypted second storage subunit to obtain the second storage subunit, and reconstruct the virtual machine from the first storage subunit and the second storage subunit. - View Dependent Claims (10, 11, 12)
-
-
13. A non-transitory computer readable storage medium embodying instructions that, when executed by a computer system, will cause the computer system to perform a method comprising:
-
decomposing, by the computer system, a virtual machine into a first storage subunit and a second storage subunit; encrypting, by the computer system, the first storage subunit and the second storage subunit; transmitting, by the computer system, the encrypted first storage subunit to a first storage host; transmitting, by the computer system, the encrypted second storage subunit to a second storage host; storing, by the computer system, a record that associates the virtual machine with a first network location of the first remote storage host and a second network location of the second storage host; receiving, by the computer system, a request for the virtual machine; and in response to the request; retrieving from the record, by the computer system, the first network location and the second network location, transmitting, by the computer system, a request to the first network location for the encrypted first storage subunit, transmitting, by the computer system, a request to the second network location for the encrypted second storage subunit, decrypting, by the computer system, the encrypted first storage subunit to obtain the first storage subunit, decrypting, by the computer system, the encrypted second storage subunit to obtain the second storage subunit, and reconstructing the virtual machine from the first storage subunit and the second storage subunit. - View Dependent Claims (14, 15, 16)
-
Specification