Storage security using cryptographic splitting
First Claim
1. A system for administrative management of a secure data storage network utilizing cryptographically splitting data as it is stored and retrieved from storage devices, the system comprising:
- a secure storage appliance configured to host a plurality of volumes, each volume associated with a plurality of shares stored on a corresponding plurality of physical storage devices and having a plurality of volume management settings;
wherein each volume is accessible by a group of one or more users, each user assigned an administrative access level, the group of one or more users defines a separate community of interest;
wherein the volume management settings are editable by a first user from the group of one or more users associated with the volume and assigned an administrative access level sufficient to edit the volume management settings;
wherein the volume management settings are inaccessible by a second user from outside the group of one or more users associated with the volume and assigned an administrative access level at least equal to that of the first user;
wherein the cryptographically splitting data utilize a plurality of encryption keys to create a plurality of separate community of interest data sets in which the primary write requests and corresponding plurality of secondary write request are members of the community of interest associated with the one of the plurality of encryption keys used in the write requests.
10 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for administrative management of a secure data storage network are disclosed. One system includes a secure storage appliance configured to host a plurality of volumes, each volume associated with a plurality of shares stored on a corresponding plurality of physical storage devices and having a plurality of volume management settings, wherein each volume is accessible by a group of one or more users, each user assigned an administrative access level, the volume management settings are editable by a first user from the group of one or more users associated with the volume and assigned an administrative access level sufficient to edit the volume management settings, and the volume management settings are inaccessible by a second user from outside the group of one or more users associated with the volume and assigned an administrative access level at least equal to that of the first user.
-
Citations
20 Claims
-
1. A system for administrative management of a secure data storage network utilizing cryptographically splitting data as it is stored and retrieved from storage devices, the system comprising:
-
a secure storage appliance configured to host a plurality of volumes, each volume associated with a plurality of shares stored on a corresponding plurality of physical storage devices and having a plurality of volume management settings; wherein each volume is accessible by a group of one or more users, each user assigned an administrative access level, the group of one or more users defines a separate community of interest; wherein the volume management settings are editable by a first user from the group of one or more users associated with the volume and assigned an administrative access level sufficient to edit the volume management settings; wherein the volume management settings are inaccessible by a second user from outside the group of one or more users associated with the volume and assigned an administrative access level at least equal to that of the first user; wherein the cryptographically splitting data utilize a plurality of encryption keys to create a plurality of separate community of interest data sets in which the primary write requests and corresponding plurality of secondary write request are members of the community of interest associated with the one of the plurality of encryption keys used in the write requests. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for administrative management of a secure data storage network network utilizing cryptographically splitting data as it is stored and retrieved from storage devices, the system comprising:
-
a secure storage appliance configured to host a plurality of volumes, each volume associated with a plurality of shares stored on a corresponding plurality of physical storage devices and having a plurality of volume management settings; a security group definition designating a plurality of security groups, each security group associated with a volume and assigned to a security administrator, wherein volume management settings of a volume associated with one of the plurality of security groups are editable by the security administrator associated with the security group, the security group of one or more users defines a separate community of interest; wherein the cryptographically splitting data utilize a plurality of encryption keys to create a plurality of separate community of interest data sets in which the primary write requests and corresponding plurality of secondary write request are members of the community of interest associated with the one of the plurality of encryption keys used in the write requests. - View Dependent Claims (7, 8, 9)
-
-
10. A method of accessing administrative settings in a secure storage appliance network utilizing cryptographically splitting data as it is stored and retrieved from storage devices, the method comprising:
-
receiving a request for administrative access to a volume managed by the secure storage appliance, the volume associated with a plurality of shares stored on a plurality of physical storage devices, the request including an identifier of an administrative user; checking an administrative access level to determine access rights of the administrative user; responding to the request for administrative access based on an outcome of checking the administrative access level; and generating a log record of the received request for administrative access; wherein the administrative user lacks access rights to a second volume different from the volume associated with a share stored on the plurality of physical storage devices; wherein the cryptographically splitting data utilize a plurality of encryption keys to create a plurality of separate community of interest data sets in which the primary write requests and corresponding plurality of secondary write request are members of the community of interest associated with the one of the plurality of encryption keys used in the write requests. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification